activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davy De Waele (JIRA)" <>
Subject [jira] [Created] (AMQ-5495) ActiveMQSslConnectionFactory should support different keystore and key passwords
Date Mon, 22 Dec 2014 13:20:13 GMT
Davy De Waele created AMQ-5495:

             Summary: ActiveMQSslConnectionFactory should support different keystore and key
                 Key: AMQ-5495
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Broker
    Affects Versions: 5.10.0
            Reporter: Davy De Waele

The current ActiveMQSslConnectionFactory allows us to specify

- trustStore
- trustStorePassword
- keyStore
- keyStorePassword

In case the passphrase of the key contained in the keystore is different from the password
of the keystore itself this connection factory cannot be used.

What we're missing is the following field

- keyStoreKeyPassword

In the ActiveMQ configuration such a setup is supported (via the SpringSslContext), however
for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is not.

Adding a keyStoreKeyPassword field and changing the createKeyManager slightly would fix this:

    protected KeyManager[] createKeyManager() throws Exception {
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore ks = KeyStore.getInstance("jks");
        KeyManager[] keystoreManagers = null;
        if (keyStore != null) {
            byte[] sslCert = loadClientCredential(keyStore);

            if (sslCert != null && sslCert.length > 0) {
                ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
                ks.load(bin, keyStorePassword.toCharArray());
                kmf.init(ks, keyStoreKeyPassword !=null ? keyStoreKeyPassword.toCharArray()
: keyStorePassword.toCharArray());
                keystoreManagers = kmf.getKeyManagers();
        return keystoreManagers;

This message was sent by Atlassian JIRA

View raw message