[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

Fri, 08 Dec 2023 02:20:04 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894659&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894659
 ]

ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Dec/23 10:19
            Start Date: 08/Dec/23 10:19
    Worklog Time Spent: 10m 
      Work Description: gtully commented on code in PR #4706:
URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420233055


##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java:
##########
@@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String 
keystoreProvider,
       return ks;
    }
 
+   private static void checkPemProviderLoaded(String keystoreType) {
+      if (keystoreType != null && keystoreType.startsWith("PEM")) {
+         if (Security.getProvider("PEM") == null) {
+            Security.insertProviderAt(new PemKeyStoreProvider(), 
Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10));
+         }
+      }
+   }

Review Comment:
   it inserts at the start, at the moment I am not aware of any other PEM 
keystore type provider, but order may be important to some in the future, hence 
the possibility to configure if that ever arises.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 894659)
    Time Spent: 2.5h  (was: 2h 20m)

> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
>                 Key: ARTEMIS-4528
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.32.0
>
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely 
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at: 
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key 
> without a password as is the case with jsk or pkcs12
> <acceptor 
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to