From 5269b1a89dd968916a3f343f7a41eab55486d5ec Mon Sep 17 00:00:00 2001
From: Gary Tully <gary.tully@gmail.com>
Date: Wed, 10 Jan 2024 12:19:20 +0000
Subject: [PATCH] ARTEMIS-4561 expose store type on web component tls binding
 config

---
 .../core/remoting/impl/ssl/SSLSupport.java    |  2 +-
 .../activemq/artemis/dto/BindingDTO.java      | 22 +++++++++++++++++
 artemis-web/pom.xml                           |  4 +++-
 .../artemis/component/WebServerComponent.java | 10 ++++++++
 .../cli/test/WebServerComponentTest.java      | 24 ++++++++++++++++++-
 pom.xml                                       |  2 +-
 .../web/WebServerDTOConfigTest.java           |  4 ++++
 7 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
index b6e09ed129..b2d710b926 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
@@ -353,7 +353,7 @@ public class SSLSupport {
       return ks;
    }
 
-   private static void checkPemProviderLoaded(String keystoreType) {
+   public static void checkPemProviderLoaded(String keystoreType) {
       if (keystoreType != null && keystoreType.startsWith("PEM")) {
          if (Security.getProvider("PEM") == null) {
             Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0")));
diff --git a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BindingDTO.java b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BindingDTO.java
index 601ecd5df2..261351a06f 100644
--- a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BindingDTO.java
+++ b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BindingDTO.java
@@ -48,9 +48,15 @@ public class BindingDTO {
    @XmlAttribute
    public String keyStorePath;
 
+   @XmlAttribute
+   public String keyStoreType;
+
    @XmlAttribute
    public String trustStorePath;
 
+   @XmlAttribute
+   public String trustStoreType;
+
    @XmlAttribute
    private String includedTLSProtocols;
 
@@ -171,6 +177,14 @@ public class BindingDTO {
       this.keyStorePath = keyStorePath;
    }
 
+   public String getKeyStoreType() {
+      return keyStoreType;
+   }
+
+   public void setKeyStoreType(String keyStoreType) {
+      this.keyStoreType = keyStoreType;
+   }
+
    public String getTrustStorePath() {
       return trustStorePath;
    }
@@ -179,6 +193,14 @@ public class BindingDTO {
       this.trustStorePath = trustStorePath;
    }
 
+   public String getTrustStoreType() {
+      return trustStoreType;
+   }
+
+   public void setTrustStoreType(String trustStoreType) {
+      this.trustStoreType = trustStoreType;
+   }
+
    public List<AppDTO> getApps() {
       return apps;
    }
diff --git a/artemis-web/pom.xml b/artemis-web/pom.xml
index b0606bb3dd..19597ff892 100644
--- a/artemis-web/pom.xml
+++ b/artemis-web/pom.xml
@@ -98,7 +98,6 @@
          <groupId>org.apache.activemq</groupId>
          <artifactId>artemis-core-client</artifactId>
          <version>${project.version}</version>
-         <scope>test</scope>
       </dependency>
       <dependency>
          <groupId>org.apache.activemq</groupId>
@@ -187,6 +186,9 @@
                            <directory>../tests/security-resources</directory>
                            <includes>
                               <include>server-keystore.p12</include>
+                              <include>server-cert.pem</include>
+                              <include>server-key.pem</include>
+                              <include>server-pem-props-config.txt</include>
                            </includes>
                         </resource>
                      </resources>
diff --git a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
index 45e8271957..79f4fcbec5 100644
--- a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
+++ b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
@@ -57,6 +57,8 @@ import org.eclipse.jetty.webapp.WebAppContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.checkPemProviderLoaded;
+
 public class WebServerComponent implements ExternalComponent, WebServerComponentMarker {
 
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
@@ -227,6 +229,10 @@ public class WebServerComponent implements ExternalComponent, WebServerComponent
       if ("https".equals(scheme)) {
          SslContextFactory.Server sslFactory = new SslContextFactory.Server();
          sslFactory.setKeyStorePath(binding.keyStorePath == null ? artemisInstance + "/etc/keystore.jks" : binding.keyStorePath);
+         if (binding.keyStoreType != null) {
+            sslFactory.setKeyStoreType(binding.keyStoreType);
+            checkPemProviderLoaded(binding.keyStoreType);
+         }
          sslFactory.setKeyStorePassword(binding.getKeyStorePassword() == null ? "password" : binding.getKeyStorePassword());
 
          if (binding.getIncludedTLSProtocols() != null) {
@@ -246,6 +252,10 @@ public class WebServerComponent implements ExternalComponent, WebServerComponent
             if (binding.clientAuth) {
                sslFactory.setTrustStorePath(binding.trustStorePath);
                sslFactory.setTrustStorePassword(binding.getTrustStorePassword());
+               if (binding.trustStoreType != null) {
+                  sslFactory.setTrustStoreType(binding.trustStoreType);
+                  checkPemProviderLoaded(binding.trustStoreType);
+               }
             }
          }
 
diff --git a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
index ccce43fee6..e43a204c80 100644
--- a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
+++ b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
@@ -107,6 +107,9 @@ public class WebServerComponentTest extends Assert {
    static final String SECURE_URL = System.getProperty("url", "https://localhost:8448/WebServerComponentTest.txt");
 
    static final String KEY_STORE_PATH = WebServerComponentTest.class.getClassLoader().getResource("server-keystore.p12").getFile();
+
+   static final String PEM_KEY_STORE_PATH = WebServerComponentTest.class.getClassLoader().getResource("server-pem-props-config.txt").getFile();
+
    static final String KEY_STORE_PASSWORD = "securepass";
 
    private List<ActiveMQComponent> testedComponents;
@@ -260,7 +263,6 @@ public class WebServerComponentTest extends Assert {
 
    private WebServerComponent startSimpleSecureServer(Boolean sniHostCheck, Boolean sniRequired) throws Exception {
       BindingDTO bindingDTO = new BindingDTO();
-      bindingDTO.setUri("https://localhost:0");
       bindingDTO.setKeyStorePath(KEY_STORE_PATH);
       bindingDTO.setKeyStorePassword(KEY_STORE_PASSWORD);
       if (sniHostCheck != null) {
@@ -269,6 +271,11 @@ public class WebServerComponentTest extends Assert {
       if (sniRequired != null) {
          bindingDTO.setSniRequired(sniRequired);
       }
+      return startSimpleSecureServer(bindingDTO);
+   }
+
+   private WebServerComponent startSimpleSecureServer(BindingDTO bindingDTO) throws Exception {
+      bindingDTO.setUri("https://localhost:0");
       if (System.getProperty("java.vendor").contains("IBM")) {
          //By default on IBM Java 8 JVM, org.eclipse.jetty.util.ssl.SslContextFactory doesn't include TLSv1.2
          // while it excludes all TLSv1 and TLSv1.1 cipher suites.
@@ -338,6 +345,21 @@ public class WebServerComponentTest extends Assert {
       Assert.assertFalse(webServerComponent.isStarted());
    }
 
+   @Test
+   public void testStoreTypeConfigAndProviderRegistration() throws Exception {
+
+      BindingDTO bindingDTO = new BindingDTO();
+      bindingDTO.setKeyStorePath(PEM_KEY_STORE_PATH);
+      bindingDTO.setKeyStoreType("PEMCFG");
+
+      WebServerComponent webServerComponent = startSimpleSecureServer(bindingDTO);
+      try {
+         int port = webServerComponent.getPort(0);
+         Assert.assertEquals(200, testSimpleSecureServer("localhost", port, null, null));
+      } finally {
+         webServerComponent.stop(true);
+      }
+   }
 
    @Test
    public void testSimpleSecureServerWithSniHostCheckEnabled() throws Exception {
diff --git a/pom.xml b/pom.xml
index e633e73fe3..2fdf999a3e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,13 +35,13 @@
       <module>artemis-dto</module>
       <module>artemis-cdi-client</module>
       <module>artemis-boot</module>
-      <module>artemis-web</module>
       <module>artemis-cli</module>
       <module>artemis-commons</module>
       <module>artemis-selector</module>
       <module>artemis-core-client</module>
       <module>artemis-core-client-all</module>
       <module>artemis-core-client-osgi</module>
+      <module>artemis-web</module>
       <module>artemis-server</module>
       <module>artemis-junit</module>
       <module>artemis-jms-client</module>
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java
index 079212a263..58b7291256 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java
@@ -92,6 +92,8 @@ public class WebServerDTOConfigTest {
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".passwordCodec", "test-passwordCodec");
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".keyStorePath", "test-keyStorePath");
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".trustStorePath", "test-trustStorePath");
+      properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".keyStoreType", "test-keyStoreType");
+      properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".trustStoreType", "test-trustStoreType");
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".includedTLSProtocols", "test-includedTLSProtocols,0");
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".excludedTLSProtocols", "test-excludedTLSProtocols,1");
       properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".includedCipherSuites", "test-includedCipherSuites,2");
@@ -111,6 +113,8 @@ public class WebServerDTOConfigTest {
       Assert.assertEquals("test-passwordCodec", testBinding.getPasswordCodec());
       Assert.assertEquals("test-keyStorePath", testBinding.getKeyStorePath());
       Assert.assertEquals("test-trustStorePath", testBinding.getTrustStorePath());
+      Assert.assertEquals("test-keyStoreType", testBinding.getKeyStoreType());
+      Assert.assertEquals("test-trustStoreType", testBinding.getTrustStoreType());
       Assert.assertEquals("test-includedTLSProtocols,0", String.join(",", testBinding.getIncludedTLSProtocols()));
       Assert.assertEquals("test-excludedTLSProtocols,1", String.join(",", testBinding.getExcludedTLSProtocols()));
       Assert.assertEquals("test-includedCipherSuites,2", String.join(",", testBinding.getIncludedCipherSuites()));