activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject git commit: https://issues.apache.org/jira/browse/AMQ-5295
Date Wed, 13 Aug 2014 16:44:31 GMT
Repository: activemq
Updated Branches:
  refs/heads/trunk 00921f22f -> 14678e1c4


https://issues.apache.org/jira/browse/AMQ-5295

HTTPS Network Connector doesn't work with Mutual authentication-
HTTPSClientTransport uses wrong SSLSocketFactory

Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/14678e1c
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/14678e1c
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/14678e1c

Branch: refs/heads/trunk
Commit: 14678e1c446e5563bcd51c590a0667fe5bedec01
Parents: 00921f2
Author: Timothy Bish <tabish121@gmail.com>
Authored: Wed Aug 13 12:44:25 2014 -0400
Committer: Timothy Bish <tabish121@gmail.com>
Committed: Wed Aug 13 12:44:25 2014 -0400

----------------------------------------------------------------------
 .../transport/https/HttpsClientTransport.java   | 76 ++++++++++++--------
 1 file changed, 46 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/14678e1c/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
----------------------------------------------------------------------
diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
b/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
index b943f87..2e432fc 100755
--- a/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
+++ b/activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
@@ -1,42 +1,40 @@
 /**
-*
-* Licensed to the Apache Software Foundation (ASF) under one or more
-* contributor license agreements.  See the NOTICE file distributed with
-* this work for additional information regarding copyright ownership.
-* The ASF licenses this file to You under the Apache License, Version 2.0
-* (the "License"); you may not use this file except in compliance with
-* the License.  You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.activemq.transport.https;
 
+import java.io.IOException;
+import java.net.URI;
+
+import org.apache.activemq.broker.SslContext;
 import org.apache.activemq.transport.http.HttpClientTransport;
 import org.apache.activemq.transport.util.TextWireFormat;
+import org.apache.activemq.util.IOExceptionSupport;
 import org.apache.http.conn.ClientConnectionManager;
 import org.apache.http.conn.scheme.Scheme;
 import org.apache.http.conn.scheme.SchemeRegistry;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.impl.conn.PoolingClientConnectionManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.net.URI;
-import java.security.KeyStore;
 
 public class HttpsClientTransport extends HttpClientTransport {
 
-  public HttpsClientTransport(TextWireFormat wireFormat, URI remoteUrl) {
-    super(wireFormat, remoteUrl);
-  }
+    public HttpsClientTransport(TextWireFormat wireFormat, URI remoteUrl) {
+        super(wireFormat, remoteUrl);
+    }
 
     @Override
     protected ClientConnectionManager createClientConnectionManager() {
@@ -48,10 +46,7 @@ public class HttpsClientTransport extends HttpClientTransport {
 
         SchemeRegistry schemeRegistry = new SchemeRegistry();
         try {
-            // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
-            // javax.net.ssl.trustStore, etc, properties by default
-            SSLSocketFactory sslSocketFactory =
-                    new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
+            SSLSocketFactory sslSocketFactory = new SSLSocketFactory(createSocketFactory(),
                     SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
             schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
             return schemeRegistry;
@@ -59,4 +54,25 @@ public class HttpsClientTransport extends HttpClientTransport {
             throw new IllegalStateException("Failure trying to create scheme registry", e);
         }
     }
+
+    /**
+     * Creates a new SSL SocketFactory. The given factory will use user-provided
+     * key and trust managers (if the user provided them).
+     *
+     * @return Newly created (Ssl)SocketFactory.
+     * @throws IOException
+     */
+    protected javax.net.ssl.SSLSocketFactory createSocketFactory() throws IOException {
+        if (SslContext.getCurrentSslContext() != null) {
+            SslContext ctx = SslContext.getCurrentSslContext();
+            try {
+                return ctx.getSSLContext().getSocketFactory();
+            } catch (Exception e) {
+                throw IOExceptionSupport.create(e);
+            }
+        } else {
+            return (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
+        }
+
+    }
 }


Mime
View raw message