ARTEMIS-590 connector option to use default SSL context

2017-04-18 11:40:08 -05:00 · 2017-04-18 11:40:08 -05:00 · 7e0fedf52e
parent 1e89bad221
commit 7e0fedf52e
4 changed files with 87 additions and 37 deletions
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
@ -206,6 +206,8 @@ public class NettyConnector extends AbstractConnector {

   private boolean verifyHost;

+   private boolean useDefaultSslContext;
+
   private boolean tcpNoDelay;

   private int tcpSendBufferSize;
@ -326,6 +328,8 @@ public class NettyConnector extends AbstractConnector {
         enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration);

         verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration);
+
+         useDefaultSslContext = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT, configuration);
      } else {
         keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
         keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
@ -336,6 +340,7 @@ public class NettyConnector extends AbstractConnector {
         enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES;
         enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS;
         verifyHost = TransportConstants.DEFAULT_VERIFY_HOST;
+         useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT;
      }

      tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, TransportConstants.DEFAULT_TCP_NODELAY, configuration);
@ -440,6 +445,9 @@ public class NettyConnector extends AbstractConnector {
      final SSLContext context;
      if (sslEnabled) {
         try {
+            if (useDefaultSslContext) {
+               context = SSLContext.getDefault();
+            } else {
               // HORNETQ-680 - override the server-side config if client-side system properties are set
               String realKeyStorePath = keyStorePath;
               String realKeyStoreProvider = keyStoreProvider;
@ -481,6 +489,7 @@ public class NettyConnector extends AbstractConnector {
                  realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME);
               }
               context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
+            }
         } catch (Exception e) {
            close();
            IllegalStateException ise = new IllegalStateException("Unable to create NettyConnector for " + host + ":" + port);
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
@ -101,6 +101,8 @@ public class TransportConstants {

   public static final String BACKLOG_PROP_NAME = "backlog";

+   public static final String USE_DEFAULT_SSL_CONTEXT_PROP_NAME = "useDefaultSslContext";
+
   public static final String NETTY_VERSION;

   /**
@ -181,6 +183,8 @@ public class TransportConstants {

   public static final boolean DEFAULT_VERIFY_HOST = false;

+   public static final boolean DEFAULT_USE_DEFAULT_SSL_CONTEXT = false;
+
   public static final boolean DEFAULT_TCP_NODELAY = true;

   public static final int DEFAULT_TCP_SENDBUFFER_SIZE = 1024 * 1024;
@ -321,6 +325,7 @@ public class TransportConstants {
      allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropMaskPassword());
      allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropPasswordCodec());
      allowableConnectorKeys.add(TransportConstants.NETTY_CONNECT_TIMEOUT);
+      allowableConnectorKeys.add(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME);

      ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys);

--- a/docs/user-manual/en/configuring-transports.md
+++ b/docs/user-manual/en/configuring-transports.md
@ -416,6 +416,15 @@ following additional properties:

    Valid values are `true` or `false`. Default is `false`.

+-   `useDefaultSslContext`
+
+    Only valid on a `connector`. Allows the `connector` to use the "default" SSL
+    context (via `SSLContext.getDefault()`) which can be set programmatically by
+    the client (via `SSLContext.setDefault(SSLContext)`). If set to `true` all
+    other SSL related parameters except for `sslEnabled` are ignored.
+
+    Valid values are `true` or `false`. Default is `false`.
+
 ## Configuring Netty HTTP

 Netty HTTP tunnels packets over the HTTP protocol. It can be useful in
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@ -132,6 +132,33 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
      Assert.assertEquals(text, m.getBodyBuffer().readString());
   }

+   @Test
+   public void testOneWaySSLUsingDefaultSslContext() throws Exception {
+      createCustomSslServer();
+      String text = RandomUtil.randomString();
+
+      tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+      tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
+
+      SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
+
+      ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+      ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
+      ClientSession session = addClientSession(sf.createSession(false, true, true));
+      session.createQueue(CoreClientOverOneWaySSLTest.QUEUE, CoreClientOverOneWaySSLTest.QUEUE, false);
+      ClientProducer producer = addClientProducer(session.createProducer(CoreClientOverOneWaySSLTest.QUEUE));
+
+      ClientMessage message = createTextMessage(session, text);
+      producer.send(message);
+
+      ClientConsumer consumer = addClientConsumer(session.createConsumer(CoreClientOverOneWaySSLTest.QUEUE));
+      session.start();
+
+      ClientMessage m = consumer.receive(1000);
+      Assert.assertNotNull(m);
+      Assert.assertEquals(text, m.getBodyBuffer().readString());
+   }
+
   @Test
   public void testOneWaySSLVerifyHost() throws Exception {
      createCustomSslServer(null, null, true);