mirror of
https://github.com/apache/activemq-artemis.git
synced 2025-02-09 03:25:20 +00:00
044d6101e9
If an application wants to use a special key/truststore for Artemis but have the remainder of the application use the default Java store, the org.apache.activemq.ssl.keyStore needs to take precedence over Java's javax.net.ssl.keyStore. However, the current implementation takes the first non-null value from System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), keyStorePath So if the default Java property is set, no override is possible. Swap the order of the JAVAX_... and ACTIVEMQ_... property names so that the ActiveMQ ones come first (as a component-specific overrides), the standard Java ones comes second, and finally a local attribute value (through Stream.of(...).firstFirst()). (In our case the application uses the default Java truststore location at $JAVA_HOME/lib/security/jssecacerts, and only supplies its password in javax.net.ssl.trustStorePassword, and then uses a dedicated truststore for Artemis. Defining both org.apache.activemq.ssl.trustStore and org.apache.activemq.ssl.trustStorePassword now makes Artemis use the dedicated truststore (javax.net.ssl.trustStore is not set as we use the default location, so the second choice org.apache.activemq.ssl.trustStore applies), but with the Java default truststore password (first choice javax.net.ssl.trustStorePassword applies instead of the second choice because it is set for the default truststore). Obviously, this does not work unless both passwords are identical!)