RE: [EXTERNAL]:Artemis amqp-connection custom password-codec functionality

[Steigerwald, Aaron]

Hello again,

I resolved my issue. I looked at the code and ultimately found that 
activemq.passwordcodec can be added to the <broker-connections> 
<amqp-connection> URI. I then found it documented here, although it is a little 
unclear (at least to me)-

https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords.html#connectors-acceptors

It appears that the broker.xml custom <password-codec> value is only used in 
<connectors><connector> and <acceptors><acceptor> definitions. The 
activemq.passwordcodec URI parameter must be used when defining 
<broker-connections> <amqp-connection> URIs. For example:

<amqp-connection 
uri="tcp://my-host:${artemis.port.broker}?sslEnabled=true;keyStorePath=${artemis.broker.keyStore.uri};keyStorePassword=ENC(3a34fd21b82bf2a822fa49a8d8fa115d);trustStorePath=${artemis.broker.trustStore.uri};trustStorePassword=ENC(3a34fd21b82bf2a822fa49a8d8fa115d);verifyHost=false;activemq.passwordcodec=my.custom.codec"
 name="host1-to-host2-mirror">
    <mirror />
</amqp-connection>

Thanks,
Aaron

-----Original Message-----
From: Steigerwald, Aaron <asteigerw...@brandesassociates.com.INVALID> 
Sent: Monday, June 24, 2024 8:42 PM
To: users@activemq.apache.org
Subject: [EXTERNAL]:Artemis amqp-connection custom password-codec functionality

[CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.] ________________________________


Hello,

Is there any way a broker.xml's <broker-connections> <amqp-connection> uri 
attribute parameter value can use the custom <password-codec>? Or would this be 
considered a new feature?

For example, the following <amqp-connection> uri attribute's keyStorePassword 
parameter value works because the value was generated using "bin/artemis mask 
<password>":

<amqp-connection 
uri="tcp://my-host:${artemis.port.broker}?sslEnabled=true;keyStorePath=${artemis.broker.keyStore.uri};keyStorePassword=ENC(3a34fd21b82bf2a822fa49a8d8fa115d);trustStorePath=${artemis.broker.trustStore.uri};trustStorePassword=ENC(3a34fd21b82bf2a822fa49a8d8fa115d);verifyHost=false"
 name="host1-to-host2-mirror">
    <mirror />
</amqp-connection>

It will not work if <password-codec> is defined and the ENC(<value>) is 
compatible with it (see stack trace at the end of this e-mail). Note that my 
custom <password-codec> does work with <connectors><connector> and 
<acceptors><acceptor> encoded parameter values.

I am using Artemis 2.31.2.

Thank you,
Aaron

2024-06-24 22:42:11,562 ERROR [org.apache.activemq.artemis.core.server] 
AMQ224000: Failure in initialisation
java.lang.IllegalArgumentException: AMQ219057: Error decoding password
        at 
org.apache.activemq.artemis.utils.ConfigurationHelper.getPasswordProperty(ConfigurationHelper.java:187)
 ~[artemis-core-client-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.<init>(NettyConnector.java:410)
 ~[artemis-core-client-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnectorFactory.createConnector(NettyConnectorFactory.java:50)
 ~[artemis-core-client-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.protocol.amqp.connect.AMQPBrokerConnectionManager.start(AMQPBrokerConnectionManager.java:74)
 ~[artemis-amqp-protocol-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.startProtocolServices(ActiveMQServerImpl.java:3548)
 ~[artemis-server-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart2(ActiveMQServerImpl.java:3501)
 ~[artemis-server-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:78)
 [artemis-server-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:720)
 [artemis-server-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:610)
 [artemis-server-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.integration.FileBroker.start(FileBroker.java:66) 
[artemis-cli-2.31.2.jar:2.31.2]
        at org.apache.activemq.artemis.cli.commands.Run.execute(Run.java:130) 
[artemis-cli-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:219) 
[artemis-cli-2.31.2.jar:2.31.2]
        at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:165) 
[artemis-cli-2.31.2.jar:2.31.2]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
        at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:157) 
[artemis-boot.jar:2.31.2]
        at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:64) 
[artemis-boot.jar:2.31.2] Caused by: java.lang.IllegalArgumentException: 
Password must be encrypted.
        at 
org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec$BlowfishAlgorithm.decode(DefaultSensitiveStringCodec.java:176)
 ~[artemis-commons-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.decode(DefaultSensitiveStringCodec.java:66)
 ~[artemis-commons-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.decode(DefaultSensitiveStringCodec.java:52)
 ~[artemis-commons-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.utils.PasswordMaskingUtil.resolveMask(PasswordMaskingUtil.java:67)
 ~[artemis-commons-2.31.2.jar:2.31.2]
        at 
org.apache.activemq.artemis.utils.ConfigurationHelper.getPasswordProperty(ConfigurationHelper.java:185)
 ~[artemis-core-client-2.31.2.jar:2.31.2]
        ... 18 more

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org
For additional commands, e-mail: users-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact