Major Description
The current ActiveMQSslConnectionFactory allows us to specify
- trustStore
- trustStorePassword
- keyStore
- keyStorePassword
In case the passphrase of the key contained in the keystore is different from the password of the keystore itself this connection factory cannot be used.
What we're missing is the following field
- keyStoreKeyPassword
In the ActiveMQ configuration such a setup is supported (via the SpringSslContext), however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is not.
Adding a keyStoreKeyPassword field and changing the createKeyManager slightly would fix this:
protected KeyManager[] createKeyManager() throws Exception {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("jks");
KeyManager[] keystoreManagers = null;
if (keyStore != null) {
byte[] sslCert = loadClientCredential(keyStore);
if (sslCert != null && sslCert.length > 0) {
ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
ks.load(bin, keyStorePassword.toCharArray());
kmf.init(ks, keyStoreKeyPassword !=null ? keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
keystoreManagers = kmf.getKeyManagers();
}
}
return keystoreManagers;
}