java - ActiveMQ 连接 URL 中的掩码密码
问题描述
我在 Spring Boot 客户端上使用 JMS 通过 SSL 连接到 ActiveMQ Artemis 2.19.0 代理。
在broker.xml我使用掩码密码ENC(32c6f67da12342b0a7ad1702033aa81e6b2a760123f4360)而不是纯文本时,它工作正常。
我尝试在我的 ActiveMQ 连接 URL 中使用相同的掩码密码而不是纯文本,如下面的代码所示,但它不起作用。我正在使用此命令来屏蔽密码:
./artemis mask <plaintextPassword>
纯文本密码有效。
这是我配置连接工厂的代码:
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"(tcp://amq:61616)?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);
我得到的错误:
2021-10-27 13:10:15.243 WARN 17748 --- [-netty-threads)] io.netty.channel.ChannelInitializer : Failed to initialize a channel. Closing: [id: 0x07b0d96b]
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[na:na]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:224) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManagerFactory(SSLSupport.java:166) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadTrustManager(SSLSupport.java:195) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:99) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.loadJdkSslEngine(NettyConnector.java:624) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.access$500(NettyConnector.java:124) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector$1.initChannel(NettyConnector.java:532) ~[artemis-core-client-2.6.4.jar!/:2.6.4]
at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:964) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:610) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1474) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1126) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:651) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:503) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:416) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:475) ~[netty-transport-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:416) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:331) ~[netty-transport-native-epoll-4.1.39.Final-linux-x86_64.jar!/:4.1.39.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:918) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.39.Final.jar!/:4.1.39.Final]
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) ~[artemis-commons-2.6.4.jar!/:2.6.4]
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 27 common frames omitted
是否有其他方法可以在连接 URL 中使用掩码密码而不是纯文本?
解决方案
ActiveMQ Artemis 客户端不支持复合 url 中的加密密码(tcp://amq:61616)?,请参阅ARTEMIS-3543。解决方法是避免碎片,即
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(
"tcp://amq:61616?" +
"sslEnabled=true" +
"&trustStorePath=" + trustStorePath + "&trustStorePassword=ENC(397e3aeeddf27c9783a3ab920d83e24da5b7d710df3b405f)"
);
推荐阅读
- python - 如何在 Azure Redhat Linux VM 上更新 python?
- git - '-text' 或 'text eol=lf' 是否更适合 .gitattributes 中的 *.sh 文件?
- c++ - CRTP 共享指针的 C++ 向量
- python - 如何更改 read_csv 对空值的处理
- cassandra - DataStax DSBulk - 查询/表卸载之间的区别
- keras - keras中的多对多RNN - 预测每第n个输入的输出
- json - FlinkKafkaConsumer - Scala 消费 json 消息
- excel - VBA 和 OneNote。在另一个部分中移动页面:OneNote.UpdateContentPage 方法出错
- java - Spring Boot JspServlet 自动配置
- ios - 如何完全禁用 FirebaseAnalytics 或 Crashlytics