You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2010/03/31 18:54:49 UTC
svn commit: r929618 - in /activemq/trunk/activemq-core/src:
main/java/org/apache/activemq/util/IntrospectionSupport.java
main/java/org/apache/activemq/util/StringArrayEditor.java
test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
Author: gtully
Date: Wed Mar 31 16:54:49 2010
New Revision: 929618
URL: http://svn.apache.org/viewvc?rev=929618&view=rev
Log:
resolve https://issues.apache.org/activemq/browse/AMQ-2384 - not exactly the patch but allowing the introspector to work, which is more generic with some tests, thanks phil for the impetus on this
Added:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java (with props)
Modified:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/IntrospectionSupport.java
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/IntrospectionSupport.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/IntrospectionSupport.java?rev=929618&r1=929617&r2=929618&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/IntrospectionSupport.java (original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/IntrospectionSupport.java Wed Mar 31 16:54:49 2010
@@ -30,6 +30,8 @@ import java.util.Map;
import java.util.Set;
import java.util.Map.Entry;
+import javax.net.ssl.SSLServerSocket;
+
import org.apache.activemq.command.ActiveMQDestination;
@@ -53,6 +55,7 @@ public final class IntrospectionSupport
newSearchPath, existingSearchPath.length,
additionalPath.length);
PropertyEditorManager.setEditorSearchPath(newSearchPath);
+ PropertyEditorManager.registerEditor(String[].class, StringArrayEditor.class);
}
}
@@ -179,6 +182,10 @@ public final class IntrospectionSupport
public static boolean setProperty(Object target, String name, Object value) {
try {
Class clazz = target.getClass();
+ if (target instanceof SSLServerSocket) {
+ // overcome illegal access issues with internal implementation class
+ clazz = SSLServerSocket.class;
+ }
Method setter = findSetterMethod(clazz, name);
if (setter == null) {
return false;
Added: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java?rev=929618&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java (added)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java Wed Mar 31 16:54:49 2010
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.util;
+
+import java.beans.PropertyEditorSupport;
+
+import org.springframework.util.StringUtils;
+
+
+public class StringArrayEditor extends PropertyEditorSupport {
+
+ public static final String DEFAULT_SEPARATOR = ",";
+
+ public String getAsText() {
+ return getValue().toString();
+ }
+
+
+ public void setAsText(String text) throws IllegalArgumentException {
+ String[] array = StringUtils.delimitedListToStringArray(text, ListEditor.DEFAULT_SEPARATOR, null);
+ setValue(array);
+ }
+
+}
+
Propchange: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/util/StringArrayEditor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java?rev=929618&r1=929617&r2=929618&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java (original)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java Wed Mar 31 16:54:49 2010
@@ -20,10 +20,16 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
+import java.net.SocketException;
+import java.net.UnknownHostException;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -33,11 +39,18 @@ import junit.textui.TestRunner;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.broker.SslBrokerService;
import org.apache.activemq.broker.SslContext;
+import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.transport.TransportBrokerTestSupport;
import org.apache.activemq.transport.TransportFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
public class SslBrokerServiceTest extends TransportBrokerTestSupport {
+ private static final Log LOG = LogFactory.getLog(SslBrokerServiceTest.class);
+ TransportConnector needClientAuthConnector;
+ TransportConnector limitedCipherSuites;
+
protected String getBindLocation() {
return "ssl://localhost:0";
}
@@ -50,6 +63,8 @@ public class SslBrokerServiceTest extend
KeyManager[] km = getKeyManager();
TrustManager[] tm = getTrustManager();
connector = service.addSslConnector(getBindLocation(), km, tm, null);
+ limitedCipherSuites = service.addSslConnector("ssl://localhost:0?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", km, tm, null);
+ needClientAuthConnector = service.addSslConnector("ssl://localhost:0?transport.needClientAuth=true", km, tm, null);
// for client side
SslTransportFactory sslFactory = new SslTransportFactory();
@@ -59,8 +74,53 @@ public class SslBrokerServiceTest extend
return service;
}
+
+ public void testNeedClientAuth() throws Exception {
+ SSLContext context = SSLContext.getInstance("TLS");
+ // no client cert
+ context.init(null, getTrustManager(), null);
+
+ try {
+ makeSSLConnection(context, null, needClientAuthConnector);
+ fail("expected failure on no client cert");
+ } catch (SSLException expected) {
+ expected.printStackTrace();
+ }
+ // should work with regular connector
+ makeSSLConnection(context, null, connector);
+ }
+ public void testCipherSuitesDisabled() throws Exception {
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(getKeyManager(), getTrustManager(), null);
+
+ // Enable only one cipher suite which is not enabled on the server
+ try {
+ makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_MD5" }, limitedCipherSuites);
+ fail("expected failure on non allowed cipher suite");
+ } catch (SSLException expectedOnNotAnAvailableSuite) {
+ }
+
+ // ok with the enabled one
+ makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_SHA" }, limitedCipherSuites);
+ }
+ private void makeSSLConnection(SSLContext context, String enabledSuites[], TransportConnector connector) throws Exception,
+ UnknownHostException, SocketException {
+ SSLSocket sslSocket = (SSLSocket) context.getSocketFactory().createSocket("localhost", connector.getUri().getPort());
+
+ if (enabledSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledSuites);
+ }
+ sslSocket.setSoTimeout(5000);
+
+ SSLSession session = sslSocket.getSession();
+ sslSocket.startHandshake();
+ LOG.info("cyphersuite: " + session.getCipherSuite());
+ LOG.info("peer port: " + session.getPeerPort());
+ LOG.info("peer cert: " + session.getPeerCertificateChain()[0].toString());
+ }
+
private TrustManager[] getTrustManager() throws Exception {
TrustManager[] trustStoreManagers = null;
KeyStore trustedCertStore = KeyStore.getInstance(SslTransportBrokerTest.KEYSTORE_TYPE);