You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ha...@apache.org on 2014/12/18 03:41:36 UTC
[06/17] activemq git commit:
https://issues.apache.org/jira/browse/AMQ-5295
https://issues.apache.org/jira/browse/AMQ-5295
HTTPS Network Connector doesn't work with Mutual authentication-
HTTPSClientTransport uses wrong SSLSocketFactory
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/dbe9bc12
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/dbe9bc12
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/dbe9bc12
Branch: refs/heads/activemq-5.10.x
Commit: dbe9bc12f5bfb7790a5f23d95e18babdff97403a
Parents: 5c3a2db
Author: Timothy Bish <ta...@gmail.com>
Authored: Wed Aug 13 12:44:25 2014 -0400
Committer: Hadrian Zbarcea <ha...@apache.org>
Committed: Wed Dec 17 19:36:19 2014 -0500
----------------------------------------------------------------------
.../transport/https/HttpsClientTransport.java | 76 ++++++++++++--------
1 file changed, 46 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/dbe9bc12/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
----------------------------------------------------------------------
diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java b/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
index b943f87..2e432fc 100755
--- a/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
+++ b/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
@@ -1,42 +1,40 @@
/**
-*
-* Licensed to the Apache Software Foundation (ASF) under one or more
-* contributor license agreements. See the NOTICE file distributed with
-* this work for additional information regarding copyright ownership.
-* The ASF licenses this file to You under the Apache License, Version 2.0
-* (the "License"); you may not use this file except in compliance with
-* the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.activemq.transport.https;
+import java.io.IOException;
+import java.net.URI;
+
+import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.http.HttpClientTransport;
import org.apache.activemq.transport.util.TextWireFormat;
+import org.apache.activemq.util.IOExceptionSupport;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.net.URI;
-import java.security.KeyStore;
public class HttpsClientTransport extends HttpClientTransport {
- public HttpsClientTransport(TextWireFormat wireFormat, URI remoteUrl) {
- super(wireFormat, remoteUrl);
- }
+ public HttpsClientTransport(TextWireFormat wireFormat, URI remoteUrl) {
+ super(wireFormat, remoteUrl);
+ }
@Override
protected ClientConnectionManager createClientConnectionManager() {
@@ -48,10 +46,7 @@ public class HttpsClientTransport extends HttpClientTransport {
SchemeRegistry schemeRegistry = new SchemeRegistry();
try {
- // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
- // javax.net.ssl.trustStore, etc, properties by default
- SSLSocketFactory sslSocketFactory =
- new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
+ SSLSocketFactory sslSocketFactory = new SSLSocketFactory(createSocketFactory(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
return schemeRegistry;
@@ -59,4 +54,25 @@ public class HttpsClientTransport extends HttpClientTransport {
throw new IllegalStateException("Failure trying to create scheme registry", e);
}
}
+
+ /**
+ * Creates a new SSL SocketFactory. The given factory will use user-provided
+ * key and trust managers (if the user provided them).
+ *
+ * @return Newly created (Ssl)SocketFactory.
+ * @throws IOException
+ */
+ protected javax.net.ssl.SSLSocketFactory createSocketFactory() throws IOException {
+ if (SslContext.getCurrentSslContext() != null) {
+ SslContext ctx = SslContext.getCurrentSslContext();
+ try {
+ return ctx.getSSLContext().getSocketFactory();
+ } catch (Exception e) {
+ throw IOExceptionSupport.create(e);
+ }
+ } else {
+ return (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
+ }
+
+ }
}