activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sudip shrestha" <sud...@gmail.com>
Subject Re: jndi with ssl
Date Wed, 28 May 2008 20:25:52 GMT
have created JIRA for this:
https://issues.apache.org/activemq/browse/AMQ-1754.
Thanks,
Sudip

On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <sudipx@gmail.com> wrote:

> I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx ()
> that extends org.apache.activemq.ActiveMQSslConnectionFactory which provides
> a constructor public ActiveMQSslConnectionFactoryx(String keyStore, String
> keyStorePassword, String trustStore) so that you can provide the keyStore
> (client.ks) /trustStore (client.ts) which you can create as instructed by
> this page (http://activemq.apache.org/how-do-i-use-ssl.html).  It has
> private methods getTrustManagers and getKeyManagers which plug into
> org.apache.activemq.ActiveMQSslConnectionFactory's setKeyAndTrustManagers()
> method as soon as ActiveMQSslConnectionFactoryx's constructor is called....
> So, this class encapsulates all the needed ssl/kestore functionality and I
> have got this working with my test environment.  This will save the user
> from having to set the system properties
> javax.net.ssl.keyStore=/path/to/client.ks,
> javax.net.ssl.keyStorePassword=password,
> javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page (
> http://activemq.apache.org/how-do-i-use-ssl.html).
>
> Maybe a better thing would be to modify
> org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide
> the constructor, getManagers, setManagers methods as I suggested and use the
> original class itself.
>
> I would like to contribute the following code for this purpose:
>
> ==============================================================================
> package org.apache.activemq;
>
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
> import javax.jms.*;
> import org.apache.commons.ssl.*;
>
> /**
>  * @author Sudip Shrestha
>  *
>  * Class that extends ActiveMQSslConnectionFactory so that it can use
> client.ks/client.ts files without having to set
>  * System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
> javax.net.ssl.keyStorePassword=password,
>  * javax.net.ssl.trustStore=/path/to/client.ts.
> */
> public class ActiveMQSslConnectionFactoryx extends
> ActiveMQSslConnectionFactory
> {
>     private String keyStore;
>     private String keyStorePassword;
>     private String trustStore;
>     public ActiveMQSslConnectionFactoryx()
>     {
>         super();
>         keyStore = keyStorePassword = trustStore = "";
>     }
>
>     public ActiveMQSslConnectionFactoryx(String keyStore, String
> keyStorePassword, String trustStore)
>         throws java.security.NoSuchAlgorithmException,
> java.security.KeyStoreException,
>                    java.io.IOException,
> java.security.GeneralSecurityException
>         {
>                 super();
>         this.keyStore = keyStore;
>         this.keyStorePassword = keyStorePassword;
>         this.trustStore = trustStore;
>         setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new
> java.security.SecureRandom() );
>         }
>
>
>     private TrustManager[] getTrustManagers() throws
> java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
>                 java.io.IOException, java.security.GeneralSecurityException
>         {
>         System.out.println( "Initiating TrustManagers" );
>
>         KeyStore ks = KeyStore.getInstance("JKS");
>                 ks.load(new FileInputStream( trustStore ), null );
>         TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>         tmf.init(ks);
>
>         System.out.println( "Initiated TrustManagers" );
>
>         return tmf.getTrustManagers();
>         }
>
>
>     private KeyManager[] getKeyManagers()
>                 throws java.security.NoSuchAlgorithmException,
> java.security.KeyStoreException, java.security.GeneralSecurityException,
>                                 java.security.cert.CertificateException,
> java.io.IOException, java.security.UnrecoverableKeyException
>         {
>         System.out.println( "Initiating KeyManagers" );
>
>         KeyStore ks = KeyStore.getInstance("JKS");
>         ks.load(new FileInputStream( keyStore ),
> keyStorePassword.toCharArray() );
>         KeyManagerFactory kmf = KeyManagerFactory.getInstance(
> KeyManagerFactory.getDefaultAlgorithm() );
>         kmf.init( ks, keyStorePassword.toCharArray());
>
>         System.out.println( "Initiated KeyManagers" );
>
>         return kmf.getKeyManagers();
>
>         }
> }
>
> Thanks,
> Sudip Shrestha
> Omaha, NE
>
> ==============================================================================
>
>
>
> I think it should be provided in the next release of
>
>
> On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <hiram@hiramchirino.com>
> wrote:
>
>> I like that idea...
>>
>> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <sudipx@gmail.com> wrote:
>> > I was wondering maybe extending the
>> > org.apache.activemq.ActiveMQSslConnectionFactory class and providing
>> hooks
>> > to set KeyManagers and TrustManagers will do the trick....
>> >
>> > On Wed, May 14, 2008 at 7:00 AM, Gary Tully <gary.tully@gmail.com>
>> wrote:
>> >
>> >> it should respond to the javax.net.ssl.* system properties[1] but
>> >> these may have too far reaching an effect.
>> >>
>> >> [1]
>> >>
>> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization
>> >>
>> >> 2008/5/12 sudip shrestha <sudipx@gmail.com>:
>> >> > Is it possible to do this with the current version of Activemq with
>> >> tomcat?
>> >> > Any suggestion is highly appreciated. Thanks.
>> >> >
>> >> > On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <sudipx@gmail.com>
>> >> wrote:
>> >> >
>> >> >> Is it possible to setup jndi with ssl connection for Activemq in
>> tomcat.
>> >> >> If so where do I define the client.ks/client.ts files?
>> >> >>
>> >> >> My jndi config in context.xml file:
>> >> >> <Context antiJARLocking="true">
>> >> >>   <Resource
>> >> >>         name="jms/ConnectionFactory"
>> >> >>         auth="Container"
>> >> >>         type="org.apache.activemq.ActiveMQConnectionFactory"
>> >> >>         description="JMS Connection Factory"
>> >> >>         factory="org.apache.activemq.jndi.JNDIReferenceFactory"
>> >> >>         brokerURL="ssl://localhost:61617"
>> >> >>         brokerName="LocalActiveMQBroker"
>> >> >>         useEmbeddedBroker="false"/>
>> >> >>
>> >> >> </Context>
>> >> >>
>> >> >>
>> >> >
>> >>
>> >
>>
>>
>>
>> --
>> Regards,
>> Hiram
>>
>> Blog: http://hiramchirino.com
>>
>> Open Source SOA
>> http://open.iona.com
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message