Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-1926 refactor SSLSupport

This commit is contained in:
Justin Bertram 2018-06-12 15:27:48 -05:00 committed by Clebert Suconic
parent 16b2bcba68
commit 57ed5b0530
10 changed files with 296 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
View File

@ -533,7 +533,7 @@ public class NettyConnector extends AbstractConnector {
if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
} else {
engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
engine = loadJdkSslEngine(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
}
engine.setUseClientMode(true);
@ -607,18 +607,26 @@ public class NettyConnector extends AbstractConnector {
ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION, host, port);
}
private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext,
String realKeyStoreProvider,
String realKeyStorePath,
String realKeyStorePassword,
String realTrustStoreProvider,
String realTrustStorePath,
String realTrustStorePassword) throws Exception {
private SSLEngine loadJdkSslEngine(String keystoreProvider,
String keystorePath,
String keystorePassword,
String truststoreProvider,
String truststorePath,
String truststorePassword) throws Exception {
SSLContext context;
if (useDefaultSslContext) {
context = SSLContext.getDefault();
} else {
context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
context = new SSLSupport()
.setKeystoreProvider(keystoreProvider)
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePassword)
.setTruststoreProvider(truststoreProvider)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePassword)
.setTrustAll(trustAll)
.setCrlPath(crlPath)
.createContext();
}
Subject subject = null;
if (kerb5Config != null) {
@ -642,14 +650,24 @@ public class NettyConnector extends AbstractConnector {
}
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
String realKeyStoreProvider,
String realKeyStorePath,
String realKeyStorePassword,
String realTrustStoreProvider,
String realTrustStorePath,
String realTrustStorePassword) throws Exception {
String keystoreProvider,
String keystorePath,
String keystorePassword,
String truststoreProvider,
String truststorePath,
String truststorePassword) throws Exception {
SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll);
SslContext context = new SSLSupport()
.setKeystoreProvider(keystoreProvider)
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePassword)
.setTruststoreProvider(truststoreProvider)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePassword)
.setSslProvider(sslProvider)
.setTrustAll(trustAll)
.createNettyClientContext();
Subject subject = null;
if (kerb5Config != null) {

187
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
View File

@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.utils.ClassloadingUtil;
/**
@ -53,80 +54,117 @@ import org.apache.activemq.artemis.utils.ClassloadingUtil;
* null keystore path.
*/
public class SSLSupport {
// Public --------------------------------------------------------
private String keystoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
private String keystorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
private String truststoreProvider = TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER;
private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
private String truststorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
private String crlPath = TransportConstants.DEFAULT_CRL_PATH;
private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL;
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, null);
public String getKeystoreProvider() {
return keystoreProvider;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String crlPath) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath);
public SSLSupport setKeystoreProvider(String keystoreProvider) {
this.keystoreProvider = keystoreProvider;
return this;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll) throws Exception {
return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null);
public String getKeystorePath() {
return keystorePath;
}
public static SSLContext createContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
public SSLSupport setKeystorePath(String keystorePath) {
this.keystorePath = keystorePath;
return this;
}
public String getKeystorePassword() {
return keystorePassword;
}
public SSLSupport setKeystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
return this;
}
public String getTruststoreProvider() {
return truststoreProvider;
}
public SSLSupport setTruststoreProvider(String truststoreProvider) {
this.truststoreProvider = truststoreProvider;
return this;
}
public String getTruststorePath() {
return truststorePath;
}
public SSLSupport setTruststorePath(String truststorePath) {
this.truststorePath = truststorePath;
return this;
}
public String getTruststorePassword() {
return truststorePassword;
}
public SSLSupport setTruststorePassword(String truststorePassword) {
this.truststorePassword = truststorePassword;
return this;
}
public String getCrlPath() {
return crlPath;
}
public SSLSupport setCrlPath(String crlPath) {
this.crlPath = crlPath;
return this;
}
public String getSslProvider() {
return sslProvider;
}
public SSLSupport setSslProvider(String sslProvider) {
this.sslProvider = sslProvider;
return this;
}
public boolean isTrustAll() {
return trustAll;
}
public SSLSupport setTrustAll(boolean trustAll) {
this.trustAll = trustAll;
return this;
}
public SSLContext createContext() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath, keystorePassword);
TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
KeyManager[] keyManagers = loadKeyManagers();
TrustManager[] trustManagers = loadTrustManagers();
context.init(keyManagers, trustManagers, new SecureRandom());
return context;
}
public static SslContext createNettyContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String sslProvider) throws Exception {
public SslContext createNettyContext() throws Exception {
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build();
return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build();
}
public static SslContext createNettyClientContext(final String keystoreProvider,
final String keystorePath,
final String keystorePassword,
final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final String sslProvider,
final boolean trustAll ) throws Exception {
public SslContext createNettyClientContext() throws Exception {
KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray());
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build();
return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build();
}
@ -151,19 +189,15 @@ public class SSLSupport {
}
// Private -------------------------------------------------------
private static TrustManagerFactory loadTrustManagerFactory(final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
if (trustAll) {
//This is useful for testing but not should be used outside of that purpose
return InsecureTrustManagerFactory.INSTANCE;
} else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase()))) {
} else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
return null;
} else {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword);
KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
boolean initialized = false;
@ -171,7 +205,7 @@ public class SSLSupport {
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlPath != null) {
pkixParams.setRevocationEnabled(true);
Collection<? extends CRL> crlList = loadCRL(crlPath);
Collection<? extends CRL> crlList = loadCRL();
if (crlList != null) {
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
}
@ -187,25 +221,19 @@ public class SSLSupport {
}
}
private static TrustManager[] loadTrustManager(final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath);
private TrustManager[] loadTrustManagers() throws Exception {
TrustManagerFactory trustManagerFactory = loadTrustManagerFactory();
if (trustManagerFactory == null) {
return null;
}
return trustManagerFactory.getTrustManagers();
}
private static Collection<? extends CRL> loadCRL(String crlPath) throws Exception {
private Collection<? extends CRL> loadCRL() throws Exception {
if (crlPath == null) {
return null;
}
URL resource = SSLSupport.validateStoreURL(crlPath);
URL resource = validateStoreURL(crlPath);
try (InputStream is = resource.openStream()) {
return CertificateFactory.getInstance("X.509").generateCRLs(is);
}
@ -233,25 +261,20 @@ public class SSLSupport {
return ks;
}
private static KeyManager[] loadKeyManagers(final String keyStoreProvider,
final String keystorePath,
final String keystorePassword) throws Exception {
KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword);
private KeyManager[] loadKeyManagers() throws Exception {
KeyManagerFactory factory = loadKeyManagerFactory();
if (factory == null) {
return null;
}
return factory.getKeyManagers();
}
private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider,
final String keystorePath,
final String keystorePassword) throws Exception {
if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase()))) {
private KeyManagerFactory loadKeyManagerFactory() throws Exception {
if (keystorePath == null && (keystoreProvider == null || !"PKCS11".equals(keystoreProvider.toUpperCase()))) {
return null;
} else {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword);
KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray());
return kmf;
}

20
artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
View File

@ -542,7 +542,15 @@ public class NettyAcceptor extends AbstractAcceptor {
try {
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, crlPath);
context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.setCrlPath(crlPath)
.createContext();
} catch (Exception e) {
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
ise.initCause(e);
@ -573,7 +581,15 @@ public class NettyAcceptor extends AbstractAcceptor {
try {
if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified.");
context = SSLSupport.createNettyContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, sslProvider);
context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.setSslProvider(sslProvider)
.createNettyContext();
} catch (Exception e) {
IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port);
ise.initCause(e);

9
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
View File

@ -232,7 +232,14 @@ public class ConnectorServerFactory {
//todo fix
private void setupSsl() throws Exception {
SSLContext context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword);
SSLContext context = new SSLSupport()
.setKeystoreProvider(keyStoreProvider)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(trustStoreProvider)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
SSLServerSocketFactory sssf = context.getServerSocketFactory();
RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, this.isClientAuth(), rmiServerHost);
RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();

16
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
View File

@ -177,9 +177,13 @@ public class WebServerComponentTest extends Assert {
webServerComponent.start();
final int port = webServerComponent.getPort();
// Make the connection attempt.
String keyStoreProvider = "JKS";
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword());
SSLContext context = new SSLSupport()
.setKeystorePath(webServerDTO.keyStorePath)
.setKeystorePassword(webServerDTO.getKeyStorePassword())
.setTruststorePath(webServerDTO.keyStorePath)
.setTruststorePassword(webServerDTO.getKeyStorePassword())
.createContext();
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
@ -233,9 +237,13 @@ public class WebServerComponentTest extends Assert {
webServerComponent.start();
final int port = webServerComponent.getPort();
// Make the connection attempt.
String keyStoreProvider = "JKS";
SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.trustStorePath, webServerDTO.getTrustStorePassword());
SSLContext context = new SSLSupport()
.setKeystorePath(webServerDTO.keyStorePath)
.setKeystorePassword(webServerDTO.getKeyStorePassword())
.setTruststorePath(webServerDTO.trustStorePath)
.setTruststorePassword(webServerDTO.getTrustStorePassword())
.createContext();
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);

7
examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
View File

@ -72,7 +72,12 @@ public class MqttCrlEnabledExample {
mqtt.setConnectAttemptsMax(0);
mqtt.setReconnectAttemptsMax(0);
mqtt.setHost(host);
mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, keystorePass, "JKS", truststorePath, truststorePass));
mqtt.setSslContext(new SSLSupport()
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePass)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePass)
.createContext());
mqtt.setCleanSession(true);
BlockingConnection connection = mqtt.blockingConnection();

7
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
View File

@ -235,7 +235,12 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase {
mqtt.setConnectAttemptsMax(1);
mqtt.setReconnectAttemptsMax(0);
mqtt.setHost(host);
SSLContext sslContext = SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, truststorePath, truststorePass);
SSLContext sslContext = new SSLSupport()
.setKeystorePath(keystorePath)
.setKeystorePassword(keystorePass)
.setTruststorePath(truststorePath)
.setTruststorePassword(truststorePass)
.createContext();
mqtt.setSslContext(sslContext);
BlockingConnection connection = mqtt.blockingConnection();

15
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
View File

@ -239,7 +239,11 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
SSLContext.setDefault(new SSLSupport()
.setTruststoreProvider(storeType)
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
.setTruststorePassword(PASSWORD)
.createContext());
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
@ -662,7 +666,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
}
public String[] getEnabledCipherSuites() throws Exception {
SSLContext context = SSLSupport.createContext(storeType, SERVER_SIDE_KEYSTORE, PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD);
SSLContext context = new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(SERVER_SIDE_KEYSTORE)
.setKeystorePassword(PASSWORD)
.setTruststoreProvider(storeType)
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
.setTruststorePassword(PASSWORD)
.createContext();
SSLEngine engine = context.createSSLEngine();
return engine.getEnabledCipherSuites();
}

5
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
View File

@ -210,7 +210,10 @@ public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase {
ServerBootstrap b = new ServerBootstrap();
final SSLContext context;
if (useSSL) {
context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, PASSWORD, null, null, null);
context = new SSLSupport()
.setKeystorePath(SERVER_SIDE_KEYSTORE)
.setKeystorePassword(PASSWORD)
.createContext();
} else {
context = null;
}

102
tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
View File

@ -73,32 +73,60 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithRightParameters() throws Exception {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
// This is valid as it will create key and trust managers with system defaults
@Test
public void testContextWithNullParameters() throws Exception {
SSLSupport.createContext(null, null, null, null, null, null);
new SSLSupport().createContext();
}
@Test
public void testContextWithKeyStorePathAsURL() throws Exception {
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
SSLSupport.createContext(storeType, url.toString(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(url.toString())
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithKeyStorePathAsFile() throws Exception {
URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
File file = new File(url.toURI());
SSLSupport.createContext(storeType, file.getAbsolutePath(), keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(file.getAbsolutePath())
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithBadKeyStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, "not a keystore", keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath("not a keystore")
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -107,7 +135,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithNullKeyStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, null, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(null)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
} catch (Exception e) {
Assert.fail();
}
@ -122,13 +157,27 @@ public class SSLSupportTest extends ActiveMQTestBase {
return;
}
SSLSupport.createContext(storeType, "src/test/resources/" + keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath("src/test/resources/" + keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
}
@Test
public void testContextWithBadKeyStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, "bad password", storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword("bad password")
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -137,7 +186,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithNullKeyStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, null, storeType, trustStorePath, trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(null)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
assertFalse(e instanceof NullPointerException);
@ -147,7 +203,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithBadTrustStorePath() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, "not a trust store", trustStorePassword);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath("not a trust store")
.setTruststorePassword(trustStorePassword)
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -156,7 +219,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
@Test
public void testContextWithBadTrustStorePassword() throws Exception {
try {
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord");
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword("bad passord")
.createContext();
Assert.fail();
} catch (Exception e) {
}
@ -166,6 +236,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
public void testContextWithTrustAll() throws Exception {
//This is using a bad password but should not fail because the trust store should be ignored with
//the trustAll flag set to true
SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord", true);
new SSLSupport()
.setKeystoreProvider(storeType)
.setKeystorePath(keyStorePath)
.setKeystorePassword(keyStorePassword)
.setTruststoreProvider(storeType)
.setTruststorePath(trustStorePath)
.setTruststorePassword("bad passord")
.setTrustAll(true)
.createContext();
}
}