Custom X509TrustManager pluggability

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Custom X509TrustManager pluggability

Modanese, Riccardo
Hello,

         I have some security (SSL stack and ACLs) related use cases that seem to be not implemented in Artemis code.

For example I need to plug a custom X509TrustManager on Artemis broker acceptors. After looking at the source code I think I found a way:

https://github.com/riccardomodanese/activemq-artemis/tree/sslConfigurableTrustManager

What do you think? I would like to contribute to the project, if the community sees a value on it.

Regards

Riccardo
Reply | Threaded
Open this post in threaded view
|

Re: Custom X509TrustManager pluggability

jbertram
I think this idea has merit, especially considering it's something that the
5.x code-base supports. There are lots of bits of pluggable functionality
in Artemis (e.g. metrics [1], security settings [2], etc.). This could
follow the same pattern where the plugin could be defined in broker.xml
with a list of key/value pairs (so the plugin could be configured easily).
Take a look at these [1] [2] for guidance. The related commits have all the
configuration changes, schema updates, tests, etc.


Justin

[1] org.apache.activemq.artemis.core.server.metrics.ActiveMQMetricsPlugin
[2] org.apache.activemq.artemis.core.server.SecuritySettingPlugin


On Mon, Oct 14, 2019 at 4:35 AM Modanese, Riccardo
<[hidden email]> wrote:

> Hello,
>
>          I have some security (SSL stack and ACLs) related use cases that
> seem to be not implemented in Artemis code.
>
> For example I need to plug a custom X509TrustManager on Artemis broker
> acceptors. After looking at the source code I think I found a way:
>
>
> https://github.com/riccardomodanese/activemq-artemis/tree/sslConfigurableTrustManager
>
> What do you think? I would like to contribute to the project, if the
> community sees a value on it.
>
> Regards
>
> Riccardo
>