activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Piotr Klimczak (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-5295) HTTPS Network Connector doesn't work with Mutual authentication- HTTPSClientTransport uses wrong SSLSocketFactory
Date Tue, 05 Aug 2014 16:18:13 GMT

    [ https://issues.apache.org/jira/browse/AMQ-5295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086454#comment-14086454
] 

Piotr Klimczak commented on AMQ-5295:
-------------------------------------

Pull request created:
https://github.com/apache/activemq/pull/40

Patch submitted on behalf of WM Promus by Piotr Klimczak

> HTTPS Network Connector doesn't work with Mutual authentication- HTTPSClientTransport
uses wrong SSLSocketFactory
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-5295
>                 URL: https://issues.apache.org/jira/browse/AMQ-5295
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Connector
>    Affects Versions: 5.9.0
>         Environment: JBoss Fuse 6.1
>            Reporter: Piotr Klimczak
>              Labels: SSL, TLS, mutualSSL
>   Original Estimate: 16h
>  Remaining Estimate: 16h
>
> HttpsClientTransport is getting wrong SSLSocketFactory.
> The problem is here:
> {code}
>     private SchemeRegistry createSchemeRegistry() {
>         SchemeRegistry schemeRegistry = new SchemeRegistry();
>         try {
>             // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
>             // javax.net.ssl.trustStore, etc, properties by default
>             SSLSocketFactory sslSocketFactory =
>                     new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
>                     SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>             schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
>             return schemeRegistry;
>         } catch (Exception e) {
>             throw new IllegalStateException("Failure trying to create scheme registry",
e);
>         }
>     }
> {code}
> The problem with that code is, that it never take SSLSocketFactory from spring context.
So the one defined in XML is ignored.
> So it's code have to be replaced with:
> {code}
>     private SchemeRegistry createSchemeRegistry() {
>         SchemeRegistry schemeRegistry = new SchemeRegistry();
>         try {
>             // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
>             // javax.net.ssl.trustStore, etc, properties by default
>             SSLSocketFactory sslSocketFactory = createSocketFactory();
>             schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
>             return schemeRegistry;
>         } catch (Exception e) {
>             throw new IllegalStateException("Failure trying to create scheme registry",
e);
>         }
>     }
> {code}
> And then new method should be added:
> {code}
>     /**
>      * Creates a new SSL SocketFactory. The given factory will use user-provided
>      * key and trust managers (if the user provided them).
>      *
>      * @return Newly created (Ssl)SocketFactory.
>      * @throws IOException
>      */
>     protected SocketFactory createSocketFactory() throws IOException {
>         if (SslContext.getCurrentSslContext() != null) {
>             SslContext ctx = SslContext.getCurrentSslContext();
>             try {
>                 return ctx.getSSLContext().getSocketFactory();
>             } catch (Exception e) {
>                 throw IOExceptionSupport.create(e);
>             }
>         } else {
>             return SSLSocketFactory.getDefault();
>         }
>     }
> {code}
> This is consistent solution with other transports.
> I will prepare patches and tests for this scenerio.
> Greetings
> Piotr Klimczak



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message