search

ibm-messaging / mq-jms-spring

Components to assist MQ JMS integration with Spring frameworks
Apache License 2.0
186 stars 102 forks source link

TLS stores are incorrectly configured - uses jakarta.net.ssl.* properties instead of javax.net.ssl.* #91

Closed omarfi closed 1 year ago

omarfi commented 1 year ago

ibmmq-jms-spring version(s):
3.0.3 and 3.0.5 Java version (including vendor and platform): JDK 17 Zuul with Spring Boot 3

A small code sample that demonstrates the issue. I get an error trying to connect to my MQ-server using the following properties specified in application.yml:

ibm.mq.jks.key-store=file://c:/keystore.p12
ibm.mq.jks.trust-storefile://c:/truststore.p12
ibm.mq.jks.key-store-password=test

However, if I replace this configuration with the following command-line params, everything works:

-Djavax.net.ssl.keyStore=c:/keystore.jks
-Djavax.net.ssl.trustStore=c:/truststore.p12
-Djavax.net.ssl.keyStorePassword=test

Possible cause: com.ibm.mq.spring.boot.MQConnectionFactoryFactory#configureTLSStores seems to map MQConfigurationPropertiesJks to system properties with prefix jakarta.net.ssl.* and com.ibm.ssl.* instead of javax.net.ssl.* i.e.:

private static void configureTLSStores(MQConfigurationProperties props) {
        String[] prefixes = new String[]{"jakarta.net.ssl.", "com.ibm.ssl."};
        logger.trace("configuring TLS Store system properties");
        MQConfigurationPropertiesJks jksProperties = props.getJks();
        String[] var3 = prefixes;
        int var4 = prefixes.length;

        for(int var5 = 0; var5 < var4; ++var5) {
            String prefix = var3[var5];
            if (!isNullOrEmpty(jksProperties.getKeyStore())) {
                System.setProperty(prefix + "keyStore", jksProperties.getKeyStore());
            }

            if (!isNullOrEmpty(jksProperties.getKeyStorePassword())) {
                System.setProperty(prefix + "keyStorePassword", jksProperties.getKeyStorePassword());
            }

            if (!isNullOrEmpty(jksProperties.getTrustStore())) {
                System.setProperty(prefix + "trustStore", jksProperties.getTrustStore());
            }

            if (!isNullOrEmpty(jksProperties.getTrustStorePassword())) {
                System.setProperty(prefix + "trustStorePassword", jksProperties.getTrustStorePassword());
            }
        }

    }
ibmmqmet commented 1 year ago

Thanks for finding that. The script that automatically creates the jakarta variant from the base source code was a little too aggressive in its conversions. I'll fix it for the next update.