activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gtu...@apache.org
Subject svn commit: r1361984 - in /activemq/trunk/activemq-core/src: main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
Date Mon, 16 Jul 2012 12:11:13 GMT
Author: gtully
Date: Mon Jul 16 12:11:13 2012
New Revision: 1361984

URL: http://svn.apache.org/viewvc?rev=1361984&view=rev
Log:
https://issues.apache.org/jira/browse/AMQ-3785 - ActiveMQSslConnectionFactory does not detect
ssl request in failover URIs when creating transports. factory was bypassing the protocol
selection, fixed by making use of the sslcontext thread local, which is used when set by the
ssltransport factory

Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
    activemq/trunk/activemq-core/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java?rev=1361984&r1=1361983&r2=1361984&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
Mon Jul 16 12:11:13 2012
@@ -19,7 +19,6 @@ package org.apache.activemq;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
@@ -34,10 +33,8 @@ import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
-import org.apache.activemq.broker.BrokerService;
 import org.apache.activemq.broker.SslContext;
 import org.apache.activemq.transport.Transport;
-import org.apache.activemq.transport.tcp.SslTransportFactory;
 import org.apache.activemq.util.JMSExceptionSupport;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -104,38 +101,37 @@ public class ActiveMQSslConnectionFactor
      * @author sepandm@gmail.com
      */
     protected Transport createTransport() throws JMSException {
-        // If the given URI is non-ssl, let superclass handle it.
-        if (!brokerURL.getScheme().equals("ssl")) {
-            return super.createTransport();
-        }
-
+        SslContext existing = SslContext.getCurrentSslContext();
         try {
-            if (keyManager == null || trustManager == null) {
-                trustManager = createTrustManager();
+            if (keyStore != null || trustStore != null) {
                 keyManager = createKeyManager();
-                // secureRandom can be left as null
+                trustManager = createTrustManager();
+                if (keyManager != null || trustManager != null) {
+                    SslContext.setCurrentSslContext(new SslContext(keyManager, trustManager,
secureRandom));
+                }
             }
-            SslTransportFactory sslFactory = new SslTransportFactory();
-            SslContext ctx = new SslContext(keyManager, trustManager, secureRandom);
-            SslContext.setCurrentSslContext(ctx);
-            return sslFactory.doConnect(brokerURL);
+            return super.createTransport();
         } catch (Exception e) {
             throw JMSExceptionSupport.create("Could not create Transport. Reason: " + e,
e);
+        } finally {
+            SslContext.setCurrentSslContext(existing);
         }
     }
 
     protected TrustManager[] createTrustManager() throws Exception {
         TrustManager[] trustStoreManagers = null;
         KeyStore trustedCertStore = KeyStore.getInstance("jks");
-        
-        InputStream tsStream = getUrlOrResourceAsStream(trustStore);
-        
-        trustedCertStore.load(tsStream, trustStorePassword.toCharArray());
-        TrustManagerFactory tmf  = 
-            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-  
-        tmf.init(trustedCertStore);
-        trustStoreManagers = tmf.getTrustManagers();
+
+        if (trustStore != null) {
+            InputStream tsStream = getUrlOrResourceAsStream(trustStore);
+
+            trustedCertStore.load(tsStream, trustStorePassword.toCharArray());
+            TrustManagerFactory tmf  =
+                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+
+            tmf.init(trustedCertStore);
+            trustStoreManagers = tmf.getTrustManagers();
+        }
         return trustStoreManagers; 
     }
 
@@ -144,15 +140,15 @@ public class ActiveMQSslConnectionFactor
             KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  
         KeyStore ks = KeyStore.getInstance("jks");
         KeyManager[] keystoreManagers = null;
-        
-        byte[] sslCert = loadClientCredential(keyStore);
-        
-       
-        if (sslCert != null && sslCert.length > 0) {
-            ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
-            ks.load(bin, keyStorePassword.toCharArray());
-            kmf.init(ks, keyStorePassword.toCharArray());
-            keystoreManagers = kmf.getKeyManagers();
+        if (keyStore != null) {
+            byte[] sslCert = loadClientCredential(keyStore);
+
+            if (sslCert != null && sslCert.length > 0) {
+                ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
+                ks.load(bin, keyStorePassword.toCharArray());
+                kmf.init(ks, keyStorePassword.toCharArray());
+                keystoreManagers = kmf.getKeyManagers();
+            }
         }
         return keystoreManagers;          
     }
@@ -162,7 +158,6 @@ public class ActiveMQSslConnectionFactor
             return null;
         }
         InputStream in = getUrlOrResourceAsStream(fileName);
-        //FileInputStream in = new FileInputStream(fileName);
         ByteArrayOutputStream out = new ByteArrayOutputStream();
         byte[] buf = new byte[512];
         int i = in.read(buf);
@@ -206,7 +201,7 @@ public class ActiveMQSslConnectionFactor
      * 
      * @param trustStore If specified with a scheme, treat as a URL, otherwise treat as a
classpath resource.
      */
-    public void setTrustStore(String trustStore) {
+    public void setTrustStore(String trustStore) throws Exception {
         this.trustStore = trustStore;
         trustManager = null;
     }
@@ -234,7 +229,7 @@ public class ActiveMQSslConnectionFactor
      * 
      * @param keyStore If specified with a scheme, treat as a URL, otherwise treat as a classpath
resource.
      */
-    public void setKeyStore(String keyStore) {
+    public void setKeyStore(String keyStore) throws Exception {
         this.keyStore = keyStore;
         keyManager = null;
     }

Modified: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java?rev=1361984&r1=1361983&r2=1361984&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
(original)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
Mon Jul 16 12:11:13 2012
@@ -74,8 +74,22 @@ public class ActiveMQSslConnectionFactor
         ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory("tcp://localhost:61610?wireFormat.tcpNoDelayEnabled=true");
         connection = (ActiveMQConnection)cf.createConnection();
         assertNotNull(connection);
+        connection.start();
+        connection.stop();
+    	brokerStop();
+    }
+
+    public void testCreateFailoverTcpConnectionUsingKnownPort() throws Exception {
+        // Control case: check that the factory can create an ordinary (non-ssl) connection.
+        broker = createBroker("tcp://localhost:61610?wireFormat.tcpNoDelayEnabled=true");
 
-	brokerStop();
+        // This should create the connection.
+        ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory("failover:(tcp://localhost:61610?wireFormat.tcpNoDelayEnabled=true)");
+        connection = (ActiveMQConnection)cf.createConnection();
+        assertNotNull(connection);
+        connection.start();
+        connection.stop();
+    	brokerStop();
     }
 
     public void testCreateSslConnection() throws Exception {
@@ -91,6 +105,26 @@ public class ActiveMQSslConnectionFactor
         connection = (ActiveMQConnection)cf.createConnection();
         LOG.info("Created client connection");
         assertNotNull(connection);
+        connection.start();
+        connection.stop();
+        brokerStop();
+    }
+
+    public void testFailoverSslConnection() throws Exception {
+        // Create SSL/TLS connection with trusted cert from truststore.
+    	String sslUri = "ssl://localhost:61611";
+        broker = createSslBroker(sslUri);
+        assertNotNull(broker);
+
+        // This should create the connection.
+        ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory("failover:(" +
sslUri + ")?maxReconnectAttempts=4");
+        cf.setTrustStore("server.keystore");
+        cf.setTrustStorePassword("password");
+        connection = (ActiveMQConnection)cf.createConnection();
+        LOG.info("Created client connection");
+        assertNotNull(connection);
+        connection.start();
+        connection.stop();
 
         brokerStop();
     }
@@ -143,6 +177,7 @@ public class ActiveMQSslConnectionFactor
         // Start up a broker with a tcp connector.
         BrokerService service = new BrokerService();
         service.setPersistent(false);
+        service.setUseJmx(false);
         connector = service.addConnector(uri);
         service.start();
 



Mime
View raw message