[jira] [Work logged] (ARTEMIS-3794) "org.apache.activemq.ssl.keyStorePassword" and "org.apache.activemq.ssl.trustStorePassword" system properties should support ENC(...) format

Fri, 16 Dec 2022 13:34:03 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3794?focusedWorklogId=834241&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-834241
 ]

ASF GitHub Bot logged work on ARTEMIS-3794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Dec/22 21:33
            Start Date: 16/Dec/22 21:33
    Worklog Time Spent: 10m 
      Work Description: ryan-highley commented on code in PR #4135:
URL: https://github.com/apache/activemq-artemis/pull/4135#discussion_r1051180270


##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java:
##########
@@ -755,6 +771,23 @@ public void initChannel(Channel channel) throws Exception {
       logger.debug("Started {} Netty Connector version {} to {}:{}", 
connectorType, TransportConstants.NETTY_VERSION, host, port);
    }
 
+   private String processSslPasswordProperty(String password, String 
codecClass) {

Review Comment:
   Oh, yes. Much better! I wanted to reuse the `ConfigurationHelper` password 
logic since the extra Boolean logic was already handled there. Without that 
`useMaskedPassword` that reasoning and need goes right out the window.
   
   Updated and pushed.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 834241)
    Time Spent: 3h 50m  (was: 3h 40m)

> "org.apache.activemq.ssl.keyStorePassword" and 
> "org.apache.activemq.ssl.trustStorePassword" system properties should support 
> ENC(...) format
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.19.1
>            Reporter: Apache Dev
>            Priority: Major
>          Time Spent: 3h 50m
>  Remaining Estimate: 0h
>
> In order to set client keyStore/trustStore passwords, overriding those 
> obtained by topology updates from brokers (see ARTEMIS-1157), we need to set 
> system properties.
> Such properties could be logged in traces or be present in dumps.
> It would be a more secure practice to handle ENC(...) format to mask them.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to