[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894413&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894413
 ]

ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 06/Dec/23 22:57
            Start Date: 06/Dec/23 22:57
    Worklog Time Spent: 10m 
      Work Description: gemmellr commented on code in PR #4706:
URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1417743646


##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java:
##########
@@ -472,6 +474,8 @@ public ActiveMQServerImpl(Configuration configuration,
          ConfigurationUtils.validateConfiguration(configuration);
       }
 
+      Security.addProvider(new PemKeyStoreProvider());

Review Comment:
   Ick. Should this be static like the call itself, or otherwise gated, to 
avoid doing it repeatedly given it can only succeed once? Checking the return 
to see whether it wasnt installed if it already was and maybe [trace] log it 
didnt add?
   
   Also, this functionality is essentially broker-only unless you happen to 
coincidentally be in the same JVM after it starts? The test or docs (which 
apply to the client too) dont make that clear.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 894413)
    Time Spent: 50m  (was: 40m)

> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
>                 Key: ARTEMIS-4528
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.32.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely 
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at: 
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key 
> without a password as is the case with jsk or pkcs12
> <acceptor 
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)