[
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894671&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894671
]
ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 08/Dec/23 11:12
Start Date: 08/Dec/23 11:12
Worklog Time Spent: 10m
Work Description: gemmellr commented on code in PR #4706:
URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420294383
##########
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java:
##########
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.ssl;
+
+import java.lang.management.ManagementFactory;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
+import org.apache.activemq.artemis.api.core.Message;
+import org.apache.activemq.artemis.api.core.QueueConfiguration;
+import org.apache.activemq.artemis.api.core.SimpleString;
+import org.apache.activemq.artemis.api.core.TransportConfiguration;
+import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
+import org.apache.activemq.artemis.api.core.client.ClientConsumer;
+import org.apache.activemq.artemis.api.core.client.ClientMessage;
+import org.apache.activemq.artemis.api.core.client.ClientProducer;
+import org.apache.activemq.artemis.api.core.client.ClientSession;
+import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
+import org.apache.activemq.artemis.api.core.client.ServerLocator;
+import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
+import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.ActiveMQServers;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
+import org.apache.activemq.artemis.tests.integration.security.SecurityTest;
+import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * See the tests/security-resources/build.sh script for details on the
security resources used.
+ */
+public class SslPEMTest extends ActiveMQTestBase {
+
+ static {
+ String path = System.getProperty("java.security.auth.login.config");
+ if (path == null) {
+ URL resource =
SecurityTest.class.getClassLoader().getResource("login.config");
+ if (resource != null) {
+ path = resource.getFile();
+ System.setProperty("java.security.auth.login.config", path);
+ }
+ }
+ }
+
+ private TransportConfiguration tc;
+ private SimpleString QUEUE;
+
+ @Test
+ public void testPemKeyAndTrustStore() throws Exception {
+
+ tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+ tc.getParams().put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEM");
+ tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME,
"client-key-cert.pem");
+ tc.getParams().put(TransportConstants.PORT_PROP_NAME, "61617");
+
+ ServerLocator producerLocator;
+ ClientSessionFactory producerSessionFactory;
+ ClientSession producerSession;
+
+ // first without trust store
+ try {
+ producerLocator =
addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+ producerSessionFactory = createSessionFactory(producerLocator);
+ producerSessionFactory.createSession(false, true, true);
+ } catch (ActiveMQNotConnectedException expected) {
+ }
Review Comment:
It is a format/wrapper issue, and testing the format/wrapping usage was the
point, which this doesnt do so much as just entirely omits its use and checks
the client side notices it wasnt even using the stuff which it should do almost
regardless of what the broker side does (even using the whole client and broker
to test this stuff is unnecessary, it could be unit tested without them).
Issue Time Tracking
-------------------
Worklog Id: (was: 894671)
Time Spent: 3.5h (was: 3h 20m)
> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
> Key: ARTEMIS-4528
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Configuration
> Affects Versions: 2.31.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.32.0
>
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at:
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key
> without a password as is the case with jsk or pkcs12
> <acceptor
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
