You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Sudip Shrestha (JIRA)" <ji...@apache.org> on 2008/05/28 22:24:00 UTC
[jira] Created: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
--------------------------------------------------------------------------------------------------------------------------------------------
Key: AMQ-1754
URL: https://issues.apache.org/activemq/browse/AMQ-1754
Project: ActiveMQ
Issue Type: Improvement
Components: Transport
Affects Versions: 5.1.0, 5.0.0, 4.1.2, 4.1.1, 4.1.0, 4.0.2, 4.0.1, 4.0
Environment: have tested with activemq-4.2.snapshot but should work with any version.
Reporter: Sudip Shrestha
Attachments: ActiveMQSslConnectionFactoryx.java
Steps to use this class:
- Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts
- Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43086#action_43086 ]
Sudip Shrestha commented on AMQ-1754:
-------------------------------------
A probably better solution would be to add the following constructor and methods to the existing org.apache.activemq.ActiveMQSslConnectionFactory class.
public ActiveMQSslConnectionFactory(String keyStore, String keyStorePassword, String trustStore, String trustStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
java.io.IOException, java.security.GeneralSecurityException
{
setKeyAndTrustManagers( getKeyManagers( keyStore,keyStorePassword ),
getTrustManagers( trustStore,trustStorePassword ),new java.security.SecureRandom() );
}
private TrustManager[] getTrustManagers(String trustStore, String trustStorePassword) throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.io.IOException, java.security.GeneralSecurityException
{
System.out.println( "Initiating TrustManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char [] tsp = null;
if( trustStorePassword!=null )
tsp = trustStorePassword.toCharArray();
ks.load( new FileInputStream( trustStore ), tsp );
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
System.out.println( "Initiated TrustManagers" );
return tmf.getTrustManagers();
}
private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.GeneralSecurityException,
java.security.cert.CertificateException, java.io.IOException, java.security.UnrecoverableKeyException
{
System.out.println( "Initiating KeyManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char []ksp = null;
if( keyStorePassword!=null )
ksp = keyStorePassword.toCharArray();
ks.load(new FileInputStream( keyStore ), ksp );
KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
kmf.init( ks, keyStorePassword.toCharArray());
System.out.println( "Initiated KeyManagers" );
return kmf.getKeyManagers();
}
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Rob Davies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rob Davies reassigned AMQ-1754:
-------------------------------
Assignee: Rob Davies
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Assignee: Rob Davies
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Felix Koschmieder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61368#action_61368 ]
Felix Koschmieder edited comment on AMQ-1754 at 8/24/10 10:00 AM:
------------------------------------------------------------------
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{quote}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
<property name="brokerURL" value="${jms.client.brokerUrl}"/>
<property name="userName" value="${jms.client.username}"/>
<property name="password" value="${jms.client.password}"/>
<property name="transportListener" ref="loggingAmqTransportListener"/>
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{quote}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
was (Author: fkoschmieder):
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{monospaced}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
<property name="brokerURL" value="${jms.client.brokerUrl}"/>
<property name="userName" value="${jms.client.username}"/>
<property name="password" value="${jms.client.password}"/>
<property name="transportListener" ref="loggingAmqTransportListener"/>
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{monospaced}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Fix For: NEEDS_REVIEWED
>
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sudip Shrestha updated AMQ-1754:
--------------------------------
Attachment: (was: ActiveMQSslConnectionFactoryx.java)
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43087#action_43087 ]
sshrestha edited comment on AMQ-1754 at 5/28/08 1:51 PM:
--------------------------------------------------------------
oops... here is the whole attachment for the above code.
pls look at attachment no. 1 (this is my second attachment).
was (Author: sshrestha):
oops... here is the whole attachment for the above code.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Felix Koschmieder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61368#action_61368 ]
Felix Koschmieder edited comment on AMQ-1754 at 8/24/10 10:16 AM:
------------------------------------------------------------------
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{quote}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
...
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{quote}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
Note that you don't need to override the method {{createServerSocketFactory()}} in a client context. I have tested this with ActiveMQ 5.3.0.
was (Author: fkoschmieder):
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{quote}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
...
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{quote}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Fix For: NEEDS_REVIEWED
>
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Felix Koschmieder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61368#action_61368 ]
Felix Koschmieder edited comment on AMQ-1754 at 8/24/10 10:01 AM:
------------------------------------------------------------------
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{quote}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
...
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{quote}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
was (Author: fkoschmieder):
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{quote}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
<property name="brokerURL" value="${jms.client.brokerUrl}"/>
<property name="userName" value="${jms.client.username}"/>
<property name="password" value="${jms.client.password}"/>
<property name="transportListener" ref="loggingAmqTransportListener"/>
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{quote}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Fix For: NEEDS_REVIEWED
>
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sudip Shrestha updated AMQ-1754:
--------------------------------
Attachment: (was: ActiveMQSslConnectionFactoryx.java)
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Gary Tully (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully reassigned AMQ-1754:
-------------------------------
Assignee: (was: Gary Tully)
won't get to this in the near future
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Fix For: 5.4.0
>
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43086#action_43086 ]
sshrestha edited comment on AMQ-1754 at 5/28/08 1:53 PM:
--------------------------------------------------------------
..
was (Author: sshrestha):
A probably better solution would be to add the following constructor and methods to the existing org.apache.activemq.ActiveMQSslConnectionFactory class.
public ActiveMQSslConnectionFactory(String keyStore, String keyStorePassword, String trustStore, String trustStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
java.io.IOException, java.security.GeneralSecurityException
{
setKeyAndTrustManagers( getKeyManagers( keyStore,keyStorePassword ),
getTrustManagers( trustStore,trustStorePassword ),new java.security.SecureRandom() );
}
private TrustManager[] getTrustManagers(String trustStore, String trustStorePassword) throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.io.IOException, java.security.GeneralSecurityException
{
System.out.println( "Initiating TrustManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char [] tsp = null;
if( trustStorePassword!=null )
tsp = trustStorePassword.toCharArray();
ks.load( new FileInputStream( trustStore ), tsp );
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
System.out.println( "Initiated TrustManagers" );
return tmf.getTrustManagers();
}
private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.GeneralSecurityException,
java.security.cert.CertificateException, java.io.IOException, java.security.UnrecoverableKeyException
{
System.out.println( "Initiating KeyManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char []ksp = null;
if( keyStorePassword!=null )
ksp = keyStorePassword.toCharArray();
ks.load(new FileInputStream( keyStore ), ksp );
KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
kmf.init( ks, keyStorePassword.toCharArray());
System.out.println( "Initiated KeyManagers" );
return kmf.getKeyManagers();
}
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43087#action_43087 ]
sshrestha edited comment on AMQ-1754 at 5/28/08 1:53 PM:
--------------------------------------------------------------
oops... here is the whole attachment for the above code.
pls look at attachment no. 1 (this is my second attachment).
added following to the existing org.apache.activemq.ActiveMQSslConnectionFactory class:
public ActiveMQSslConnectionFactory(String keyStore, String keyStorePassword, String trustStore, String trustStorePassword)
private TrustManager[] getTrustManagers(String trustStore, String trustStorePassword)
private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
was (Author: sshrestha):
oops... here is the whole attachment for the above code.
pls look at attachment no. 1 (this is my second attachment).
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43089#action_43089 ]
Sudip Shrestha commented on AMQ-1754:
-------------------------------------
Ok.. One thing I think I implied that it works with JNDI right away. But it does not. What I meant that it now enables me to create SSL connection to ActiveMq without having to set those System Properties. Looks like few works need to be done on ActiveMQInitialContextFactory before I am able to use JNDI.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sudip Shrestha updated AMQ-1754:
--------------------------------
Attachment: ActiveMQSslConnectionFactoryx.java
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Rob Davies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rob Davies reassigned AMQ-1754:
-------------------------------
Assignee: Gary Tully (was: Rob Davies)
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Assignee: Gary Tully
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sudip Shrestha updated AMQ-1754:
--------------------------------
Attachment: ActiveMQSslConnectionFactory.java
oops... here is the whole attachment for the above code.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Sudip Shrestha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sudip Shrestha updated AMQ-1754:
--------------------------------
Attachment: ActiveMQSslConnectionFactoryx.java
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
Posted by "Felix Koschmieder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Koschmieder updated AMQ-1754:
-----------------------------------
Attachment: ActiveMqSslTransportFactory.java
Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.
Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.
The attached class is ready to be used in a spring context as follows:
{monospaced}
<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
<property name="brokerURL" value="${jms.client.brokerUrl}"/>
<property name="userName" value="${jms.client.username}"/>
<property name="password" value="${jms.client.password}"/>
<property name="transportListener" ref="loggingAmqTransportListener"/>
</bean>
<bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
<property name="keyStore" value="classpath:keystore.ks"/>
<property name="keyStorePassword" value="keystorepwd"/>
<property name="trustStore" value="classpath:truststore.ts"/>
<property name="trustStorePassword" value="truststorepwd"/>
</bean>
{monospaced}
To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).
I have tested this with ActiveMQ 5.3.0.
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Fix For: NEEDS_REVIEWED
>
> Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.