This closes #3624
This commit is contained in:
Clebert Suconic
commit
7538602cef
|
|
@ -430,6 +430,14 @@ public interface ActiveMQClientLogger extends BasicLogger {
|
|||
format = Message.Format.MESSAGE_FORMAT)
|
||||
void connectionFactoryParameterIgnored(String parameterName);
|
||||
|
||||
@LogMessage(level = Logger.Level.WARN)
|
||||
@Message(id = 212079, value = "The upstream connector from the downstream federation will ignore url parameter {0}", format = Message.Format.MESSAGE_FORMAT)
|
||||
void ignoredParameterForDownstreamFederation(String name);
|
||||
|
||||
@LogMessage(level = Logger.Level.WARN)
|
||||
@Message(id = 212080, value = "Using legacy SSL store provider value: {0}. Please use either ''keyStoreType'' or ''trustStoreType'' instead as appropriate.", format = Message.Format.MESSAGE_FORMAT)
|
||||
void oldStoreProvider(String value);
|
||||
|
||||
@LogMessage(level = Logger.Level.ERROR)
|
||||
@Message(id = 214000, value = "Failed to call onMessage", format = Message.Format.MESSAGE_FORMAT)
|
||||
void onMessageError(@Cause Throwable e);
|
||||
|
|
@ -574,8 +582,4 @@ public interface ActiveMQClientLogger extends BasicLogger {
|
|||
@Message(id = 214033, value = "Cannot resolve host ",
|
||||
format = Message.Format.MESSAGE_FORMAT)
|
||||
void unableToResolveHost(@Cause UnknownHostException e);
|
||||
|
||||
@LogMessage(level = Logger.Level.WARN)
|
||||
@Message(id = 212079, value = "The upstream connector from the downstream federation will ignore url parameter {0}", format = Message.Format.MESSAGE_FORMAT)
|
||||
void ignoredParameterForDownstreamFederation(String name);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,6 +106,7 @@ import io.netty.util.concurrent.Future;
|
|||
import io.netty.util.concurrent.GlobalEventExecutor;
|
||||
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
|
||||
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
||||
import org.apache.activemq.artemis.api.core.Pair;
|
||||
import org.apache.activemq.artemis.core.client.ActiveMQClientLogger;
|
||||
import org.apache.activemq.artemis.core.client.ActiveMQClientMessageBundle;
|
||||
import org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager;
|
||||
|
|
@ -596,12 +597,19 @@ public class NettyConnector extends AbstractConnector {
|
|||
} else {
|
||||
realKeyStorePath = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v -> useDefaultSslContext ? keyStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realKeyStorePassword = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v -> useDefaultSslContext ? keyStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realKeyStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PROVIDER_PROP_NAME), keyStoreProvider).map(v -> useDefaultSslContext ? keyStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realKeyStoreType = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_TYPE_PROP_NAME), keyStoreType).map(v -> useDefaultSslContext ? keyStoreType : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
|
||||
Pair<String, String> keyStoreCompat = SSLSupport.getValidProviderAndType(Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PROVIDER_PROP_NAME), keyStoreProvider).map(v -> useDefaultSslContext ? keyStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null),
|
||||
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_TYPE_PROP_NAME), keyStoreType).map(v -> useDefaultSslContext ? keyStoreType : v).filter(Objects::nonNull).findFirst().orElse(null));
|
||||
realKeyStoreProvider = keyStoreCompat.getA();
|
||||
realKeyStoreType = keyStoreCompat.getB();
|
||||
|
||||
realTrustStorePath = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME), trustStorePath).map(v -> useDefaultSslContext ? trustStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realTrustStorePassword = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME), trustStorePassword).map(v -> useDefaultSslContext ? trustStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realTrustStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PROVIDER_PROP_NAME), trustStoreProvider).map(v -> useDefaultSslContext ? trustStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
realTrustStoreType = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_TYPE_PROP_NAME), trustStoreType).map(v -> useDefaultSslContext ? trustStoreType : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||
|
||||
Pair<String, String> trustStoreCompat = SSLSupport.getValidProviderAndType(Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PROVIDER_PROP_NAME), trustStoreProvider).map(v -> useDefaultSslContext ? trustStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null),
|
||||
Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_TYPE_PROP_NAME), trustStoreType).map(v -> useDefaultSslContext ? trustStoreType : v).filter(Objects::nonNull).findFirst().orElse(null));
|
||||
realTrustStoreProvider = trustStoreCompat.getA();
|
||||
realTrustStoreType = trustStoreCompat.getB();
|
||||
}
|
||||
} else {
|
||||
realKeyStorePath = null;
|
||||
|
|
|
|||
|
|
@ -44,7 +44,9 @@ import io.netty.handler.ssl.SslContext;
|
|||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||
import org.apache.activemq.artemis.api.core.Pair;
|
||||
import org.apache.activemq.artemis.api.core.TrustManagerFactoryPlugin;
|
||||
import org.apache.activemq.artemis.core.client.ActiveMQClientLogger;
|
||||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||
import org.apache.activemq.artemis.spi.core.remoting.ssl.SSLContextConfig;
|
||||
import org.apache.activemq.artemis.utils.ClassloadingUtil;
|
||||
|
|
@ -368,4 +370,23 @@ public class SSLSupport {
|
|||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* The changes ARTEMIS-3155 introduced an incompatibility with old clients using the keyStoreProvider and
|
||||
* trustStoreProvider URL properties. These old clients use these properties to set the *type* of store
|
||||
* (e.g. PKCS12, PKCS11, JKS, JCEKS, etc.), but new clients use these to set the *provider* (as the name
|
||||
* implies). This method checks to see if the provider property matches what is expected from old clients
|
||||
* and if so returns they proper provider and type properties to use with the new client implementation.
|
||||
*
|
||||
* @param storeProvider
|
||||
* @param storeType
|
||||
* @return a Pair<String, String> representing the provider and type to use (in that order)
|
||||
*/
|
||||
public static Pair<String, String> getValidProviderAndType(String storeProvider, String storeType) {
|
||||
if (storeProvider != null && (storeProvider.startsWith("PKCS") || storeProvider.equals("JKS") || storeProvider.equals("JCEKS"))) {
|
||||
ActiveMQClientLogger.LOGGER.oldStoreProvider(storeProvider);
|
||||
return new Pair<>(null, storeProvider);
|
||||
}
|
||||
return new Pair<>(storeProvider, storeType);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -289,17 +289,23 @@ public class NettyAcceptor extends AbstractAcceptor {
|
|||
host = ConfigurationHelper.getStringProperty(TransportConstants.HOST_PROP_NAME, TransportConstants.DEFAULT_HOST, configuration);
|
||||
port = ConfigurationHelper.getIntProperty(TransportConstants.PORT_PROP_NAME, TransportConstants.DEFAULT_PORT, configuration);
|
||||
if (sslEnabled) {
|
||||
keyStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PROVIDER, configuration);
|
||||
Pair<String, String> keyStoreCompat = SSLSupport.getValidProviderAndType(ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PROVIDER, configuration),
|
||||
ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_TYPE, configuration));
|
||||
|
||||
keyStoreType = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_TYPE, configuration);
|
||||
keyStoreProvider = keyStoreCompat.getA();
|
||||
|
||||
keyStoreType = keyStoreCompat.getB();
|
||||
|
||||
keyStorePath = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PATH, configuration);
|
||||
|
||||
keyStorePassword = ConfigurationHelper.getPasswordProperty(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, configuration, ActiveMQDefaultConfiguration.getPropMaskPassword(), ActiveMQDefaultConfiguration.getPropPasswordCodec());
|
||||
|
||||
trustStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, configuration);
|
||||
Pair<String, String> trustStoreCompat = SSLSupport.getValidProviderAndType(ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, configuration),
|
||||
ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_TYPE, configuration));
|
||||
|
||||
trustStoreType = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_TYPE, configuration);
|
||||
trustStoreProvider = trustStoreCompat.getA();
|
||||
|
||||
trustStoreType = trustStoreCompat.getB();
|
||||
|
||||
trustStorePath = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PATH, configuration);
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException;
|
|||
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
||||
import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
|
||||
import org.apache.activemq.artemis.api.core.Message;
|
||||
import org.apache.activemq.artemis.api.core.Pair;
|
||||
import org.apache.activemq.artemis.api.core.QueueConfiguration;
|
||||
import org.apache.activemq.artemis.api.core.RoutingType;
|
||||
import org.apache.activemq.artemis.api.core.SimpleString;
|
||||
|
|
@ -43,10 +44,12 @@ import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
|
|||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||
import org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport;
|
||||
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
||||
import org.apache.activemq.artemis.logs.AssertionLoggerHandler;
|
||||
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
|
||||
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
|
||||
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
|
||||
import org.apache.activemq.artemis.utils.RandomUtil;
|
||||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
|
@ -60,19 +63,23 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
@Parameterized.Parameters(name = "storeProvider={0}, storeType={1}")
|
||||
public static Collection getParameters() {
|
||||
return Arrays.asList(new Object[][]{
|
||||
{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_TYPE},
|
||||
{"SunJCE", "JCEKS"},
|
||||
{"SUN", "JKS"},
|
||||
{"SunJSSE", "PKCS12"}
|
||||
{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_TYPE, false},
|
||||
{"SunJCE", "JCEKS", false},
|
||||
{"SUN", "JKS", false},
|
||||
{"SunJSSE", "PKCS12", false},
|
||||
{"JCEKS", null, true}, // for compatibility with old keyStoreProvider
|
||||
{"JKS", null, true}, // for compatibility with old keyStoreProvider
|
||||
{"PKCS12", null, true} // for compatibility with old keyStoreProvider
|
||||
});
|
||||
}
|
||||
|
||||
public CoreClientOverOneWaySSLTest(String storeProvider, String storeType) {
|
||||
public CoreClientOverOneWaySSLTest(String storeProvider, String storeType, boolean generateWarning) {
|
||||
this.storeProvider = storeProvider;
|
||||
this.storeType = storeType;
|
||||
suffix = storeType.toLowerCase();
|
||||
this.generateWarning = generateWarning;
|
||||
suffix = storeType == null || storeType.length() == 0 ? storeProvider.toLowerCase() : storeType.toLowerCase();
|
||||
// keytool expects PKCS12 stores to use the extension "p12"
|
||||
if (storeType.equals("PKCS12")) {
|
||||
if (suffix.equalsIgnoreCase("PKCS12")) {
|
||||
suffix = "p12";
|
||||
}
|
||||
SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix;
|
||||
|
|
@ -123,6 +130,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
* keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
|
||||
* keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
|
||||
*/
|
||||
private boolean generateWarning;
|
||||
private String storeProvider;
|
||||
private String storeType;
|
||||
private String SERVER_SIDE_KEYSTORE;
|
||||
|
|
@ -133,6 +141,21 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
|
||||
private TransportConfiguration tc;
|
||||
|
||||
@Before
|
||||
public void validateLogging() {
|
||||
AssertionLoggerHandler.startCapture();
|
||||
}
|
||||
|
||||
@After
|
||||
public void afterValidateLogging() {
|
||||
if (this.generateWarning) {
|
||||
Assert.assertTrue(AssertionLoggerHandler.findText("AMQ212080"));
|
||||
} else {
|
||||
Assert.assertFalse(AssertionLoggerHandler.findText("AMQ212080"));
|
||||
}
|
||||
AssertionLoggerHandler.clear();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOneWaySSL() throws Exception {
|
||||
createCustomSslServer();
|
||||
|
|
@ -324,10 +347,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
String text = RandomUtil.randomString();
|
||||
|
||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + PASSWORD;
|
||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
url += ";trustStoreProvider=" + storeProvider;
|
||||
}
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
url += ";trustStoreType=" + storeType;
|
||||
}
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||
|
|
@ -359,10 +382,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
|
||||
String masked = codec.encode(PASSWORD);
|
||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + masked + ";activemq.usemaskedpassword=true";
|
||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
url += ";trustStoreProvider=" + storeProvider;
|
||||
}
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
url += ";trustStoreType=" + storeType;
|
||||
}
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||
|
|
@ -394,10 +417,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
String masked = codec.encode(PASSWORD);
|
||||
|
||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=ENC(" + masked + ")";
|
||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
url += ";trustStoreProvider=" + storeProvider;
|
||||
}
|
||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||
url += ";trustStoreType=" + storeType;
|
||||
}
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||
|
|
@ -426,9 +449,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
|
||||
|
||||
Pair<String, String> compat = SSLSupport.getValidProviderAndType(storeProvider, storeType);
|
||||
SSLContext.setDefault(new SSLSupport()
|
||||
.setTruststoreProvider(storeProvider)
|
||||
.setTruststoreType(storeType)
|
||||
.setTruststoreProvider(compat.getA())
|
||||
.setTruststoreType(compat.getB())
|
||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||
.setTruststorePassword(PASSWORD)
|
||||
.createContext());
|
||||
|
|
@ -777,7 +801,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, storeType);
|
||||
tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE);
|
||||
tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD);
|
||||
tc.getParams().put(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, "TLSv1");
|
||||
tc.getParams().put(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, "TLSv1.2");
|
||||
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
|
||||
ClientSessionFactory sf = null;
|
||||
|
|
@ -805,7 +829,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
|
||||
@Test
|
||||
public void testOneWaySSLWithGoodServerProtocol() throws Exception {
|
||||
createCustomSslServer(null, "TLSv1");
|
||||
createCustomSslServer(null, "TLSv1.2");
|
||||
String text = RandomUtil.randomString();
|
||||
|
||||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||
|
|
@ -857,7 +881,8 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
*/
|
||||
for (int i = 0; i < suites.length; i++) {
|
||||
String suite = suites[i];
|
||||
if ((storeType.equals("JCEKS") && suite.contains("RSA") && !suite.contains("ECDH_")) || (!storeType.equals("JCEKS") && !suite.contains("ECDSA") && suite.contains("RSA"))) {
|
||||
String storeType = SSLSupport.getValidProviderAndType(this.storeProvider, this.storeType).getB();
|
||||
if (storeType != null && ((storeType.equals("JCEKS") && suite.contains("RSA") && !suite.contains("ECDH_")) || (!storeType.equals("JCEKS") && !suite.contains("ECDSA") && suite.contains("RSA")))) {
|
||||
result = suite;
|
||||
break;
|
||||
}
|
||||
|
|
@ -867,13 +892,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
}
|
||||
|
||||
public String[] getEnabledCipherSuites() throws Exception {
|
||||
Pair<String, String> compat = SSLSupport.getValidProviderAndType(storeProvider, storeType);
|
||||
SSLContext context = new SSLSupport()
|
||||
.setKeystoreProvider(storeProvider)
|
||||
.setKeystoreType(storeType)
|
||||
.setKeystoreProvider(compat.getA())
|
||||
.setKeystoreType(compat.getB())
|
||||
.setKeystorePath(SERVER_SIDE_KEYSTORE)
|
||||
.setKeystorePassword(PASSWORD)
|
||||
.setTruststoreProvider(storeProvider)
|
||||
.setTruststoreType(storeType)
|
||||
.setTruststoreProvider(compat.getA())
|
||||
.setTruststoreType(compat.getB())
|
||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||
.setTruststorePassword(PASSWORD)
|
||||
.createContext();
|
||||
|
|
|
|||
|
|
@ -76,7 +76,11 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
|||
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
||||
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
||||
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}
|
||||
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||
{TransportConstants.DEFAULT_KEYSTORE_TYPE, null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||
{"JCEKS", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||
{"JKS", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||
{"PKCS12", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -86,9 +90,9 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
|||
this.clientSSLProvider = clientSSLProvider;
|
||||
this.serverSSLProvider = serverSSLProvider;
|
||||
|
||||
String suffix = storeType.toLowerCase();
|
||||
String suffix = storeType == null || storeType.length() == 0 ? storeProvider.toLowerCase() : storeType.toLowerCase();
|
||||
// keytool expects PKCS12 stores to use the extension "p12"
|
||||
if (storeType.equals("PKCS12")) {
|
||||
if (suffix.equalsIgnoreCase("PKCS12")) {
|
||||
suffix = "p12";
|
||||
}
|
||||
|
||||
|
|
@ -364,7 +368,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
|||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_KEYSTORE_PROVIDER)) {
|
||||
uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeProvider);
|
||||
}
|
||||
if (!storeType.equals(TransportConstants.DEFAULT_KEYSTORE_TYPE)) {
|
||||
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_KEYSTORE_TYPE)) {
|
||||
uri.append("&").append(TransportConstants.KEYSTORE_TYPE_PROP_NAME).append("=").append(storeType);
|
||||
}
|
||||
uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE);
|
||||
|
|
|
|||
Loading…
Reference in New Issue