activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Davies <rajdav...@gmail.com>
Subject Re: jndi with ssl
Date Wed, 28 May 2008 22:08:20 GMT
Great thx Sudip!!

On 28 May 2008, at 21:25, sudip shrestha wrote:

> have created JIRA for this:
> https://issues.apache.org/activemq/browse/AMQ-1754.
> Thanks,
> Sudip
>
> On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <sudipx@gmail.com>  
> wrote:
>
>> I have created a class  
>> org.apache.activemq.ActiveMQSslConnectionFactoryx ()
>> that extends org.apache.activemq.ActiveMQSslConnectionFactory which  
>> provides
>> a constructor public ActiveMQSslConnectionFactoryx(String keyStore,  
>> String
>> keyStorePassword, String trustStore) so that you can provide the  
>> keyStore
>> (client.ks) /trustStore (client.ts) which you can create as  
>> instructed by
>> this page (http://activemq.apache.org/how-do-i-use-ssl.html).  It has
>> private methods getTrustManagers and getKeyManagers which plug into
>> org.apache.activemq.ActiveMQSslConnectionFactory's  
>> setKeyAndTrustManagers()
>> method as soon as ActiveMQSslConnectionFactoryx's constructor is  
>> called....
>> So, this class encapsulates all the needed ssl/kestore  
>> functionality and I
>> have got this working with my test environment.  This will save the  
>> user
>> from having to set the system properties
>> javax.net.ssl.keyStore=/path/to/client.ks,
>> javax.net.ssl.keyStorePassword=password,
>> javax.net.ssl.trustStore=/path/to/client.ts as suggested in the  
>> page (
>> http://activemq.apache.org/how-do-i-use-ssl.html).
>>
>> Maybe a better thing would be to modify
>> org.apache.activemq.ActiveMQSslConnectionFactory class itself and  
>> provide
>> the constructor, getManagers, setManagers methods as I suggested  
>> and use the
>> original class itself.
>>
>> I would like to contribute the following code for this purpose:
>>
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> =====================================================================
>> package org.apache.activemq;
>>
>> import java.io.*;
>> import java.security.*;
>> import javax.net.ssl.*;
>> import javax.jms.*;
>> import org.apache.commons.ssl.*;
>>
>> /**
>> * @author Sudip Shrestha
>> *
>> * Class that extends ActiveMQSslConnectionFactory so that it can use
>> client.ks/client.ts files without having to set
>> * System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
>> javax.net.ssl.keyStorePassword=password,
>> * javax.net.ssl.trustStore=/path/to/client.ts.
>> */
>> public class ActiveMQSslConnectionFactoryx extends
>> ActiveMQSslConnectionFactory
>> {
>>    private String keyStore;
>>    private String keyStorePassword;
>>    private String trustStore;
>>    public ActiveMQSslConnectionFactoryx()
>>    {
>>        super();
>>        keyStore = keyStorePassword = trustStore = "";
>>    }
>>
>>    public ActiveMQSslConnectionFactoryx(String keyStore, String
>> keyStorePassword, String trustStore)
>>        throws java.security.NoSuchAlgorithmException,
>> java.security.KeyStoreException,
>>                   java.io.IOException,
>> java.security.GeneralSecurityException
>>        {
>>                super();
>>        this.keyStore = keyStore;
>>        this.keyStorePassword = keyStorePassword;
>>        this.trustStore = trustStore;
>>         
>> setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new
>> java.security.SecureRandom() );
>>        }
>>
>>
>>    private TrustManager[] getTrustManagers() throws
>> java.security.NoSuchAlgorithmException,  
>> java.security.KeyStoreException,
>>                java.io.IOException,  
>> java.security.GeneralSecurityException
>>        {
>>        System.out.println( "Initiating TrustManagers" );
>>
>>        KeyStore ks = KeyStore.getInstance("JKS");
>>                ks.load(new FileInputStream( trustStore ), null );
>>        TrustManagerFactory tmf =
>> TrustManagerFactory 
>> .getInstance(TrustManagerFactory.getDefaultAlgorithm());
>>        tmf.init(ks);
>>
>>        System.out.println( "Initiated TrustManagers" );
>>
>>        return tmf.getTrustManagers();
>>        }
>>
>>
>>    private KeyManager[] getKeyManagers()
>>                throws java.security.NoSuchAlgorithmException,
>> java.security.KeyStoreException,  
>> java.security.GeneralSecurityException,
>>                                 
>> java.security.cert.CertificateException,
>> java.io.IOException, java.security.UnrecoverableKeyException
>>        {
>>        System.out.println( "Initiating KeyManagers" );
>>
>>        KeyStore ks = KeyStore.getInstance("JKS");
>>        ks.load(new FileInputStream( keyStore ),
>> keyStorePassword.toCharArray() );
>>        KeyManagerFactory kmf = KeyManagerFactory.getInstance(
>> KeyManagerFactory.getDefaultAlgorithm() );
>>        kmf.init( ks, keyStorePassword.toCharArray());
>>
>>        System.out.println( "Initiated KeyManagers" );
>>
>>        return kmf.getKeyManagers();
>>
>>        }
>> }
>>
>> Thanks,
>> Sudip Shrestha
>> Omaha, NE
>>
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> = 
>> =====================================================================
>>
>>
>>
>> I think it should be provided in the next release of
>>
>>
>> On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <hiram@hiramchirino.com 
>> >
>> wrote:
>>
>>> I like that idea...
>>>
>>> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <sudipx@gmail.com>  
>>> wrote:
>>>> I was wondering maybe extending the
>>>> org.apache.activemq.ActiveMQSslConnectionFactory class and  
>>>> providing
>>> hooks
>>>> to set KeyManagers and TrustManagers will do the trick....
>>>>
>>>> On Wed, May 14, 2008 at 7:00 AM, Gary Tully <gary.tully@gmail.com>
>>> wrote:
>>>>
>>>>> it should respond to the javax.net.ssl.* system properties[1] but
>>>>> these may have too far reaching an effect.
>>>>>
>>>>> [1]
>>>>>
>>> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization
>>>>>
>>>>> 2008/5/12 sudip shrestha <sudipx@gmail.com>:
>>>>>> Is it possible to do this with the current version of Activemq  
>>>>>> with
>>>>> tomcat?
>>>>>> Any suggestion is highly appreciated. Thanks.
>>>>>>
>>>>>> On Thu, May 8, 2008 at 10:21 AM, sudip shrestha  
>>>>>> <sudipx@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>>> Is it possible to setup jndi with ssl connection for Activemq
in
>>> tomcat.
>>>>>>> If so where do I define the client.ks/client.ts files?
>>>>>>>
>>>>>>> My jndi config in context.xml file:
>>>>>>> <Context antiJARLocking="true">
>>>>>>>  <Resource
>>>>>>>        name="jms/ConnectionFactory"
>>>>>>>        auth="Container"
>>>>>>>        type="org.apache.activemq.ActiveMQConnectionFactory"
>>>>>>>        description="JMS Connection Factory"
>>>>>>>        factory="org.apache.activemq.jndi.JNDIReferenceFactory"
>>>>>>>        brokerURL="ssl://localhost:61617"
>>>>>>>        brokerName="LocalActiveMQBroker"
>>>>>>>        useEmbeddedBroker="false"/>
>>>>>>>
>>>>>>> </Context>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Hiram
>>>
>>> Blog: http://hiramchirino.com
>>>
>>> Open Source SOA
>>> http://open.iona.com
>>>
>>
>>


Mime
View raw message