activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sudip shrestha" <sud...@gmail.com>
Subject Re: jndi with ssl
Date Wed, 28 May 2008 19:54:46 GMT
I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx ()
that extends org.apache.activemq.ActiveMQSslConnectionFactory which provides
a constructor public ActiveMQSslConnectionFactoryx(String keyStore, String
keyStorePassword, String trustStore) so that you can provide the keyStore
(client.ks) /trustStore (client.ts) which you can create as instructed by
this page (http://activemq.apache.org/how-do-i-use-ssl.html).  It has
private methods getTrustManagers and getKeyManagers which plug into
org.apache.activemq.ActiveMQSslConnectionFactory's setKeyAndTrustManagers()
method as soon as ActiveMQSslConnectionFactoryx's constructor is called....
So, this class encapsulates all the needed ssl/kestore functionality and I
have got this working with my test environment.  This will save the user
from having to set the system properties
javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page (
http://activemq.apache.org/how-do-i-use-ssl.html).

Maybe a better thing would be to modify
org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide
the constructor, getManagers, setManagers methods as I suggested and use the
original class itself.

I would like to contribute the following code for this purpose:
==============================================================================
package org.apache.activemq;

import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import javax.jms.*;
import org.apache.commons.ssl.*;

/**
 * @author Sudip Shrestha
 *
 * Class that extends ActiveMQSslConnectionFactory so that it can use
client.ks/client.ts files without having to set
 * System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
 * javax.net.ssl.trustStore=/path/to/client.ts.
*/
public class ActiveMQSslConnectionFactoryx extends
ActiveMQSslConnectionFactory
{
    private String keyStore;
    private String keyStorePassword;
    private String trustStore;
    public ActiveMQSslConnectionFactoryx()
    {
        super();
        keyStore = keyStorePassword = trustStore = "";
    }

    public ActiveMQSslConnectionFactoryx(String keyStore, String
keyStorePassword, String trustStore)
        throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
                   java.io.IOException,
java.security.GeneralSecurityException
        {
                super();
        this.keyStore = keyStore;
        this.keyStorePassword = keyStorePassword;
        this.trustStore = trustStore;
        setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new
java.security.SecureRandom() );
        }


    private TrustManager[] getTrustManagers() throws
java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
                java.io.IOException, java.security.GeneralSecurityException
        {
        System.out.println( "Initiating TrustManagers" );

        KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(new FileInputStream( trustStore ), null );
        TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);

        System.out.println( "Initiated TrustManagers" );

        return tmf.getTrustManagers();
        }


    private KeyManager[] getKeyManagers()
                throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.security.GeneralSecurityException,
                                java.security.cert.CertificateException,
java.io.IOException, java.security.UnrecoverableKeyException
        {
        System.out.println( "Initiating KeyManagers" );

        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream( keyStore ),
keyStorePassword.toCharArray() );
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm() );
        kmf.init( ks, keyStorePassword.toCharArray());

        System.out.println( "Initiated KeyManagers" );

        return kmf.getKeyManagers();

        }
}

Thanks,
Sudip Shrestha
Omaha, NE
==============================================================================



I think it should be provided in the next release of


On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <hiram@hiramchirino.com>
wrote:

> I like that idea...
>
> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <sudipx@gmail.com> wrote:
> > I was wondering maybe extending the
> > org.apache.activemq.ActiveMQSslConnectionFactory class and providing
> hooks
> > to set KeyManagers and TrustManagers will do the trick....
> >
> > On Wed, May 14, 2008 at 7:00 AM, Gary Tully <gary.tully@gmail.com>
> wrote:
> >
> >> it should respond to the javax.net.ssl.* system properties[1] but
> >> these may have too far reaching an effect.
> >>
> >> [1]
> >>
> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization
> >>
> >> 2008/5/12 sudip shrestha <sudipx@gmail.com>:
> >> > Is it possible to do this with the current version of Activemq with
> >> tomcat?
> >> > Any suggestion is highly appreciated. Thanks.
> >> >
> >> > On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <sudipx@gmail.com>
> >> wrote:
> >> >
> >> >> Is it possible to setup jndi with ssl connection for Activemq in
> tomcat.
> >> >> If so where do I define the client.ks/client.ts files?
> >> >>
> >> >> My jndi config in context.xml file:
> >> >> <Context antiJARLocking="true">
> >> >>   <Resource
> >> >>         name="jms/ConnectionFactory"
> >> >>         auth="Container"
> >> >>         type="org.apache.activemq.ActiveMQConnectionFactory"
> >> >>         description="JMS Connection Factory"
> >> >>         factory="org.apache.activemq.jndi.JNDIReferenceFactory"
> >> >>         brokerURL="ssl://localhost:61617"
> >> >>         brokerName="LocalActiveMQBroker"
> >> >>         useEmbeddedBroker="false"/>
> >> >>
> >> >> </Context>
> >> >>
> >> >>
> >> >
> >>
> >
>
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>
> Open Source SOA
> http://open.iona.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message