You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2021/08/03 13:55:44 UTC
[activemq-artemis] branch main updated: ARTEMIS-3302 swap
deprecated X509Certificate
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 7a9de8e ARTEMIS-3302 swap deprecated X509Certificate
new 5ebaebd This closes #3671
7a9de8e is described below
commit 7a9de8eea3fc39ab9ee73b5f30cb6e6b9d79c87d
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Sun Jul 25 22:07:49 2021 -0500
ARTEMIS-3302 swap deprecated X509Certificate
Casting the result of getPeerCertificates() to X509Certificate[] mirrors
what is done in the ActiveMQ "Classic" code-base.
A few tests which were imported from ActiveMQ "Classic" to verify our
OpenWire implementation were removed as they relied on a "stub"
implementation of javax.net.ssl.SSLSession that never would have worked
across multiple JDKs once javax.security.cert.X509Certificate[] was
removed. Furthermore, the tests appeared to be related to the OpenWire
*client* and not relevant to our broker-side implementation.
---
.../activemq/artemis/utils/CertificateUtil.java | 4 +-
.../artemis/core/remoting/CertificateUtil.java | 2 +-
.../core/security/impl/SecurityStoreImpl.java | 2 +-
.../core/server/impl/ServerSessionImpl.java | 2 +-
.../core/security/ActiveMQSecurityManager2.java | 2 +-
.../core/security/jaas/CertificateCallback.java | 2 +-
.../core/security/jaas/CertificateLoginModule.java | 2 +-
.../jaas/ExternalCertificateLoginModule.java | 2 +-
.../jaas/TextFileCertificateLoginModule.java | 2 +-
.../security/jaas/StubCertificateLoginModule.java | 2 +-
.../core/security/jaas/StubX509Certificate.java | 12 +-
.../jaas/TextFileCertificateLoginModuleTest.java | 2 +-
.../transport/tcp/SslBrokerServiceTest.java | 2 +-
.../activemq/transport/tcp/SslSocketHelper.java | 44 ------
.../transport/tcp/SslTransportFactoryTest.java | 140 -------------------
.../activemq/transport/tcp/SslTransportTest.java | 98 -------------
.../activemq/transport/tcp/StubSSLSession.java | 153 ---------------------
.../activemq/transport/tcp/StubSSLSocket.java | 141 -------------------
.../tests/integration/security/SecurityTest.java | 2 +-
.../ssl/CoreClientOverTwoWaySSLTest.java | 2 +-
20 files changed, 26 insertions(+), 592 deletions(-)
diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java
index 1c16567..56a7ae9 100644
--- a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java
+++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java
@@ -18,7 +18,7 @@
package org.apache.activemq.artemis.utils;
import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
@@ -32,7 +32,7 @@ public class CertificateUtil {
if (channelHandler != null && channelHandler instanceof SslHandler) {
SslHandler sslHandler = (SslHandler) channelHandler;
try {
- certificates = sslHandler.engine().getSession().getPeerCertificateChain();
+ certificates = (X509Certificate[]) sslHandler.engine().getSession().getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// ignore
}
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/CertificateUtil.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/CertificateUtil.java
index e2ebad6..cc1da5b 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/CertificateUtil.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/CertificateUtil.java
@@ -24,7 +24,7 @@ import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.security.Principal;
public class CertificateUtil {
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
index 835647c..4d2c4bc 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
@@ -17,7 +17,7 @@
package org.apache.activemq.artemis.core.security.impl;
import javax.security.auth.Subject;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.concurrent.TimeUnit;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index eb072a3..8f7ed0e 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -18,7 +18,7 @@ package org.apache.activemq.artemis.core.server.impl;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import javax.transaction.xa.XAException;
import javax.transaction.xa.Xid;
import java.util.ArrayList;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
index fa340e0..560da4d 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
@@ -16,7 +16,7 @@
*/
package org.apache.activemq.artemis.spi.core.security;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.util.Set;
import org.apache.activemq.artemis.core.security.CheckType;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateCallback.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateCallback.java
index 5a2361a..630dd32 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateCallback.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateCallback.java
@@ -17,7 +17,7 @@
package org.apache.activemq.artemis.spi.core.security.jaas;
import javax.security.auth.callback.Callback;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
/**
* A Callback for SSL certificates.
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
index 7c1808b..98b063a 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
@@ -22,7 +22,7 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java
index 76c6d89..a796b9e 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java
@@ -21,7 +21,7 @@ import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java
index 2b0f45c..6a4735b 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java
@@ -19,7 +19,7 @@ package org.apache.activemq.artemis.spi.core.security.jaas;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java
index efae04b..48b3642 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java
@@ -17,7 +17,7 @@
package org.apache.activemq.artemis.core.security.jaas;
import javax.security.auth.login.LoginException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.util.Set;
import org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule;
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubX509Certificate.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubX509Certificate.java
index 9ccaae0..47269c6 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubX509Certificate.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubX509Certificate.java
@@ -16,7 +16,7 @@
*/
package org.apache.activemq.artemis.core.security.jaas;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PublicKey;
@@ -70,10 +70,12 @@ public class StubX509Certificate extends X509Certificate {
return null;
}
+ @Override
public byte[] getTBSCertificate() {
return null;
}
+ @Override
public byte[] getSignature() {
return null;
}
@@ -93,18 +95,22 @@ public class StubX509Certificate extends X509Certificate {
return null;
}
+ @Override
public boolean[] getIssuerUniqueID() {
return null;
}
+ @Override
public boolean[] getSubjectUniqueID() {
return null;
}
+ @Override
public boolean[] getKeyUsage() {
return null;
}
+ @Override
public int getBasicConstraints() {
return 0;
}
@@ -132,20 +138,24 @@ public class StubX509Certificate extends X509Certificate {
return null;
}
+ @Override
public boolean hasUnsupportedCriticalExtension() {
return false;
}
@SuppressWarnings("rawtypes")
+ @Override
public Set getCriticalExtensionOIDs() {
return null;
}
@SuppressWarnings("rawtypes")
+ @Override
public Set getNonCriticalExtensionOIDs() {
return null;
}
+ @Override
public byte[] getExtensionValue(String arg0) {
return null;
}
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java
index 957dace..ed9070b 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java
@@ -21,7 +21,7 @@ import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
index 8bcccd3..a403cde 100644
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
+++ b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
@@ -146,7 +146,7 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
sslSocket.startHandshake();
LOG.info("cyphersuite: " + session.getCipherSuite());
LOG.info("peer port: " + session.getPeerPort());
- LOG.info("peer cert: " + session.getPeerCertificateChain()[0].toString());
+ LOG.info("peer cert: " + session.getPeerCertificates()[0].toString());
}
public static TrustManager[] getTrustManager() throws Exception {
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslSocketHelper.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslSocketHelper.java
deleted file mode 100644
index 805306d..0000000
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslSocketHelper.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.activemq.transport.tcp;
-
-import javax.management.remote.JMXPrincipal;
-import javax.net.ssl.SSLSocket;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-
-/**
- *
- */
-public final class SslSocketHelper {
-
- private SslSocketHelper() {
- }
-
- public static SSLSocket createSSLSocket(String certDistinguishedName,
- boolean wantAuth,
- boolean needAuth) throws IOException {
- JMXPrincipal principal = new JMXPrincipal(certDistinguishedName);
- X509Certificate cert = new StubX509Certificate(principal);
- StubSSLSession sslSession = new StubSSLSession(cert);
-
- StubSSLSocket sslSocket = new StubSSLSocket(sslSession);
- sslSocket.setWantClientAuth(wantAuth);
- sslSocket.setNeedClientAuth(needAuth);
- return sslSocket;
- }
-}
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
deleted file mode 100644
index 32f5e75..0000000
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.activemq.transport.tcp;
-
-import java.io.IOException;
-import java.net.URI;
-import java.util.HashMap;
-import java.util.Map;
-
-import junit.framework.TestCase;
-
-import org.apache.activemq.openwire.OpenWireFormat;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SslTransportFactoryTest extends TestCase {
-
- private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactoryTest.class);
-
- private SslTransportFactory factory;
- private boolean verbose;
-
- @Override
- protected void setUp() throws Exception {
- factory = new SslTransportFactory();
- }
-
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- public void testBindServerOptions() throws IOException {
-
- SslTransportServer sslTransportServer = null;
-
- for (int i = 0; i < 4; ++i) {
- final boolean wantClientAuth = (i & 0x1) == 1;
- final boolean needClientAuth = (i & 0x2) == 2;
-
- String options = "wantClientAuth=" + (wantClientAuth ? "true" : "false") + "&needClientAuth=" + (needClientAuth ? "true" : "false");
-
- try {
- sslTransportServer = (SslTransportServer) factory.doBind(new URI("ssl://localhost:61616?" + options));
- } catch (Exception e) {
- fail("Unable to bind to address: " + e.getMessage());
- }
-
- assertEquals("Created ServerSocket did not have correct wantClientAuth status.", sslTransportServer.getWantClientAuth(), wantClientAuth);
-
- assertEquals("Created ServerSocket did not have correct needClientAuth status.", sslTransportServer.getNeedClientAuth(), needClientAuth);
-
- try {
- sslTransportServer.stop();
- } catch (Exception e) {
- fail("Unable to stop TransportServer: " + e.getMessage());
- }
- }
- }
-
- private int getMthNaryDigit(int number, int digitIdx, int numBase) {
- return (number / ((int) Math.pow(numBase, digitIdx))) % numBase;
- }
-
- public void testCompositeConfigure() throws IOException {
- // The 5 options being tested.
- int optionSettings[] = new int[5];
-
- String optionNames[] = {"wantClientAuth", "needClientAuth", "socket.wantClientAuth", "socket.needClientAuth", "socket.useClientMode"};
-
- // Using a trinary interpretation of i to set all possible values of
- // stub options for socket and transport.
- // 2 transport options, 3 socket options, 3 settings for each option =>
- // 3^5 = 243 combos.
- for (int i = 0; i < 243; ++i) {
- Map<String, String> options = new HashMap<>();
-
- for (int j = 0; j < 5; ++j) {
- // -1 since the option range is [-1,1], not [0,2].
- optionSettings[j] = getMthNaryDigit(i, j, 3) - 1;
-
- if (optionSettings[j] != -1) {
- options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false");
- }
- }
-
- StubSSLSocket socketStub = new StubSSLSocket(null);
- StubSslTransport transport = null;
-
- try {
- transport = new StubSslTransport(null, socketStub);
- } catch (Exception e) {
- fail("Unable to create StubSslTransport: " + e.getMessage());
- }
-
- if (verbose) {
- LOG.info("");
- LOG.info("Iteration: " + i);
- LOG.info("Map settings: " + options);
- for (int x = 0; x < optionSettings.length; x++) {
- LOG.info("optionSetting[" + x + "] = " + optionSettings[x]);
- }
- }
-
- factory.compositeConfigure(transport, new OpenWireFormat(), options);
-
- // lets start the transport to force the introspection
- try {
- transport.start();
- } catch (Exception e) {
- // ignore bad connection
- }
-
- if (socketStub.getWantClientAuthStatus() != optionSettings[2]) {
- LOG.info("sheiite");
- }
-
- assertEquals("wantClientAuth was not properly set for iteration: " + i, optionSettings[0], transport.getWantClientAuthStatus());
- assertEquals("needClientAuth was not properly set for iteration: " + i, optionSettings[1], transport.getNeedClientAuthStatus());
- assertEquals("socket.wantClientAuth was not properly set for iteration: " + i, optionSettings[2], socketStub.getWantClientAuthStatus());
- assertEquals("socket.needClientAuth was not properly set for iteration: " + i, optionSettings[3], socketStub.getNeedClientAuthStatus());
- assertEquals("socket.useClientMode was not properly set for iteration: " + i, optionSettings[4], socketStub.getUseClientModeStatus());
- }
- }
-}
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportTest.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportTest.java
deleted file mode 100644
index 6d6ddd9..0000000
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportTest.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.activemq.transport.tcp;
-
-import javax.management.remote.JMXPrincipal;
-import javax.net.ssl.SSLSocket;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-
-import junit.framework.TestCase;
-
-import org.apache.activemq.command.ConnectionInfo;
-import org.apache.activemq.transport.StubTransportListener;
-import org.apache.activemq.wireformat.ObjectStreamWireFormat;
-
-/**
- * Unit tests for the SslTransport class.
- */
-public class SslTransportTest extends TestCase {
-
- SSLSocket sslSocket;
- StubTransportListener stubListener;
-
- String username;
- String password;
- String certDistinguishedName;
-
- @Override
- protected void setUp() throws Exception {
- certDistinguishedName = "ThisNameIsDistinguished";
- username = "SomeUserName";
- password = "SomePassword";
- }
-
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- private void createTransportAndConsume(boolean wantAuth, boolean needAuth) throws IOException {
- JMXPrincipal principal = new JMXPrincipal(certDistinguishedName);
- X509Certificate cert = new StubX509Certificate(principal);
- StubSSLSession sslSession = new StubSSLSession(cert);
-
- sslSocket = new StubSSLSocket(sslSession);
- sslSocket.setWantClientAuth(wantAuth);
- sslSocket.setNeedClientAuth(needAuth);
-
- SslTransport transport = new SslTransport(new ObjectStreamWireFormat(), sslSocket);
-
- stubListener = new StubTransportListener();
-
- transport.setTransportListener(stubListener);
-
- ConnectionInfo sentInfo = new ConnectionInfo();
-
- sentInfo.setUserName(username);
- sentInfo.setPassword(password);
-
- transport.doConsume(sentInfo);
- }
-
- public void testKeepClientUserName() throws IOException {
- createTransportAndConsume(true, true);
-
- final ConnectionInfo receivedInfo = (ConnectionInfo) stubListener.getCommands().remove();
-
- X509Certificate receivedCert;
-
- try {
- receivedCert = ((X509Certificate[]) receivedInfo.getTransportContext())[0];
- } catch (Exception e) {
- receivedCert = null;
- }
-
- if (receivedCert == null) {
- fail("Transmitted certificate chain was not attached to ConnectionInfo.");
- }
-
- assertEquals("Received certificate distinguished name did not match the one transmitted.", certDistinguishedName, receivedCert.getSubjectDN().getName());
-
- }
-}
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSession.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSession.java
deleted file mode 100644
index d197e90..0000000
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSession.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.activemq.transport.tcp;
-
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSessionContext;
-import java.security.Principal;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-
-class StubSSLSession implements SSLSession {
-
- X509Certificate cert;
- boolean isVerified;
-
- public StubSSLSession(X509Certificate cert) {
- if (cert != null) {
- this.isVerified = true;
- this.cert = cert;
- } else {
- this.isVerified = false;
- this.cert = null;
- }
- }
-
- public void setIsVerified(boolean verified) {
- this.isVerified = verified;
- }
-
- @Override
- public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
- if (this.isVerified) {
- return new X509Certificate[]{this.cert};
- } else {
- throw new SSLPeerUnverifiedException("Socket is unverified.");
- }
- }
-
- // --- Stubbed methods ---
-
- @Override
- public byte[] getId() {
- return null;
- }
-
- @Override
- public SSLSessionContext getSessionContext() {
- return null;
- }
-
- @Override
- public long getCreationTime() {
- return 0;
- }
-
- @Override
- public long getLastAccessedTime() {
- return 0;
- }
-
- @Override
- public void invalidate() {
- }
-
- @Override
- public boolean isValid() {
- return false;
- }
-
- @Override
- public void putValue(String arg0, Object arg1) {
- }
-
- @Override
- public Object getValue(String arg0) {
- return null;
- }
-
- @Override
- public void removeValue(String arg0) {
- }
-
- @Override
- public String[] getValueNames() {
- return null;
- }
-
- @Override
- public Certificate[] getLocalCertificates() {
- return null;
- }
-
- @Override
- public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
- return null;
- }
-
- @Override
- public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
- return null;
- }
-
- @Override
- public Principal getLocalPrincipal() {
- return null;
- }
-
- @Override
- public String getCipherSuite() {
- return null;
- }
-
- @Override
- public String getProtocol() {
- return null;
- }
-
- @Override
- public String getPeerHost() {
- return null;
- }
-
- @Override
- public int getPeerPort() {
- return 0;
- }
-
- @Override
- public int getPacketBufferSize() {
- return 0;
- }
-
- @Override
- public int getApplicationBufferSize() {
- return 0;
- }
-}
diff --git a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSocket.java b/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSocket.java
deleted file mode 100644
index 48d44a1..0000000
--- a/tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSocket.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.activemq.transport.tcp;
-
-import javax.net.ssl.HandshakeCompletedListener;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import java.io.IOException;
-
-public class StubSSLSocket extends SSLSocket {
-
- public static final int UNTOUCHED = -1;
- public static final int FALSE = 0;
- public static final int TRUE = 1;
-
- private int wantClientAuthStatus = UNTOUCHED;
- private int needClientAuthStatus = UNTOUCHED;
- private int useClientModeStatus = UNTOUCHED;
- private final StubSSLSession session;
-
- public StubSSLSocket(StubSSLSession ses) {
- this.session = ses;
- }
-
- @Override
- public void setWantClientAuth(boolean arg0) {
- this.wantClientAuthStatus = arg0 ? TRUE : FALSE;
- }
-
- @Override
- public void setNeedClientAuth(boolean arg0) {
- this.needClientAuthStatus = arg0 ? TRUE : FALSE;
- if (session != null) {
- this.session.setIsVerified(arg0);
- }
- }
-
- @Override
- public void setUseClientMode(boolean arg0) {
- useClientModeStatus = arg0 ? TRUE : FALSE;
- }
-
- @Override
- public boolean getWantClientAuth() {
- return wantClientAuthStatus == TRUE;
- }
-
- @Override
- public boolean getNeedClientAuth() {
- return needClientAuthStatus == TRUE;
- }
-
- @Override
- public boolean getUseClientMode() {
- return useClientModeStatus == TRUE;
- }
-
- public int getWantClientAuthStatus() {
- return wantClientAuthStatus;
- }
-
- public int getNeedClientAuthStatus() {
- return needClientAuthStatus;
- }
-
- public int getUseClientModeStatus() {
- return useClientModeStatus;
- }
-
- @Override
- public SSLSession getSession() {
- return this.session;
- }
-
- // --- Stubbed methods ---
-
- @Override
- public String[] getSupportedCipherSuites() {
- return null;
- }
-
- @Override
- public String[] getEnabledCipherSuites() {
- return null;
- }
-
- @Override
- public void setEnabledCipherSuites(String[] arg0) {
- }
-
- @Override
- public String[] getSupportedProtocols() {
- return null;
- }
-
- @Override
- public String[] getEnabledProtocols() {
- return null;
- }
-
- @Override
- public void setEnabledProtocols(String[] arg0) {
- }
-
- @Override
- public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
- }
-
- @Override
- public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
- }
-
- @Override
- public void startHandshake() throws IOException {
- }
-
- @Override
- public void setEnableSessionCreation(boolean arg0) {
- }
-
- @Override
- public boolean getEnableSessionCreation() {
- return false;
- }
-
-}
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 9da281c..1da806d 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -23,7 +23,7 @@ import javax.jms.JMSSecurityException;
import javax.jms.MessageProducer;
import javax.jms.QueueBrowser;
import javax.jms.Session;
-import javax.security.cert.X509Certificate;
+import java.security.cert.X509Certificate;
import javax.transaction.xa.XAResource;
import javax.transaction.xa.Xid;
import java.lang.management.ManagementFactory;
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
index b4d45c1..ed78d72 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
@@ -205,7 +205,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl");
Assert.assertNotNull(sslHandler);
Assert.assertNotNull(sslHandler.engine().getSession());
- Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain());
+ Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificates());
}
} catch (SSLPeerUnverifiedException e) {
Assert.fail(e.getMessage());