You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2010/12/13 16:26:51 UTC

svn commit: r1045167 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/ apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/ apollo-transport/src/main/java/org/apache/activemq/apollo/tran...

Author: chirino
Date: Mon Dec 13 15:26:50 2010
New Revision: 1045167

URL: http://svn.apache.org/viewvc?rev=1045167&view=rev
Log:
renamed KeyManagerAware to KeyAndTrustAware since both keys and trust are typically needed by the transport to do client auth.  Enable client cert checking by default.

Added:
    activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java
      - copied, changed from r1044767, activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java
Removed:
    activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java
    activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/SSLContextAware.java
Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
    activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java
    activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala Mon Dec 13 15:26:50 2010
@@ -150,8 +150,13 @@ class Connector(val broker:Broker, val i
     transportServer.setDispatchQueue(dispatchQueue)
     transportServer.setAcceptListener(BrokerAcceptListener)
 
-    if( transportServer.isInstanceOf[KeyManagerAware] && broker.key_storage!=null ) {
-      transportServer.asInstanceOf[KeyManagerAware].setKeyManagers(broker.key_storage.create_key_managers)
+    if( transportServer.isInstanceOf[KeyAndTrustAware] ) {
+      if( broker.key_storage!=null ) {
+        transportServer.asInstanceOf[KeyAndTrustAware].setTrustManagers(broker.key_storage.create_trust_managers)
+        transportServer.asInstanceOf[KeyAndTrustAware].setKeyManagers(broker.key_storage.create_key_managers)
+      } else {
+        warn("You are using a transport the expects the broker's key storage to be configured.")
+      }
     }
     transportServer.start(^{
       info("Accepting connections at: "+config.bind)

Modified: activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java (original)
+++ activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransport.java Mon Dec 13 15:26:50 2010
@@ -1,6 +1,5 @@
 package org.apache.activemq.apollo.transport.tcp;
 
-import org.apache.activemq.apollo.transport.SSLContextAware;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -11,6 +10,9 @@ import java.nio.ByteBuffer;
 import java.nio.channels.ReadableByteChannel;
 import java.nio.channels.SocketChannel;
 import java.nio.channels.WritableByteChannel;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
@@ -23,7 +25,7 @@ import static javax.net.ssl.SSLEngineRes
  *
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
-public class SslTransport extends TcpTransport implements SSLContextAware {
+public class SslTransport extends TcpTransport {
 
     private static final Logger LOG = LoggerFactory.getLogger(TcpTransport.class);
     private SSLContext sslContext;
@@ -62,6 +64,28 @@ public class SslTransport extends TcpTra
         }
     }
 
+    public SSLSession getSSLSession() {
+        return engine==null ? null : engine.getSession();
+    }
+
+    public X509Certificate[] getPeerX509Certificates() {
+    	if( engine==null ) {
+            return null;
+        }
+        try {
+            ArrayList<X509Certificate> rc = new ArrayList<X509Certificate>();
+            for( Certificate c:engine.getSession().getPeerCertificates() ) {
+                if(c instanceof X509Certificate) {
+                    rc.add((X509Certificate) c);
+                }
+            }
+            return rc.toArray(new X509Certificate[rc.size()]);
+        } catch (SSLPeerUnverifiedException e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
+
     @Override
     protected void initializeCodec() {
         SSLChannel channel = new SSLChannel();
@@ -83,6 +107,7 @@ public class SslTransport extends TcpTra
         if (engine == null) {
             engine = sslContext.createSSLEngine();
             engine.setUseClientMode(false);
+            engine.setWantClientAuth(true);
         }
         SSLSession session = engine.getSession();
         readBuffer = ByteBuffer.allocateDirect(session.getPacketBufferSize());

Modified: activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java?rev=1045167&r1=1045166&r2=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java (original)
+++ activemq/activemq-apollo/trunk/apollo-tcp/src/main/java/org/apache/activemq/apollo/transport/tcp/SslTransportServer.java Mon Dec 13 15:26:50 2010
@@ -16,23 +16,21 @@
  */
 package org.apache.activemq.apollo.transport.tcp;
 
-import org.apache.activemq.apollo.transport.KeyManagerAware;
+import org.apache.activemq.apollo.transport.KeyAndTrustAware;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import java.io.IOException;
+import javax.net.ssl.TrustManager;
 import java.net.URI;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
 
 /**
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
 
-public class SslTransportServer extends TcpTransportServer implements KeyManagerAware {
+public class SslTransportServer extends TcpTransportServer implements KeyAndTrustAware {
 
     protected KeyManager[] keyManagers;
+    private TrustManager[] trustManagers;
     protected String protocol = "TLS";
     protected SSLContext sslContext;
 
@@ -43,11 +41,14 @@ public class SslTransportServer extends 
     public void setKeyManagers(KeyManager[] keyManagers) {
         this.keyManagers = keyManagers;
     }
+    public void setTrustManagers(TrustManager[] trustManagers) {
+        this.trustManagers = trustManagers;
+    }
 
     public void start(Runnable onCompleted) throws Exception {
         if( keyManagers!=null ) {
             sslContext = SSLContext.getInstance(protocol);
-            sslContext.init(keyManagers, null, null);
+            sslContext.init(keyManagers, trustManagers, null);
         } else {
             sslContext = SSLContext.getDefault();
         }

Copied: activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java (from r1044767, activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java)
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java?p2=activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java&p1=activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java&r1=1044767&r2=1045167&rev=1045167&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyManagerAware.java (original)
+++ activemq/activemq-apollo/trunk/apollo-transport/src/main/java/org/apache/activemq/apollo/transport/KeyAndTrustAware.java Mon Dec 13 15:26:50 2010
@@ -17,10 +17,15 @@
 package org.apache.activemq.apollo.transport;
 
 import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 
 /**
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
-public interface KeyManagerAware {
+public interface KeyAndTrustAware {
+
     void setKeyManagers(KeyManager[] manager);
+
+    void setTrustManagers(TrustManager[] trustManagers);
+
 }