在 ActiveMQ 连接中屏蔽密码 URL
Mask Password in ActiveMQ connection URL
我在 Spring 引导客户端上使用 JMS 通过 SSL 连接到 ActiveMQ Artemis 2.19.0 代理。
在 broker.xml 中,我使用 ENC(32c6f67da12342b0a7ad1702033aa81e6b2a760123f4360) 之类的掩码密码而不是纯文本,它工作正常。
我尝试在我的 ActiveMQ 连接 URL 中使用相同的掩码密码而不是纯文本,就像下面的代码一样,但它没有用。我正在使用此命令来屏蔽密码:
./artemis mask <plaintextPassword>
纯文本密码有效。
这是我配置连接工厂的代码:
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"(tcp://amq:61616)?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);
我得到的错误:
2021-10-27 13:10:15.243 WARN 17748 --- [-netty-threads)] io.netty.channel.ChannelInitializer : Failed to initialize a channel. Closing: [id: 0x07b0d96b]
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[na:na]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:224) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManagerFactory(SSLSupport.java:166) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManager(SSLSupport.java:195) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:99) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.loadJdkSslEngine(NettyConnector.java:624) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.access0(NettyConnector.java:124) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.initChannel(NettyConnector.java:532) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:964) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:610) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.access0(DefaultChannelPipeline.java:46) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1474) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1126) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:651) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:503) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.access0(AbstractChannel.java:416) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.run(AbstractChannel.java:475) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:416) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:331) ~[netty-transport-native-epoll-4.1.39.Final-linux-x86_64.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.run(SingleThreadEventExecutor.java:918) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.internal.ThreadExecutorMap.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory.run(ActiveMQThreadFactory.java:118) ~[artemis-commons-2.6.4.jar!/:2.6.4]
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 27 common frames omitted
是否有其他方法可以在连接中使用掩码密码而不是纯文本URL?
ActiveMQ Artemis 客户端不支持复合 URL 中的加密密码,如 (tcp://amq:61616)?,请参阅 ARTEMIS-3543。解决方法是避免碎片,即
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"tcp://amq:61616?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);
我在 Spring 引导客户端上使用 JMS 通过 SSL 连接到 ActiveMQ Artemis 2.19.0 代理。
在 broker.xml 中,我使用 ENC(32c6f67da12342b0a7ad1702033aa81e6b2a760123f4360) 之类的掩码密码而不是纯文本,它工作正常。
我尝试在我的 ActiveMQ 连接 URL 中使用相同的掩码密码而不是纯文本,就像下面的代码一样,但它没有用。我正在使用此命令来屏蔽密码:
./artemis mask <plaintextPassword>
纯文本密码有效。
这是我配置连接工厂的代码:
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"(tcp://amq:61616)?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);
我得到的错误:
2021-10-27 13:10:15.243 WARN 17748 --- [-netty-threads)] io.netty.channel.ChannelInitializer : Failed to initialize a channel. Closing: [id: 0x07b0d96b]
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[na:na]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:224) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManagerFactory(SSLSupport.java:166) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManager(SSLSupport.java:195) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:99) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.loadJdkSslEngine(NettyConnector.java:624) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.access0(NettyConnector.java:124) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.initChannel(NettyConnector.java:532) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:964) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:610) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.access0(DefaultChannelPipeline.java:46) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1474) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1126) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:651) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:503) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.access0(AbstractChannel.java:416) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.run(AbstractChannel.java:475) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:416) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:331) ~[netty-transport-native-epoll-4.1.39.Final-linux-x86_64.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.run(SingleThreadEventExecutor.java:918) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.internal.ThreadExecutorMap.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory.run(ActiveMQThreadFactory.java:118) ~[artemis-commons-2.6.4.jar!/:2.6.4]
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 27 common frames omitted
是否有其他方法可以在连接中使用掩码密码而不是纯文本URL?
ActiveMQ Artemis 客户端不支持复合 URL 中的加密密码,如 (tcp://amq:61616)?,请参阅 ARTEMIS-3543。解决方法是避免碎片,即
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"tcp://amq:61616?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);