Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #2138

This commit is contained in:
Clebert Suconic 2018-06-18 16:15:14 -04:00
parent 16b2bcba68 57ed5b0530
commit 34062838e7
10 changed files with 296 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
View File

@ -533,7 +533,7 @@ public class NettyConnector extends AbstractConnector {
if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
} else {
engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
engine = loadJdkSslEngine(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
}
engine.setUseClientMode(true);
@ -607,18 +607,26 @@ public class NettyConnector extends AbstractConnector {
ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION, host, port);
}
private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext,
String realKeyStoreProvider,
String realKeyStorePath,
String realKeyStorePassword,
String realTrustStoreProvider,
String realTrustStorePath,
String realTrustStorePassword) throws Exception {
private SSLEngine loadJdkSslEngine(String keystoreProvider,
String keystorePath,
String keystorePassword,
String truststoreProvider,
String truststorePath,
String truststorePassword) throws Exception {
SSLContext context;
if (useDefaultSslContext) {
context = SSLContext.getDefault();
} else {
context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
context = new SSLSupport()
.setKeystoreProvider(keystoreProvider)
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePassword)
.setTruststoreProvider(truststoreProvider)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePassword)
.setTrustAll(trustAll)
.setCrlPath(crlPath)
.createContext();
}
Subject subject = null;
if (kerb5Config != null) {
@ -642,14 +650,24 @@ public class NettyConnector extends AbstractConnector {
}
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
String realKeyStoreProvider,
String realKeyStorePath,
String realKeyStorePassword,
String realTrustStoreProvider,
String realTrustStorePath,
String realTrustStorePassword) throws Exception {
String keystoreProvider,
String keystorePath,
String keystorePassword,
String truststoreProvider,
String truststorePath,
String truststorePassword) throws Exception {
SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll);
SslContext context = new SSLSupport()
.setKeystoreProvider(keystoreProvider)
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePassword)
.setTruststoreProvider(truststoreProvider)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePassword)
.setSslProvider(sslProvider)
.setTrustAll(trustAll)
.createNettyClientContext();
Subject subject = null;
if (kerb5Config != null) {

187
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
View File

@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.utils.ClassloadingUtil;
/**
@ -53,80 +54,117 @@ import org.apache.activemq.artemis.utils.ClassloadingUtil;
* null keystore path.
*/
public class SSLSupport {
// Public --------------------------------------------------------
private String keystoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
private String keystorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
private String truststoreProvider = TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER;
private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
private String truststorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
private String crlPath = TransportConstants.DEFAULT_CRL_PATH;
private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL;
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, null);
public String getKeystoreProvider() {
return keystoreProvider;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String crlPath) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath);
public SSLSupport setKeystoreProvider(String keystoreProvider) {
this.keystoreProvider = keystoreProvider;
return this;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null);
public String getKeystorePath() {
return keystorePath;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
public SSLSupport setKeystorePath(String keystorePath) {
this.keystorePath = keystorePath;
return this;
}
public String getKeystorePassword() {
return keystorePassword;
}
public SSLSupport setKeystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
return this;
}
public String getTruststoreProvider() {
return truststoreProvider;
}
public SSLSupport setTruststoreProvider(String truststoreProvider) {
this.truststoreProvider = truststoreProvider;
return this;
}
public String getTruststorePath() {
return truststorePath;
}
public SSLSupport setTruststorePath(String truststorePath) {
this.truststorePath = truststorePath;
return this;
}
public String getTruststorePassword() {
return truststorePassword;
}
public SSLSupport setTruststorePassword(String truststorePassword) {
this.truststorePassword = truststorePassword;
return this;
}
public String getCrlPath() {
return crlPath;
}
public SSLSupport setCrlPath(String crlPath) {
this.crlPath = crlPath;
return this;
}
public String getSslProvider() {
return sslProvider;
}
public SSLSupport setSslProvider(String sslProvider) {
this.sslProvider = sslProvider;
return this;
}
public boolean isTrustAll() {
return trustAll;
}
public SSLSupport setTrustAll(boolean trustAll) {
this.trustAll = trustAll;
return this;
}
public SSLContext createContext() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath, keystorePassword);
TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
KeyManager[] keyManagers = loadKeyManagers();
TrustManager[] trustManagers = loadTrustManagers();
context.init(keyManagers, trustManagers, new SecureRandom());
return context;
}
public static SslContext createNettyContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String sslProvider) throws Exception {
public SslContext createNettyContext() throws Exception {
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build();
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build();
}
public static SslContext createNettyClientContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String sslProvider,
final boolean trustAll ) throws Exception {
public SslContext createNettyClientContext() throws Exception {
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray());
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build();
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build();
}
@ -151,19 +189,15 @@ public class SSLSupport {
}
// Private -------------------------------------------------------
private static TrustManagerFactory loadTrustManagerFactory(final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
if (trustAll) {
//This is useful for testing but not should be used outside of that purpose
return InsecureTrustManagerFactory.INSTANCE;
} else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase()))) {
} else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
return null;
} else {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword);
KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
boolean initialized = false;
@ -171,7 +205,7 @@ public class SSLSupport {
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlPath != null) {
pkixParams.setRevocationEnabled(true);
Collection<? extends CRL> crlList = loadCRL(crlPath);
Collection<? extends CRL> crlList = loadCRL();
if (crlList != null) {
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
}
@ -187,25 +221,19 @@ public class SSLSupport {
}
}
private static TrustManager[] loadTrustManager(final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
private TrustManager[] loadTrustManagers() throws Exception {
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory();
if (trustManagerFactory == null) {
return null;
}
return trustManagerFactory.getTrustManagers();
}
private static Collection<? extends CRL> loadCRL(String crlPath) throws Exception {
private Collection<? extends CRL> loadCRL() throws Exception {
if (crlPath == null) {
return null;
}
URL resource = SSLSupport.validateStoreURL(crlPath);
URL resource = validateStoreURL(crlPath);
try (InputStream is = resource.openStream()) {
return CertificateFactory.getInstance("X.509").generateCRLs(is);
}
@ -233,25 +261,20 @@ public class SSLSupport {
return ks;
}
private static KeyManager[] loadKeyManagers(final String keyStoreProvider,
final String keystorePath,
final String keystorePassword) throws Exception {
KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword);
private KeyManager[] loadKeyManagers() throws Exception {
KeyManagerFactory factory = loadKeyManagerFactory();
if (factory == null) {
return null;
}
return factory.getKeyManagers();
}
private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider,
final String keystorePath,
final String keystorePassword) throws Exception {
if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase()))) {
private KeyManagerFactory loadKeyManagerFactory() throws Exception {
if (keystorePath == null && (keystoreProvider == null || !"PKCS11".equals(keystoreProvider.toUpperCase()))) {
return null;
} else {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword);
KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray());
return kmf;
}

20
artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
View File

@ -542,7 +542,15 @@ public class NettyAcceptor extends AbstractAcceptor {
try {
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, crlPath);
context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.setCrlPath(crlPath)
.createContext();
} catch (Exception e) {
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
ise.initCause(e);
@ -573,7 +581,15 @@ public class NettyAcceptor extends AbstractAcceptor {
try {
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
context = SSLSupport.createNettyContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, sslProvider);
context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.setSslProvider(sslProvider)
.createNettyContext();
} catch (Exception e) {
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
ise.initCause(e);

9
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
View File

@ -232,7 +232,14 @@ public class ConnectorServerFactory {
//todo fix
private void setupSsl() throws Exception {
SSLContext context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword);
SSLContext context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
SSLServerSocketFactory sssf = context.getServerSocketFactory();
RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, this.isClientAuth(), rmiServerHost);
RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();

16
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
View File

@ -177,9 +177,13 @@ public class WebServerComponentTest extends Assert {
webServerComponent.start();
final int port = webServerComponent.getPort();
// Make the connection attempt.
String keyStoreProvider = "JKS";
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword());
SSLContext context = new SSLSupport()
.setKeystorePath(webServerDTO.keyStorePath)
.setKeystorePassword(webServerDTO.getKeyStorePassword())
.setTruststorePath(webServerDTO.keyStorePath)
.setTruststorePassword(webServerDTO.getKeyStorePassword())
.createContext();
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
@ -233,9 +237,13 @@ public class WebServerComponentTest extends Assert {
webServerComponent.start();
final int port = webServerComponent.getPort();
// Make the connection attempt.
String keyStoreProvider = "JKS";
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.trustStorePath, webServerDTO.getTrustStorePassword());
SSLContext context = new SSLSupport()
.setKeystorePath(webServerDTO.keyStorePath)
.setKeystorePassword(webServerDTO.getKeyStorePassword())
.setTruststorePath(webServerDTO.trustStorePath)
.setTruststorePassword(webServerDTO.getTrustStorePassword())
.createContext();
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);

7
examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
View File

@ -72,7 +72,12 @@ public class MqttCrlEnabledExample {
mqtt.setConnectAttemptsMax(0);
mqtt.setReconnectAttemptsMax(0);
mqtt.setHost(host);
mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, keystorePass, "JKS", truststorePath, truststorePass));
mqtt.setSslContext(new SSLSupport()
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePass)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePass)
.createContext());
mqtt.setCleanSession(true);
BlockingConnection connection = mqtt.blockingConnection();

7
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
View File

@ -235,7 +235,12 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase {
mqtt.setConnectAttemptsMax(1);
mqtt.setReconnectAttemptsMax(0);
mqtt.setHost(host);
SSLContext sslContext = SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, truststorePath, truststorePass);
SSLContext sslContext = new SSLSupport()
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePass)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePass)
.createContext();
mqtt.setSslContext(sslContext);
BlockingConnection connection = mqtt.blockingConnection();

15
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
View File

@ -239,7 +239,11 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
SSLContext.setDefault(new SSLSupport()
.setTruststoreProvider(storeType)
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
.setTruststorePassword(PASSWORD)
.createContext());
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
@ -662,7 +666,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
}
public String[] getEnabledCipherSuites() throws Exception {
SSLContext context = SSLSupport.createContext(storeType, SERVER_SIDE_KEYSTORE, PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD);
SSLContext context = new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(SERVER_SIDE_KEYSTORE)
.setKeystorePassword(PASSWORD)
.setTruststoreProvider(storeType)
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
.setTruststorePassword(PASSWORD)
.createContext();
SSLEngine engine = context.createSSLEngine();
return engine.getEnabledCipherSuites();
}

5
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
View File

@ -210,7 +210,10 @@ public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase {
ServerBootstrap b = new ServerBootstrap();
final SSLContext context;
if (useSSL) {
context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, PASSWORD, null, null, null);
context = new SSLSupport()
.setKeystorePath(SERVER_SIDE_KEYSTORE)
.setKeystorePassword(PASSWORD)
.createContext();
} else {
context = null;
}

102
tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
View File

@ -73,32 +73,60 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithRightParameters() throws Exception {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
// This is valid as it will create key and trust managers with system defaults
@Test
public void testContextWithNullParameters() throws Exception {
SSLSupport.createContext(null, null, null, null, null, null);
new SSLSupport().createContext();
}
@Test
public void testContextWithKeyStorePathAsURL() throws Exception {
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
SSLSupport.createContext(storeType, url.toString(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(url.toString())
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithKeyStorePathAsFile() throws Exception {
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
File file = new File(url.toURI());
SSLSupport.createContext(storeType, file.getAbsolutePath(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(file.getAbsolutePath())
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithBadKeyStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, "not a keystore", keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath("not a keystore")
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -107,7 +135,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithNullKeyStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, null, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(null)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
} catch (Exception e) {
Assert.fail();
}
@ -122,13 +157,27 @@ public class SSLSupportTest extends ActiveMQTestBase {
return;
}
SSLSupport.createContext(storeType, "src/test/resources/" + keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath("src/test/resources/" + keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithBadKeyStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, "bad password", storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword("bad password")
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -137,7 +186,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithNullKeyStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, null, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(null)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
assertFalse(e instanceof NullPointerException);
@ -147,7 +203,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithBadTrustStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, "not a trust store", trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath("not a trust store")
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -156,7 +219,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithBadTrustStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord");
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword("bad passord")
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -166,6 +236,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
public void testContextWithTrustAll() throws Exception {
//This is using a bad password but should not fail because the trust store should be ignored with
//the trustAll flag set to true
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord", true);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword("bad passord")
.setTrustAll(true)
.createContext();
}
}