[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

ASF GitHub Bot (Jira) Thu, 07 Dec 2023 09:35:05 -0800


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894566&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894566
 ]


ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Dec/23 17:34
            Start Date: 07/Dec/23 17:34
    Worklog Time Spent: 10m 
      Work Description: gtully commented on code in PR #4706:
URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1419344098


##########
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java:
##########
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.ssl;
+
+import java.lang.management.ManagementFactory;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.activemq.artemis.api.core.Message;
+import org.apache.activemq.artemis.api.core.QueueConfiguration;
+import org.apache.activemq.artemis.api.core.SimpleString;
+import org.apache.activemq.artemis.api.core.TransportConfiguration;
+import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
+import org.apache.activemq.artemis.api.core.client.ClientConsumer;
+import org.apache.activemq.artemis.api.core.client.ClientMessage;
+import org.apache.activemq.artemis.api.core.client.ClientProducer;
+import org.apache.activemq.artemis.api.core.client.ClientSession;
+import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
+import org.apache.activemq.artemis.api.core.client.ServerLocator;
+import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
+import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.ActiveMQServers;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import 
org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
+import org.apache.activemq.artemis.tests.integration.security.SecurityTest;
+import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * See the tests/security-resources/build.sh script for details on the 
security resources used.
+ */
+public class SslPEMTest extends ActiveMQTestBase {
+
+   public static final SimpleString QUEUE = new SimpleString("QueueOverSSL");
+
+   static {
+      String path = System.getProperty("java.security.auth.login.config");
+      if (path == null) {
+         URL resource = 
SecurityTest.class.getClassLoader().getResource("login.config");
+         if (resource != null) {
+            path = resource.getFile();
+            System.setProperty("java.security.auth.login.config", path);
+         }
+      }
+   }
+
+   private TransportConfiguration tc;
+
+   @Test
+   public void testPemKeyAndTrustStore() throws Exception {
+
+      tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+      tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, "PEM");
+      tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, 
"server-ca.crt");
+      tc.getParams().put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEM");
+      tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, 
"client-key-cert.pem");
+      tc.getParams().put(TransportConstants.PORT_PROP_NAME, "61617");
+
+      ServerLocator producerLocator = 
addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+      ClientSessionFactory producerSessionFactory = 
createSessionFactory(producerLocator);
+      ClientSession producerSession = 
producerSessionFactory.createSession(false, true, true);
+      producerSession.createQueue(new 
QueueConfiguration(SslPEMTest.QUEUE).setDurable(false));
+      ClientProducer producer = 
producerSession.createProducer(SslPEMTest.QUEUE);
+
+      ClientMessage message = createTextMessage(producerSession, 
RandomUtil.randomString());
+      producer.send(message);
+
+      ServerLocator consumerLocator = 
addServerLocator(ActiveMQClient.createServerLocator("tcp://localhost:61616"));
+      ClientSessionFactory consumerSessionFactory = 
createSessionFactory(consumerLocator);
+      ClientSession consumerSession = 
consumerSessionFactory.createSession("consumer", "consumerPassword", false, 
true, true, consumerLocator.isPreAcknowledge(), 
consumerLocator.getAckBatchSize());
+      ClientConsumer consumer = 
consumerSession.createConsumer(SslPEMTest.QUEUE);
+      consumerSession.start();

Review Comment:
   provider now in the client, loaded once on first use.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 894566)
    Time Spent: 1h 40m  (was: 1.5h)

> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
>                 Key: ARTEMIS-4528
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.32.0
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely 
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at: 
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key 
> without a password as is the case with jsk or pkcs12
> <acceptor 
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

Reply via email to