This closes #2138
This commit is contained in:
commit
34062838e7
|
@ -533,7 +533,7 @@ public class NettyConnector extends AbstractConnector {
|
|||
if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
|
||||
engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
|
||||
} else {
|
||||
engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
|
||||
engine = loadJdkSslEngine(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
|
||||
}
|
||||
|
||||
engine.setUseClientMode(true);
|
||||
|
@ -607,18 +607,26 @@ public class NettyConnector extends AbstractConnector {
|
|||
ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION, host, port);
|
||||
}
|
||||
|
||||
private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext,
|
||||
String realKeyStoreProvider,
|
||||
String realKeyStorePath,
|
||||
String realKeyStorePassword,
|
||||
String realTrustStoreProvider,
|
||||
String realTrustStorePath,
|
||||
String realTrustStorePassword) throws Exception {
|
||||
private SSLEngine loadJdkSslEngine(String keystoreProvider,
|
||||
String keystorePath,
|
||||
String keystorePassword,
|
||||
String truststoreProvider,
|
||||
String truststorePath,
|
||||
String truststorePassword) throws Exception {
|
||||
SSLContext context;
|
||||
if (useDefaultSslContext) {
|
||||
context = SSLContext.getDefault();
|
||||
} else {
|
||||
context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
|
||||
context = new SSLSupport()
|
||||
.setKeystoreProvider(keystoreProvider)
|
||||
.setKeystorePath(keystorePath)
|
||||
.setKeystorePassword(keystorePassword)
|
||||
.setTruststoreProvider(truststoreProvider)
|
||||
.setTruststorePath(truststorePath)
|
||||
.setTruststorePassword(truststorePassword)
|
||||
.setTrustAll(trustAll)
|
||||
.setCrlPath(crlPath)
|
||||
.createContext();
|
||||
}
|
||||
Subject subject = null;
|
||||
if (kerb5Config != null) {
|
||||
|
@ -642,14 +650,24 @@ public class NettyConnector extends AbstractConnector {
|
|||
}
|
||||
|
||||
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
|
||||
String realKeyStoreProvider,
|
||||
String realKeyStorePath,
|
||||
String realKeyStorePassword,
|
||||
String realTrustStoreProvider,
|
||||
String realTrustStorePath,
|
||||
String realTrustStorePassword) throws Exception {
|
||||
String keystoreProvider,
|
||||
String keystorePath,
|
||||
String keystorePassword,
|
||||
String truststoreProvider,
|
||||
String truststorePath,
|
||||
String truststorePassword) throws Exception {
|
||||
|
||||
SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll);
|
||||
|
||||
SslContext context = new SSLSupport()
|
||||
.setKeystoreProvider(keystoreProvider)
|
||||
.setKeystorePath(keystorePath)
|
||||
.setKeystorePassword(keystorePassword)
|
||||
.setTruststoreProvider(truststoreProvider)
|
||||
.setTruststorePath(truststorePath)
|
||||
.setTruststorePassword(truststorePassword)
|
||||
.setSslProvider(sslProvider)
|
||||
.setTrustAll(trustAll)
|
||||
.createNettyClientContext();
|
||||
|
||||
Subject subject = null;
|
||||
if (kerb5Config != null) {
|
||||
|
|
|
@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContext;
|
|||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||
import org.apache.activemq.artemis.utils.ClassloadingUtil;
|
||||
|
||||
/**
|
||||
|
@ -53,80 +54,117 @@ import org.apache.activemq.artemis.utils.ClassloadingUtil;
|
|||
* null keystore path.
|
||||
*/
|
||||
public class SSLSupport {
|
||||
// Public --------------------------------------------------------
|
||||
private String keystoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
|
||||
private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
|
||||
private String keystorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
|
||||
private String truststoreProvider = TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER;
|
||||
private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
|
||||
private String truststorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
|
||||
private String crlPath = TransportConstants.DEFAULT_CRL_PATH;
|
||||
private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
|
||||
private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL;
|
||||
|
||||
public static SSLContext createContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword) throws Exception {
|
||||
|
||||
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, null);
|
||||
public String getKeystoreProvider() {
|
||||
return keystoreProvider;
|
||||
}
|
||||
|
||||
public static SSLContext createContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final String crlPath) throws Exception {
|
||||
|
||||
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath);
|
||||
public SSLSupport setKeystoreProvider(String keystoreProvider) {
|
||||
this.keystoreProvider = keystoreProvider;
|
||||
return this;
|
||||
}
|
||||
|
||||
public static SSLContext createContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final boolean trustAll) throws Exception {
|
||||
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null);
|
||||
public String getKeystorePath() {
|
||||
return keystorePath;
|
||||
}
|
||||
|
||||
public static SSLContext createContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final boolean trustAll,
|
||||
final String crlPath) throws Exception {
|
||||
public SSLSupport setKeystorePath(String keystorePath) {
|
||||
this.keystorePath = keystorePath;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getKeystorePassword() {
|
||||
return keystorePassword;
|
||||
}
|
||||
|
||||
public SSLSupport setKeystorePassword(String keystorePassword) {
|
||||
this.keystorePassword = keystorePassword;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getTruststoreProvider() {
|
||||
return truststoreProvider;
|
||||
}
|
||||
|
||||
public SSLSupport setTruststoreProvider(String truststoreProvider) {
|
||||
this.truststoreProvider = truststoreProvider;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getTruststorePath() {
|
||||
return truststorePath;
|
||||
}
|
||||
|
||||
public SSLSupport setTruststorePath(String truststorePath) {
|
||||
this.truststorePath = truststorePath;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getTruststorePassword() {
|
||||
return truststorePassword;
|
||||
}
|
||||
|
||||
public SSLSupport setTruststorePassword(String truststorePassword) {
|
||||
this.truststorePassword = truststorePassword;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getCrlPath() {
|
||||
return crlPath;
|
||||
}
|
||||
|
||||
public SSLSupport setCrlPath(String crlPath) {
|
||||
this.crlPath = crlPath;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getSslProvider() {
|
||||
return sslProvider;
|
||||
}
|
||||
|
||||
public SSLSupport setSslProvider(String sslProvider) {
|
||||
this.sslProvider = sslProvider;
|
||||
return this;
|
||||
}
|
||||
|
||||
public boolean isTrustAll() {
|
||||
return trustAll;
|
||||
}
|
||||
|
||||
public SSLSupport setTrustAll(boolean trustAll) {
|
||||
this.trustAll = trustAll;
|
||||
return this;
|
||||
}
|
||||
|
||||
public SSLContext createContext() throws Exception {
|
||||
SSLContext context = SSLContext.getInstance("TLS");
|
||||
KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath, keystorePassword);
|
||||
TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
|
||||
KeyManager[] keyManagers = loadKeyManagers();
|
||||
TrustManager[] trustManagers = loadTrustManagers();
|
||||
context.init(keyManagers, trustManagers, new SecureRandom());
|
||||
return context;
|
||||
}
|
||||
|
||||
public static SslContext createNettyContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final String sslProvider) throws Exception {
|
||||
|
||||
public SslContext createNettyContext() throws Exception {
|
||||
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
|
||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
|
||||
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build();
|
||||
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build();
|
||||
}
|
||||
|
||||
public static SslContext createNettyClientContext(final String keystoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword,
|
||||
final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final String sslProvider,
|
||||
final boolean trustAll ) throws Exception {
|
||||
public SslContext createNettyClientContext() throws Exception {
|
||||
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
|
||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray());
|
||||
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build();
|
||||
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build();
|
||||
}
|
||||
|
||||
|
||||
|
@ -151,19 +189,15 @@ public class SSLSupport {
|
|||
}
|
||||
|
||||
// Private -------------------------------------------------------
|
||||
private static TrustManagerFactory loadTrustManagerFactory(final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final boolean trustAll,
|
||||
final String crlPath) throws Exception {
|
||||
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
|
||||
if (trustAll) {
|
||||
//This is useful for testing but not should be used outside of that purpose
|
||||
return InsecureTrustManagerFactory.INSTANCE;
|
||||
} else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase()))) {
|
||||
} else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
|
||||
return null;
|
||||
} else {
|
||||
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword);
|
||||
KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
|
||||
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
|
||||
|
||||
boolean initialized = false;
|
||||
|
@ -171,7 +205,7 @@ public class SSLSupport {
|
|||
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
|
||||
if (crlPath != null) {
|
||||
pkixParams.setRevocationEnabled(true);
|
||||
Collection<? extends CRL> crlList = loadCRL(crlPath);
|
||||
Collection<? extends CRL> crlList = loadCRL();
|
||||
if (crlList != null) {
|
||||
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
|
||||
}
|
||||
|
@ -187,25 +221,19 @@ public class SSLSupport {
|
|||
}
|
||||
}
|
||||
|
||||
private static TrustManager[] loadTrustManager(final String trustStoreProvider,
|
||||
final String trustStorePath,
|
||||
final String trustStorePassword,
|
||||
final boolean trustAll,
|
||||
final String crlPath) throws Exception {
|
||||
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
|
||||
private TrustManager[] loadTrustManagers() throws Exception {
|
||||
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory();
|
||||
if (trustManagerFactory == null) {
|
||||
return null;
|
||||
}
|
||||
return trustManagerFactory.getTrustManagers();
|
||||
}
|
||||
|
||||
private static Collection<? extends CRL> loadCRL(String crlPath) throws Exception {
|
||||
private Collection<? extends CRL> loadCRL() throws Exception {
|
||||
if (crlPath == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
URL resource = SSLSupport.validateStoreURL(crlPath);
|
||||
|
||||
URL resource = validateStoreURL(crlPath);
|
||||
try (InputStream is = resource.openStream()) {
|
||||
return CertificateFactory.getInstance("X.509").generateCRLs(is);
|
||||
}
|
||||
|
@ -233,25 +261,20 @@ public class SSLSupport {
|
|||
return ks;
|
||||
}
|
||||
|
||||
private static KeyManager[] loadKeyManagers(final String keyStoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword) throws Exception {
|
||||
|
||||
KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword);
|
||||
private KeyManager[] loadKeyManagers() throws Exception {
|
||||
KeyManagerFactory factory = loadKeyManagerFactory();
|
||||
if (factory == null) {
|
||||
return null;
|
||||
}
|
||||
return factory.getKeyManagers();
|
||||
}
|
||||
|
||||
private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider,
|
||||
final String keystorePath,
|
||||
final String keystorePassword) throws Exception {
|
||||
if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase()))) {
|
||||
private KeyManagerFactory loadKeyManagerFactory() throws Exception {
|
||||
if (keystorePath == null && (keystoreProvider == null || !"PKCS11".equals(keystoreProvider.toUpperCase()))) {
|
||||
return null;
|
||||
} else {
|
||||
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword);
|
||||
KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
|
||||
kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray());
|
||||
return kmf;
|
||||
}
|
||||
|
|
|
@ -542,7 +542,15 @@ public class NettyAcceptor extends AbstractAcceptor {
|
|||
try {
|
||||
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
|
||||
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
|
||||
context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, crlPath);
|
||||
context = new SSLSupport()
|
||||
.setKeystoreProvider(keyStoreProvider)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(trustStoreProvider)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.setCrlPath(crlPath)
|
||||
.createContext();
|
||||
} catch (Exception e) {
|
||||
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
|
||||
ise.initCause(e);
|
||||
|
@ -573,7 +581,15 @@ public class NettyAcceptor extends AbstractAcceptor {
|
|||
try {
|
||||
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
|
||||
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
|
||||
context = SSLSupport.createNettyContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, sslProvider);
|
||||
context = new SSLSupport()
|
||||
.setKeystoreProvider(keyStoreProvider)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(trustStoreProvider)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.setSslProvider(sslProvider)
|
||||
.createNettyContext();
|
||||
} catch (Exception e) {
|
||||
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
|
||||
ise.initCause(e);
|
||||
|
|
|
@ -232,7 +232,14 @@ public class ConnectorServerFactory {
|
|||
|
||||
//todo fix
|
||||
private void setupSsl() throws Exception {
|
||||
SSLContext context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword);
|
||||
SSLContext context = new SSLSupport()
|
||||
.setKeystoreProvider(keyStoreProvider)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(trustStoreProvider)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
SSLServerSocketFactory sssf = context.getServerSocketFactory();
|
||||
RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, this.isClientAuth(), rmiServerHost);
|
||||
RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();
|
||||
|
|
|
@ -177,9 +177,13 @@ public class WebServerComponentTest extends Assert {
|
|||
webServerComponent.start();
|
||||
final int port = webServerComponent.getPort();
|
||||
// Make the connection attempt.
|
||||
String keyStoreProvider = "JKS";
|
||||
|
||||
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword());
|
||||
SSLContext context = new SSLSupport()
|
||||
.setKeystorePath(webServerDTO.keyStorePath)
|
||||
.setKeystorePassword(webServerDTO.getKeyStorePassword())
|
||||
.setTruststorePath(webServerDTO.keyStorePath)
|
||||
.setTruststorePassword(webServerDTO.getKeyStorePassword())
|
||||
.createContext();
|
||||
|
||||
SSLEngine engine = context.createSSLEngine();
|
||||
engine.setUseClientMode(true);
|
||||
|
@ -233,9 +237,13 @@ public class WebServerComponentTest extends Assert {
|
|||
webServerComponent.start();
|
||||
final int port = webServerComponent.getPort();
|
||||
// Make the connection attempt.
|
||||
String keyStoreProvider = "JKS";
|
||||
|
||||
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.trustStorePath, webServerDTO.getTrustStorePassword());
|
||||
SSLContext context = new SSLSupport()
|
||||
.setKeystorePath(webServerDTO.keyStorePath)
|
||||
.setKeystorePassword(webServerDTO.getKeyStorePassword())
|
||||
.setTruststorePath(webServerDTO.trustStorePath)
|
||||
.setTruststorePassword(webServerDTO.getTrustStorePassword())
|
||||
.createContext();
|
||||
|
||||
SSLEngine engine = context.createSSLEngine();
|
||||
engine.setUseClientMode(true);
|
||||
|
|
|
@ -72,7 +72,12 @@ public class MqttCrlEnabledExample {
|
|||
mqtt.setConnectAttemptsMax(0);
|
||||
mqtt.setReconnectAttemptsMax(0);
|
||||
mqtt.setHost(host);
|
||||
mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, keystorePass, "JKS", truststorePath, truststorePass));
|
||||
mqtt.setSslContext(new SSLSupport()
|
||||
.setKeystorePath(keystorePath)
|
||||
.setKeystorePassword(keystorePass)
|
||||
.setTruststorePath(truststorePath)
|
||||
.setTruststorePassword(truststorePass)
|
||||
.createContext());
|
||||
mqtt.setCleanSession(true);
|
||||
|
||||
BlockingConnection connection = mqtt.blockingConnection();
|
||||
|
|
|
@ -235,7 +235,12 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase {
|
|||
mqtt.setConnectAttemptsMax(1);
|
||||
mqtt.setReconnectAttemptsMax(0);
|
||||
mqtt.setHost(host);
|
||||
SSLContext sslContext = SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, truststorePath, truststorePass);
|
||||
SSLContext sslContext = new SSLSupport()
|
||||
.setKeystorePath(keystorePath)
|
||||
.setKeystorePassword(keystorePass)
|
||||
.setTruststorePath(truststorePath)
|
||||
.setTruststorePassword(truststorePass)
|
||||
.createContext();
|
||||
mqtt.setSslContext(sslContext);
|
||||
|
||||
BlockingConnection connection = mqtt.blockingConnection();
|
||||
|
|
|
@ -239,7 +239,11 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
|
||||
|
||||
SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
|
||||
SSLContext.setDefault(new SSLSupport()
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||
.setTruststorePassword(PASSWORD)
|
||||
.createContext());
|
||||
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
|
||||
ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
|
||||
|
@ -662,7 +666,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
}
|
||||
|
||||
public String[] getEnabledCipherSuites() throws Exception {
|
||||
SSLContext context = SSLSupport.createContext(storeType, SERVER_SIDE_KEYSTORE, PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD);
|
||||
SSLContext context = new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(SERVER_SIDE_KEYSTORE)
|
||||
.setKeystorePassword(PASSWORD)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||
.setTruststorePassword(PASSWORD)
|
||||
.createContext();
|
||||
SSLEngine engine = context.createSSLEngine();
|
||||
return engine.getEnabledCipherSuites();
|
||||
}
|
||||
|
|
|
@ -210,7 +210,10 @@ public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase {
|
|||
ServerBootstrap b = new ServerBootstrap();
|
||||
final SSLContext context;
|
||||
if (useSSL) {
|
||||
context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, PASSWORD, null, null, null);
|
||||
context = new SSLSupport()
|
||||
.setKeystorePath(SERVER_SIDE_KEYSTORE)
|
||||
.setKeystorePassword(PASSWORD)
|
||||
.createContext();
|
||||
} else {
|
||||
context = null;
|
||||
}
|
||||
|
|
|
@ -73,32 +73,60 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
|
||||
@Test
|
||||
public void testContextWithRightParameters() throws Exception {
|
||||
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
}
|
||||
|
||||
// This is valid as it will create key and trust managers with system defaults
|
||||
@Test
|
||||
public void testContextWithNullParameters() throws Exception {
|
||||
SSLSupport.createContext(null, null, null, null, null, null);
|
||||
new SSLSupport().createContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testContextWithKeyStorePathAsURL() throws Exception {
|
||||
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
|
||||
SSLSupport.createContext(storeType, url.toString(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(url.toString())
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testContextWithKeyStorePathAsFile() throws Exception {
|
||||
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
|
||||
File file = new File(url.toURI());
|
||||
SSLSupport.createContext(storeType, file.getAbsolutePath(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(file.getAbsolutePath())
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testContextWithBadKeyStorePath() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, "not a keystore", keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath("not a keystore")
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
Assert.fail();
|
||||
} catch (Exception e) {
|
||||
}
|
||||
|
@ -107,7 +135,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
@Test
|
||||
public void testContextWithNullKeyStorePath() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, null, keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(null)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
} catch (Exception e) {
|
||||
Assert.fail();
|
||||
}
|
||||
|
@ -122,13 +157,27 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
return;
|
||||
}
|
||||
|
||||
SSLSupport.createContext(storeType, "src/test/resources/" + keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath("src/test/resources/" + keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testContextWithBadKeyStorePassword() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, keyStorePath, "bad password", storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword("bad password")
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
Assert.fail();
|
||||
} catch (Exception e) {
|
||||
}
|
||||
|
@ -137,7 +186,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
@Test
|
||||
public void testContextWithNullKeyStorePassword() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, keyStorePath, null, storeType, trustStorePath, trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(null)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
Assert.fail();
|
||||
} catch (Exception e) {
|
||||
assertFalse(e instanceof NullPointerException);
|
||||
|
@ -147,7 +203,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
@Test
|
||||
public void testContextWithBadTrustStorePath() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, "not a trust store", trustStorePassword);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath("not a trust store")
|
||||
.setTruststorePassword(trustStorePassword)
|
||||
.createContext();
|
||||
Assert.fail();
|
||||
} catch (Exception e) {
|
||||
}
|
||||
|
@ -156,7 +219,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
@Test
|
||||
public void testContextWithBadTrustStorePassword() throws Exception {
|
||||
try {
|
||||
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord");
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword("bad passord")
|
||||
.createContext();
|
||||
Assert.fail();
|
||||
} catch (Exception e) {
|
||||
}
|
||||
|
@ -166,6 +236,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
|
|||
public void testContextWithTrustAll() throws Exception {
|
||||
//This is using a bad password but should not fail because the trust store should be ignored with
|
||||
//the trustAll flag set to true
|
||||
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord", true);
|
||||
new SSLSupport()
|
||||
.setKeystoreProvider(storeType)
|
||||
.setKeystorePath(keyStorePath)
|
||||
.setKeystorePassword(keyStorePassword)
|
||||
.setTruststoreProvider(storeType)
|
||||
.setTruststorePath(trustStorePath)
|
||||
.setTruststorePassword("bad passord")
|
||||
.setTrustAll(true)
|
||||
.createContext();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue