Plaintext passwords have to be specified on the JVM command line when using some SSL-enabled components on Fuse

Issue

This problem most often manifests when it is necessary to specify SSL properties to the JCE subsystem. For example, the JVM-wide location of the keystore containing trusted certificates is specified using the system property javax.net.ssl.trustStore, and the password for this keystore is javax.net.ssl.trustStorePassword.

It is always possible to specify system properties like this on the JVM command line, perhaps simply by editing the bin/fuse script and entering the necessary -D switches directly onto the JVM start-up command. However, many users find the use of plain-text passwords objectionable, and there is no doubt that they create an additional security concern. Even when security is not a consideration, properties specified this way can be hard to maintain, and many customers prefer to seek a way to set them programatically.

In principle, it is possible within any Fuse-based application to call system.setProperty() to set system properties. The problem lies in ensuring that this code gets executed before the subsystem that reads the environment variables. For the JCE SSL subsystem in particular, this is difficult, because this subsystem is intialized very early in the Karaf lifecycle -- in the Pax URL handlers, specifically -- and it would be difficult, if not impossible, to make a substantial application initialize earlier than these components.