activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sudip shrestha" <sud...@gmail.com>
Subject Re: jndi with ssl
Date Thu, 29 May 2008 00:41:38 GMT
Done...
Also, looks like we need to look into the ActiveMQInitialContextFactory
class, so that we can retrieve ActiveMQSslConnectionFactory via JNDI....

On Wed, May 28, 2008 at 5:57 PM, Rob Davies <rajdavies@gmail.com> wrote:

> Sudip,
>
> could you add the Apache 2.0 licence to the ActiveMQSslConnectionFactoryx
> and re-attach it - ticking the ASF granted licence?
> Will probably incorporate your enhancement into the
> ActiveMQSslConnectionFactory class though
>
>
> cheers,
>
> Rob
>
> http://open.iona.com/products/enterprise-activemq
> http://rajdavies.blogspot.com/
>
>
>
> On 28 May 2008, at 21:25, sudip shrestha wrote:
>
>  have created JIRA for this:
>> https://issues.apache.org/activemq/browse/AMQ-1754.
>> Thanks,
>> Sudip
>>
>> On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <sudipx@gmail.com> wrote:
>>
>>  I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx
>>> ()
>>> that extends org.apache.activemq.ActiveMQSslConnectionFactory which
>>> provides
>>> a constructor public ActiveMQSslConnectionFactoryx(String keyStore,
>>> String
>>> keyStorePassword, String trustStore) so that you can provide the keyStore
>>> (client.ks) /trustStore (client.ts) which you can create as instructed by
>>> this page (http://activemq.apache.org/how-do-i-use-ssl.html).  It has
>>> private methods getTrustManagers and getKeyManagers which plug into
>>> org.apache.activemq.ActiveMQSslConnectionFactory's
>>> setKeyAndTrustManagers()
>>> method as soon as ActiveMQSslConnectionFactoryx's constructor is
>>> called....
>>> So, this class encapsulates all the needed ssl/kestore functionality and
>>> I
>>> have got this working with my test environment.  This will save the user
>>> from having to set the system properties
>>> javax.net.ssl.keyStore=/path/to/client.ks,
>>> javax.net.ssl.keyStorePassword=password,
>>> javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page (
>>> http://activemq.apache.org/how-do-i-use-ssl.html).
>>>
>>> Maybe a better thing would be to modify
>>> org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide
>>> the constructor, getManagers, setManagers methods as I suggested and use
>>> the
>>> original class itself.
>>>
>>> I would like to contribute the following code for this purpose:
>>>
>>>
>>> ==============================================================================
>>> package org.apache.activemq;
>>>
>>> import java.io.*;
>>> import java.security.*;
>>> import javax.net.ssl.*;
>>> import javax.jms.*;
>>> import org.apache.commons.ssl.*;
>>>
>>> /**
>>> * @author Sudip Shrestha
>>> *
>>> * Class that extends ActiveMQSslConnectionFactory so that it can use
>>> client.ks/client.ts files without having to set
>>> * System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
>>> javax.net.ssl.keyStorePassword=password,
>>> * javax.net.ssl.trustStore=/path/to/client.ts.
>>> */
>>> public class ActiveMQSslConnectionFactoryx extends
>>> ActiveMQSslConnectionFactory
>>> {
>>>   private String keyStore;
>>>   private String keyStorePassword;
>>>   private String trustStore;
>>>   public ActiveMQSslConnectionFactoryx()
>>>   {
>>>       super();
>>>       keyStore = keyStorePassword = trustStore = "";
>>>   }
>>>
>>>   public ActiveMQSslConnectionFactoryx(String keyStore, String
>>> keyStorePassword, String trustStore)
>>>       throws java.security.NoSuchAlgorithmException,
>>> java.security.KeyStoreException,
>>>                  java.io.IOException,
>>> java.security.GeneralSecurityException
>>>       {
>>>               super();
>>>       this.keyStore = keyStore;
>>>       this.keyStorePassword = keyStorePassword;
>>>       this.trustStore = trustStore;
>>>       setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new
>>> java.security.SecureRandom() );
>>>       }
>>>
>>>
>>>   private TrustManager[] getTrustManagers() throws
>>> java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
>>>               java.io.IOException, java.security.GeneralSecurityException
>>>       {
>>>       System.out.println( "Initiating TrustManagers" );
>>>
>>>       KeyStore ks = KeyStore.getInstance("JKS");
>>>               ks.load(new FileInputStream( trustStore ), null );
>>>       TrustManagerFactory tmf =
>>>
>>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>>>       tmf.init(ks);
>>>
>>>       System.out.println( "Initiated TrustManagers" );
>>>
>>>       return tmf.getTrustManagers();
>>>       }
>>>
>>>
>>>   private KeyManager[] getKeyManagers()
>>>               throws java.security.NoSuchAlgorithmException,
>>> java.security.KeyStoreException, java.security.GeneralSecurityException,
>>>                               java.security.cert.CertificateException,
>>> java.io.IOException, java.security.UnrecoverableKeyException
>>>       {
>>>       System.out.println( "Initiating KeyManagers" );
>>>
>>>       KeyStore ks = KeyStore.getInstance("JKS");
>>>       ks.load(new FileInputStream( keyStore ),
>>> keyStorePassword.toCharArray() );
>>>       KeyManagerFactory kmf = KeyManagerFactory.getInstance(
>>> KeyManagerFactory.getDefaultAlgorithm() );
>>>       kmf.init( ks, keyStorePassword.toCharArray());
>>>
>>>       System.out.println( "Initiated KeyManagers" );
>>>
>>>       return kmf.getKeyManagers();
>>>
>>>       }
>>> }
>>>
>>> Thanks,
>>> Sudip Shrestha
>>> Omaha, NE
>>>
>>>
>>> ==============================================================================
>>>
>>>
>>>
>>> I think it should be provided in the next release of
>>>
>>>
>>> On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <hiram@hiramchirino.com>
>>> wrote:
>>>
>>>  I like that idea...
>>>>
>>>> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <sudipx@gmail.com>
>>>> wrote:
>>>>
>>>>> I was wondering maybe extending the
>>>>> org.apache.activemq.ActiveMQSslConnectionFactory class and providing
>>>>>
>>>> hooks
>>>>
>>>>> to set KeyManagers and TrustManagers will do the trick....
>>>>>
>>>>> On Wed, May 14, 2008 at 7:00 AM, Gary Tully <gary.tully@gmail.com>
>>>>>
>>>> wrote:
>>>>
>>>>>
>>>>>  it should respond to the javax.net.ssl.* system properties[1] but
>>>>>> these may have too far reaching an effect.
>>>>>>
>>>>>> [1]
>>>>>>
>>>>>>
>>>> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization
>>>>
>>>>>
>>>>>> 2008/5/12 sudip shrestha <sudipx@gmail.com>:
>>>>>>
>>>>>>> Is it possible to do this with the current version of Activemq
with
>>>>>>>
>>>>>> tomcat?
>>>>>>
>>>>>>> Any suggestion is highly appreciated. Thanks.
>>>>>>>
>>>>>>> On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <sudipx@gmail.com>
>>>>>>>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>  Is it possible to setup jndi with ssl connection for Activemq
in
>>>>>>>>
>>>>>>> tomcat.
>>>>
>>>>> If so where do I define the client.ks/client.ts files?
>>>>>>>>
>>>>>>>> My jndi config in context.xml file:
>>>>>>>> <Context antiJARLocking="true">
>>>>>>>>  <Resource
>>>>>>>>       name="jms/ConnectionFactory"
>>>>>>>>       auth="Container"
>>>>>>>>       type="org.apache.activemq.ActiveMQConnectionFactory"
>>>>>>>>       description="JMS Connection Factory"
>>>>>>>>       factory="org.apache.activemq.jndi.JNDIReferenceFactory"
>>>>>>>>       brokerURL="ssl://localhost:61617"
>>>>>>>>       brokerName="LocalActiveMQBroker"
>>>>>>>>       useEmbeddedBroker="false"/>
>>>>>>>>
>>>>>>>> </Context>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Hiram
>>>>
>>>> Blog: http://hiramchirino.com
>>>>
>>>> Open Source SOA
>>>> http://open.iona.com
>>>>
>>>>
>>>
>>>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message