[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

Fri, 08 Dec 2023 04:36:06 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894698&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894698
 ]

ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Dec/23 12:35
            Start Date: 08/Dec/23 12:35
    Worklog Time Spent: 10m 
      Work Description: gtully commented on code in PR #4706:
URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420378266


##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java:
##########
@@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String 
keystoreProvider,
       return ks;
    }
 
+   private static void checkPemProviderLoaded(String keystoreType) {
+      if (keystoreType != null && keystoreType.startsWith("PEM")) {
+         if (Security.getProvider("PEM") == null) {
+            Security.insertProviderAt(new PemKeyStoreProvider(), 
Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10));
+         }
+      }
+   }

Review Comment:
   so you don't have to know the default. for me, i like to see it provided 
rather than have to peek under the hood to see. Don't have a strong opinion on 
this one.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 894698)
    Time Spent: 4h  (was: 3h 50m)

> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
>                 Key: ARTEMIS-4528
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.32.0
>
>          Time Spent: 4h
>  Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely 
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at: 
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key 
> without a password as is the case with jsk or pkcs12
> <acceptor 
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to