ARTEMIS-590 connector option to use default SSL context

artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java

@@ -206,6 +206,8 @@ public class NettyConnector extends AbstractConnector {
 
    private boolean verifyHost;
 
+   private boolean useDefaultSslContext;
+
    private boolean tcpNoDelay;
 
    private int tcpSendBufferSize;
@@ -326,6 +328,8 @@ public class NettyConnector extends AbstractConnector {
          enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration);
 
          verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration);
+
+         useDefaultSslContext = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT, configuration);
       } else {
          keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
          keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
@@ -336,6 +340,7 @@ public class NettyConnector extends AbstractConnector {
          enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES;
          enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS;
          verifyHost = TransportConstants.DEFAULT_VERIFY_HOST;
+         useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT;
       }
 
       tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, TransportConstants.DEFAULT_TCP_NODELAY, configuration);
@@ -440,6 +445,9 @@ public class NettyConnector extends AbstractConnector {
       final SSLContext context;
       if (sslEnabled) {
          try {
+            if (useDefaultSslContext) {
+               context = SSLContext.getDefault();
+            } else {
                // HORNETQ-680 - override the server-side config if client-side system properties are set
                String realKeyStorePath = keyStorePath;
                String realKeyStoreProvider = keyStoreProvider;
@@ -481,6 +489,7 @@ public class NettyConnector extends AbstractConnector {
                   realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME);
                }
                context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
+            }
          } catch (Exception e) {
             close();
             IllegalStateException ise = new IllegalStateException("Unable to create NettyConnector for " + host + ":" + port);

artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java

@@ -101,6 +101,8 @@ public class TransportConstants {
 
    public static final String BACKLOG_PROP_NAME = "backlog";
 
+   public static final String USE_DEFAULT_SSL_CONTEXT_PROP_NAME = "useDefaultSslContext";
+
    public static final String NETTY_VERSION;
 
    /**
@@ -181,6 +183,8 @@ public class TransportConstants {
 
    public static final boolean DEFAULT_VERIFY_HOST = false;
 
+   public static final boolean DEFAULT_USE_DEFAULT_SSL_CONTEXT = false;
+
    public static final boolean DEFAULT_TCP_NODELAY = true;
 
    public static final int DEFAULT_TCP_SENDBUFFER_SIZE = 1024 * 1024;
@@ -321,6 +325,7 @@ public class TransportConstants {
       allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropMaskPassword());
       allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropPasswordCodec());
       allowableConnectorKeys.add(TransportConstants.NETTY_CONNECT_TIMEOUT);
+      allowableConnectorKeys.add(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME);
 
       ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys);
 

docs/user-manual/en/configuring-transports.md

@@ -416,6 +416,15 @@ following additional properties:
 
     Valid values are `true` or `false`. Default is `false`.
 
+-   `useDefaultSslContext`
+
+    Only valid on a `connector`. Allows the `connector` to use the "default" SSL
+    context (via `SSLContext.getDefault()`) which can be set programmatically by
+    the client (via `SSLContext.setDefault(SSLContext)`). If set to `true` all
+    other SSL related parameters except for `sslEnabled` are ignored.
+
+    Valid values are `true` or `false`. Default is `false`.
+
 ## Configuring Netty HTTP
 
 Netty HTTP tunnels packets over the HTTP protocol. It can be useful in

tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java

@@ -132,6 +132,33 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
       Assert.assertEquals(text, m.getBodyBuffer().readString());
    }
 
+   @Test
+   public void testOneWaySSLUsingDefaultSslContext() throws Exception {
+      createCustomSslServer();
+      String text = RandomUtil.randomString();
+
+      tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+      tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
+
+      SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
+
+      ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+      ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
+      ClientSession session = addClientSession(sf.createSession(false, true, true));
+      session.createQueue(CoreClientOverOneWaySSLTest.QUEUE, CoreClientOverOneWaySSLTest.QUEUE, false);
+      ClientProducer producer = addClientProducer(session.createProducer(CoreClientOverOneWaySSLTest.QUEUE));
+
+      ClientMessage message = createTextMessage(session, text);
+      producer.send(message);
+
+      ClientConsumer consumer = addClientConsumer(session.createConsumer(CoreClientOverOneWaySSLTest.QUEUE));
+      session.start();
+
+      ClientMessage m = consumer.receive(1000);
+      Assert.assertNotNull(m);
+      Assert.assertEquals(text, m.getBodyBuffer().readString());
+   }
+
    @Test
    public void testOneWaySSLVerifyHost() throws Exception {
       createCustomSslServer(null, null, true);