Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@activemq.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r831942 - in /activemq/trunk/activemq-core/src:
 main/java/org/apache/activemq/network/
 test/java/org/apache/activemq/security/ test/resources/
 test/resources/org/apache/activemq/security/
Date: Mon, 02 Nov 2009 16:20:19 -0000
To: commits@activemq.apache.org
From: dejanb@apache.org
Message-Id: <20091102162019.903D023888CF@eris.apache.org>

Author: dejanb
Date: Mon Nov  2 16:20:18 2009
New Revision: 831942

URL: http://svn.apache.org/viewvc?rev=831942&view=rev
Log:
https://issues.apache.org/activemq/browse/AMQ-2474 - jaas certificate authentication plugin and network of brokers

Added:
    activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts   (with props)
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties
Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java
    activemq/trunk/activemq-core/src/test/resources/login.config
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java (original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java Mon Nov  2 16:20:18 2009
@@ -18,6 +18,7 @@
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.List;
 import java.util.Properties;
@@ -70,7 +71,9 @@
 import org.apache.activemq.transport.ResponseCallback;
 import org.apache.activemq.transport.Transport;
 import org.apache.activemq.transport.TransportDisposedIOException;
+import org.apache.activemq.transport.TransportFilter;
 import org.apache.activemq.transport.TransportListener;
+import org.apache.activemq.transport.tcp.SslTransport;
 import org.apache.activemq.util.IdGenerator;
 import org.apache.activemq.util.IntrospectionSupport;
 import org.apache.activemq.util.LongSequenceGenerator;
@@ -285,6 +288,14 @@
                 localConnectionInfo.setClientId(localClientId);
                 localConnectionInfo.setUserName(configuration.getUserName());
                 localConnectionInfo.setPassword(configuration.getPassword());
+                Transport originalTransport = remoteBroker;
+                while (originalTransport instanceof TransportFilter) {
+                    originalTransport = ((TransportFilter)originalTransport).getNext();
+                }
+                if (originalTransport instanceof SslTransport) {
+                    X509Certificate[] peerCerts = ((SslTransport)originalTransport).getPeerCertificates();
+                    localConnectionInfo.setTransportContext(peerCerts);
+                }
                 localBroker.oneway(localConnectionInfo);
 
                 localSessionInfo = new SessionInfo(localConnectionInfo, 1);

Added: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java (added)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java Mon Nov  2 16:20:18 2009
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import java.net.URI;
+
+import javax.jms.Connection;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+
+import junit.framework.TestCase;
+
+import org.apache.activemq.ActiveMQConnectionFactory;
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.command.ActiveMQQueue;
+
+public class JaasNetworkTest extends TestCase {
+    
+    BrokerService broker1;
+    BrokerService broker2;
+    
+    public void setUp() throws Exception {
+        System.setProperty("java.security.auth.login.config", "src/test/resources/login.config");
+        broker1 = BrokerFactory.createBroker(new URI("xbean:org/apache/activemq/security/broker1.xml"));
+        broker2 = BrokerFactory.createBroker(new URI("xbean:org/apache/activemq/security/broker2.xml"));
+        broker1.waitUntilStarted();
+        broker2.waitUntilStarted();
+        Thread.sleep(2000);
+    }
+    
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        broker1.stop();
+        broker1.waitUntilStopped();
+        broker2.stop();
+        broker2.waitUntilStopped();
+    }
+
+
+
+    public void testNetwork() throws Exception {
+        
+        System.setProperty("javax.net.ssl.trustStore", "src/test/resources/org/apache/activemq/security/client.ts");
+        System.setProperty("javax.net.ssl.trustStorePassword", "password");
+        System.setProperty("javax.net.ssl.trustStoreType", "jks");
+        System.setProperty("javax.net.ssl.keyStore", "src/test/resources/org/apache/activemq/security/client.ks");
+        System.setProperty("javax.net.ssl.keyStorePassword", "password");
+        System.setProperty("javax.net.ssl.keyStoreType", "jks");  
+        
+        ActiveMQConnectionFactory producerFactory  = new ActiveMQConnectionFactory("ssl://localhost:61617");
+        Connection producerConn = producerFactory.createConnection();
+        Session producerSess = producerConn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+        MessageProducer producer = producerSess.createProducer(new ActiveMQQueue("test"));
+        producerConn.start();
+        TextMessage sentMessage = producerSess.createTextMessage("test");
+        producer.send(sentMessage);
+        
+        ActiveMQConnectionFactory consumerFactory  = new ActiveMQConnectionFactory("ssl://localhost:61618");
+        Connection consumerConn = consumerFactory.createConnection();
+        Session consumerSess = consumerConn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+        consumerConn.start();
+        MessageConsumer consumer = consumerSess.createConsumer(new ActiveMQQueue("test"));
+        TextMessage receivedMessage = (TextMessage)consumer.receive(100);
+        assertEquals(sentMessage, receivedMessage);
+
+    }
+    
+}

Modified: activemq/trunk/activemq-core/src/test/resources/login.config
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/login.config?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/login.config (original)
+++ activemq/trunk/activemq-core/src/test/resources/login.config Mon Nov  2 16:20:18 2009
@@ -29,3 +29,16 @@
 
 };
 
+broker1 {
+    org.apache.activemq.jaas.TextFileCertificateLoginModule required
+        debug=true
+        org.apache.activemq.jaas.textfiledn.user="org/apache/activemq/security/users1.properties"
+        org.apache.activemq.jaas.textfiledn.group="org/apache/activemq/security/groups.properties";
+};
+
+broker2 {
+    org.apache.activemq.jaas.TextFileCertificateLoginModule required
+        debug=true
+        org.apache.activemq.jaas.textfiledn.user="org/apache/activemq/security/users2.properties"
+        org.apache.activemq.jaas.textfiledn.group="org/apache/activemq/security/groups.properties";
+};
\ No newline at end of file

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml Mon Nov  2 16:20:18 2009
@@ -0,0 +1,71 @@
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+   
+    http://www.apache.org/licenses/LICENSE-2.0
+   
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<!-- START SNIPPET: example -->
+<beans
+  xmlns="http://www.springframework.org/schema/beans"
+  xmlns:amq="http://activemq.apache.org/schema/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+  
+  <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" useJmx="false" persistent="false">
+
+    <sslContext>
+        <sslContext keyStore="org/apache/activemq/security/broker1.ks"
+                    keyStorePassword="password"
+                    trustStore="org/apache/activemq/security/broker1.ts"
+                    trustStorePassword="password"/>
+    </sslContext>
+
+  
+    <!-- The transport connectors ActiveMQ will listen to -->
+    <transportConnectors>
+       <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?transport.closeAsync=false&amp;wantClientAuth=true&amp;needClientAuth=true"/>
+    </transportConnectors>
+
+    <networkConnectors>
+      <networkConnector uri="static://(ssl://localhost:61618)"
+         name="tobackbone"
+         duplex="true"
+         prefetchSize="1"
+         networkTTL="10">
+   </networkConnector>
+    </networkConnectors>
+    
+ <plugins>
+      <jaasCertificateAuthenticationPlugin configuration="broker1" />
+      <!--  lets configure a destination based authorization mechanism -->
+
+      <authorizationPlugin>
+        <map>
+          <authorizationMap>
+            <authorizationEntries>
+              <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
+
+              <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
+
+              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
+            </authorizationEntries>
+             
+          </authorizationMap>
+        </map>
+      </authorizationPlugin>
+    </plugins>
+  </broker>
+  
+</beans>
+<!-- END SNIPPET: example -->

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml Mon Nov  2 16:20:18 2009
@@ -0,0 +1,62 @@
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+   
+    http://www.apache.org/licenses/LICENSE-2.0
+   
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<!-- START SNIPPET: example -->
+<beans
+  xmlns="http://www.springframework.org/schema/beans"
+  xmlns:amq="http://activemq.apache.org/schema/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+  
+  <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker2" useJmx="false" persistent="false">
+
+    <sslContext>
+        <sslContext keyStore="org/apache/activemq/security/broker2.ks"
+                    keyStorePassword="password"
+                    trustStore="org/apache/activemq/security/broker2.ts"
+                    trustStorePassword="password"/>
+    </sslContext>
+
+
+    <!-- The transport connectors ActiveMQ will listen to -->
+    <transportConnectors>
+       <transportConnector name="ssl"     uri="ssl://0.0.0.0:61618?transport.closeAsync=false&amp;wantClientAuth=true&amp;needClientAuth=true"/>
+    </transportConnectors>
+
+ <plugins>
+      <jaasCertificateAuthenticationPlugin configuration="broker2" />
+
+      <authorizationPlugin>
+        <map>
+          <authorizationMap>
+            <authorizationEntries>
+              <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
+              
+              <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
+              
+              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
+            </authorizationEntries>
+            
+          </authorizationMap>
+        </map>
+      </authorizationPlugin>
+    </plugins>
+
+  </broker>
+  
+</beans>
+<!-- END SNIPPET: example -->

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.

Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties (original)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties Mon Nov  2 16:20:18 2009
@@ -15,7 +15,7 @@
 ## limitations under the License.
 ## ---------------------------------------------------------------------------
 
-admins=system,sslclient
-tempDestinationAdmins=system,user,sslclient
-users=system,user,sslclient
+admins=system,sslclient,client,broker1,broker2
+tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
+users=system,user,sslclient,client,broker1,broker2
 guests=guest

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties Mon Nov  2 16:20:18 2009
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+## 
+## http://www.apache.org/licenses/LICENSE-2.0
+## 
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
+broker2=CN=broker2, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
\ No newline at end of file

Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties Mon Nov  2 16:20:18 2009
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+## 
+## http://www.apache.org/licenses/LICENSE-2.0
+## 
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
+broker1=CN=broker1, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
\ No newline at end of file