activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From soody <>
Subject Re: Alternatives for deprecated setKeyAndTrustManagers in ActiveMQSSLConnectionFactory
Date Fri, 27 Mar 2009 13:04:48 GMT

Thanks Gary for the suggestions.

I was able to get a working code. Sharing the same for review as well as for

ConnectionFactory factory = (ConnectionFactory) ctx.lookup(FACTORY_NAME);
			System.out.println("Lookup succesfull " + factory.toString());
			try {
				TrustManager[] tms=getTrustManagers();
			        KeyManager[] kms=getKeyManagers();

				SSLContext context=SSLContext.getInstance("SSL");
				context.init(kms, tms, null);
				SslContext ctxt = new SslContext();
			} catch (NoSuchAlgorithmException e) {
				// TODO Auto-generated catch block

	 private static TrustManager[] getTrustManagers()
	    throws IOException, GeneralSecurityException
	    // First, get the default TrustManagerFactory.
	    String alg=TrustManagerFactory.getDefaultAlgorithm();
	    TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
	    FileInputStream fis=new FileInputStream("location of trust store");
	    KeyStore ks=KeyStore.getInstance("jks");
	    ks.load(fis, "password".toCharArray());


	    // And now get the TrustManagers
	    TrustManager[] tms=tmFact.getTrustManagers();
	    return tms;
	 private static KeyManager[] getKeyManagers()
	    throws IOException, GeneralSecurityException
	    // First, get the default KeyManagerFactory.
	    String alg=KeyManagerFactory.getDefaultAlgorithm();
	    KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
	    FileInputStream fis=new FileInputStream("location of key store");
	    KeyStore ks=KeyStore.getInstance("jks");
	    ks.load(fis, "password".toCharArray());

	    // Now we initialise the KeyManagerFactory with this KeyStore
	    kmFact.init(ks, "password".toCharArray());

	    // And now get the KeyManagers
	    KeyManager[] kms=kmFact.getKeyManagers();
	    return kms;

Thanks again for the help.

Gary Tully wrote:
> Just looked at SslTransportFactory.setKeyAndTrustManagers again,  it makes
> sense to deprecate because this api used to set the sslcontext for the
> factory. It is now changed in line with the use of thread local but the
> api
> for setting the thread local is SSLContext.setCurrentContext.
> So the behavior has changed to keep it in line with the use of a thread
> local but the intention of setting a context on the factory is
> depreciated.
> I added a @see reference to SSLContext.
> 2009/3/26 Gary Tully <>
>> An ActiveMQ ssl client is just like an other java application that wants
>> to
>> use ssl. Configuration is through JSSE.
>> The ActiveMQ SSLContext is just a thread specific holder for a regular
>> SSLContext, if no context is specified the platform default (from JSSE)
>> will
>> be used. The thread specific nature allows different credentials to be
>> used
>> in the same JVM. If individual contexts are not required, then configure
>> JSSE at the JVM level and ActiveMQ will pick up the default socket
>> factory
>> and work with it.
>> So you are on the right track, if you want to programmaticly specify the
>> JSSE credentials and stores, pass the arguments to an instance of
>> SSLContext.
>> If you want to remain JMS agnostic, then you should stick to the raw JSSE
>> apis.
>> What restrictions does: "as our's is an enterprise application." imply?
>> And that deprecated of setKeyAndTrustManagers, I will remove that as it
>> is
>> a handy method and it no longer sets up shared credentials, it just sets
>> a
>> current context using the thread local.
>> The alternative is to construct an ActiveMQ SSLContext wrapper and use
>> its
>> setters and call getSSLContext or just use raw JSSE SSLContext.
>> 2009/3/26 soody <>
>>> We want to use SSL in our client that will be sending messages to
>>> ActiveMQ.
>>> But we can't set the trust stores and key stores using
>>> System.setProperty(),
>>> as our's is an enterprise application.
>>> Are there any ways that I can set the trust and key stores, basically
>>> the
>>> SSLContext. Currently what we are thinking is that we will be using the
>>> SSLContext.setCurrentSslContext(<will create a context using JSSE and
>>> dump
>>> it here>).
>>> Is there any better approach. Also will be great if we can get anything
>>> more
>>> pluggable, that we can use across multiple JMS providers.
>>> Also why is the method setKeyAndTrustManagers  marked as deprecated and
>>> what
>>> is the workaround for the same.
>>> --
>>> View this message in context:
>>> Sent from the ActiveMQ - User mailing list archive at
>> --
>> Open Source SOA
> -- 
> Open Source SOA

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message