Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@activemq.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: hadrian@apache.org
To: commits@activemq.apache.org
Message-Id: <d039a6622b9c477ba4d6eaff4fb29ff6@git.apache.org>
Subject: activemq git commit: [AMQ-5789] Add support for keystore type (other
 than jks)
Date: Wed,  3 Jun 2015 02:18:08 +0000 (UTC)

Repository: activemq
Updated Branches:
  refs/heads/activemq-5.10.x e94fc230b -> e85441f39


[AMQ-5789] Add support for keystore type (other than jks)


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/e85441f3
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/e85441f3
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/e85441f3

Branch: refs/heads/activemq-5.10.x
Commit: e85441f39336bd726f7822fbe7b3bb50f7322c77
Parents: e94fc23
Author: Hadrian Zbarcea <hadrian@apache.org>
Authored: Tue Jun 2 22:01:35 2015 -0400
Committer: Hadrian Zbarcea <hadrian@apache.org>
Committed: Tue Jun 2 22:12:08 2015 -0400

----------------------------------------------------------------------
 .../activemq/ActiveMQSslConnectionFactory.java  |  23 ++++++++++++++--
 .../ActiveMQSslConnectionFactoryTest.java       |  26 +++++++++++++++++++
 .../test/resources/ssl/client-pkcs12.keystore   | Bin 0 -> 2586 bytes
 3 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/e85441f3/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
index fe9d52f..2097f91 100644
--- a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
+++ b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
@@ -62,8 +62,10 @@ public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
     protected KeyManager[] keyManager;
     protected TrustManager[] trustManager;
     protected SecureRandom secureRandom;
+    protected String trustStoreType = KeyStore.getDefaultType();
     protected String trustStore;
     protected String trustStorePassword;
+    protected String keyStoreType = KeyStore.getDefaultType();
     protected String keyStore;
     protected String keyStorePassword;
 
@@ -124,7 +126,7 @@ public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
 
     protected TrustManager[] createTrustManager() throws Exception {
         TrustManager[] trustStoreManagers = null;
-        KeyStore trustedCertStore = KeyStore.getInstance("jks");
+        KeyStore trustedCertStore = KeyStore.getInstance(getTrustStoreType());
 
         if (trustStore != null) {
             InputStream tsStream = getInputStream(trustStore);
@@ -140,7 +142,7 @@ public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
 
     protected KeyManager[] createKeyManager() throws Exception {
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-        KeyStore ks = KeyStore.getInstance("jks");
+        KeyStore ks = KeyStore.getInstance(getKeyStoreType());
         KeyManager[] keystoreManagers = null;
         if (keyStore != null) {
             byte[] sslCert = loadClientCredential(keyStore);
@@ -204,6 +206,14 @@ public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
         return ins;
     }
 
+    public String getTrustStoreType() {
+        return trustStoreType;
+    }
+
+    public void setTrustStoreType(String type) {
+        trustStoreType = type;
+    }
+
     public String getTrustStore() {
         return trustStore;
     }
@@ -235,6 +245,15 @@ public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
         this.trustStorePassword = trustStorePassword;
     }
 
+    public String getKeyStoreType() {
+        return keyStoreType;
+    }
+
+    public void setKeyStoreType(String type) {
+        keyStoreType = type;
+    }
+
+
     public String getKeyStore() {
         return keyStore;
     }

http://git-wip-us.apache.org/repos/asf/activemq/blob/e85441f3/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
index aa6b1c3..cde7cb5 100644
--- a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
+++ b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
@@ -26,6 +26,7 @@ import org.junit.Test;
 public class ActiveMQSslConnectionFactoryTest {
 
     final String TRUST_STORE_FILE_NAME = "client.keystore";
+    final String TRUST_STORE_PKCS12_FILE_NAME = "client-pkcs12.keystore";
     final String TRUST_STORE_DIRECTORY_NAME = "src/test/resources/ssl/";
     final String TRUST_STORE_RESOURCE_PREFIX = "ssl/";
     final String TRUST_STORE_PASSWORD = "password";
@@ -92,9 +93,34 @@ public class ActiveMQSslConnectionFactoryTest {
         executeTest(FAILOVER_SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_FILE_NAME + ".dummy");
     }
 
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreFileTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+    }
+
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreURLTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, new File(TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME).toURI().toString(), "pkcs12");
+    }
+
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreResourceTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+    }
+
+    @Test(expected = IOException.class)	// Invalid keystore format
+    public void invalidTrustStoreTypeTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "jks");
+    }
+
     protected void executeTest(String transport, String name) throws Throwable {
+    	executeTest(transport, name, null);    	
+    }
+
+    protected void executeTest(String transport, String name, String type) throws Throwable {
         try {
             ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory(transport);
+            activeMQSslConnectionFactory.setTrustStoreType(type != null ? type : activeMQSslConnectionFactory.getTrustStoreType());
             activeMQSslConnectionFactory.setTrustStore(name);
             activeMQSslConnectionFactory.setTrustStorePassword(TRUST_STORE_PASSWORD);
 

http://git-wip-us.apache.org/repos/asf/activemq/blob/e85441f3/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
----------------------------------------------------------------------
diff --git a/activemq-client/src/test/resources/ssl/client-pkcs12.keystore b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
new file mode 100644
index 0000000..bf99cb5
Binary files /dev/null and b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore differ