You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Sudip Shrestha (JIRA)" <ji...@apache.org> on 2008/05/28 22:46:00 UTC
[jira] Commented: (AMQ-1754)
org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate
client.ks/client.ts files to enable convenient use of JNDI via SSL.
[ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43086#action_43086 ]
Sudip Shrestha commented on AMQ-1754:
-------------------------------------
A probably better solution would be to add the following constructor and methods to the existing org.apache.activemq.ActiveMQSslConnectionFactory class.
public ActiveMQSslConnectionFactory(String keyStore, String keyStorePassword, String trustStore, String trustStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
java.io.IOException, java.security.GeneralSecurityException
{
setKeyAndTrustManagers( getKeyManagers( keyStore,keyStorePassword ),
getTrustManagers( trustStore,trustStorePassword ),new java.security.SecureRandom() );
}
private TrustManager[] getTrustManagers(String trustStore, String trustStorePassword) throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.io.IOException, java.security.GeneralSecurityException
{
System.out.println( "Initiating TrustManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char [] tsp = null;
if( trustStorePassword!=null )
tsp = trustStorePassword.toCharArray();
ks.load( new FileInputStream( trustStore ), tsp );
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
System.out.println( "Initiated TrustManagers" );
return tmf.getTrustManagers();
}
private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.GeneralSecurityException,
java.security.cert.CertificateException, java.io.IOException, java.security.UnrecoverableKeyException
{
System.out.println( "Initiating KeyManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
char []ksp = null;
if( keyStorePassword!=null )
ksp = keyStorePassword.toCharArray();
ks.load(new FileInputStream( keyStore ), ksp );
KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
kmf.init( ks, keyStorePassword.toCharArray());
System.out.println( "Initiated KeyManagers" );
return kmf.getKeyManagers();
}
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-1754
> URL: https://issues.apache.org/activemq/browse/AMQ-1754
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Transport
> Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
> Environment: have tested with activemq-4.2.snapshot but should work with any version.
> Reporter: Sudip Shrestha
> Attachments: ActiveMQSslConnectionFactoryx.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client. If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM:
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.