activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dej...@apache.org
Subject activemq git commit: https://issues.apache.org/jira/browse/AMQ-6021 - mqtt+nio+ssl certificate authentication
Date Fri, 23 Oct 2015 13:26:48 GMT
Repository: activemq
Updated Branches:
  refs/heads/master ef6b1e107 -> f09b9203a


https://issues.apache.org/jira/browse/AMQ-6021 - mqtt+nio+ssl certificate authentication


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/f09b9203
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/f09b9203
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/f09b9203

Branch: refs/heads/master
Commit: f09b9203a045cc1db6ba0b47a270b9f5288bbb7c
Parents: ef6b1e1
Author: Dejan Bosanac <dejan@nighttale.net>
Authored: Fri Oct 23 15:25:13 2015 +0200
Committer: Dejan Bosanac <dejan@nighttale.net>
Committed: Fri Oct 23 15:25:33 2015 +0200

----------------------------------------------------------------------
 .../mqtt/MQTTNIOSSLTransportFactory.java        |  8 ++-
 .../transport/mqtt/MQTTTransportFilter.java     | 16 +++---
 .../org/apache/activemq/bugs/AMQ4133Test.java   | 56 +++++++++++++++-----
 ...InconsistentConnectorPropertiesBehaviour.xml |  2 +
 4 files changed, 62 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java
----------------------------------------------------------------------
diff --git a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java
b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java
index b3a74bc..87fc48e 100644
--- a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java
+++ b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java
@@ -31,9 +31,11 @@ import javax.net.ssl.SSLEngine;
 import org.apache.activemq.broker.SslContext;
 import org.apache.activemq.transport.Transport;
 import org.apache.activemq.transport.TransportServer;
+import org.apache.activemq.transport.nio.NIOSSLTransportServer;
 import org.apache.activemq.transport.tcp.TcpTransport;
 import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer;
 import org.apache.activemq.transport.tcp.TcpTransportServer;
+import org.apache.activemq.util.IntrospectionSupport;
 import org.apache.activemq.wireformat.WireFormat;
 
 public class MQTTNIOSSLTransportFactory extends MQTTNIOTransportFactory {
@@ -42,13 +44,17 @@ public class MQTTNIOSSLTransportFactory extends MQTTNIOTransportFactory
{
 
     @Override
     protected TcpTransportServer createTcpTransportServer(URI location, ServerSocketFactory
serverSocketFactory) throws IOException, URISyntaxException {
-        TcpTransportServer result = new TcpTransportServer(this, location, serverSocketFactory)
{
+        NIOSSLTransportServer result = new NIOSSLTransportServer(context, this, location,
serverSocketFactory) {
             @Override
             protected Transport createTransport(Socket socket, WireFormat format) throws
IOException {
                 MQTTNIOSSLTransport transport = new MQTTNIOSSLTransport(format, socket);
                 if (context != null) {
                     transport.setSslContext(context);
                 }
+
+                transport.setNeedClientAuth(isNeedClientAuth());
+                transport.setWantClientAuth(isWantClientAuth());
+
                 return transport;
             }
         };

http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java
----------------------------------------------------------------------
diff --git a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java
b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java
index 824654f..b15ff8b 100644
--- a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java
+++ b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java
@@ -27,6 +27,7 @@ import org.apache.activemq.command.Command;
 import org.apache.activemq.transport.Transport;
 import org.apache.activemq.transport.TransportFilter;
 import org.apache.activemq.transport.TransportListener;
+import org.apache.activemq.transport.nio.NIOSSLTransport;
 import org.apache.activemq.transport.tcp.SslTransport;
 import org.apache.activemq.util.IOExceptionSupport;
 import org.apache.activemq.wireformat.WireFormat;
@@ -165,14 +166,17 @@ public class MQTTTransportFilter extends TransportFilter implements
MQTTTranspor
 
     @Override
     public X509Certificate[] getPeerCertificates() {
+        X509Certificate[] peerCerts = null;
         if (next instanceof SslTransport) {
-            X509Certificate[] peerCerts = ((SslTransport) next).getPeerCertificates();
-            if (trace && peerCerts != null) {
-                LOG.debug("Peer Identity has been verified\n");
-            }
-            return peerCerts;
+            peerCerts = ((SslTransport) next).getPeerCertificates();
+        }
+        if (next instanceof  NIOSSLTransport) {
+            peerCerts = ((NIOSSLTransport)next).getPeerCertificates();
+        }
+        if (trace && peerCerts != null) {
+            LOG.debug("Peer Identity has been verified\n");
         }
-        return null;
+        return peerCerts;
     }
 
     public boolean isTrace() {

http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java
index 9ca08bb..6474088 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java
@@ -16,22 +16,23 @@
  */
 package org.apache.activemq.bugs;
 
-import java.net.Socket;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLSocketFactory;
-
 import junit.framework.TestCase;
-
 import org.apache.activemq.broker.BrokerFactory;
 import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.spring.SpringSslContext;
 import org.apache.activemq.transport.stomp.Stomp;
 import org.apache.activemq.transport.stomp.StompConnection;
 import org.apache.activemq.transport.stomp.StompFrame;
+import org.fusesource.mqtt.client.MQTT;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import java.net.Socket;
+
 public class AMQ4133Test {
 
     protected String java_security_auth_login_config = "java.security.auth.login.config";
@@ -53,6 +54,13 @@ public class AMQ4133Test {
 
         broker.start();
         broker.waitUntilStarted();
+
+        System.setProperty("javax.net.ssl.trustStore", certBase + "/" + "broker1.ks");
+        System.setProperty("javax.net.ssl.trustStorePassword", "password");
+        System.setProperty("javax.net.ssl.trustStoreType", "jks");
+        System.setProperty("javax.net.ssl.keyStore", certBase + "/" + "client.ks");
+        System.setProperty("javax.net.ssl.keyStorePassword", "password");
+        System.setProperty("javax.net.ssl.keyStoreType", "jks");
     }
 
     @After
@@ -83,14 +91,17 @@ public class AMQ4133Test {
         stompConnectTo("localhost", broker.getConnectorByName("stomp+nio+ssl+special").getConnectUri().getPort());
     }
 
-    public Socket createSocket(String host, int port) throws Exception {
-        System.setProperty("javax.net.ssl.trustStore", certBase + "/" + "broker1.ks");
-        System.setProperty("javax.net.ssl.trustStorePassword", "password");
-        System.setProperty("javax.net.ssl.trustStoreType", "jks");
-        System.setProperty("javax.net.ssl.keyStore", certBase + "/" + "client.ks");
-        System.setProperty("javax.net.ssl.keyStorePassword", "password");
-        System.setProperty("javax.net.ssl.keyStoreType", "jks");
+    @Test
+    public void mqttSSLNeedClientAuthTrue() throws Exception {
+        mqttConnectTo("localhost", broker.getConnectorByName("mqtt+ssl").getConnectUri().getPort());
+    }
+
+    @Test
+    public void mqttNIOSSLNeedClientAuthTrue() throws Exception {
+        mqttConnectTo("localhost", broker.getConnectorByName("mqtt+nio+ssl").getConnectUri().getPort());
+    }
 
+    public Socket createSocket(String host, int port) throws Exception {
         SocketFactory factory = SSLSocketFactory.getDefault();
         return factory.createSocket(host, port);
     }
@@ -104,4 +115,23 @@ public class AMQ4133Test {
         stompConnection.close();
     }
 
+    public void mqttConnectTo(String host, int port) throws Exception {
+        MQTT mqtt = new MQTT();
+        mqtt.setConnectAttemptsMax(1);
+        mqtt.setReconnectAttemptsMax(0);
+        mqtt.setHost("tls://" + host + ":" + port);
+        mqtt.setClientId("test");
+        mqtt.setCleanSession(true);
+
+        SpringSslContext context = new SpringSslContext();
+        context.setKeyStore(certBase + "/" + "client.ks");
+        context.setKeyStorePassword("password");
+        context.setTrustStore(certBase + "/" + "broker1.ks");
+        context.setTrustStorePassword("password");
+        context.afterPropertiesSet();
+
+        mqtt.setSslContext(SSLContext.getDefault());
+        mqtt.blockingConnection().connect();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
index 325e354..c672f6d 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
@@ -40,6 +40,8 @@
       <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true"
/>
       <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true"
/>
       <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true"
/>
+      <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true"
/>
+      <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true"
/>
     </transportConnectors>
 
   </broker>


Mime
View raw message