activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akhettar <ayache.khet...@gmail.com>
Subject JAAS Certificate Authentication Plug-In ssl connection issue
Date Mon, 09 Nov 2015 15:04:32 GMT
Hi

I have set up Jaas connection details following the example described here:
https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/ActiveMQ_Security_Guide/files/Auth-JAAS-CertAuthentPlugin.html

and I get the error below. Have I missed anything - see the set up below.

Your help is very much appreciated.

Regards,

Ayache

2015-11-09 14:43:28,782 | DEBUG | Reason:
javax.net.ssl.SSLHandshakeException: no cipher suites in common |
org.apache.activemq.broker.TransportConnector | ActiveMQ
BrokerService[localhost] Task-7
javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_25]
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)[:1.8.0_25]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)[:1.8.0_25]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:291)[:1.8.0_25]
	at
sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1007)[:1.8.0_25]
	at
sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:724)[:1.8.0_25]
	at
sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213)[:1.8.0_25]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936)[:1.8.0_25]
	at
sun.security.ssl.Handshaker.process_record(Handshaker.java:871)[:1.8.0_25]
	at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)[:1.8.0_25]
	at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)[:1.8.0_25]
	at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:909)[:1.8.0_25]
	at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)[:1.8.0_25]
	at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:609)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:58)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:594)[activemq-client-5.12.0.jar:5.12.0]
	at java.io.DataInputStream.readInt(DataInputStream.java:387)[:1.8.0_25]
	at
org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:267)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:221)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:213)[activemq-client-5.12.0.jar:5.12.0]
	at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[activemq-client-5.12.0.jar:5.12.0]
	at java.lang.Thread.run(Thread.java:745)[:1.8.0_25]


Here is details of my set up

*amq/conf/login.conf
*

CertLogin {
    org.apache.activemq.jaas.TextFileCertificateLoginModule required
        debug=true
        org.apache.activemq.jaas.textfiledn.user="users.properties"
        org.apache.activemq.jaas.textfiledn.group="groups.properties";
};

*snippet from activemq.xml*

  <transportConnectors>
            
            <transportConnector name="openwire"
uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
          *  <transportConnector name="openwire-ssl"
uri="ssl://0.0.0.0:61618?transport.needClientAuth=true"/>*
            <transportConnector name="amqp"
uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
            <transportConnector name="stomp"
uri="stomp://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
            <transportConnector name="mqtt"
uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
            <transportConnector name="ws"
uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
  </transportConnectors>

*users.properties*
system=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
guest=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
user=CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK

*groups.properties*
admins=system,admin
users=system,mhs
guests=guest

*client certificate print*

keytool -printcert -file client_cert
Owner: CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
Issuer: CN=pharmacy_one, OU=crx, O=crx, L=London, ST=London, C=UK
Serial number: 72b92d98
Valid from: Mon Nov 09 14:02:24 GMT 2015 until: Sun Feb 07 14:02:24 GMT 2016
Certificate fingerprints:
	 MD5:  BC:3C:54:2A:B0:1A:B3:34:4F:38:B3:18:7A:B2:25:FC
	 SHA1: 56:8B:AF:02:A8:1D:3B:B8:D4:03:B5:F6:63:D3:EC:FA:44:9E:0E:E2
	 SHA256:
38:19:28:8B:90:37:5A:25:D3:B7:9D:71:DF:93:F5:39:5B:D2:AF:40:64:ED:94:06:10:D4:10:9D:60:84:C5:D7
	 Signature algorithm name: SHA256withRSA
	 Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F1 F5 18 A5 D3 3B CE 53   D7 31 67 76 53 10 6D DC  .....;.S.1gvS.m.
0010: DF 5E F3 0F                                        .^..
]
]

*server certificate print*
keytool -printcert -file broker_cert.cer
Owner: CN=ayache khettar, OU=inps, O=mhs, L=london, ST=london, C=UK
Issuer: CN=ayache khettar, OU=inps, O=mhs, L=london, ST=london, C=UK
Serial number: 22edab7a
Valid from: Mon Nov 09 14:00:13 GMT 2015 until: Sun Feb 07 14:00:13 GMT 2016
Certificate fingerprints:
	 MD5:  F4:0F:E9:AF:9F:20:53:C8:95:4B:52:35:03:24:BA:69
	 SHA1: 0C:8E:7D:EA:35:0A:81:48:14:39:C9:F2:BE:0C:FD:4B:94:DD:0D:B4
	 SHA256:
69:C9:DF:D3:69:B0:71:F0:55:B1:62:93:D4:1D:85:49:82:F9:E6:0D:D4:B9:34:81:E3:90:0F:BC:63:4C:56:CC
	 Signature algorithm name: SHA256withRSA
	 Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 3C 03 47 3D 7F CB 56   CC 2B 76 D7 3A 74 39 50  .<.G=..V.+v.:t9P
0010: 0C DC 3A 8F                                        ..:.
]
]

*Java Client connection Test*

import org.apache.activemq.ActiveMQSslConnectionFactory;
import org.apache.activemq.command.ActiveMQTextMessage;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.*;

import javax.jms.*;

/**
 * ThumbprintCertificateLoginModuleTest.java 09/11/2015 14:23 akhettar $$
 * Copyright 2015 INPS.co.uk, L.P. All rights reserved. $$
 */
public class ThumbprintCertificateLoginModuleTest {


    private Session session;

    @Before
    public void setUP() throws Exception{
        String url = "ssl://localhost:61618"; // The broker URL

        ActiveMQSslConnectionFactory connectionFactory = new
ActiveMQSslConnectionFactory(url);
       
//connectionFactory.setKeyStore("/Users/akhettar/workspaces/inps/messagebus/plugins/jaas/src/test/resources/CAClient.jks");
       
connectionFactory.setKeyStore("/Users/akhettar/activemq/conf/client.ks");
       
connectionFactory.setTrustStore("/Users/akhettar/activemq/conf/client.ts");

        connectionFactory.setKeyStorePassword("password");
        connectionFactory.setKeyStoreType("jks");
        connectionFactory.setTrustStorePassword("password");
        connectionFactory.setUserName("system");
        connectionFactory.setPassword("system");
        Connection connection = connectionFactory.createConnection();
        connection.start();
        session = connection.createSession(true, Session.AUTO_ACKNOWLEDGE);

    }


    @Test
    public void testTryPostMessageToQueue() throws Exception {
        Destination destination = session.createQueue("test.queue");
        MessageProducer producer = session.createProducer(destination);
        MessageConsumer consumer = session.createConsumer(destination);
        ActiveMQTextMessage message = new ActiveMQTextMessage();
        message.setText("Hello world");

        // fire message
        producer.send(message);

        // consume
        ActiveMQTextMessage result = (ActiveMQTextMessage)
consumer.receive();
        assertEquals("Hello world", result.toString());

    }


}








--
View this message in context: http://activemq.2283324.n4.nabble.com/JAAS-Certificate-Authentication-Plug-In-ssl-connection-issue-tp4703777.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.

Mime
View raw message