From commits-return-51544-archive-asf-public=cust-asf.ponee.io@activemq.apache.org Wed May 23 21:47:35 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 70D6F180645 for ; Wed, 23 May 2018 21:47:34 +0200 (CEST) Received: (qmail 10079 invoked by uid 500); 23 May 2018 19:47:33 -0000 Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list commits@activemq.apache.org Received: (qmail 10070 invoked by uid 99); 23 May 2018 19:47:33 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 May 2018 19:47:33 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 52BC8E1116; Wed, 23 May 2018 19:47:33 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: clebertsuconic@apache.org To: commits@activemq.apache.org Date: Wed, 23 May 2018 19:47:33 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] activemq-artemis git commit: ARTEMIS-1853 Adding Netty OpenSSL provider example Repository: activemq-artemis Updated Branches: refs/heads/master d6d685134 -> e28a8a563 ARTEMIS-1853 Adding Netty OpenSSL provider example Added an example to demonstrate how to configure and use openssl Moved/Added netty-tcnative dependency to artemis-distribution Changed artemis-jms-client-all pom to exclude io.netty from relocation so that the native openssl can be loaded Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/7c53855c Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/7c53855c Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/7c53855c Branch: refs/heads/master Commit: 7c53855c11e15a856e4df7cb4cb494eb636ca203 Parents: d6d6851 Author: Howard Gao Authored: Wed May 23 22:34:01 2018 +0800 Committer: Clebert Suconic Committed: Wed May 23 15:47:10 2018 -0400 ---------------------------------------------------------------------- artemis-core-client/pom.xml | 5 + artemis-distribution/src/main/assembly/dep.xml | 1 + artemis-jms-client-all/pom.xml | 4 - .../features/standard/netty-openssl/pom.xml | 124 +++++++++++++++++++ .../features/standard/netty-openssl/readme.md | 17 +++ .../artemis/jms/example/OpenSSLExample.java | 85 +++++++++++++ .../activemq/server0/activemq.example.keystore | Bin 0 -> 707 bytes .../server0/activemq.example.truststore | Bin 0 -> 572 bytes .../main/resources/activemq/server0/broker.xml | 60 +++++++++ .../src/main/resources/jndi.properties | 20 +++ pom.xml | 7 ++ tests/integration-tests/pom.xml | 6 - 12 files changed, 319 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-core-client/pom.xml ---------------------------------------------------------------------- diff --git a/artemis-core-client/pom.xml b/artemis-core-client/pom.xml index 47b72e2..092b8c3 100644 --- a/artemis-core-client/pom.xml +++ b/artemis-core-client/pom.xml @@ -118,6 +118,11 @@ io.netty netty-common + + io.netty + netty-tcnative-boringssl-static + + http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-distribution/src/main/assembly/dep.xml ---------------------------------------------------------------------- diff --git a/artemis-distribution/src/main/assembly/dep.xml b/artemis-distribution/src/main/assembly/dep.xml index 0987425..2f6999a 100644 --- a/artemis-distribution/src/main/assembly/dep.xml +++ b/artemis-distribution/src/main/assembly/dep.xml @@ -81,6 +81,7 @@ org.jboss.logging:jboss-logging org.jboss.slf4j:slf4j-jboss-logmanager io.netty:netty-all + io.netty:netty-tcnative-boringssl-static org.apache.qpid:proton-j org.apache.activemq:activemq-client org.slf4j:slf4j-api http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-jms-client-all/pom.xml ---------------------------------------------------------------------- diff --git a/artemis-jms-client-all/pom.xml b/artemis-jms-client-all/pom.xml index 653ed31..0c6fa45 100644 --- a/artemis-jms-client-all/pom.xml +++ b/artemis-jms-client-all/pom.xml @@ -117,10 +117,6 @@ org.apache.activemq.artemis.shaded.org.apache.commons - io.netty - org.apache.activemq.artemis.shaded.io.netty - - org.jboss org.apache.activemq.artemis.shaded.org.jboss http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/pom.xml ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/pom.xml b/examples/features/standard/netty-openssl/pom.xml new file mode 100644 index 0000000..5f61a20 --- /dev/null +++ b/examples/features/standard/netty-openssl/pom.xml @@ -0,0 +1,124 @@ + + + + + 4.0.0 + + + org.apache.activemq.examples.broker + jms-examples + 2.7.0-SNAPSHOT + + + netty-openssl + jar + ActiveMQ Artemis JMS Netty OpenSSL Example + + + ${project.basedir}/../../../.. + + + + + org.apache.activemq + artemis-jms-client-all + ${project.version} + + + + + + + org.apache.activemq + artemis-maven-plugin + + + create + + create + + + ${noServer} + + + + start + + cli + + + ${noServer} + true + tcp://localhost:61616 + + run + + + + + runClient + + runClient + + + org.apache.activemq.artemis.jms.example.OpenSSLExample + + + + stop + + cli + + + ${noServer} + + stop + + + + + + + org.apache.activemq.examples.broker + netty-openssl + ${project.version} + + + + + org.apache.maven.plugins + maven-clean-plugin + + + + + + release + + + + com.vladsch.flexmark + markdown-page-generator-plugin + + + + + + http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/readme.md ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/readme.md b/examples/features/standard/netty-openssl/readme.md new file mode 100644 index 0000000..2ccb693 --- /dev/null +++ b/examples/features/standard/netty-openssl/readme.md @@ -0,0 +1,17 @@ +# JMS OpenSSL Example + +To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually. + +This example shows you how to configure Netty OpenSSL with ActiveMQ Artemis to send and receive message. + +Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort. +Beside using JDK's implementation, Artemis also supports using native OpenSSL provided by Netty. +To secure your messaging application with Netty's OpenSSL, you need to configure connector and acceptor as follows: + + tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample + +In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands: + +* `keytool -genkey -keystore activemq.example.keystore -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA +* `keytool -export -keystore activemq.example.keystore -file activemq-jks.cer -storepass secureexample +* `keytool -import -keystore activemq.example.truststore -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java new file mode 100644 index 0000000..0aaa1ba --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.jms.example; + +import javax.jms.Connection; +import javax.jms.ConnectionFactory; +import javax.jms.MessageConsumer; +import javax.jms.MessageProducer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.TextMessage; +import javax.naming.InitialContext; + +/** + * A simple JMS Queue example that uses netty's OpenSSL secure transport. + */ +public class OpenSSLExample { + + public static void main(final String[] args) throws Exception { + Connection connection = null; + InitialContext initialContext = null; + try { + // Step 1. Create an initial context to perform the JNDI lookup. + initialContext = new InitialContext(); + + // Step 2. Perfom a lookup on the queue + Queue queue = (Queue) initialContext.lookup("queue/exampleQueue"); + + // Step 3. Perform a lookup on the Connection Factory + ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory"); + + // Step 4.Create a JMS Connection + connection = cf.createConnection(); + + // Step 5. Create a JMS Session + Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + + // Step 6. Create a JMS Message Producer + MessageProducer producer = session.createProducer(queue); + + // Step 7. Create a Text Message + TextMessage message = session.createTextMessage("This is a text message"); + + System.out.println("Sent message: " + message.getText()); + + // Step 8. Send the Message + producer.send(message); + + // Step 9. Create a JMS Message Consumer + MessageConsumer messageConsumer = session.createConsumer(queue); + + // Step 10. Start the Connection + connection.start(); + + // Step 11. Receive the message + TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000); + + System.out.println("Received message: " + messageReceived.getText()); + + initialContext.close(); + } finally { + // Step 12. Be sure to close our JMS resources! + if (initialContext != null) { + initialContext.close(); + } + if (connection != null) { + connection.close(); + } + } + } +} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore new file mode 100644 index 0000000..0a26208 Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore new file mode 100644 index 0000000..3ef44dc Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml new file mode 100644 index 0000000..87d0147 --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml @@ -0,0 +1,60 @@ + + + + + + ./data/messaging/bindings + + ./data/messaging/journal + + ./data/messaging/largemessages + + ./data/messaging/paging + + + + + tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample + tcp://localhost:61616 + + + + + + + + + + + + + + + + + +
+ + + +
+ + + http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/jndi.properties ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/jndi.properties b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties new file mode 100644 index 0000000..2358666 --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory +connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&sslProvider=OPENSSL&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=secureexample +queue.queue/exampleQueue=exampleQueue http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 7249c2d..8c50610 100644 --- a/pom.xml +++ b/pom.xml @@ -92,6 +92,7 @@ 2.4 2.8.47 4.1.24.Final + 2.0.7.Final 0.27.1 3.0.19.Final 1.7.21 @@ -541,6 +542,12 @@ + io.netty + netty-tcnative-boringssl-static + ${netty.tcnative.version} + + + org.apache.qpid proton-j ${proton.version} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/tests/integration-tests/pom.xml ---------------------------------------------------------------------- diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml index ad27864..d1c2b33 100644 --- a/tests/integration-tests/pom.xml +++ b/tests/integration-tests/pom.xml @@ -397,12 +397,6 @@ jgroups - - - io.netty - netty-tcnative-boringssl-static - 2.0.7.Final -