You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by akhettar <ay...@gmail.com> on 2015/11/09 16:04:32 UTC
JAAS Certificate Authentication Plug-In ssl connection issue
Hi
I have set up Jaas connection details following the example described here:
https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/ActiveMQ_Security_Guide/files/Auth-JAAS-CertAuthentPlugin.html
and I get the error below. Have I missed anything - see the set up below.
Your help is very much appreciated.
Regards,
Ayache
2015-11-09 14:43:28,782 | DEBUG | Reason:
javax.net.ssl.SSLHandshakeException: no cipher suites in common |
org.apache.activemq.broker.TransportConnector | ActiveMQ
BrokerService[localhost] Task-7
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_25]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)[:1.8.0_25]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)[:1.8.0_25]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:291)[:1.8.0_25]
at
sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1007)[:1.8.0_25]
at
sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:724)[:1.8.0_25]
at
sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213)[:1.8.0_25]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936)[:1.8.0_25]
at
sun.security.ssl.Handshaker.process_record(Handshaker.java:871)[:1.8.0_25]
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)[:1.8.0_25]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)[:1.8.0_25]
at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:909)[:1.8.0_25]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)[:1.8.0_25]
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:609)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:58)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:594)[activemq-client-5.12.0.jar:5.12.0]
at java.io.DataInputStream.readInt(DataInputStream.java:387)[:1.8.0_25]
at
org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:267)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:221)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:213)[activemq-client-5.12.0.jar:5.12.0]
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[activemq-client-5.12.0.jar:5.12.0]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_25]
Here is details of my set up
*amq/conf/login.conf
*
CertLogin {
org.apache.activemq.jaas.TextFileCertificateLoginModule required
debug=true
org.apache.activemq.jaas.textfiledn.user="users.properties"
org.apache.activemq.jaas.textfiledn.group="groups.properties";
};
*snippet from activemq.xml*
<transportConnectors>
<transportConnector name="openwire"
uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
* <transportConnector name="openwire-ssl"
uri="ssl://0.0.0.0:61618?transport.needClientAuth=true"/>*
<transportConnector name="amqp"
uri="amqp://0.0.0.0:5672?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp"
uri="stomp://0.0.0.0:61617?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt"
uri="mqtt://0.0.0.0:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws"
uri="ws://0.0.0.0:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
*users.properties*
system=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
guest=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
user=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
*groups.properties*
admins=system,admin
users=system,mhs
guests=guest
*client certificate print*
keytool -printcert -file client_cert
Owner: CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
Issuer: CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
Serial number: 72b92d98
Valid from: Mon Nov 09 14:02:24 GMT 2015 until: Sun Feb 07 14:02:24 GMT 2016
Certificate fingerprints:
MD5: BC:3C:54:2A:B0:1A:B3:34:4F:38:B3:18:7A:B2:25:FC
SHA1: 56:8B:AF:02:A8:1D:3B:B8:D4:03:B5:F6:63:D3:EC:FA:44:9E:0E:E2
SHA256:
38:19:28:8B:90:37:5A:25:D3:B7:9D:71:DF:93:F5:39:5B:D2:AF:40:64:ED:94:06:10:D4:10:9D:60:84:C5:D7
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F1 F5 18 A5 D3 3B CE 53 D7 31 67 76 53 10 6D DC .....;.S.1gvS.m.
0010: DF 5E F3 0F .^..
]
]
*server certificate print*
keytool -printcert -file broker_cert.cer
Owner: CN=ayache khettar, OU=inps, O=mhs, L=london, ST=london, C=UK
Issuer: CN=ayache khettar, OU=inps, O=mhs, L=london, ST=london, C=UK
Serial number: 22edab7a
Valid from: Mon Nov 09 14:00:13 GMT 2015 until: Sun Feb 07 14:00:13 GMT 2016
Certificate fingerprints:
MD5: F4:0F:E9:AF:9F:20:53:C8:95:4B:52:35:03:24:BA:69
SHA1: 0C:8E:7D:EA:35:0A:81:48:14:39:C9:F2:BE:0C:FD:4B:94:DD:0D:B4
SHA256:
69:C9:DF:D3:69:B0:71:F0:55:B1:62:93:D4:1D:85:49:82:F9:E6:0D:D4:B9:34:81:E3:90:0F:BC:63:4C:56:CC
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 3C 03 47 3D 7F CB 56 CC 2B 76 D7 3A 74 39 50 .<.G=..V.+v.:t9P
0010: 0C DC 3A 8F ..:.
]
]
*Java Client connection Test*
import org.apache.activemq.ActiveMQSslConnectionFactory;
import org.apache.activemq.command.ActiveMQTextMessage;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.*;
import javax.jms.*;
/**
* ThumbprintCertificateLoginModuleTest.java 09/11/2015 14:23 akhettar $$
* Copyright 2015 INPS.co.uk, L.P. All rights reserved. $$
*/
public class ThumbprintCertificateLoginModuleTest {
private Session session;
@Before
public void setUP() throws Exception{
String url = "ssl://localhost:61618"; // The broker URL
ActiveMQSslConnectionFactory connectionFactory = new
ActiveMQSslConnectionFactory(url);
//connectionFactory.setKeyStore("/Users/akhettar/workspaces/inps/messagebus/plugins/jaas/src/test/resources/CAClient.jks");
connectionFactory.setKeyStore("/Users/akhettar/activemq/conf/client.ks");
connectionFactory.setTrustStore("/Users/akhettar/activemq/conf/client.ts");
connectionFactory.setKeyStorePassword("password");
connectionFactory.setKeyStoreType("jks");
connectionFactory.setTrustStorePassword("password");
connectionFactory.setUserName("system");
connectionFactory.setPassword("system");
Connection connection = connectionFactory.createConnection();
connection.start();
session = connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
}
@Test
public void testTryPostMessageToQueue() throws Exception {
Destination destination = session.createQueue("test.queue");
MessageProducer producer = session.createProducer(destination);
MessageConsumer consumer = session.createConsumer(destination);
ActiveMQTextMessage message = new ActiveMQTextMessage();
message.setText("Hello world");
// fire message
producer.send(message);
// consume
ActiveMQTextMessage result = (ActiveMQTextMessage)
consumer.receive();
assertEquals("Hello world", result.toString());
}
}
--
View this message in context: http://activemq.2283324.n4.nabble.com/JAAS-Certificate-Authentication-Plug-In-ssl-connection-issue-tp4703777.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.