Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #3671

This commit is contained in:
Clebert Suconic 2021-08-03 09:55:36 -04:00
parent b15bd46a74 7a9de8eea3
commit 5ebaebdfa3
20 changed files with 26 additions and 592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
artemis-commons/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java
View File

@ -18,7 +18,7 @@
package org.apache.activemq.artemis.utils; package org.apache.activemq.artemis.utils;
import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import io.netty.channel.Channel; import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandler;
@ -32,7 +32,7 @@ public class CertificateUtil {
if (channelHandler != null && channelHandler instanceof SslHandler) { if (channelHandler != null && channelHandler instanceof SslHandler) {
SslHandler sslHandler = (SslHandler) channelHandler; SslHandler sslHandler = (SslHandler) channelHandler;
try { try {
certificates = sslHandler.engine().getSession().getPeerCertificateChain(); certificates = (X509Certificate[]) sslHandler.engine().getSession().getPeerCertificates();
} catch (SSLPeerUnverifiedException e) { } catch (SSLPeerUnverifiedException e) {
// ignore // ignore
} }

2
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/CertificateUtil.java
View File

@ -24,7 +24,7 @@ import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.remoting.Connection; import org.apache.activemq.artemis.spi.core.remoting.Connection;
import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.security.Principal; import java.security.Principal;
public class CertificateUtil { public class CertificateUtil {

2
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
View File

@ -17,7 +17,7 @@
package org.apache.activemq.artemis.core.security.impl; package org.apache.activemq.artemis.core.security.impl;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Set; import java.util.Set;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;

2
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
View File

@ -18,7 +18,7 @@ package org.apache.activemq.artemis.core.server.impl;
import javax.json.JsonArrayBuilder; import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder; import javax.json.JsonObjectBuilder;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.transaction.xa.XAException; import javax.transaction.xa.XAException;
import javax.transaction.xa.Xid; import javax.transaction.xa.Xid;
import java.util.ArrayList; import java.util.ArrayList;

2
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
View File

@ -16,7 +16,7 @@
*/ */
package org.apache.activemq.artemis.spi.core.security; package org.apache.activemq.artemis.spi.core.security;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Set; import java.util.Set;
import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.CheckType;

2
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateCallback.java
View File

@ -17,7 +17,7 @@
package org.apache.activemq.artemis.spi.core.security.jaas; package org.apache.activemq.artemis.spi.core.security.jaas;
import javax.security.auth.callback.Callback; import javax.security.auth.callback.Callback;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
/** /**
* A Callback for SSL certificates. * A Callback for SSL certificates.

2
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
View File

@ -22,7 +22,7 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.io.IOException; import java.io.IOException;
import java.security.Principal; import java.security.Principal;
import java.util.HashSet; import java.util.HashSet;

2
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java
View File

@ -21,7 +21,7 @@ import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.io.IOException; import java.io.IOException;
import java.security.Principal; import java.security.Principal;
import java.util.Arrays; import java.util.Arrays;

2
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java
View File

@ -19,7 +19,7 @@ package org.apache.activemq.artemis.spi.core.security.jaas;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;

2
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java
View File

@ -17,7 +17,7 @@
package org.apache.activemq.artemis.core.security.jaas; package org.apache.activemq.artemis.core.security.jaas;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Set; import java.util.Set;
import org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule; import org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule;

12
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubX509Certificate.java
View File

@ -16,7 +16,7 @@
*/ */
package org.apache.activemq.artemis.core.security.jaas; package org.apache.activemq.artemis.core.security.jaas;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.Principal; import java.security.Principal;
import java.security.PublicKey; import java.security.PublicKey;
@ -70,10 +70,12 @@ public class StubX509Certificate extends X509Certificate {
return null; return null;
} }
@Override
public byte[] getTBSCertificate() { public byte[] getTBSCertificate() {
return null; return null;
} }
@Override
public byte[] getSignature() { public byte[] getSignature() {
return null; return null;
} }
@ -93,18 +95,22 @@ public class StubX509Certificate extends X509Certificate {
return null; return null;
} }
@Override
public boolean[] getIssuerUniqueID() { public boolean[] getIssuerUniqueID() {
return null; return null;
} }
@Override
public boolean[] getSubjectUniqueID() { public boolean[] getSubjectUniqueID() {
return null; return null;
} }
@Override
public boolean[] getKeyUsage() { public boolean[] getKeyUsage() {
return null; return null;
} }
@Override
public int getBasicConstraints() { public int getBasicConstraints() {
return 0; return 0;
} }
@ -132,20 +138,24 @@ public class StubX509Certificate extends X509Certificate {
return null; return null;
} }
@Override
public boolean hasUnsupportedCriticalExtension() { public boolean hasUnsupportedCriticalExtension() {
return false; return false;
} }
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
@Override
public Set getCriticalExtensionOIDs() { public Set getCriticalExtensionOIDs() {
return null; return null;
} }
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
@Override
public Set getNonCriticalExtensionOIDs() { public Set getNonCriticalExtensionOIDs() {
return null; return null;
} }
@Override
public byte[] getExtensionValue(String arg0) { public byte[] getExtensionValue(String arg0) {
return null; return null;
} }

2
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java
View File

@ -21,7 +21,7 @@ import javax.security.auth.Subject;
import javax.security.auth.callback.Callback; import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.URL; import java.net.URL;

2
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslBrokerServiceTest.java
View File

@ -146,7 +146,7 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
sslSocket.startHandshake(); sslSocket.startHandshake();
LOG.info("cyphersuite: " + session.getCipherSuite()); LOG.info("cyphersuite: " + session.getCipherSuite());
LOG.info("peer port: " + session.getPeerPort()); LOG.info("peer port: " + session.getPeerPort());
LOG.info("peer cert: " + session.getPeerCertificateChain()[0].toString()); LOG.info("peer cert: " + session.getPeerCertificates()[0].toString());
} }
public static TrustManager[] getTrustManager() throws Exception { public static TrustManager[] getTrustManager() throws Exception {

44
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslSocketHelper.java
View File

@ -1,44 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import javax.management.remote.JMXPrincipal;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.security.cert.X509Certificate;
/**
*
*/
public final class SslSocketHelper {
private SslSocketHelper() {
}
public static SSLSocket createSSLSocket(String certDistinguishedName,
boolean wantAuth,
boolean needAuth) throws IOException {
JMXPrincipal principal = new JMXPrincipal(certDistinguishedName);
X509Certificate cert = new StubX509Certificate(principal);
StubSSLSession sslSession = new StubSSLSession(cert);
StubSSLSocket sslSocket = new StubSSLSocket(sslSession);
sslSocket.setWantClientAuth(wantAuth);
sslSocket.setNeedClientAuth(needAuth);
return sslSocket;
}
}

140
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
View File

@ -1,140 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import junit.framework.TestCase;
import org.apache.activemq.openwire.OpenWireFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SslTransportFactoryTest extends TestCase {
private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactoryTest.class);
private SslTransportFactory factory;
private boolean verbose;
@Override
protected void setUp() throws Exception {
factory = new SslTransportFactory();
}
@Override
protected void tearDown() throws Exception {
super.tearDown();
}
public void testBindServerOptions() throws IOException {
SslTransportServer sslTransportServer = null;
for (int i = 0; i < 4; ++i) {
final boolean wantClientAuth = (i & 0x1) == 1;
final boolean needClientAuth = (i & 0x2) == 2;
String options = "wantClientAuth=" + (wantClientAuth ? "true" : "false") + "&needClientAuth=" + (needClientAuth ? "true" : "false");
try {
sslTransportServer = (SslTransportServer) factory.doBind(new URI("ssl://localhost:61616?" + options));
} catch (Exception e) {
fail("Unable to bind to address: " + e.getMessage());
}
assertEquals("Created ServerSocket did not have correct wantClientAuth status.", sslTransportServer.getWantClientAuth(), wantClientAuth);
assertEquals("Created ServerSocket did not have correct needClientAuth status.", sslTransportServer.getNeedClientAuth(), needClientAuth);
try {
sslTransportServer.stop();
} catch (Exception e) {
fail("Unable to stop TransportServer: " + e.getMessage());
}
}
}
private int getMthNaryDigit(int number, int digitIdx, int numBase) {
return (number / ((int) Math.pow(numBase, digitIdx))) % numBase;
}
public void testCompositeConfigure() throws IOException {
// The 5 options being tested.
int optionSettings[] = new int[5];
String optionNames[] = {"wantClientAuth", "needClientAuth", "socket.wantClientAuth", "socket.needClientAuth", "socket.useClientMode"};
// Using a trinary interpretation of i to set all possible values of
// stub options for socket and transport.
// 2 transport options, 3 socket options, 3 settings for each option =>
// 3^5 = 243 combos.
for (int i = 0; i < 243; ++i) {
Map<String, String> options = new HashMap<>();
for (int j = 0; j < 5; ++j) {
// -1 since the option range is [-1,1], not [0,2].
optionSettings[j] = getMthNaryDigit(i, j, 3) - 1;
if (optionSettings[j] != -1) {
options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false");
}
}
StubSSLSocket socketStub = new StubSSLSocket(null);
StubSslTransport transport = null;
try {
transport = new StubSslTransport(null, socketStub);
} catch (Exception e) {
fail("Unable to create StubSslTransport: " + e.getMessage());
}
if (verbose) {
LOG.info("");
LOG.info("Iteration: " + i);
LOG.info("Map settings: " + options);
for (int x = 0; x < optionSettings.length; x++) {
LOG.info("optionSetting[" + x + "] = " + optionSettings[x]);
}
}
factory.compositeConfigure(transport, new OpenWireFormat(), options);
// lets start the transport to force the introspection
try {
transport.start();
} catch (Exception e) {
// ignore bad connection
}
if (socketStub.getWantClientAuthStatus() != optionSettings[2]) {
LOG.info("sheiite");
}
assertEquals("wantClientAuth was not properly set for iteration: " + i, optionSettings[0], transport.getWantClientAuthStatus());
assertEquals("needClientAuth was not properly set for iteration: " + i, optionSettings[1], transport.getNeedClientAuthStatus());
assertEquals("socket.wantClientAuth was not properly set for iteration: " + i, optionSettings[2], socketStub.getWantClientAuthStatus());
assertEquals("socket.needClientAuth was not properly set for iteration: " + i, optionSettings[3], socketStub.getNeedClientAuthStatus());
assertEquals("socket.useClientMode was not properly set for iteration: " + i, optionSettings[4], socketStub.getUseClientModeStatus());
}
}
}

98
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportTest.java
View File

@ -1,98 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import javax.management.remote.JMXPrincipal;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.security.cert.X509Certificate;
import junit.framework.TestCase;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.transport.StubTransportListener;
import org.apache.activemq.wireformat.ObjectStreamWireFormat;
/**
* Unit tests for the SslTransport class.
*/
public class SslTransportTest extends TestCase {
SSLSocket sslSocket;
StubTransportListener stubListener;
String username;
String password;
String certDistinguishedName;
@Override
protected void setUp() throws Exception {
certDistinguishedName = "ThisNameIsDistinguished";
username = "SomeUserName";
password = "SomePassword";
}
@Override
protected void tearDown() throws Exception {
super.tearDown();
}
private void createTransportAndConsume(boolean wantAuth, boolean needAuth) throws IOException {
JMXPrincipal principal = new JMXPrincipal(certDistinguishedName);
X509Certificate cert = new StubX509Certificate(principal);
StubSSLSession sslSession = new StubSSLSession(cert);
sslSocket = new StubSSLSocket(sslSession);
sslSocket.setWantClientAuth(wantAuth);
sslSocket.setNeedClientAuth(needAuth);
SslTransport transport = new SslTransport(new ObjectStreamWireFormat(), sslSocket);
stubListener = new StubTransportListener();
transport.setTransportListener(stubListener);
ConnectionInfo sentInfo = new ConnectionInfo();
sentInfo.setUserName(username);
sentInfo.setPassword(password);
transport.doConsume(sentInfo);
}
public void testKeepClientUserName() throws IOException {
createTransportAndConsume(true, true);
final ConnectionInfo receivedInfo = (ConnectionInfo) stubListener.getCommands().remove();
X509Certificate receivedCert;
try {
receivedCert = ((X509Certificate[]) receivedInfo.getTransportContext())[0];
} catch (Exception e) {
receivedCert = null;
}
if (receivedCert == null) {
fail("Transmitted certificate chain was not attached to ConnectionInfo.");
}
assertEquals("Received certificate distinguished name did not match the one transmitted.", certDistinguishedName, receivedCert.getSubjectDN().getName());
}
}

153
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSession.java
View File

@ -1,153 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
class StubSSLSession implements SSLSession {
X509Certificate cert;
boolean isVerified;
public StubSSLSession(X509Certificate cert) {
if (cert != null) {
this.isVerified = true;
this.cert = cert;
} else {
this.isVerified = false;
this.cert = null;
}
}
public void setIsVerified(boolean verified) {
this.isVerified = verified;
}
@Override
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
if (this.isVerified) {
return new X509Certificate[]{this.cert};
} else {
throw new SSLPeerUnverifiedException("Socket is unverified.");
}
}
// --- Stubbed methods ---
@Override
public byte[] getId() {
return null;
}
@Override
public SSLSessionContext getSessionContext() {
return null;
}
@Override
public long getCreationTime() {
return 0;
}
@Override
public long getLastAccessedTime() {
return 0;
}
@Override
public void invalidate() {
}
@Override
public boolean isValid() {
return false;
}
@Override
public void putValue(String arg0, Object arg1) {
}
@Override
public Object getValue(String arg0) {
return null;
}
@Override
public void removeValue(String arg0) {
}
@Override
public String[] getValueNames() {
return null;
}
@Override
public Certificate[] getLocalCertificates() {
return null;
}
@Override
public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
return null;
}
@Override
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
return null;
}
@Override
public Principal getLocalPrincipal() {
return null;
}
@Override
public String getCipherSuite() {
return null;
}
@Override
public String getProtocol() {
return null;
}
@Override
public String getPeerHost() {
return null;
}
@Override
public int getPeerPort() {
return 0;
}
@Override
public int getPacketBufferSize() {
return 0;
}
@Override
public int getApplicationBufferSize() {
return 0;
}
}

141
tests/activemq5-unit-tests/src/test/java/org/apache/activemq/transport/tcp/StubSSLSocket.java
View File

@ -1,141 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
public class StubSSLSocket extends SSLSocket {
public static final int UNTOUCHED = -1;
public static final int FALSE = 0;
public static final int TRUE = 1;
private int wantClientAuthStatus = UNTOUCHED;
private int needClientAuthStatus = UNTOUCHED;
private int useClientModeStatus = UNTOUCHED;
private final StubSSLSession session;
public StubSSLSocket(StubSSLSession ses) {
this.session = ses;
}
@Override
public void setWantClientAuth(boolean arg0) {
this.wantClientAuthStatus = arg0 ? TRUE : FALSE;
}
@Override
public void setNeedClientAuth(boolean arg0) {
this.needClientAuthStatus = arg0 ? TRUE : FALSE;
if (session != null) {
this.session.setIsVerified(arg0);
}
}
@Override
public void setUseClientMode(boolean arg0) {
useClientModeStatus = arg0 ? TRUE : FALSE;
}
@Override
public boolean getWantClientAuth() {
return wantClientAuthStatus == TRUE;
}
@Override
public boolean getNeedClientAuth() {
return needClientAuthStatus == TRUE;
}
@Override
public boolean getUseClientMode() {
return useClientModeStatus == TRUE;
}
public int getWantClientAuthStatus() {
return wantClientAuthStatus;
}
public int getNeedClientAuthStatus() {
return needClientAuthStatus;
}
public int getUseClientModeStatus() {
return useClientModeStatus;
}
@Override
public SSLSession getSession() {
return this.session;
}
// --- Stubbed methods ---
@Override
public String[] getSupportedCipherSuites() {
return null;
}
@Override
public String[] getEnabledCipherSuites() {
return null;
}
@Override
public void setEnabledCipherSuites(String[] arg0) {
}
@Override
public String[] getSupportedProtocols() {
return null;
}
@Override
public String[] getEnabledProtocols() {
return null;
}
@Override
public void setEnabledProtocols(String[] arg0) {
}
@Override
public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
}
@Override
public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
}
@Override
public void startHandshake() throws IOException {
}
@Override
public void setEnableSessionCreation(boolean arg0) {
}
@Override
public boolean getEnableSessionCreation() {
return false;
}
}

2
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
View File

@ -23,7 +23,7 @@ import javax.jms.JMSSecurityException;
import javax.jms.MessageProducer; import javax.jms.MessageProducer;
import javax.jms.QueueBrowser; import javax.jms.QueueBrowser;
import javax.jms.Session; import javax.jms.Session;
import javax.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.transaction.xa.XAResource; import javax.transaction.xa.XAResource;
import javax.transaction.xa.Xid; import javax.transaction.xa.Xid;
import java.lang.management.ManagementFactory; import java.lang.management.ManagementFactory;

2
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
View File

@ -205,7 +205,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl"); SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl");
Assert.assertNotNull(sslHandler); Assert.assertNotNull(sslHandler);
Assert.assertNotNull(sslHandler.engine().getSession()); Assert.assertNotNull(sslHandler.engine().getSession());
Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain()); Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificates());
} }
} catch (SSLPeerUnverifiedException e) { } catch (SSLPeerUnverifiedException e) {
Assert.fail(e.getMessage()); Assert.fail(e.getMessage());