ARTEMIS-2937: use more realistic key/truststore and client+broker setup in SSL example, remove non-SSL acceptors

examples/features/broker-connection/amqp-sending-overssl/pom.xml

@@ -86,7 +86,7 @@ under the License.
                      <ignore>${noServer}</ignore>
                      <spawn>true</spawn>
                      <location>${basedir}/target/server1</location>
-                     <testURI>tcp://localhost:5771</testURI>
+                     <testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/activemq.example.truststore;trustStorePassword=activemqexample</testURI>
                      <args>
                         <param>run</param>
                      </args>
@@ -102,7 +102,7 @@ under the License.
                      <spawn>true</spawn>
                      <ignore>${noServer}</ignore>
                      <location>${basedir}/target/server0</location>
-                     <testURI>tcp://localhost:5671</testURI>
+                     <testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/activemq.example.truststore;trustStorePassword=activemqexample</testURI>
                      <args>
                         <param>run</param>
                      </args>
@@ -162,4 +162,4 @@ under the License.
          </plugin>
       </plugins>
    </build>
-</project>
+</project>

examples/features/broker-connection/amqp-sending-overssl/readme.md

@@ -6,4 +6,6 @@ This example demonstrates how you can create a broker connection from one broker
  
 You basically configured the broker connection on broker.xml and this example will give you two working servers where you send messages in one broker and receive it on another broker.
  
-The Broker connection on this example is configured to use SSL. The client connections here are using regular connections.
+The connection between the two brokers as well as the client connections are all configured to use SSL.
+
+The keystore and trustores used in the example were generated with store-generation.txt

examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java

@@ -35,7 +35,7 @@ public class BrokerConnectionSenderSSL {
 
    public static void main(final String[] args) throws Exception {
       Connection connectionOnServer0 = null;
-      ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5672?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false");
+      ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample");
 
       // Step 1. Create a connection on server0, and send a few messages
       try {
@@ -58,7 +58,7 @@ public class BrokerConnectionSenderSSL {
       // Step 2. create a connection on server1, and receive a few messages.
       //          the sender on the broker conneciton will take care of the transfer.
       Connection connectionOnServer1 = null;
-      ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5772?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false");
+      ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample");
 
       try {
          connectionOnServer1 = connectionFactoryServer1.createConnection();

examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml

@@ -31,12 +31,12 @@ under the License.
       <!-- Acceptors -->
       <acceptors>
          <!-- keystores will be found automatically if they are on the classpath -->
-         <acceptor name="artemis">tcp://0.0.0.0:5671?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor>
-         <acceptor name="netty-ssl-acceptor">tcp://localhost:5672?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
+         <!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
+         <acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE</acceptor>
       </acceptors>
 
       <broker-connections>
-         <amqp-connection uri="tcp://localhost:5772?sslEnabled=true;trustStorePath=activemq.example.truststore;trustStorePassword=activemqexample" name="otherSSL" retry-interval="1000">
+         <amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=activemq.example.truststore;trustStorePassword=activemqexample" name="otherBrokerSSL" retry-interval="1000">
             <sender address-match="#"/>
          </amqp-connection>
       </broker-connections>

examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml

@@ -31,8 +31,8 @@ under the License.
       <!-- Acceptors -->
       <acceptors>
          <!-- keystores will be found automatically if they are on the classpath -->
-         <acceptor name="artemis">tcp://0.0.0.0:5771?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor>
-         <acceptor name="netty-ssl-acceptor">tcp://localhost:5772?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
+         <!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
+         <acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE</acceptor>
       </acceptors>
 
       <!-- Other config -->

examples/features/broker-connection/amqp-sending-overssl/store-generation.txt

@@ -0,0 +1,40 @@
+# The various SSL stores and certificates were created with the following commands:
+# This can be run as a script by sourcing the file, e.g ". store-generation.txt"
+
+
+# Clean up any existing files
+# ---------------------------
+rm -f *.crt *.csr *.keystore *.truststore
+rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.truststore
+rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.truststore
+
+# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
+# ----------------------------------------------------------------------------------------------------
+keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -keypass activemqexample -alias ca -genkey -keyalg "RSA" -keysize 2048 -dname "O=My Trusted Example Inc.,CN=my-example-ca.org" -validity 9999 -ext bc:c=ca:true
+keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -exportcert -rfc > ca.crt
+
+# Create a key pair, and sign it with the CA:
+# -------------------------------------------
+keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -alias broker -genkey -keyalg "RSA" -keysize 2048 -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA
+
+keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -alias broker -certreq -file broker.csr
+keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -gencert -rfc -infile broker.csr -outfile broker.crt -validity 9999 -ext bc=ca:false -ext eku=sA
+
+keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
+keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias broker -file broker.crt
+
+# Create trust store, import the CA cert:
+# -------------------------------------------------------
+keytool -storetype pkcs12 -keystore activemq.example.truststore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
+keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jceks.truststore -srcstoretype pkcs12 -deststoretype jceks -srcstorepass activemqexample -deststorepass activemqexample
+keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jks.truststore -srcstoretype pkcs12 -deststoretype jks -srcstorepass activemqexample -deststorepass activemqexample
+
+# Copy the stores into place
+cp activemq.example.truststore src/main/resources/activemq/server1/
+cp activemq.example.keystore src/main/resources/activemq/server1/
+
+cp activemq.example.truststore src/main/resources/activemq/server0/
+cp activemq.example.keystore src/main/resources/activemq/server0/
+
+# Clean up tmp files
+rm -f *.crt *.csr *.keystore *.truststore