ARTEMIS-590 connector option to use default SSL context
This commit is contained in:
parent
1e89bad221
commit
7e0fedf52e
|
@ -206,6 +206,8 @@ public class NettyConnector extends AbstractConnector {
|
|||
|
||||
private boolean verifyHost;
|
||||
|
||||
private boolean useDefaultSslContext;
|
||||
|
||||
private boolean tcpNoDelay;
|
||||
|
||||
private int tcpSendBufferSize;
|
||||
|
@ -326,6 +328,8 @@ public class NettyConnector extends AbstractConnector {
|
|||
enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration);
|
||||
|
||||
verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration);
|
||||
|
||||
useDefaultSslContext = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT, configuration);
|
||||
} else {
|
||||
keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
|
||||
keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
|
||||
|
@ -336,6 +340,7 @@ public class NettyConnector extends AbstractConnector {
|
|||
enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES;
|
||||
enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS;
|
||||
verifyHost = TransportConstants.DEFAULT_VERIFY_HOST;
|
||||
useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT;
|
||||
}
|
||||
|
||||
tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, TransportConstants.DEFAULT_TCP_NODELAY, configuration);
|
||||
|
@ -440,6 +445,9 @@ public class NettyConnector extends AbstractConnector {
|
|||
final SSLContext context;
|
||||
if (sslEnabled) {
|
||||
try {
|
||||
if (useDefaultSslContext) {
|
||||
context = SSLContext.getDefault();
|
||||
} else {
|
||||
// HORNETQ-680 - override the server-side config if client-side system properties are set
|
||||
String realKeyStorePath = keyStorePath;
|
||||
String realKeyStoreProvider = keyStoreProvider;
|
||||
|
@ -481,6 +489,7 @@ public class NettyConnector extends AbstractConnector {
|
|||
realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME);
|
||||
}
|
||||
context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
close();
|
||||
IllegalStateException ise = new IllegalStateException("Unable to create NettyConnector for " + host + ":" + port);
|
||||
|
|
|
@ -101,6 +101,8 @@ public class TransportConstants {
|
|||
|
||||
public static final String BACKLOG_PROP_NAME = "backlog";
|
||||
|
||||
public static final String USE_DEFAULT_SSL_CONTEXT_PROP_NAME = "useDefaultSslContext";
|
||||
|
||||
public static final String NETTY_VERSION;
|
||||
|
||||
/**
|
||||
|
@ -181,6 +183,8 @@ public class TransportConstants {
|
|||
|
||||
public static final boolean DEFAULT_VERIFY_HOST = false;
|
||||
|
||||
public static final boolean DEFAULT_USE_DEFAULT_SSL_CONTEXT = false;
|
||||
|
||||
public static final boolean DEFAULT_TCP_NODELAY = true;
|
||||
|
||||
public static final int DEFAULT_TCP_SENDBUFFER_SIZE = 1024 * 1024;
|
||||
|
@ -321,6 +325,7 @@ public class TransportConstants {
|
|||
allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropMaskPassword());
|
||||
allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropPasswordCodec());
|
||||
allowableConnectorKeys.add(TransportConstants.NETTY_CONNECT_TIMEOUT);
|
||||
allowableConnectorKeys.add(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME);
|
||||
|
||||
ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys);
|
||||
|
||||
|
|
|
@ -416,6 +416,15 @@ following additional properties:
|
|||
|
||||
Valid values are `true` or `false`. Default is `false`.
|
||||
|
||||
- `useDefaultSslContext`
|
||||
|
||||
Only valid on a `connector`. Allows the `connector` to use the "default" SSL
|
||||
context (via `SSLContext.getDefault()`) which can be set programmatically by
|
||||
the client (via `SSLContext.setDefault(SSLContext)`). If set to `true` all
|
||||
other SSL related parameters except for `sslEnabled` are ignored.
|
||||
|
||||
Valid values are `true` or `false`. Default is `false`.
|
||||
|
||||
## Configuring Netty HTTP
|
||||
|
||||
Netty HTTP tunnels packets over the HTTP protocol. It can be useful in
|
||||
|
|
|
@ -132,6 +132,33 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
|||
Assert.assertEquals(text, m.getBodyBuffer().readString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOneWaySSLUsingDefaultSslContext() throws Exception {
|
||||
createCustomSslServer();
|
||||
String text = RandomUtil.randomString();
|
||||
|
||||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
|
||||
|
||||
SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD));
|
||||
|
||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
|
||||
ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
|
||||
ClientSession session = addClientSession(sf.createSession(false, true, true));
|
||||
session.createQueue(CoreClientOverOneWaySSLTest.QUEUE, CoreClientOverOneWaySSLTest.QUEUE, false);
|
||||
ClientProducer producer = addClientProducer(session.createProducer(CoreClientOverOneWaySSLTest.QUEUE));
|
||||
|
||||
ClientMessage message = createTextMessage(session, text);
|
||||
producer.send(message);
|
||||
|
||||
ClientConsumer consumer = addClientConsumer(session.createConsumer(CoreClientOverOneWaySSLTest.QUEUE));
|
||||
session.start();
|
||||
|
||||
ClientMessage m = consumer.receive(1000);
|
||||
Assert.assertNotNull(m);
|
||||
Assert.assertEquals(text, m.getBodyBuffer().readString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOneWaySSLVerifyHost() throws Exception {
|
||||
createCustomSslServer(null, null, true);
|
||||
|
|
Loading…
Reference in New Issue