From 1af8be353f6072efb317a438d7f3defb93ada46c Mon Sep 17 00:00:00 2001 From: Robbie Gemmell Date: Thu, 29 Oct 2020 15:12:30 -0400 Subject: [PATCH] ARTEMIS-2937: use more realistic key/truststore and client+broker setup in SSL example, remove non-SSL acceptors --- .../amqp-sending-overssl/pom.xml | 6 +-- .../amqp-sending-overssl/readme.md | 4 +- .../example/BrokerConnectionSenderSSL.java | 4 +- .../server0/activemq.example.keystore | Bin 2251 -> 4415 bytes .../server0/activemq.example.truststore | Bin 963 -> 1106 bytes .../resources/activemq/server0/broker.xml | 6 +-- .../server1/activemq.example.keystore | Bin 2251 -> 4415 bytes .../server1/activemq.example.truststore | Bin 963 -> 1106 bytes .../resources/activemq/server1/broker.xml | 4 +- .../amqp-sending-overssl/store-generation.txt | 40 ++++++++++++++++++ 10 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 examples/features/broker-connection/amqp-sending-overssl/store-generation.txt diff --git a/examples/features/broker-connection/amqp-sending-overssl/pom.xml b/examples/features/broker-connection/amqp-sending-overssl/pom.xml index 6b0d6448b0..fe747757b4 100644 --- a/examples/features/broker-connection/amqp-sending-overssl/pom.xml +++ b/examples/features/broker-connection/amqp-sending-overssl/pom.xml @@ -86,7 +86,7 @@ under the License. ${noServer} true ${basedir}/target/server1 - tcp://localhost:5771 + tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/activemq.example.truststore;trustStorePassword=activemqexample run @@ -102,7 +102,7 @@ under the License. true ${noServer} ${basedir}/target/server0 - tcp://localhost:5671 + tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/activemq.example.truststore;trustStorePassword=activemqexample run @@ -162,4 +162,4 @@ under the License. - \ No newline at end of file + diff --git a/examples/features/broker-connection/amqp-sending-overssl/readme.md b/examples/features/broker-connection/amqp-sending-overssl/readme.md index 322ccd3cbd..851a3ffade 100644 --- a/examples/features/broker-connection/amqp-sending-overssl/readme.md +++ b/examples/features/broker-connection/amqp-sending-overssl/readme.md @@ -6,4 +6,6 @@ This example demonstrates how you can create a broker connection from one broker You basically configured the broker connection on broker.xml and this example will give you two working servers where you send messages in one broker and receive it on another broker. -The Broker connection on this example is configured to use SSL. The client connections here are using regular connections. +The connection between the two brokers as well as the client connections are all configured to use SSL. + +The keystore and trustores used in the example were generated with store-generation.txt diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java b/examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java index f7145ae847..841b075bc5 100644 --- a/examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java +++ b/examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java @@ -35,7 +35,7 @@ public class BrokerConnectionSenderSSL { public static void main(final String[] args) throws Exception { Connection connectionOnServer0 = null; - ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5672?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false"); + ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample"); // Step 1. Create a connection on server0, and send a few messages try { @@ -58,7 +58,7 @@ public class BrokerConnectionSenderSSL { // Step 2. create a connection on server1, and receive a few messages. // the sender on the broker conneciton will take care of the transfer. Connection connectionOnServer1 = null; - ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5772?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false"); + ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample"); try { connectionOnServer1 = connectionFactoryServer1.createConnection(); diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/activemq.example.keystore b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/activemq.example.keystore index 4ed24133c4acd412e9e2db114409e72706ed0271..291a34af75bcc8927e9a494a4dbd24becd8a866f 100644 GIT binary patch literal 4415 zcmY+EWmFW5wuTuRhLr9BX%q&L4(T4GyL+giy95NJLj-B1yK5+c0R`wkq1{Ts}KOZflz?{fxhN;K8oq0D?#Wb}_W zoC4$BUy<8l&6rpiL)zF;*xw+Q{FAg6@yu(~ z5itn92#nxMWcmAewm+N9g4mnTv?u%pbhaZ1XWtGFYps zq34~_?4;kh67ce>^WJSiWppaa(Ij9zN9(sgoID172$lbS7*Z{XP}YS4Dn9I(Z9V;6 zgDv4L@KI2vFsYv@(x{BFmWi`GpEa~1ZE#P6+D`T`v z^1S_VsXt_xVL4wE!h#SBdTur$*%>3Nh}m9%S3(zK_YO$OECxyXtTAa9rz^47*a&XE zIeBg1?>cI#TRi!D)V19ST@|C#tnHAJ{JGMZ*rN` zNI;G=Vz-6VN|S?p5(OH@`3)f|<_lE3t_D|?zaMC*1~BbKoDplBrmViIy!|lAS=*Ss z*_F5B#jv2aN)>jfrNWV+?b*`0cqk-juQd>!fuIfs$-7)w6$eZj z6-^4LO9k;csZTwv8fbcqSmx#46?f@e>wvjcqipx}oVjNsdWe(EM0X>;#C4XMj-`PF zLuXb5rm9&5(K!*==pxp&R1HVAEqU{Z2i;eq7J-BHR@{LX@moe=nh(msK+1hIxSNEY*h@xcNo+HH}Eq9ty5Z4Tzv>k|A zG{9W6{-QzjIC!thxMSpD$N<@I&Cc3{cyGegTW`2CXwsKO{0k(GD=$2DR;FS3`ApJY z7fr)LQ$zS>akl}GCcea`3QrQr##y++yA+9s=LK%xpbG7*s(g`=K73~NS>~H;6u}aE zIf}oq$Z?s>wLV>2bn&TfsWYnVf0sPJ>BN_K6A#_N(omGbeX6dAoz6ZLN3uw1Q(>1k zMC-8vZq%-ZGLgxIu8IFXYvVz02KJppMj3UEmdFgPX<>^>6+9I1qy)>mN(zA}PuMtd z#<2S}^xTiEPGF@v;M2Fw#xwYn3Y_M#r3V*%kt_Q1VLF~h0`j2+A+C!foRgqBvDlGN z;#2jSyt9N(g#XG480_}InO#M}XVWD@T#mE2a+C=k^Gu!q5Ol0er{5+C%7PjGtx5t) zK@w&n3|kCu3>bzhh69E-nDsv;l^`Yd6Md+=14vK=EF>;2Bq}WSH^5Oqw|_6;;TA^$ zE&d`COaR8;(EU#X_%Fla{*PgsQnt78^eu5X4f$wpXjmL>kEBKa*RYXMKw1n)XJz_p zBzF;Ec%jRD?x*;)d%=pyLV6XO<1G!Q%OEQxE@fLBgG~%qYymFPG*Q$Dp>i#i`KhWG zIESN1D0SlM9wR5WAlIzm&R>vtGB*;K?wB{*1j&%yk?7i*=&n_89X4)$L(|ty0j3C~ z=W~X`(rL%FH*<4`{=^^F^TOp3B0bOXO+>SwL$^XeQGZX*0Tm7C5-LrSQ3 z(3c^udIxE*w0%0FTfoH&zZV5{>)LcZ`x2cH&AAyof|S9&oOp*H!ZOk(qnU>9!uC%L zQ~iZYU9&34va|aqw&0p%ISx<*Xe;D>4-A`Aqc9gaKp^ZSPtLeAvbzIQO&#S0>SgP; zzIdC&?2FO4+l_VnlJ5Nhd++kA1!_!-Vtx5xL!dlz@h#os^MwOi`Of7D%cmMJgJk`^ zlQBN*-DGb!zcf>rNHo&UfTUhoxfwKZeaiA(_v9hoYTsg;-uTFtY;>(%X5H(3MZF|( zf|`YnW*pe>cu)V~rt8bTF^*_HZ*Gw=+oU0!zPh}`ayxs_iXTaLEMQG)o#5uzUDlgq zNc1s1%ZP#zH*Jou%<4|xl6P}j>3$yDpEk4m1IIzDX?4`Px0&*Ddnz~Y+_=ifNZnoD z^5`-O@Z5t#D>R=uA>St;_OR(6YHspZHdo!i_K&b$lj4BM73Cn6p3N~6Z>XdT4>vNZ zqV>l92|K~QSsP~7VJZvG<74Ov7f%^HXZ8fnL;5)5Xp~c zTB%}&D(&`s09;wdhlD3NWiObhg0CWKrO(c^&BviZDrs2sM!4GyH?JM*Y)0lA|L7Dx zACULbQ-6CODWxqE-oxUBicDA_b^UECTP}nbFk~AkBRqYjw2o?kHa34@M>ulX<$DBX zhx`h-r7kcV8`POypjT8$YrTwiWVC)oaYeh>=>7g`9e47m_H=98&Vm=Z5 zD`Hf@=6*coKmGdFeF3TAR#LHQ;zOku(NyGOrz$chv&cgpK1OoKNfKw)JMZWXdXvkz2cWPvum}jgw6YYi#c^JKL2k zI_Se{MMrruDvy;|YoztAnkEg91oPL#J2KpmZ-AEIkP@!GuQ@Ic3baPnaUOrZo^CZY z9jkx#Jhj|wJmROduJRKUj($vdZB=ZAb@fG+D>3_^aFM5S%rm{UFFbAi_8B;H$FJfu1uoJsZ*wJW`CwVgd_9sCMURF60 zch8c1&lml$;w%*JcM@0L|CXkwnpx5 z-`a*eY5F=!%pQHDg?Bw}sy>+NPX2?#T3uJ)CScvq_ z-fx4>)qplPOVqEO`vlZK++Zs0GDQ$?wgRtO^B@_DFoO;CQ1>A`j+6~ov1E?kIbhV# z*^k!=>W5tW)cR3tKcGWu>{oAlGA%0gc|(~ivXhx_TLIHgeSx|8bT=88N@6uylQFOo4R6Z9 z!h``0Xv@U&R3BnMVz8RCl!6jELLj%V!|9qPq`fkFTsLNJIclmbhTXz)4IY`i4pptB zk(IoVFh#s#ccf|4k$IMN96S@66LDDB8M>9jWz15h{8mU~*g3|v@oE30AQw_ISm-s9 zikvwybkSf!(U(o6_Tfbn@~RRdJ696^Xe=y_1++d<8b|j!-+X|RusuEKT{E6J=$b~! zi#0&Q3Vs1=Rvo+S$pY;UK7qMo)}QG3t`jbFP&!av2@9p#5^=1pYC1GfiMULCdqJ$} z_Qe3i6uI;r7Zku9F{h`57$msr>NpY2b^YW)Yn^)(hOFC_at?Ksky_~d0bm#5Nl;aj zr@2sJQZ9tHo;@SzWV2`RA}@=D^WE?D*`fBkBY4SF7eLz4{9YWw%eC{Cgu5Ry{`-p*;Dr;_>}g&@NOo!VE>Q@yDYn@KoQXJly(m7*2ef{9TIu}rcJ_FW8XK;wO}@C?Dc>{YE-ckM&c2pM*Ev9Z_uxv=715E~XF65PZMVbtXDaB9moU zt2WG18bkP(cPJMkOeZ=l26Pi-NK1J0&ox&Z_fmssaZwogi2Bvw6!=swO?m&FAg4v? z-hjdB3#G2n$MkRnlUq}T2U=n#%fOMGcr*3lq5Kbs*E^xeRBIenI@YwClzM%s zGf$LnxRS%VG4=7sbWqmmVY=R+!esf0#N#N@+okJXq?9AyK-YNe1|4`V0dN-~0w|nR zKPLHk{@FhqGoqbmt6)u+jb!6~xYz0pZ0b@Xnil&{{tHj1O+(APvW7v!hA-Zg7-xt# zwDkjeU)Sl{>?ewZ)CSI5?MY%yFJG3`P5<)8tzeF=`B<&`w#wJzj~Imz<5HP!c870K zXrAt&+8Uo+>T5A|EXhJd-4$u_cnRQCWo!7cPOX?oY6AiFYQS;O`|a1-$BmA6t+TL1 z-S#FNvN`cnF&xUHVw*a{kj`tyRvz@jU+tKsbVrm&=g+jKuC+E0&vVxF+36|J#qpCs z?Hk=?flKGimAl9n7?aFOpVS?#w&X5eR#o0-ENBg}+94l(ejVECljZ6FT}c-kN)_4G zTGr&IODNXF3)+XhM$Ph(djQrZ0Q_hC(1*pyOtLSUgLWhu>tRKOqk{NSerre4s4VN~ z5f_uJAmIS@v)|MpeK-n1J|^24ba?U;ECXf*6X4?Tkzirc<6vM@`fFrs9PzNYjS^=@ o(QEw#lyOU_U{f-d;Y;Ha)so+<&iPe5N}Criv1MRl0b+~)1=3$(MgRZ+ literal 2251 zcmc(g=|2>D8^&j|o6uOYFIgI-84OdFj3vgF#x^qcv9DQ%49YNciVBIMB5R>x$d-=m zYdCU9lw#D#5+`FR%QNRW&v`!Q`3s&G_lxg+UoY;@_4|FU`(X886#xK$*aiG|afDtD z_Pxv|Psb7?6ac^hKu{oih$Ec5YMej_P!%Ku1abf%6bQ4tVdy}*GZOzTZLp-eOO>Oi zL*$+3!p~8-wOl=M*#j>0?ata)`teBRi=s9hK=anXZcTEC}YLV5$2J z=6C*vtmlZ8?3Hu7pYp#)!9J$=gp51{l5IaqTb{f_4o8XqNTNYE-ixKGF+Of!F(x0~ zl76%fc8@sm*4p|kd(VNF64-cs*})QK@|=;U|Q@?xFF@Y4~zst&bi=JyL7Ut{i_(x@pk zj^|t{CA}N9h3b*R;p(@pKN9sDA-G6KW--*}K27)2x3Z=nXAWOs?2>Obh&~>H%Y=e# z^(E``%b&>sY8=$ciL*UBXBcUl^M=nrcUn-b;qtLyeall<;?DZYe>3w5H;U0 ze&bWpR-w^AQ9SNg36pO!sf2d7SmVsk=6$aegULa(+m9RXSUwLT%9}Tp0jt(-@w(!l zSMMz>+R?iTiW=TJlHG66QOYTw|7Qda>Y{v9?olBFj`D51ehjXmv zX#p`(g*^O}zL$Gc(t77ifhX~~|HCiyVPOtSB|GHR%~ctB3Mpo#BWky?L(8K|d*<9Kqp*b;j1j-ZvLZ#lI|fe_(WO`= z_gV-F9YyMb3*wBetmc`9Piu(KHTTX#VMajfrBf`Pmqv$=f5Yl(m8t(yHT=Zt=i9aR(D+GrJ? zsct8TExpYMjjUWKwW8i&Rk)jEviuU2Ju{?!8p+TXa3@`vQ#|3>va)vjss?fIJfgCu zaCvK|g!DWgdMpl*TD~-_y_FDPifiv)Kh~um8Z*FkXk6FRB5l{{$m2`jo~LCN*+fWq z8M<69p%NAyVrpA+n$V<(B&7oCjg|>!3wl~ww(zFL^4)tu@a8g}X$SF7NLby- z%fyd)Z@{Zf)1szCxbqX2{QH{3Lne2bhOuP2-?0db#2xFw539E`O0L}>T19_{TG6|+ zGJePN4^)D`uH3+hixxP&D38l1qKKX|c%?Wcmt(I31JFr79AH)xKnv9T&{rGx?ec^j39krY0X<>u5@bldcP3l#?x>WAz-d;Q_y*4I}!r3@-bd(@>&wgkq}c>EKwg)5*w{DV!(P;ZLfU$KbSKp{>80AMPD z0!~IyK!HVI5D)}{NU}2x0p;XTO|wYbh5~_n?7+N)R-xmqEsM(34ua0O)jn8D_i{@Jd0ceUe_r~!Nm4Y|;cTh0BgQO*X-%lilo&eV zDgN1t(PHn*`=#XyG2~in^Qf&JOl86qM?ZR%WA((St+15gB}PEPEVb@<pl>AwQgBZv8l^_V`XuG1VERABN{%2%dnJmV;T zg#0z&!%Nn5llbuayfh-xwY51}9b1Sr-9JxeJ~iR@BHZ29ZTyy<1p)&Bz!G_cEJB+7 zxY9=;q7Y%!xr%i~2?e^gSxC^m0z=rQ?d!3Bn#lfLY!iV1Cy=#ga3D>-To4Z$8tyq( zWZkD`*nn0^GJQ>H9=C{m!6;?yVWWRLo9oy8D@a_g#p?#$ECIwjw8Z3$^kv1YM E0oUEtu>b%7 diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/activemq.example.truststore b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/activemq.example.truststore index 45ab086071dbf158cefa27f2ab8dd72ea9ed7691..07d359cc31e20a67f6cd8f1e88d8ead1d5060fd2 100644 GIT binary patch literal 1106 zcmV-Y1g-lpf&@+i0Ru3C1P2BQDuzgg_YDCD0ic2d_ymFj^e}=0@Gyb{>;?%chDe6@ z4FLxRpn?P4FoFZw0s#Opf&e z0j~r}g-~)6Cc0rscx~fsb~bu^QjOX+8PD$qQ8_h#(ZYhA+{g1m zCcb=7Ql872-3n_a!lL-hF23YnXF5e}+_yn=s4toTluk0s^jI=kM>a04gs&JBOp0&G zz_2qfY5}#fuZY+}mt%fzg}HJdxqhY^GMB49pyuc=clvdUR_? zb6tZ0+E_kYwD*N)I%%*9K0Qz@No%*p*7GR(07`SihMBHeXsE&m0&R_zr)D{g0EH#m zAN2}){sAVYu>LS|WBzLf#%3A?MecXMsJL&5~7`6){Rfsu_oKeW!wzsZr6A z7;vhjkCLu^TdQK9A4aeqQxama%%3}6k!SQ$9edjuVz$PiJ2=uwy)e|48FA5Ic^B`F z#;=KKID`ZWZ*ziiB(xIuu3_^yz!zJA{%LMnoxc$bpr!RiVn0`@QfN_c3y`R8`4yoF zpdD9eRdAB>yLt2+HJrYj`&R2|Zkl2;rEV0S#=VvUc^WU&8o4M_h7@cLj(|@XR z!!fxevn&;;T)==2B*ZPu?pRcknwwc{s9+!m5@8k=hbdBkN+|@V7L}zI8OVwA8k!p# z8JZZH8krj#L;<-L2F7siKsc$1Q3*L<7+D#Zn;7{S44N3Zn3@Ioosup?9rKY zZfaL@m_OHRpv-%!*#A z(|ie%&%B@P3{K^GzOz0hr(@TS^M2OC>Q|zJHVHMbzSTJICn954_#~s|PU}YHZI^x| zRqa-qbfUHKjIi97S=u}8Jm(18o0NTVRtSB!dbV`>8)56}yj1a{E-Tk;G&+4s=>_Ks z#TCtZ>sXh~H{6$TZ|~Qe+a=H3o!*vW7`>*PN`Gv+abx_?^9g9EiZw1q?(+hA<|d zgzU`qipvBdm`|kjbkFa}v9(7p@A-IYONH5!oK=(e=(B2@#-GK9|8hDIhvpc;OMj?6UdO*2RA{?~s!_ChTU(H-Uy?HTu-KR%zKs(CBs{_06FWqTH?8fX7of790U;Md*q-zFK$sI(^q|En-D&n!Ir g^-~0I5j*drmUhF9{H>OfilSc@H^1gpFRLg903`@t1ONa4 diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml index 186429196b..0274cb33c7 100644 --- a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml +++ b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml @@ -31,12 +31,12 @@ under the License. - tcp://0.0.0.0:5671?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true - tcp://localhost:5672?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE + + tcp://localhost:5671?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE - + diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/activemq.example.keystore b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/activemq.example.keystore index 4ed24133c4acd412e9e2db114409e72706ed0271..291a34af75bcc8927e9a494a4dbd24becd8a866f 100644 GIT binary patch literal 4415 zcmY+EWmFW5wuTuRhLr9BX%q&L4(T4GyL+giy95NJLj-B1yK5+c0R`wkq1{Ts}KOZflz?{fxhN;K8oq0D?#Wb}_W zoC4$BUy<8l&6rpiL)zF;*xw+Q{FAg6@yu(~ z5itn92#nxMWcmAewm+N9g4mnTv?u%pbhaZ1XWtGFYps zq34~_?4;kh67ce>^WJSiWppaa(Ij9zN9(sgoID172$lbS7*Z{XP}YS4Dn9I(Z9V;6 zgDv4L@KI2vFsYv@(x{BFmWi`GpEa~1ZE#P6+D`T`v z^1S_VsXt_xVL4wE!h#SBdTur$*%>3Nh}m9%S3(zK_YO$OECxyXtTAa9rz^47*a&XE zIeBg1?>cI#TRi!D)V19ST@|C#tnHAJ{JGMZ*rN` zNI;G=Vz-6VN|S?p5(OH@`3)f|<_lE3t_D|?zaMC*1~BbKoDplBrmViIy!|lAS=*Ss z*_F5B#jv2aN)>jfrNWV+?b*`0cqk-juQd>!fuIfs$-7)w6$eZj z6-^4LO9k;csZTwv8fbcqSmx#46?f@e>wvjcqipx}oVjNsdWe(EM0X>;#C4XMj-`PF zLuXb5rm9&5(K!*==pxp&R1HVAEqU{Z2i;eq7J-BHR@{LX@moe=nh(msK+1hIxSNEY*h@xcNo+HH}Eq9ty5Z4Tzv>k|A zG{9W6{-QzjIC!thxMSpD$N<@I&Cc3{cyGegTW`2CXwsKO{0k(GD=$2DR;FS3`ApJY z7fr)LQ$zS>akl}GCcea`3QrQr##y++yA+9s=LK%xpbG7*s(g`=K73~NS>~H;6u}aE zIf}oq$Z?s>wLV>2bn&TfsWYnVf0sPJ>BN_K6A#_N(omGbeX6dAoz6ZLN3uw1Q(>1k zMC-8vZq%-ZGLgxIu8IFXYvVz02KJppMj3UEmdFgPX<>^>6+9I1qy)>mN(zA}PuMtd z#<2S}^xTiEPGF@v;M2Fw#xwYn3Y_M#r3V*%kt_Q1VLF~h0`j2+A+C!foRgqBvDlGN z;#2jSyt9N(g#XG480_}InO#M}XVWD@T#mE2a+C=k^Gu!q5Ol0er{5+C%7PjGtx5t) zK@w&n3|kCu3>bzhh69E-nDsv;l^`Yd6Md+=14vK=EF>;2Bq}WSH^5Oqw|_6;;TA^$ zE&d`COaR8;(EU#X_%Fla{*PgsQnt78^eu5X4f$wpXjmL>kEBKa*RYXMKw1n)XJz_p zBzF;Ec%jRD?x*;)d%=pyLV6XO<1G!Q%OEQxE@fLBgG~%qYymFPG*Q$Dp>i#i`KhWG zIESN1D0SlM9wR5WAlIzm&R>vtGB*;K?wB{*1j&%yk?7i*=&n_89X4)$L(|ty0j3C~ z=W~X`(rL%FH*<4`{=^^F^TOp3B0bOXO+>SwL$^XeQGZX*0Tm7C5-LrSQ3 z(3c^udIxE*w0%0FTfoH&zZV5{>)LcZ`x2cH&AAyof|S9&oOp*H!ZOk(qnU>9!uC%L zQ~iZYU9&34va|aqw&0p%ISx<*Xe;D>4-A`Aqc9gaKp^ZSPtLeAvbzIQO&#S0>SgP; zzIdC&?2FO4+l_VnlJ5Nhd++kA1!_!-Vtx5xL!dlz@h#os^MwOi`Of7D%cmMJgJk`^ zlQBN*-DGb!zcf>rNHo&UfTUhoxfwKZeaiA(_v9hoYTsg;-uTFtY;>(%X5H(3MZF|( zf|`YnW*pe>cu)V~rt8bTF^*_HZ*Gw=+oU0!zPh}`ayxs_iXTaLEMQG)o#5uzUDlgq zNc1s1%ZP#zH*Jou%<4|xl6P}j>3$yDpEk4m1IIzDX?4`Px0&*Ddnz~Y+_=ifNZnoD z^5`-O@Z5t#D>R=uA>St;_OR(6YHspZHdo!i_K&b$lj4BM73Cn6p3N~6Z>XdT4>vNZ zqV>l92|K~QSsP~7VJZvG<74Ov7f%^HXZ8fnL;5)5Xp~c zTB%}&D(&`s09;wdhlD3NWiObhg0CWKrO(c^&BviZDrs2sM!4GyH?JM*Y)0lA|L7Dx zACULbQ-6CODWxqE-oxUBicDA_b^UECTP}nbFk~AkBRqYjw2o?kHa34@M>ulX<$DBX zhx`h-r7kcV8`POypjT8$YrTwiWVC)oaYeh>=>7g`9e47m_H=98&Vm=Z5 zD`Hf@=6*coKmGdFeF3TAR#LHQ;zOku(NyGOrz$chv&cgpK1OoKNfKw)JMZWXdXvkz2cWPvum}jgw6YYi#c^JKL2k zI_Se{MMrruDvy;|YoztAnkEg91oPL#J2KpmZ-AEIkP@!GuQ@Ic3baPnaUOrZo^CZY z9jkx#Jhj|wJmROduJRKUj($vdZB=ZAb@fG+D>3_^aFM5S%rm{UFFbAi_8B;H$FJfu1uoJsZ*wJW`CwVgd_9sCMURF60 zch8c1&lml$;w%*JcM@0L|CXkwnpx5 z-`a*eY5F=!%pQHDg?Bw}sy>+NPX2?#T3uJ)CScvq_ z-fx4>)qplPOVqEO`vlZK++Zs0GDQ$?wgRtO^B@_DFoO;CQ1>A`j+6~ov1E?kIbhV# z*^k!=>W5tW)cR3tKcGWu>{oAlGA%0gc|(~ivXhx_TLIHgeSx|8bT=88N@6uylQFOo4R6Z9 z!h``0Xv@U&R3BnMVz8RCl!6jELLj%V!|9qPq`fkFTsLNJIclmbhTXz)4IY`i4pptB zk(IoVFh#s#ccf|4k$IMN96S@66LDDB8M>9jWz15h{8mU~*g3|v@oE30AQw_ISm-s9 zikvwybkSf!(U(o6_Tfbn@~RRdJ696^Xe=y_1++d<8b|j!-+X|RusuEKT{E6J=$b~! zi#0&Q3Vs1=Rvo+S$pY;UK7qMo)}QG3t`jbFP&!av2@9p#5^=1pYC1GfiMULCdqJ$} z_Qe3i6uI;r7Zku9F{h`57$msr>NpY2b^YW)Yn^)(hOFC_at?Ksky_~d0bm#5Nl;aj zr@2sJQZ9tHo;@SzWV2`RA}@=D^WE?D*`fBkBY4SF7eLz4{9YWw%eC{Cgu5Ry{`-p*;Dr;_>}g&@NOo!VE>Q@yDYn@KoQXJly(m7*2ef{9TIu}rcJ_FW8XK;wO}@C?Dc>{YE-ckM&c2pM*Ev9Z_uxv=715E~XF65PZMVbtXDaB9moU zt2WG18bkP(cPJMkOeZ=l26Pi-NK1J0&ox&Z_fmssaZwogi2Bvw6!=swO?m&FAg4v? z-hjdB3#G2n$MkRnlUq}T2U=n#%fOMGcr*3lq5Kbs*E^xeRBIenI@YwClzM%s zGf$LnxRS%VG4=7sbWqmmVY=R+!esf0#N#N@+okJXq?9AyK-YNe1|4`V0dN-~0w|nR zKPLHk{@FhqGoqbmt6)u+jb!6~xYz0pZ0b@Xnil&{{tHj1O+(APvW7v!hA-Zg7-xt# zwDkjeU)Sl{>?ewZ)CSI5?MY%yFJG3`P5<)8tzeF=`B<&`w#wJzj~Imz<5HP!c870K zXrAt&+8Uo+>T5A|EXhJd-4$u_cnRQCWo!7cPOX?oY6AiFYQS;O`|a1-$BmA6t+TL1 z-S#FNvN`cnF&xUHVw*a{kj`tyRvz@jU+tKsbVrm&=g+jKuC+E0&vVxF+36|J#qpCs z?Hk=?flKGimAl9n7?aFOpVS?#w&X5eR#o0-ENBg}+94l(ejVECljZ6FT}c-kN)_4G zTGr&IODNXF3)+XhM$Ph(djQrZ0Q_hC(1*pyOtLSUgLWhu>tRKOqk{NSerre4s4VN~ z5f_uJAmIS@v)|MpeK-n1J|^24ba?U;ECXf*6X4?Tkzirc<6vM@`fFrs9PzNYjS^=@ o(QEw#lyOU_U{f-d;Y;Ha)so+<&iPe5N}Criv1MRl0b+~)1=3$(MgRZ+ literal 2251 zcmc(g=|2>D8^&j|o6uOYFIgI-84OdFj3vgF#x^qcv9DQ%49YNciVBIMB5R>x$d-=m zYdCU9lw#D#5+`FR%QNRW&v`!Q`3s&G_lxg+UoY;@_4|FU`(X886#xK$*aiG|afDtD z_Pxv|Psb7?6ac^hKu{oih$Ec5YMej_P!%Ku1abf%6bQ4tVdy}*GZOzTZLp-eOO>Oi zL*$+3!p~8-wOl=M*#j>0?ata)`teBRi=s9hK=anXZcTEC}YLV5$2J z=6C*vtmlZ8?3Hu7pYp#)!9J$=gp51{l5IaqTb{f_4o8XqNTNYE-ixKGF+Of!F(x0~ zl76%fc8@sm*4p|kd(VNF64-cs*})QK@|=;U|Q@?xFF@Y4~zst&bi=JyL7Ut{i_(x@pk zj^|t{CA}N9h3b*R;p(@pKN9sDA-G6KW--*}K27)2x3Z=nXAWOs?2>Obh&~>H%Y=e# z^(E``%b&>sY8=$ciL*UBXBcUl^M=nrcUn-b;qtLyeall<;?DZYe>3w5H;U0 ze&bWpR-w^AQ9SNg36pO!sf2d7SmVsk=6$aegULa(+m9RXSUwLT%9}Tp0jt(-@w(!l zSMMz>+R?iTiW=TJlHG66QOYTw|7Qda>Y{v9?olBFj`D51ehjXmv zX#p`(g*^O}zL$Gc(t77ifhX~~|HCiyVPOtSB|GHR%~ctB3Mpo#BWky?L(8K|d*<9Kqp*b;j1j-ZvLZ#lI|fe_(WO`= z_gV-F9YyMb3*wBetmc`9Piu(KHTTX#VMajfrBf`Pmqv$=f5Yl(m8t(yHT=Zt=i9aR(D+GrJ? zsct8TExpYMjjUWKwW8i&Rk)jEviuU2Ju{?!8p+TXa3@`vQ#|3>va)vjss?fIJfgCu zaCvK|g!DWgdMpl*TD~-_y_FDPifiv)Kh~um8Z*FkXk6FRB5l{{$m2`jo~LCN*+fWq z8M<69p%NAyVrpA+n$V<(B&7oCjg|>!3wl~ww(zFL^4)tu@a8g}X$SF7NLby- z%fyd)Z@{Zf)1szCxbqX2{QH{3Lne2bhOuP2-?0db#2xFw539E`O0L}>T19_{TG6|+ zGJePN4^)D`uH3+hixxP&D38l1qKKX|c%?Wcmt(I31JFr79AH)xKnv9T&{rGx?ec^j39krY0X<>u5@bldcP3l#?x>WAz-d;Q_y*4I}!r3@-bd(@>&wgkq}c>EKwg)5*w{DV!(P;ZLfU$KbSKp{>80AMPD z0!~IyK!HVI5D)}{NU}2x0p;XTO|wYbh5~_n?7+N)R-xmqEsM(34ua0O)jn8D_i{@Jd0ceUe_r~!Nm4Y|;cTh0BgQO*X-%lilo&eV zDgN1t(PHn*`=#XyG2~in^Qf&JOl86qM?ZR%WA((St+15gB}PEPEVb@<pl>AwQgBZv8l^_V`XuG1VERABN{%2%dnJmV;T zg#0z&!%Nn5llbuayfh-xwY51}9b1Sr-9JxeJ~iR@BHZ29ZTyy<1p)&Bz!G_cEJB+7 zxY9=;q7Y%!xr%i~2?e^gSxC^m0z=rQ?d!3Bn#lfLY!iV1Cy=#ga3D>-To4Z$8tyq( zWZkD`*nn0^GJQ>H9=C{m!6;?yVWWRLo9oy8D@a_g#p?#$ECIwjw8Z3$^kv1YM E0oUEtu>b%7 diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/activemq.example.truststore b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/activemq.example.truststore index 45ab086071dbf158cefa27f2ab8dd72ea9ed7691..07d359cc31e20a67f6cd8f1e88d8ead1d5060fd2 100644 GIT binary patch literal 1106 zcmV-Y1g-lpf&@+i0Ru3C1P2BQDuzgg_YDCD0ic2d_ymFj^e}=0@Gyb{>;?%chDe6@ z4FLxRpn?P4FoFZw0s#Opf&e z0j~r}g-~)6Cc0rscx~fsb~bu^QjOX+8PD$qQ8_h#(ZYhA+{g1m zCcb=7Ql872-3n_a!lL-hF23YnXF5e}+_yn=s4toTluk0s^jI=kM>a04gs&JBOp0&G zz_2qfY5}#fuZY+}mt%fzg}HJdxqhY^GMB49pyuc=clvdUR_? zb6tZ0+E_kYwD*N)I%%*9K0Qz@No%*p*7GR(07`SihMBHeXsE&m0&R_zr)D{g0EH#m zAN2}){sAVYu>LS|WBzLf#%3A?MecXMsJL&5~7`6){Rfsu_oKeW!wzsZr6A z7;vhjkCLu^TdQK9A4aeqQxama%%3}6k!SQ$9edjuVz$PiJ2=uwy)e|48FA5Ic^B`F z#;=KKID`ZWZ*ziiB(xIuu3_^yz!zJA{%LMnoxc$bpr!RiVn0`@QfN_c3y`R8`4yoF zpdD9eRdAB>yLt2+HJrYj`&R2|Zkl2;rEV0S#=VvUc^WU&8o4M_h7@cLj(|@XR z!!fxevn&;;T)==2B*ZPu?pRcknwwc{s9+!m5@8k=hbdBkN+|@V7L}zI8OVwA8k!p# z8JZZH8krj#L;<-L2F7siKsc$1Q3*L<7+D#Zn;7{S44N3Zn3@Ioosup?9rKY zZfaL@m_OHRpv-%!*#A z(|ie%&%B@P3{K^GzOz0hr(@TS^M2OC>Q|zJHVHMbzSTJICn954_#~s|PU}YHZI^x| zRqa-qbfUHKjIi97S=u}8Jm(18o0NTVRtSB!dbV`>8)56}yj1a{E-Tk;G&+4s=>_Ks z#TCtZ>sXh~H{6$TZ|~Qe+a=H3o!*vW7`>*PN`Gv+abx_?^9g9EiZw1q?(+hA<|d zgzU`qipvBdm`|kjbkFa}v9(7p@A-IYONH5!oK=(e=(B2@#-GK9|8hDIhvpc;OMj?6UdO*2RA{?~s!_ChTU(H-Uy?HTu-KR%zKs(CBs{_06FWqTH?8fX7of790U;Md*q-zFK$sI(^q|En-D&n!Ir g^-~0I5j*drmUhF9{H>OfilSc@H^1gpFRLg903`@t1ONa4 diff --git a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml index 6a5611f4fc..8f9fe5f6a5 100644 --- a/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml +++ b/examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml @@ -31,8 +31,8 @@ under the License. - tcp://0.0.0.0:5771?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true - tcp://localhost:5772?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE + + tcp://localhost:5771?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE diff --git a/examples/features/broker-connection/amqp-sending-overssl/store-generation.txt b/examples/features/broker-connection/amqp-sending-overssl/store-generation.txt new file mode 100644 index 0000000000..2a23958afd --- /dev/null +++ b/examples/features/broker-connection/amqp-sending-overssl/store-generation.txt @@ -0,0 +1,40 @@ +# The various SSL stores and certificates were created with the following commands: +# This can be run as a script by sourcing the file, e.g ". store-generation.txt" + + +# Clean up any existing files +# --------------------------- +rm -f *.crt *.csr *.keystore *.truststore +rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.truststore +rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.truststore + +# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust: +# ---------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -keypass activemqexample -alias ca -genkey -keyalg "RSA" -keysize 2048 -dname "O=My Trusted Example Inc.,CN=my-example-ca.org" -validity 9999 -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -exportcert -rfc > ca.crt + +# Create a key pair, and sign it with the CA: +# ------------------------------------------- +keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -alias broker -genkey -keyalg "RSA" -keysize 2048 -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA + +keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -alias broker -certreq -file broker.csr +keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -gencert -rfc -infile broker.csr -outfile broker.crt -validity 9999 -ext bc=ca:false -ext eku=sA + +keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt +keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias broker -file broker.crt + +# Create trust store, import the CA cert: +# ------------------------------------------------------- +keytool -storetype pkcs12 -keystore activemq.example.truststore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt +keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jceks.truststore -srcstoretype pkcs12 -deststoretype jceks -srcstorepass activemqexample -deststorepass activemqexample +keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jks.truststore -srcstoretype pkcs12 -deststoretype jks -srcstorepass activemqexample -deststorepass activemqexample + +# Copy the stores into place +cp activemq.example.truststore src/main/resources/activemq/server1/ +cp activemq.example.keystore src/main/resources/activemq/server1/ + +cp activemq.example.truststore src/main/resources/activemq/server0/ +cp activemq.example.keystore src/main/resources/activemq/server0/ + +# Clean up tmp files +rm -f *.crt *.csr *.keystore *.truststore