Using Encrypted Property Placeholders for ActiveMQ SSL passwords

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using Encrypted Property Placeholders for ActiveMQ SSL passwords

MillieretXavier
Hi all,

I use activeMq 5.12.3 inside Karaf 3.0.7

I try to encrypt the password inside the sslcontext into activemq.xml
I follow several links, like:
http://activemq.apache.org/encrypted-passwords.html
a the RedHat's solution:
https://access.redhat.com/solutions/742423 
https://issues.jboss.org/secure/attachment/12389089/KBArticle-742423-for-Dejan.pdf

Inside this article, we can see:

<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
    <property name="algorithm" value="PBEWithMD5AndDES" />
    <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
</bean>

<bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
    <property name="config" ref="environmentVariablesConfiguration" />
</bean>


<bean id="propertyConfigurer"
class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
    <constructor-arg ref="configurationEncryptor" />
    <property name="location"
value="file:${karaf.base}/etc/credentials-enc.properties"/>
    <property name="properties">
        <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/>
    </property>
</bean>

or

class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
    <constructor-arg ref="configurationEncryptor" />
    <property name="location"
value="file:${karaf.base}/etc/credentials-enc.properties"/>
    <property name="properties">
        <bean class="io.fabric8.mq.fabric.ConfigurationProperties"/>
    </property>
</bean>


But I don't see this class inside springs31 or activeMq repository, I try to
put these dependencies
<dependency>
    <groupId>io.fabric8.mq</groupId>
    <artifactId>mq-fabric</artifactId>
    <version>1.2.0.redhat-630310</version>
</dependency>
<dependency>
   <groupId>io.fabric8</groupId>
    <artifactId>fabric-api</artifactId>
   <version>1.2.0.redhat-630310</version>
</dependency>

but unfortunately, it's does not work, and without this
<property name="properties">
   <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/>
</property>

the password inside org.apache.activemq.spring.SpringSslContext class is not
decrypt. I put a break point inside, because no log are provided.

Here my credentials-enc.properties
......
mykeystore=${karaf.base}/etc/broker.ks
mytruststore=${karaf.base}/etc/client.ts
mypassword=password
........

So anybody has do this?

Thx for any help

Regards








--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Using Encrypted Property Placeholders for ActiveMQ SSL passwords

Tim Bain
I haven't done anything with SSL for ActiveMQ, but the setProperties()
method (
https://docs.spring.io/autorepo/docs/spring-framework/3.1.0.RELEASE/javadoc-api/org/springframework/core/io/support/PropertiesLoaderSupport.html#setProperties(java.util.Properties)
) accepts any subclass of java.util.Properties, so it might be possible to
just populate one by hand.

Tim

On Dec 6, 2017 12:30 AM, "MillieretXavier" <[hidden email]>
wrote:

> Hi all,
>
> I use activeMq 5.12.3 inside Karaf 3.0.7
>
> I try to encrypt the password inside the sslcontext into activemq.xml
> I follow several links, like:
> http://activemq.apache.org/encrypted-passwords.html
> a the RedHat's solution:
> https://access.redhat.com/solutions/742423
> https://issues.jboss.org/secure/attachment/12389089/
> KBArticle-742423-for-Dejan.pdf
>
> Inside this article, we can see:
>
> <bean id="environmentVariablesConfiguration"
> class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
>     <property name="algorithm" value="PBEWithMD5AndDES" />
>     <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD"
> />
> </bean>
>
> <bean id="configurationEncryptor"
> class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
>     <property name="config" ref="environmentVariablesConfiguration" />
> </bean>
>
>
> <bean id="propertyConfigurer"
> class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholder
> Configurer">
>     <constructor-arg ref="configurationEncryptor" />
>     <property name="location"
> value="file:${karaf.base}/etc/credentials-enc.properties"/>
>     <property name="properties">
>         <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/>
>     </property>
> </bean>
>
> or
>
> class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholder
> Configurer">
>     <constructor-arg ref="configurationEncryptor" />
>     <property name="location"
> value="file:${karaf.base}/etc/credentials-enc.properties"/>
>     <property name="properties">
>         <bean class="io.fabric8.mq.fabric.ConfigurationProperties"/>
>     </property>
> </bean>
>
>
> But I don't see this class inside springs31 or activeMq repository, I try
> to
> put these dependencies
> <dependency>
>     <groupId>io.fabric8.mq</groupId>
>     <artifactId>mq-fabric</artifactId>
>     <version>1.2.0.redhat-630310</version>
> </dependency>
> <dependency>
>    <groupId>io.fabric8</groupId>
>     <artifactId>fabric-api</artifactId>
>    <version>1.2.0.redhat-630310</version>
> </dependency>
>
> but unfortunately, it's does not work, and without this
> <property name="properties">
>    <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/>
> </property>
>
> the password inside org.apache.activemq.spring.SpringSslContext class is
> not
> decrypt. I put a break point inside, because no log are provided.
>
> Here my credentials-enc.properties
> ......
> mykeystore=${karaf.base}/etc/broker.ks
> mytruststore=${karaf.base}/etc/client.ts
> mypassword=password
> ........
>
> So anybody has do this?
>
> Thx for any help
>
> Regards
>
>
>
>
>
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>