You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ma...@apache.org on 2017/04/28 09:14:23 UTC
[2/2] activemq-artemis git commit: ARTEMIS-590 connector option to
use default SSL context
ARTEMIS-590 connector option to use default SSL context
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/7e0fedf5
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/7e0fedf5
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/7e0fedf5
Branch: refs/heads/master
Commit: 7e0fedf52e9d15f37ef85363dddc3fdf4c6925b1
Parents: 1e89bad
Author: Justin Bertram <jb...@apache.org>
Authored: Tue Apr 18 11:40:08 2017 -0500
Committer: Martyn Taylor <mt...@redhat.com>
Committed: Fri Apr 28 10:14:09 2017 +0100
----------------------------------------------------------------------
.../remoting/impl/netty/NettyConnector.java | 83 +++++++++++---------
.../remoting/impl/netty/TransportConstants.java | 5 ++
docs/user-manual/en/configuring-transports.md | 9 +++
.../ssl/CoreClientOverOneWaySSLTest.java | 27 +++++++
4 files changed, 87 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
index 15c048b..ebe97ec 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
@@ -206,6 +206,8 @@ public class NettyConnector extends AbstractConnector {
private boolean verifyHost;
+ private boolean useDefaultSslContext;
+
private boolean tcpNoDelay;
private int tcpSendBufferSize;
@@ -326,6 +328,8 @@ public class NettyConnector extends AbstractConnector {
enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration);
verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration);
+
+ useDefaultSslContext = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT, configuration);
} else {
keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
@@ -336,6 +340,7 @@ public class NettyConnector extends AbstractConnector {
enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES;
enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS;
verifyHost = TransportConstants.DEFAULT_VERIFY_HOST;
+ useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT;
}
tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, TransportConstants.DEFAULT_TCP_NODELAY, configuration);
@@ -440,47 +445,51 @@ public class NettyConnector extends AbstractConnector {
final SSLContext context;
if (sslEnabled) {
try {
- // HORNETQ-680 - override the server-side config if client-side system properties are set
- String realKeyStorePath = keyStorePath;
- String realKeyStoreProvider = keyStoreProvider;
- String realKeyStorePassword = keyStorePassword;
- if (System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME) != null) {
- realKeyStorePath = System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME);
- }
- if (System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME) != null) {
- realKeyStorePassword = System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME);
- }
+ if (useDefaultSslContext) {
+ context = SSLContext.getDefault();
+ } else {
+ // HORNETQ-680 - override the server-side config if client-side system properties are set
+ String realKeyStorePath = keyStorePath;
+ String realKeyStoreProvider = keyStoreProvider;
+ String realKeyStorePassword = keyStorePassword;
+ if (System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME) != null) {
+ realKeyStorePath = System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME);
+ }
+ if (System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME) != null) {
+ realKeyStorePassword = System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME);
+ }
- if (System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME) != null) {
- realKeyStoreProvider = System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME);
- }
- if (System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME) != null) {
- realKeyStorePath = System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME);
- }
- if (System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME) != null) {
- realKeyStorePassword = System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME);
- }
+ if (System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME) != null) {
+ realKeyStoreProvider = System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME);
+ }
+ if (System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME) != null) {
+ realKeyStorePath = System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME);
+ }
+ if (System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME) != null) {
+ realKeyStorePassword = System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME);
+ }
- String realTrustStorePath = trustStorePath;
- String realTrustStoreProvider = trustStoreProvider;
- String realTrustStorePassword = trustStorePassword;
- if (System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME) != null) {
- realTrustStorePath = System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME);
- }
- if (System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME) != null) {
- realTrustStorePassword = System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME);
- }
+ String realTrustStorePath = trustStorePath;
+ String realTrustStoreProvider = trustStoreProvider;
+ String realTrustStorePassword = trustStorePassword;
+ if (System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME) != null) {
+ realTrustStorePath = System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME);
+ }
+ if (System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME) != null) {
+ realTrustStorePassword = System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME);
+ }
- if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME) != null) {
- realTrustStoreProvider = System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME);
- }
- if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME) != null) {
- realTrustStorePath = System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME);
- }
- if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME) != null) {
- realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME);
+ if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME) != null) {
+ realTrustStoreProvider = System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME);
+ }
+ if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME) != null) {
+ realTrustStorePath = System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME);
+ }
+ if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME) != null) {
+ realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME);
+ }
+ context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
}
- context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
} catch (Exception e) {
close();
IllegalStateException ise = new IllegalStateException("Unable to create NettyConnector for " + host + ":" + port);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
index 69eaa94..428a3a0 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
@@ -101,6 +101,8 @@ public class TransportConstants {
public static final String BACKLOG_PROP_NAME = "backlog";
+ public static final String USE_DEFAULT_SSL_CONTEXT_PROP_NAME = "useDefaultSslContext";
+
public static final String NETTY_VERSION;
/**
@@ -181,6 +183,8 @@ public class TransportConstants {
public static final boolean DEFAULT_VERIFY_HOST = false;
+ public static final boolean DEFAULT_USE_DEFAULT_SSL_CONTEXT = false;
+
public static final boolean DEFAULT_TCP_NODELAY = true;
public static final int DEFAULT_TCP_SENDBUFFER_SIZE = 1024 * 1024;
@@ -321,6 +325,7 @@ public class TransportConstants {
allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropMaskPassword());
allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropPasswordCodec());
allowableConnectorKeys.add(TransportConstants.NETTY_CONNECT_TIMEOUT);
+ allowableConnectorKeys.add(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME);
ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/docs/user-manual/en/configuring-transports.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/configuring-transports.md b/docs/user-manual/en/configuring-transports.md
index d3adfef..ff8f534 100644
--- a/docs/user-manual/en/configuring-transports.md
+++ b/docs/user-manual/en/configuring-transports.md
@@ -416,6 +416,15 @@ following additional properties:
Valid values are `true` or `false`. Default is `false`.
+- `useDefaultSslContext`
+
+ Only valid on a `connector`. Allows the `connector` to use the "default" SSL
+ context (via `SSLContext.getDefault()`) which can be set programmatically by
+ the client (via `SSLContext.setDefault(SSLContext)`). If set to `true` all
+ other SSL related parameters except for `sslEnabled` are ignored.
+
+ Valid values are `true` or `false`. Default is `false`.
+
## Configuring Netty HTTP
Netty HTTP tunnels packets over the HTTP protocol. It can be useful in
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
index 141a6b8..e848339 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@@ -133,6 +133,33 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
}
@Test
+ public void testOneWaySSLUsingDefaultSslContext() throws Exception {
+ createCustomSslServer();
+ String text = RandomUtil.randomString();
+
+ tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+ tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
+
+ SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
+
+ ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+ ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
+ ClientSession session = addClientSession(sf.createSession(false, true, true));
+ session.createQueue(CoreClientOverOneWaySSLTest.QUEUE, CoreClientOverOneWaySSLTest.QUEUE, false);
+ ClientProducer producer = addClientProducer(session.createProducer(CoreClientOverOneWaySSLTest.QUEUE));
+
+ ClientMessage message = createTextMessage(session, text);
+ producer.send(message);
+
+ ClientConsumer consumer = addClientConsumer(session.createConsumer(CoreClientOverOneWaySSLTest.QUEUE));
+ session.start();
+
+ ClientMessage m = consumer.receive(1000);
+ Assert.assertNotNull(m);
+ Assert.assertEquals(text, m.getBodyBuffer().readString());
+ }
+
+ @Test
public void testOneWaySSLVerifyHost() throws Exception {
createCustomSslServer(null, null, true);
String text = RandomUtil.randomString();