You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2018/05/24 20:29:36 UTC
[21/33] activemq-artemis git commit: ARTEMIS-1853 Adding Netty
OpenSSL provider example
ARTEMIS-1853 Adding Netty OpenSSL provider example
Added an example to demonstrate how to configure and use openssl
Moved/Added netty-tcnative dependency to artemis-distribution
Changed artemis-jms-client-all pom to exclude io.netty from relocation
so that the native openssl can be loaded
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/7c53855c
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/7c53855c
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/7c53855c
Branch: refs/heads/2.6.x
Commit: 7c53855c11e15a856e4df7cb4cb494eb636ca203
Parents: d6d6851
Author: Howard Gao <ho...@gmail.com>
Authored: Wed May 23 22:34:01 2018 +0800
Committer: Clebert Suconic <cl...@apache.org>
Committed: Wed May 23 15:47:10 2018 -0400
----------------------------------------------------------------------
artemis-core-client/pom.xml | 5 +
artemis-distribution/src/main/assembly/dep.xml | 1 +
artemis-jms-client-all/pom.xml | 4 -
.../features/standard/netty-openssl/pom.xml | 124 +++++++++++++++++++
.../features/standard/netty-openssl/readme.md | 17 +++
.../artemis/jms/example/OpenSSLExample.java | 85 +++++++++++++
.../activemq/server0/activemq.example.keystore | Bin 0 -> 707 bytes
.../server0/activemq.example.truststore | Bin 0 -> 572 bytes
.../main/resources/activemq/server0/broker.xml | 60 +++++++++
.../src/main/resources/jndi.properties | 20 +++
pom.xml | 7 ++
tests/integration-tests/pom.xml | 6 -
12 files changed, 319 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-core-client/pom.xml
----------------------------------------------------------------------
diff --git a/artemis-core-client/pom.xml b/artemis-core-client/pom.xml
index 47b72e2..092b8c3 100644
--- a/artemis-core-client/pom.xml
+++ b/artemis-core-client/pom.xml
@@ -118,6 +118,11 @@
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ </dependency>
+
</dependencies>
<profiles>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-distribution/src/main/assembly/dep.xml
----------------------------------------------------------------------
diff --git a/artemis-distribution/src/main/assembly/dep.xml b/artemis-distribution/src/main/assembly/dep.xml
index 0987425..2f6999a 100644
--- a/artemis-distribution/src/main/assembly/dep.xml
+++ b/artemis-distribution/src/main/assembly/dep.xml
@@ -81,6 +81,7 @@
<include>org.jboss.logging:jboss-logging</include>
<include>org.jboss.slf4j:slf4j-jboss-logmanager</include>
<include>io.netty:netty-all</include>
+ <include>io.netty:netty-tcnative-boringssl-static</include>
<include>org.apache.qpid:proton-j</include>
<include>org.apache.activemq:activemq-client</include>
<include>org.slf4j:slf4j-api</include>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-jms-client-all/pom.xml
----------------------------------------------------------------------
diff --git a/artemis-jms-client-all/pom.xml b/artemis-jms-client-all/pom.xml
index 653ed31..0c6fa45 100644
--- a/artemis-jms-client-all/pom.xml
+++ b/artemis-jms-client-all/pom.xml
@@ -117,10 +117,6 @@
<shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern>
</relocation>
<relocation>
- <pattern>io.netty</pattern>
- <shadedPattern>org.apache.activemq.artemis.shaded.io.netty</shadedPattern>
- </relocation>
- <relocation>
<pattern>org.jboss</pattern>
<shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern>
</relocation>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/pom.xml
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/pom.xml b/examples/features/standard/netty-openssl/pom.xml
new file mode 100644
index 0000000..5f61a20
--- /dev/null
+++ b/examples/features/standard/netty-openssl/pom.xml
@@ -0,0 +1,124 @@
+<?xml version='1.0'?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.activemq.examples.broker</groupId>
+ <artifactId>jms-examples</artifactId>
+ <version>2.7.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>netty-openssl</artifactId>
+ <packaging>jar</packaging>
+ <name>ActiveMQ Artemis JMS Netty OpenSSL Example</name>
+
+ <properties>
+ <activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>artemis-jms-client-all</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>artemis-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>create</id>
+ <goals>
+ <goal>create</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ </configuration>
+ </execution>
+ <execution>
+ <id>start</id>
+ <goals>
+ <goal>cli</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ <spawn>true</spawn>
+ <testURI>tcp://localhost:61616</testURI>
+ <args>
+ <param>run</param>
+ </args>
+ </configuration>
+ </execution>
+ <execution>
+ <id>runClient</id>
+ <goals>
+ <goal>runClient</goal>
+ </goals>
+ <configuration>
+ <clientClass>org.apache.activemq.artemis.jms.example.OpenSSLExample</clientClass>
+ </configuration>
+ </execution>
+ <execution>
+ <id>stop</id>
+ <goals>
+ <goal>cli</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ <args>
+ <param>stop</param>
+ </args>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.activemq.examples.broker</groupId>
+ <artifactId>netty-openssl</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-clean-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+ <profiles>
+ <profile>
+ <id>release</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>com.vladsch.flexmark</groupId>
+ <artifactId>markdown-page-generator-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+</project>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/readme.md
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/readme.md b/examples/features/standard/netty-openssl/readme.md
new file mode 100644
index 0000000..2ccb693
--- /dev/null
+++ b/examples/features/standard/netty-openssl/readme.md
@@ -0,0 +1,17 @@
+# JMS OpenSSL Example
+
+To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually.
+
+This example shows you how to configure Netty OpenSSL with ActiveMQ Artemis to send and receive message.
+
+Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort.
+Beside using JDK's implementation, Artemis also supports using native OpenSSL provided by Netty.
+To secure your messaging application with Netty's OpenSSL, you need to configure connector and acceptor as follows:
+
+ <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
+
+In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands:
+
+* `keytool -genkey -keystore activemq.example.keystore -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA
+* `keytool -export -keystore activemq.example.keystore -file activemq-jks.cer -storepass secureexample
+* `keytool -import -keystore activemq.example.truststore -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java
new file mode 100644
index 0000000..0aaa1ba
--- /dev/null
+++ b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.jms.example;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+import javax.naming.InitialContext;
+
+/**
+ * A simple JMS Queue example that uses netty's OpenSSL secure transport.
+ */
+public class OpenSSLExample {
+
+ public static void main(final String[] args) throws Exception {
+ Connection connection = null;
+ InitialContext initialContext = null;
+ try {
+ // Step 1. Create an initial context to perform the JNDI lookup.
+ initialContext = new InitialContext();
+
+ // Step 2. Perfom a lookup on the queue
+ Queue queue = (Queue) initialContext.lookup("queue/exampleQueue");
+
+ // Step 3. Perform a lookup on the Connection Factory
+ ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
+
+ // Step 4.Create a JMS Connection
+ connection = cf.createConnection();
+
+ // Step 5. Create a JMS Session
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ // Step 6. Create a JMS Message Producer
+ MessageProducer producer = session.createProducer(queue);
+
+ // Step 7. Create a Text Message
+ TextMessage message = session.createTextMessage("This is a text message");
+
+ System.out.println("Sent message: " + message.getText());
+
+ // Step 8. Send the Message
+ producer.send(message);
+
+ // Step 9. Create a JMS Message Consumer
+ MessageConsumer messageConsumer = session.createConsumer(queue);
+
+ // Step 10. Start the Connection
+ connection.start();
+
+ // Step 11. Receive the message
+ TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000);
+
+ System.out.println("Received message: " + messageReceived.getText());
+
+ initialContext.close();
+ } finally {
+ // Step 12. Be sure to close our JMS resources!
+ if (initialContext != null) {
+ initialContext.close();
+ }
+ if (connection != null) {
+ connection.close();
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore
new file mode 100644
index 0000000..0a26208
Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore
new file mode 100644
index 0000000..3ef44dc
Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml
new file mode 100644
index 0000000..87d0147
--- /dev/null
+++ b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
+ <core xmlns="urn:activemq:core">
+
+ <bindings-directory>./data/messaging/bindings</bindings-directory>
+
+ <journal-directory>./data/messaging/journal</journal-directory>
+
+ <large-messages-directory>./data/messaging/largemessages</large-messages-directory>
+
+ <paging-directory>./data/messaging/paging</paging-directory>
+
+ <!-- Acceptors -->
+ <acceptors>
+ <!-- keystores will be found automatically if they are on the classpath -->
+ <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
+ <acceptor name="netty-tcp">tcp://localhost:61616</acceptor>
+ </acceptors>
+
+ <!-- Other config -->
+
+ <security-settings>
+ <!--security for example queue-->
+ <security-setting match="exampleQueue">
+ <permission roles="guest" type="createDurableQueue"/>
+ <permission roles="guest" type="deleteDurableQueue"/>
+ <permission roles="guest" type="createNonDurableQueue"/>
+ <permission roles="guest" type="deleteNonDurableQueue"/>
+ <permission roles="guest" type="consume"/>
+ <permission roles="guest" type="send"/>
+ </security-setting>
+ </security-settings>
+
+ <addresses>
+ <address name="exampleQueue">
+ <anycast>
+ <queue name="exampleQueue"/>
+ </anycast>
+ </address>
+ </addresses>
+ </core>
+</configuration>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/jndi.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/netty-openssl/src/main/resources/jndi.properties b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties
new file mode 100644
index 0000000..2358666
--- /dev/null
+++ b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
+connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&sslProvider=OPENSSL&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=secureexample
+queue.queue/exampleQueue=exampleQueue
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7249c2d..8c50610 100644
--- a/pom.xml
+++ b/pom.xml
@@ -92,6 +92,7 @@
<maven.assembly.plugin.version>2.4</maven.assembly.plugin.version>
<mockito.version>2.8.47</mockito.version>
<netty.version>4.1.24.Final</netty.version>
+ <netty.tcnative.version>2.0.7.Final</netty.tcnative.version>
<proton.version>0.27.1</proton.version>
<resteasy.version>3.0.19.Final</resteasy.version>
<slf4j.version>1.7.21</slf4j.version>
@@ -541,6 +542,12 @@
<!-- License: Apache 2.0 -->
</dependency>
<dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ <version>${netty.tcnative.version}</version>
+ <!-- License: Apache 2.0 -->
+ </dependency>
+ <dependency>
<groupId>org.apache.qpid</groupId>
<artifactId>proton-j</artifactId>
<version>${proton.version}</version>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/tests/integration-tests/pom.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml
index ad27864..d1c2b33 100644
--- a/tests/integration-tests/pom.xml
+++ b/tests/integration-tests/pom.xml
@@ -397,12 +397,6 @@
<artifactId>jgroups</artifactId>
</dependency>
- <!-- openSSL test -->
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-tcnative-boringssl-static</artifactId>
- <version>2.0.7.Final</version>
- </dependency>
</dependencies>
<build>