You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2010/12/13 16:26:51 UTC
svn commit: r1045167 - in /activemq/activemq-apollo/trunk:
apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/
apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/
apollo-transport/src/main/java/org/apache/activemq/apollo/tran...
Author: chirino
Date: Mon Dec 13 15:26:50 2010
New Revision: 1045167
URL: http://svn.apache.org/viewvc?rev=1045167&view=rev
Log:
renamed KeyManagerAware to KeyAndTrustAware since both keys and trust are typically needed by the transport to do client auth. Enable client cert checking by default.
Added:
activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java
- copied, changed from r1044767, activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java
Removed:
activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java
activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/SSLContextAware.java
Modified:
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java
activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java
Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala Mon Dec 13 15:26:50 2010
@@ -150,8 +150,13 @@ class Connector(val broker:Broker, val i
transportServer.setDispatchQueue(dispatchQueue)
transportServer.setAcceptListener(BrokerAcceptListener)
- if( transportServer.isInstanceOf[KeyManagerAware] && broker.key_storage!=null ) {
- transportServer.asInstanceOf[KeyManagerAware].setKeyManagers(broker.key_storage.create_key_managers)
+ if( transportServer.isInstanceOf[KeyAndTrustAware] ) {
+ if( broker.key_storage!=null ) {
+ transportServer.asInstanceOf[KeyAndTrustAware].setTrustManagers(broker.key_storage.create_trust_managers)
+ transportServer.asInstanceOf[KeyAndTrustAware].setKeyManagers(broker.key_storage.create_key_managers)
+ } else {
+ warn("You are using a transport the expects the broker's key storage to be configured.")
+ }
}
transportServer.start(^{
info("Accepting connections at: "+config.bind)
Modified: activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java (original)
+++ activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java Mon Dec 13 15:26:50 2010
@@ -1,6 +1,5 @@
package org.apache.activemq.apollo.transport.tcp;
-import org.apache.activemq.apollo.transport.SSLContextAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -11,6 +10,9 @@ import java.nio.ByteBuffer;
import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.WritableByteChannel;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
@@ -23,7 +25,7 @@ import static javax.net.ssl.SSLEngineRes
*
* @author <a href="http://hiramchirino.com">Hiram Chirino</a>
*/
-public class SslTransport extends TcpTransport implements SSLContextAware {
+public class SslTransport extends TcpTransport {
private static final Logger LOG = LoggerFactory.getLogger(TcpTransport.class);
private SSLContext sslContext;
@@ -62,6 +64,28 @@ public class SslTransport extends TcpTra
}
}
+ public SSLSession getSSLSession() {
+ return engine==null ? null : engine.getSession();
+ }
+
+ public X509Certificate[] getPeerX509Certificates() {
+ if( engine==null ) {
+ return null;
+ }
+ try {
+ ArrayList<X509Certificate> rc = new ArrayList<X509Certificate>();
+ for( Certificate c:engine.getSession().getPeerCertificates() ) {
+ if(c instanceof X509Certificate) {
+ rc.add((X509Certificate) c);
+ }
+ }
+ return rc.toArray(new X509Certificate[rc.size()]);
+ } catch (SSLPeerUnverifiedException e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
@Override
protected void initializeCodec() {
SSLChannel channel = new SSLChannel();
@@ -83,6 +107,7 @@ public class SslTransport extends TcpTra
if (engine == null) {
engine = sslContext.createSSLEngine();
engine.setUseClientMode(false);
+ engine.setWantClientAuth(true);
}
SSLSession session = engine.getSession();
readBuffer = ByteBuffer.allocateDirect(session.getPacketBufferSize());
Modified: activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java (original)
+++ activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java Mon Dec 13 15:26:50 2010
@@ -16,23 +16,21 @@
*/
package org.apache.activemq.apollo.transport.tcp;
-import org.apache.activemq.apollo.transport.KeyManagerAware;
+import org.apache.activemq.apollo.transport.KeyAndTrustAware;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import java.io.IOException;
+import javax.net.ssl.TrustManager;
import java.net.URI;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
/**
* @author <a href="http://hiramchirino.com">Hiram Chirino</a>
*/
-public class SslTransportServer extends TcpTransportServer implements KeyManagerAware {
+public class SslTransportServer extends TcpTransportServer implements KeyAndTrustAware {
protected KeyManager[] keyManagers;
+ private TrustManager[] trustManagers;
protected String protocol = "TLS";
protected SSLContext sslContext;
@@ -43,11 +41,14 @@ public class SslTransportServer extends
public void setKeyManagers(KeyManager[] keyManagers) {
this.keyManagers = keyManagers;
}
+ public void setTrustManagers(TrustManager[] trustManagers) {
+ this.trustManagers = trustManagers;
+ }
public void start(Runnable onCompleted) throws Exception {
if( keyManagers!=null ) {
sslContext = SSLContext.getInstance(protocol);
- sslContext.init(keyManagers, null, null);
+ sslContext.init(keyManagers, trustManagers, null);
} else {
sslContext = SSLContext.getDefault();
}
Copied: activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java (from r1044767, activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java)
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java?p2=activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java&p1=activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java&r1=1044767&r2=1045167&rev=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java (original)
+++ activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java Mon Dec 13 15:26:50 2010
@@ -17,10 +17,15 @@
package org.apache.activemq.apollo.transport;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
/**
* @author <a href="http://hiramchirino.com">Hiram Chirino</a>
*/
-public interface KeyManagerAware {
+public interface KeyAndTrustAware {
+
void setKeyManagers(KeyManager[] manager);
+
+ void setTrustManagers(TrustManager[] trustManagers);
+
}