activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claudio Corsi <clco...@yahoo.com>
Subject Re: SSL: could not load resource
Date Fri, 14 Dec 2012 13:28:41 GMT


Hi Geurt,

You are welcome, as for the ssl client displaying '1000', I have not noticed this myself but
then I was using 5.8-snapshot version.

Sending this to the user list in case someone else might have seen this.

--Claudio


>________________________________
> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>To: 'Claudio Corsi' <clcorsi@yahoo.com> 
>Sent: Thursday, December 13, 2012 4:28 AM
>Subject: RE: SSL: could not load resource
> 
>
> 
>Hi Claudio,
> 
>It works - many thanks !
> 
>Btw - both the broker and this ssl-client display ‘1000’ when starting - harmless,
but annoying. Have you seen this before ?
> 
>Kind regards,
> 
>Geurt
> 
>From:Claudio Corsi [mailto:clcorsi@yahoo.com] 
>Sent: Wednesday, December 12, 2012 7:37 PM
>To: Geurt Schimmel
>Subject: Re: SSL: could not load resource
> 
>Oh, I completely misunderstood what you were having problems with.  I had assumed you
were talking about the broker and not the client. 
> 
>I took the failover example that you pointed me to and was able to convert it to reproduce
the error that you are seeing.
> 
>I looked at the code and was able to get around the issue by replacing the parameter passed
to the setTrustStore call.
> 
>Replace the following:
> 
>  connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
> 
>with:
> 
>  connectionFactory.setTrustStore(new File("/opt/activemq/conf/client.ts").toURI().toString());
> 
>this will resolve the issue that you are seeing.
> 
>The factory class is using the passed file name to constructor a URL instance.  It looks
like the constructor does not know how to
>handle a simple file name.  
>It then uses the current thread context class loader to find the file as a resource but
that does not seem to work because you have not included / as part of your classpath.  
>Even then it seems that including the classpath does not work but then I did not investigate
further at the moment.
> 
>This is the same issue with the failover test that is attached to the issue you mentioned.
 
> 
>
>>________________________________
>> 
>>From:Geurt Schimmel <GSchimmel@schubergphilis.com>
>>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio Corsi'
<clcorsi@yahoo.com> 
>>Sent: Tuesday, December 11, 2012 5:35 PM
>>Subject: RE: SSL: could not load resource
>>
>>Disabling the keystore-code in the source and setting the values at runtime fixes
the problem, so don't think the problem is in the broker-configuration:
>>
>>    <sslContext>
>>        <sslContext
>>            keyStore="file:${activemq.conf}/broker.ks"
>>            keyStorePassword="xxxxxxxxx"
>>            trustStore="file:${activemq.conf}/client.ts"
>>            trustStorePassword="xxxxxxxxx"/>
>>    </sslContext>
>>
>>Snippet of Producer.java:
>>
>>import javax.jms.Connection;
>>import javax.jms.Destination;
>>import javax.jms.MessageProducer;
>>import javax.jms.Session;
>>import javax.jms.TextMessage;
>>
>>import org.apache.activemq.ActiveMQSslConnectionFactory;
>>
>>public class Producer {
>>        private static String user = "guest";
>>        private static String password = "password";
>>
>>        private static String url = "ssl://127.0.0.1:61616";
>>        private static String subject = "GUEST.FOO";
>>
>>        public static void main(String[] args) throws Exception {
>>                ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
>>
>>                connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
>>                connectionFactory.setTrustStorePassword("xxxxxxxx");
>>
>>And after removing setTrustStore() and setTrustStorePassword(), it works by setting
trustStore system properties:
>>
>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts -Djavax.net.ssl.trustStorePassword=xxxxxx
Producer
>>
>>For failover URIs, it's a known problem, not fixed in ActiveMQ 5.7:
>>https://issues.apache.org/jira/browse/AMQ-3785
>>
>>But my problem is with a simple SSL URI in the broker-configuration:
>><transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>
>>
>>-----Original Message-----
>>From: Claudio Corsi [mailto:clcorsi@yahoo.com] 
>>Sent: Tuesday, December 11, 2012 6:04 PM
>>To: users@activemq.apache.org
>>Subject: Re: SSL: could not load resource
>>
>>I do not doubt that you are using ssl but are you setting up the configuration using
the sslContext element within the configuration file?
>>
>>This allow you to set the key and trust store files and their required passwords.
 
>>
>>for instance,
>>
>><amq:broker useJmx="false" persistent="false"> <amq:sslContext> <amq:sslContext 
keyStore="server.keystore" keyStorePassword="password" trustStore="client.keystore" trustStorePassword="password"/>
</amq:sslContext> <amq:transportConnectors> <amq:transportConnector
 uri="ssl://localhost:61616" />  </amq:transportConnectors> </amq:broker>

>>
>>You can also use the technique where you scramble the password and then pass the key
using an environment variable.
>>I do not know how this is done off the top my head but can look for a reference.
>>
>>
>>
>>>________________________________
>>> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>>>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio 
>>>Corsi' <clcorsi@yahoo.com>
>>>Sent: Tuesday, December 11, 2012 11:23 AM
>>>Subject: RE: SSL: could not load resource
>>> 
>>>All brokers run SSL as the only communication-protocol and intercommunicate over
SSL.
>>>
>>>-----Original Message-----
>>>From: Claudio Corsi [mailto:clcorsi@yahoo.com]
>>>Sent: Tuesday, December 11, 2012 5:17 PM
>>>To: users@activemq.apache.org
>>>Subject: Re: SSL: could not load resource
>>>
>>>Did you try to use the sslContext element to set your store information withint
he broker configuration file?
>>>
>>>Here is a link http://activemq.apache.org/how-do-i-use-ssl.html.
>>>
>>>
>>>
>>>>________________________________
>>>> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>>>>To: "users@activemq.apache.org" <users@activemq.apache.org>
>>>>Sent: Tuesday, December 11, 2012 9:54 AM
>>>>Subject: RE: SSL: could not load resource
>>>> 
>>>>Created key- and truststores for a number of brokers, so not using the packaged
.ks and .ts files.
>>>>
>>>>Tried different truststores in different locations, tried a path to a truststore
that didn't exist, just to see what happens. In all cases, the same error. Apparently, the
point where the keystore is accessed is not reached. Setting the same variables/values
 in JAVA_OPTS works:
>>>>
>>>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts
>>>>-Djavax.net.ssl.trustStorePassword=xxxxxxxx Producer
>>>>
>>>>-----Original Message-----
>>>>From: Christian Posta [mailto:christian.posta@gmail.com]
>>>>Sent: Tuesday, December 11, 2012 3:41 PM
>>>>To: users@activemq.apache.org
>>>>Subject: Re: SSL: could not load resource
>>>>
>>>>Is the client truststore in that location?  /opt/activemq/conf/client.ts
I think there was some issues with packaging activemq 5.7 and some of the client keystores
might have been missing.
>>>>
>>>>You'll have to copy from the 5.6.0 version
>>>>
>>>>
>>>>
>>>>
>>>>On Tue, Dec 11, 2012 at 7:05 AM, Geurt Schimmel < GSchimmel@schubergphilis.com>
wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> My broker is running SSL only, with a 'simple' transportConnector:
>>>>>      <transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>>>>
>>>>> When trying to run a java-client:
>>>>>
>>>>> Exception in thread "main" javax.jms.JMSException: Could not create 
>>>>>Transport. Reason: java.io.IOException: Could not load resource:
>>>>> /opt/activemq/conf/client.ts
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSuppo
>>>>>r
>>>>>t.java:35)
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>>v
>>>>>eMQSslConnectionFactory.java:115)
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnectio
>>>>>n
>>>>>(ActiveMQConnectionFactory.java:277)
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQConnectionFactory.createConnection(Active
>>>>>M
>>>>>QConnectionFactory.java:202)
>>>>>                 at Producer.main(Producer.java:32) Caused by:

>>>>> java.io.IOException: Could not load resource:
>>>>> /opt/activemq/conf/client.ts
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.getUrlOrResourceAsSt
>>>>>r
>>>>>eam(ActiveMQSslConnectionFactory.java:188)
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTrustManager(A
>>>>>c
>>>>>tiveMQSslConnectionFactory.java:126)
>>>>>                 at
>>>>> 
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>>v
>>>>>eMQSslConnectionFactory.java:108)
>>>>>                 ... 3 more
>>>>>
>>>>> Removed the java-code that deals with the truststore and moved the 
>>>>> functionality  to JAVA_OPTS, but this is not what I want/expected.
>>>>> Using  activemq-all-5.7-SNAPSHOT.jar.
>>>>>
>>>>> Thought this problem only occurs when using an SSL failover URI ?
>>>>>
>>>>> Thanks,
>>>>> Geurt
>>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>*Christian Posta*
>>>>http://www.christianposta.com/blog
>>>>twitter: @christianposta
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message