You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by de...@apache.org on 2009/11/02 17:39:09 UTC
svn commit: r831960 - in /activemq/branches/activemq-5.3/activemq-core/src:
main/java/org/apache/activemq/transport/stomp/
main/java/org/apache/activemq/transport/tcp/
test/java/org/apache/activemq/transport/stomp/ test/resources/
test/resources/org/ap...
Author: dejanb
Date: Mon Nov 2 16:39:08 2009
New Revision: 831960
URL: http://svn.apache.org/viewvc?rev=831960&view=rev
Log:
merging 825008: https://issues.apache.org/activemq/browse/AMQ-2449 Peer certificates not propagated when using stomp+ssl w/mutual authentication
Added:
activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
- copied unchanged from r825008, activemq/trunk/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-mutual-auth-broker.xml
- copied unchanged from r825008, activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-mutual-auth-broker.xml
Modified:
activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java
activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompTransportFilter.java
activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/SamplePojo.java
activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompNIOTest.java
activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java
activemq/branches/activemq-5.3/activemq-core/src/test/resources/login.config
activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties
activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/users.properties
activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-auth-broker.xml
Modified: activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java Mon Nov 2 16:39:08 2009
@@ -361,7 +361,11 @@
}
for (Iterator<StompSubscription> iter = subscriptionsByConsumerId.values().iterator(); iter.hasNext();) {
StompSubscription sub = iter.next();
- sub.onStompAbort(activemqTx);
+ try {
+ sub.onStompAbort(activemqTx);
+ } catch (Exception e) {
+ throw new ProtocolException("Transaction abort failed", false, e);
+ }
}
TransactionInfo tx = new TransactionInfo();
@@ -483,6 +487,7 @@
connectionInfo.setResponseRequired(true);
connectionInfo.setUserName(login);
connectionInfo.setPassword(passcode);
+ connectionInfo.setTransportContext(transportFilter.getPeerCertificates());
sendToActiveMQ(connectionInfo, new ResponseHandler() {
public void onResponse(ProtocolConverter converter, Response response) throws IOException {
Modified: activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompTransportFilter.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompTransportFilter.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompTransportFilter.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompTransportFilter.java Mon Nov 2 16:39:08 2009
@@ -17,13 +17,16 @@
package org.apache.activemq.transport.stomp;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import javax.jms.JMSException;
import org.apache.activemq.command.Command;
+
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportFilter;
import org.apache.activemq.transport.TransportListener;
+import org.apache.activemq.transport.tcp.SslTransport;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -64,6 +67,7 @@
if (trace) {
LOG.trace("Received: \n" + command);
}
+
protocolConverter.onStompCommand((StompFrame)command);
} catch (IOException e) {
onException(e);
@@ -93,6 +97,17 @@
return frameTranslator;
}
+ public X509Certificate[] getPeerCertificates() {
+ if(next instanceof SslTransport) {
+ X509Certificate[] peerCerts = ((SslTransport)next).getPeerCertificates();
+ if (trace && peerCerts != null) {
+ LOG.debug("Peer Identity has been verified\n");
+ }
+ return peerCerts;
+ }
+ return null;
+ }
+
public boolean isTrace() {
return trace;
}
Modified: activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java Mon Nov 2 16:39:08 2009
@@ -27,8 +27,8 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
-import org.apache.activemq.command.Command;
import org.apache.activemq.command.ConnectionInfo;
+
import org.apache.activemq.wireformat.WireFormat;
/**
@@ -86,23 +86,29 @@
// now.
if (command instanceof ConnectionInfo) {
ConnectionInfo connectionInfo = (ConnectionInfo)command;
-
- SSLSocket sslSocket = (SSLSocket)this.socket;
-
- SSLSession sslSession = sslSocket.getSession();
-
- X509Certificate[] clientCertChain;
- try {
- clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
- } catch (SSLPeerUnverifiedException e) {
- clientCertChain = null;
- }
-
- connectionInfo.setTransportContext(clientCertChain);
- }
-
+ connectionInfo.setTransportContext(getPeerCertificates());
+ }
super.doConsume(command);
}
+
+ /**
+ * @return peer certificate chain associated with the ssl socket
+ */
+ public X509Certificate[] getPeerCertificates() {
+
+ SSLSocket sslSocket = (SSLSocket)this.socket;
+
+ SSLSession sslSession = sslSocket.getSession();
+
+ X509Certificate[] clientCertChain;
+ try {
+ clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
+ } catch (SSLPeerUnverifiedException e) {
+ clientCertChain = null;
+ }
+
+ return clientCertChain;
+ }
/**
* @return pretty print of 'this'
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/SamplePojo.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/SamplePojo.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/SamplePojo.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/SamplePojo.java Mon Nov 2 16:39:08 2009
@@ -22,6 +22,8 @@
@XStreamAlias("pojo")
public class SamplePojo implements Serializable {
+ private static final long serialVersionUID = 9118938642100015088L;
+
@XStreamAlias("name")
private String name;
@XStreamAlias("city")
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompNIOTest.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompNIOTest.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompNIOTest.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompNIOTest.java Mon Nov 2 16:39:08 2009
@@ -16,12 +16,6 @@
*/
package org.apache.activemq.transport.stomp;
-import java.io.IOException;
-import java.net.Socket;
-import java.net.URI;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLSocketFactory;
/**
* @version $Revision: 732672 $
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java Mon Nov 2 16:39:08 2009
@@ -50,6 +50,8 @@
protected String bindAddress = "stomp://localhost:61613";
protected String confUri = "xbean:org/apache/activemq/transport/stomp/stomp-auth-broker.xml";
+ protected String jmsUri = "vm://localhost";
+
private BrokerService broker;
private StompConnection stompConnection = new StompConnection();
@@ -110,7 +112,7 @@
stompConnect();
- ActiveMQConnectionFactory cf = new ActiveMQConnectionFactory("vm://localhost");
+ ActiveMQConnectionFactory cf = new ActiveMQConnectionFactory(jmsUri);
connection = cf.createConnection("system", "manager");
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
queue = new ActiveMQQueue(getQueueName());
@@ -131,9 +133,14 @@
}
protected void tearDown() throws Exception {
- connection.close();
- stompDisconnect();
- broker.stop();
+ try {
+ connection.close();
+ stompDisconnect();
+ } catch(Exception e) {
+ // Some tests explicitly disconnect from stomp so can ignore
+ } finally {
+ broker.stop();
+ }
}
private void stompDisconnect() throws IOException {
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/resources/login.config
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/resources/login.config?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/resources/login.config (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/resources/login.config Mon Nov 2 16:39:08 2009
@@ -20,3 +20,12 @@
org.apache.activemq.jaas.properties.user="org/apache/activemq/security/users.properties"
org.apache.activemq.jaas.properties.group="org/apache/activemq/security/groups.properties";
};
+
+cert-login {
+ org.apache.activemq.jaas.TextFileCertificateLoginModule required
+ debug=true
+ org.apache.activemq.jaas.textfiledn.user="org/apache/activemq/security/users.properties"
+ org.apache.activemq.jaas.textfiledn.group="org/apache/activemq/security/groups.properties";
+
+};
+
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties Mon Nov 2 16:39:08 2009
@@ -15,7 +15,7 @@
## limitations under the License.
## ---------------------------------------------------------------------------
-admins=system
-tempDestinationAdmins=system,user
-users=system,user
+admins=system,sslclient
+tempDestinationAdmins=system,user,sslclient
+users=system,user,sslclient
guests=guest
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/users.properties
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/users.properties?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/users.properties (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/security/users.properties Mon Nov 2 16:39:08 2009
@@ -18,3 +18,4 @@
system=manager
user=password
guest=password
+sslclient=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US
\ No newline at end of file
Modified: activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-auth-broker.xml
URL: http://svn.apache.org/viewvc/activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-auth-broker.xml?rev=831960&r1=831959&r2=831960&view=diff
==============================================================================
--- activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-auth-broker.xml (original)
+++ activemq/branches/activemq-5.3/activemq-core/src/test/resources/org/apache/activemq/transport/stomp/sslstomp-auth-broker.xml Mon Nov 2 16:39:08 2009
@@ -25,7 +25,7 @@
<property name="annotatedClass"><value>org.apache.activemq.transport.stomp.SamplePojo</value></property>
</bean>
- <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
+ <broker start="false" useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
<transportConnectors>
<transportConnector name="stomp+ssl" uri="stomp+ssl://localhost:61612"/>
@@ -65,3 +65,4 @@
</broker>
</beans>
+