apache · titimege83 · Feb 21, 2025
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java
@@ -16,15 +16,14 @@
  */
 package org.apache.qpid.jms.transports;
 
+import javax.net.ssl.SSLContext;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Supplier;
 
-import javax.net.ssl.SSLContext;
-
 /**
  * Encapsulates all the Transport options in one configuration object.
  */
@@ -77,8 +76,10 @@ public class TransportOptions implements Cloneable {
     private int sharedEventLoopThreads = DEFAULT_SHARED_EVENT_LOOP_THREADS;
 
     private String keyStoreLocation;
+    private String keyStoreBase64Property;
     private String keyStorePassword;
     private String trustStoreLocation;
+    private String trustStoreBase64Property;
     private String trustStorePassword;
     private String keyStoreType;
     private String trustStoreType;
@@ -323,6 +324,23 @@ public void setKeyStoreLocation(String keyStoreLocation) {
         this.keyStoreLocation = keyStoreLocation;
     }
 
+    /**
+     * @return the keyStoreBase64Property currently configured.
+     */
+    public String getKeyStoreBase64Property() {
+        return keyStoreBase64Property;
+    }
+
+    /**
+     * Sets the system property containing the base64 definition of the key store to use.
+     *
+     * @param keyStoreBase64Property
+     *        the keyStoreBase64Property to use to create the key manager.
+     */
+    public void setKeyStoreBase64Property(final String keyStoreBase64Property) {
+        this.keyStoreBase64Property = keyStoreBase64Property;
+    }
+
     /**
      * @return the keyStorePassword
      */
@@ -351,6 +369,23 @@ public void setTrustStoreLocation(String trustStoreLocation) {
         this.trustStoreLocation = trustStoreLocation;
     }
 
+    /**
+     * @return the trustStoreBase64Property
+     */
+    public String getTrustStoreBase64Property() {
+        return trustStoreBase64Property;
+    }
+
+    /**
+     * Sets the system property containing the base64 definition of the trust store to use.
+     *
+     * @param trustStoreBase64Property
+     *        the trustStoreBase64Property to set.
+     */
+    public void setTrustStoreBase64Property(final String trustStoreBase64Property) {
+        this.trustStoreBase64Property = trustStoreBase64Property;
+    }
+
     /**
      * @return the trustStorePassword
      */
@@ -581,8 +616,10 @@ protected TransportOptions copyOptions(TransportOptions copy) {
         copy.setUseEpoll(isUseEpoll());
         copy.setTraceBytes(isTraceBytes());
         copy.setKeyStoreLocation(getKeyStoreLocation());
+        copy.setKeyStoreBase64Property(getKeyStoreBase64Property());
         copy.setKeyStorePassword(getKeyStorePassword());
         copy.setTrustStoreLocation(getTrustStoreLocation());
+        copy.setTrustStoreBase64Property(getTrustStoreBase64Property());
         copy.setTrustStorePassword(getTrustStorePassword());
         copy.setKeyStoreType(getKeyStoreType());
         copy.setTrustStoreType(getTrustStoreType());

diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
@@ -16,16 +16,16 @@
  */
 package org.apache.qpid.jms.transports;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.net.URI;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.SecureRandom;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
+import io.netty.buffer.ByteBufAllocator;
+import io.netty.handler.ssl.OpenSsl;
+import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslHandler;
+import io.netty.handler.ssl.SslProvider;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -35,18 +35,17 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509ExtendedKeyManager;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import io.netty.buffer.ByteBufAllocator;
-import io.netty.handler.ssl.OpenSsl;
-import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
-import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
-import io.netty.handler.ssl.SslHandler;
-import io.netty.handler.ssl.SslProvider;
-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.net.URI;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
 
 /**
  * Static class that provides various utility methods used by Transport implementations.
@@ -341,39 +340,39 @@ private static TrustManagerFactory loadTrustManagerFactory(TransportOptions opti
             return InsecureTrustManagerFactory.INSTANCE;
         }
 
-        if (options.getTrustStoreLocation() == null) {
+        String storeLocation = options.getTrustStoreLocation();
+        String storeBase64Property = options.getTrustStoreBase64Property();
+        if (storeLocation == null && storeBase64Property == null) {
             return null;
+        } else if (storeLocation != null && storeBase64Property != null) {
+            throw new IllegalArgumentException("Only one of trustStoreLocation and trustStoreBase64Property should be defined");
         }
 
         TrustManagerFactory fact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
 
-        String storeLocation = options.getTrustStoreLocation();
         String storePassword = options.getTrustStorePassword();
         String storeType = options.getTrustStoreType();
-
-        LOG.trace("Attempt to load TrustStore from location {} of type {}", storeLocation, storeType);
-
-        KeyStore trustStore = loadStore(storeLocation, storePassword, storeType);
+        KeyStore trustStore = loadStore(storeLocation, storeBase64Property, storePassword, storeType);
         fact.init(trustStore);
 
         return fact;
     }
 
     private static KeyManager[] loadKeyManagers(TransportOptions options) throws Exception {
-        if (options.getKeyStoreLocation() == null) {
+        String storeLocation = options.getKeyStoreLocation();
+        String storeBase64Property = options.getKeyStoreBase64Property();
+        if (storeLocation == null && storeBase64Property == null) {
             return null;
+        } else if (storeLocation != null && storeBase64Property != null) {
+            throw new IllegalArgumentException("Only one of keyStoreLocation and keyStoreBase64Property should be defined");
         }
 
         KeyManagerFactory fact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
 
-        String storeLocation = options.getKeyStoreLocation();
         String storePassword = options.getKeyStorePassword();
         String storeType = options.getKeyStoreType();
         String alias = options.getKeyAlias();
-
-        LOG.trace("Attempt to load KeyStore from location {} of type {}", storeLocation, storeType);
-
-        KeyStore keyStore = loadStore(storeLocation, storePassword, storeType);
+        KeyStore keyStore = loadStore(storeLocation, storeBase64Property, storePassword, storeType);
         fact.init(keyStore, storePassword != null ? storePassword.toCharArray() : null);
 
         if (alias == null) {
@@ -385,8 +384,12 @@ private static KeyManager[] loadKeyManagers(TransportOptions options) throws Exc
     }
 
     private static KeyManagerFactory loadKeyManagerFactory(TransportOptions options, SslProvider provider) throws Exception {
-        if (options.getKeyStoreLocation() == null) {
+        String storeLocation = options.getKeyStoreLocation();
+        String storeBase64Property = options.getKeyStoreBase64Property();
+        if (storeLocation == null && storeBase64Property == null) {
             return null;
+        } else if (storeLocation != null && storeBase64Property != null) {
+            throw new IllegalArgumentException("Only one of keyStoreLocation and keyStoreBase64Property should be defined");
         }
 
         final KeyManagerFactory factory;
@@ -396,13 +399,9 @@ private static KeyManagerFactory loadKeyManagerFactory(TransportOptions options,
             factory = new OpenSslX509KeyManagerFactory();
         }
 
-        String storeLocation = options.getKeyStoreLocation();
         String storePassword = options.getKeyStorePassword();
         String storeType = options.getKeyStoreType();
-
-        LOG.trace("Attempt to load KeyStore from location {} of type {}", storeLocation, storeType);
-
-        KeyStore keyStore = loadStore(storeLocation, storePassword, storeType);
+        KeyStore keyStore = loadStore(storeLocation, storeBase64Property, storePassword, storeType);
         factory.init(keyStore, storePassword != null ? storePassword.toCharArray() : null);
 
         return factory;
@@ -432,12 +431,33 @@ private static void validateAlias(KeyStore store, String alias) throws IllegalAr
         }
     }
 
-    private static KeyStore loadStore(String storePath, final String password, String storeType) throws Exception {
+    private static KeyStore loadStore(final String storeLocation, final String storeBase64Property, final String password, String storeType) throws Exception {
+        KeyStore store;
+        if (storeLocation != null) {
+            LOG.trace("Attempt to load store from location {} of type {}", storeLocation, storeType);
+            store = loadStoreFromFile(storeLocation, password, storeType);
+        } else {
+            LOG.trace("Attempt to load store from system property {} of type {}", storeBase64Property, storeType);
+            store = loadStoreFromSystemProperty(storeBase64Property, password, storeType);
+        }
+        return store;
+    }
+
+    private static KeyStore loadStoreFromFile(final String storePath, final String password, final String storeType) throws Exception {
         KeyStore store = KeyStore.getInstance(storeType);
-        try (InputStream in = new FileInputStream(new File(storePath));) {
+        try (InputStream in = new FileInputStream(storePath)) {
             store.load(in, password != null ? password.toCharArray() : null);
         }
 
         return store;
     }
+
+    private static KeyStore loadStoreFromSystemProperty(final String property, final String password, final String storeType) throws Exception {
+        KeyStore store = KeyStore.getInstance(storeType);
+        String keyStoreBase64 = System.getProperty(property);
+        byte[] keyStoreBytes = Base64.getDecoder().decode(keyStoreBase64);
+        store.load(new ByteArrayInputStream(keyStoreBytes), password != null ? password.toCharArray() : null);
+
+        return store;
+    }
 }
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportOptionsTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportOptionsTest.java
@@ -16,22 +16,20 @@
  */
 package org.apache.qpid.jms.transports;
 
+import io.netty.handler.proxy.ProxyHandler;
+import org.apache.qpid.jms.test.QpidJmsTestCase;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import javax.net.ssl.SSLContext;
+import java.util.function.Supplier;
+
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.fail;
 
-import java.util.function.Supplier;
-
-import javax.net.ssl.SSLContext;
-
-import org.apache.qpid.jms.test.QpidJmsTestCase;
-import org.junit.jupiter.api.Test;
-import org.mockito.Mockito;
-
-import io.netty.handler.proxy.ProxyHandler;
-
 /**
  * Test for class TransportOptions
  */
@@ -54,7 +52,9 @@ public class TransportOptionsTest extends QpidJmsTestCase {
 
     private static final String PASSWORD = "password";
     private static final String CLIENT_KEYSTORE = "src/test/resources/client-jks.keystore";
+    private static final String CLIENT_KEYSTORE_BASE64_PROPERTY = "base64.keystore.property";
     private static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore";
+    private static final String CLIENT_TRUSTSTORE_BASE64_PROPERTY = "base64.truststore.property";
     private static final String KEYSTORE_TYPE = "jks";
     private static final String KEY_ALIAS = "myTestAlias";
     private static final String CONTEXT_PROTOCOL = "TLSv1.1";
@@ -93,8 +93,10 @@ public void testCreate() {
         assertNull(options.getDisabledCipherSuites());
 
         assertNull(options.getKeyStoreLocation());
+        assertNull(options.getKeyStoreBase64Property());
         assertNull(options.getKeyStorePassword());
         assertNull(options.getTrustStoreLocation());
+        assertNull(options.getTrustStoreBase64Property());
         assertNull(options.getTrustStorePassword());
         assertNull(options.getKeyAlias());
         assertNull(options.getSslContextOverride());
@@ -136,8 +138,10 @@ public void testClone() {
         assertEquals(TEST_USE_EPOLL_VALUE, options.isUseEpoll());
         assertEquals(TEST_TRACE_BYTES_VALUE, options.isTraceBytes());
         assertEquals(CLIENT_KEYSTORE, options.getKeyStoreLocation());
+        assertEquals(CLIENT_KEYSTORE_BASE64_PROPERTY, options.getKeyStoreBase64Property());
         assertEquals(PASSWORD, options.getKeyStorePassword());
         assertEquals(CLIENT_TRUSTSTORE, options.getTrustStoreLocation());
+        assertEquals(CLIENT_TRUSTSTORE_BASE64_PROPERTY, options.getTrustStoreBase64Property());
         assertEquals(PASSWORD, options.getTrustStorePassword());
         assertEquals(KEYSTORE_TYPE, options.getKeyStoreType());
         assertEquals(KEYSTORE_TYPE, options.getTrustStoreType());
@@ -221,8 +225,10 @@ public void testCreateAndConfigure() {
         assertEquals(TEST_CONNECT_TIMEOUT, options.getConnectTimeout());
 
         assertEquals(CLIENT_KEYSTORE, options.getKeyStoreLocation());
+        assertEquals(CLIENT_KEYSTORE_BASE64_PROPERTY, options.getKeyStoreBase64Property());
         assertEquals(PASSWORD, options.getKeyStorePassword());
         assertEquals(CLIENT_TRUSTSTORE, options.getTrustStoreLocation());
+        assertEquals(CLIENT_TRUSTSTORE_BASE64_PROPERTY, options.getTrustStoreBase64Property());
         assertEquals(PASSWORD, options.getTrustStorePassword());
         assertEquals(KEYSTORE_TYPE, options.getKeyStoreType());
         assertEquals(KEYSTORE_TYPE, options.getTrustStoreType());
@@ -240,7 +246,9 @@ private TransportOptions createSslOptions() {
         TransportOptions options = new TransportOptions();
 
         options.setKeyStoreLocation(CLIENT_KEYSTORE);
+        options.setKeyStoreBase64Property(CLIENT_KEYSTORE_BASE64_PROPERTY);
         options.setTrustStoreLocation(CLIENT_TRUSTSTORE);
+        options.setTrustStoreBase64Property(CLIENT_TRUSTSTORE_BASE64_PROPERTY);
         options.setKeyStorePassword(PASSWORD);
         options.setTrustStorePassword(PASSWORD);
         options.setStoreType(KEYSTORE_TYPE);
@@ -327,8 +335,10 @@ private TransportOptions createNonDefaultOptions() {
         options.setUseEpoll(TEST_USE_EPOLL_VALUE);
         options.setTraceBytes(TEST_TRACE_BYTES_VALUE);
         options.setKeyStoreLocation(CLIENT_KEYSTORE);
+        options.setKeyStoreBase64Property(CLIENT_KEYSTORE_BASE64_PROPERTY);
         options.setKeyStorePassword(PASSWORD);
         options.setTrustStoreLocation(CLIENT_TRUSTSTORE);
+        options.setTrustStoreBase64Property(CLIENT_TRUSTSTORE_BASE64_PROPERTY);
         options.setTrustStorePassword(PASSWORD);
         options.setKeyAlias(KEY_ALIAS);
         options.setContextProtocol(CONTEXT_PROTOCOL);