ARTEMIS-3155 support better backwards compatibility
Support better backwards compability for SSL keyStoreProvider and trustStoreProvider.
This commit is contained in:
parent
f6a4c8fcde
commit
867bf5e01e
|
@ -430,6 +430,14 @@ public interface ActiveMQClientLogger extends BasicLogger {
|
||||||
format = Message.Format.MESSAGE_FORMAT)
|
format = Message.Format.MESSAGE_FORMAT)
|
||||||
void connectionFactoryParameterIgnored(String parameterName);
|
void connectionFactoryParameterIgnored(String parameterName);
|
||||||
|
|
||||||
|
@LogMessage(level = Logger.Level.WARN)
|
||||||
|
@Message(id = 212079, value = "The upstream connector from the downstream federation will ignore url parameter {0}", format = Message.Format.MESSAGE_FORMAT)
|
||||||
|
void ignoredParameterForDownstreamFederation(String name);
|
||||||
|
|
||||||
|
@LogMessage(level = Logger.Level.WARN)
|
||||||
|
@Message(id = 212080, value = "Using legacy SSL store provider value: {0}. Please use either ''keyStoreType'' or ''trustStoreType'' instead as appropriate.", format = Message.Format.MESSAGE_FORMAT)
|
||||||
|
void oldStoreProvider(String value);
|
||||||
|
|
||||||
@LogMessage(level = Logger.Level.ERROR)
|
@LogMessage(level = Logger.Level.ERROR)
|
||||||
@Message(id = 214000, value = "Failed to call onMessage", format = Message.Format.MESSAGE_FORMAT)
|
@Message(id = 214000, value = "Failed to call onMessage", format = Message.Format.MESSAGE_FORMAT)
|
||||||
void onMessageError(@Cause Throwable e);
|
void onMessageError(@Cause Throwable e);
|
||||||
|
@ -574,8 +582,4 @@ public interface ActiveMQClientLogger extends BasicLogger {
|
||||||
@Message(id = 214033, value = "Cannot resolve host ",
|
@Message(id = 214033, value = "Cannot resolve host ",
|
||||||
format = Message.Format.MESSAGE_FORMAT)
|
format = Message.Format.MESSAGE_FORMAT)
|
||||||
void unableToResolveHost(@Cause UnknownHostException e);
|
void unableToResolveHost(@Cause UnknownHostException e);
|
||||||
|
|
||||||
@LogMessage(level = Logger.Level.WARN)
|
|
||||||
@Message(id = 212079, value = "The upstream connector from the downstream federation will ignore url parameter {0}", format = Message.Format.MESSAGE_FORMAT)
|
|
||||||
void ignoredParameterForDownstreamFederation(String name);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -106,6 +106,7 @@ import io.netty.util.concurrent.Future;
|
||||||
import io.netty.util.concurrent.GlobalEventExecutor;
|
import io.netty.util.concurrent.GlobalEventExecutor;
|
||||||
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
|
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
|
||||||
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
||||||
|
import org.apache.activemq.artemis.api.core.Pair;
|
||||||
import org.apache.activemq.artemis.core.client.ActiveMQClientLogger;
|
import org.apache.activemq.artemis.core.client.ActiveMQClientLogger;
|
||||||
import org.apache.activemq.artemis.core.client.ActiveMQClientMessageBundle;
|
import org.apache.activemq.artemis.core.client.ActiveMQClientMessageBundle;
|
||||||
import org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager;
|
import org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager;
|
||||||
|
@ -596,12 +597,19 @@ public class NettyConnector extends AbstractConnector {
|
||||||
} else {
|
} else {
|
||||||
realKeyStorePath = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v -> useDefaultSslContext ? keyStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
realKeyStorePath = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v -> useDefaultSslContext ? keyStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||||
realKeyStorePassword = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v -> useDefaultSslContext ? keyStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
realKeyStorePassword = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v -> useDefaultSslContext ? keyStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||||
realKeyStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PROVIDER_PROP_NAME), keyStoreProvider).map(v -> useDefaultSslContext ? keyStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
|
|
||||||
realKeyStoreType = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_TYPE_PROP_NAME), keyStoreType).map(v -> useDefaultSslContext ? keyStoreType : v).filter(Objects::nonNull).findFirst().orElse(null);
|
Pair<String, String> keyStoreCompat = SSLSupport.getValidProviderAndType(Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_PROVIDER_PROP_NAME), keyStoreProvider).map(v -> useDefaultSslContext ? keyStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null),
|
||||||
|
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_KEYSTORE_TYPE_PROP_NAME), keyStoreType).map(v -> useDefaultSslContext ? keyStoreType : v).filter(Objects::nonNull).findFirst().orElse(null));
|
||||||
|
realKeyStoreProvider = keyStoreCompat.getA();
|
||||||
|
realKeyStoreType = keyStoreCompat.getB();
|
||||||
|
|
||||||
realTrustStorePath = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME), trustStorePath).map(v -> useDefaultSslContext ? trustStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
realTrustStorePath = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME), trustStorePath).map(v -> useDefaultSslContext ? trustStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||||
realTrustStorePassword = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME), trustStorePassword).map(v -> useDefaultSslContext ? trustStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
realTrustStorePassword = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME), trustStorePassword).map(v -> useDefaultSslContext ? trustStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
|
||||||
realTrustStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PROVIDER_PROP_NAME), trustStoreProvider).map(v -> useDefaultSslContext ? trustStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
|
|
||||||
realTrustStoreType = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_TYPE_PROP_NAME), trustStoreType).map(v -> useDefaultSslContext ? trustStoreType : v).filter(Objects::nonNull).findFirst().orElse(null);
|
Pair<String, String> trustStoreCompat = SSLSupport.getValidProviderAndType(Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_PROVIDER_PROP_NAME), trustStoreProvider).map(v -> useDefaultSslContext ? trustStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null),
|
||||||
|
Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_TYPE_PROP_NAME), System.getProperty(JAVAX_TRUSTSTORE_TYPE_PROP_NAME), trustStoreType).map(v -> useDefaultSslContext ? trustStoreType : v).filter(Objects::nonNull).findFirst().orElse(null));
|
||||||
|
realTrustStoreProvider = trustStoreCompat.getA();
|
||||||
|
realTrustStoreType = trustStoreCompat.getB();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
realKeyStorePath = null;
|
realKeyStorePath = null;
|
||||||
|
|
|
@ -44,7 +44,9 @@ import io.netty.handler.ssl.SslContext;
|
||||||
import io.netty.handler.ssl.SslContextBuilder;
|
import io.netty.handler.ssl.SslContextBuilder;
|
||||||
import io.netty.handler.ssl.SslProvider;
|
import io.netty.handler.ssl.SslProvider;
|
||||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||||
|
import org.apache.activemq.artemis.api.core.Pair;
|
||||||
import org.apache.activemq.artemis.api.core.TrustManagerFactoryPlugin;
|
import org.apache.activemq.artemis.api.core.TrustManagerFactoryPlugin;
|
||||||
|
import org.apache.activemq.artemis.core.client.ActiveMQClientLogger;
|
||||||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||||
import org.apache.activemq.artemis.spi.core.remoting.ssl.SSLContextConfig;
|
import org.apache.activemq.artemis.spi.core.remoting.ssl.SSLContextConfig;
|
||||||
import org.apache.activemq.artemis.utils.ClassloadingUtil;
|
import org.apache.activemq.artemis.utils.ClassloadingUtil;
|
||||||
|
@ -368,4 +370,23 @@ public class SSLSupport {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The changes ARTEMIS-3155 introduced an incompatibility with old clients using the keyStoreProvider and
|
||||||
|
* trustStoreProvider URL properties. These old clients use these properties to set the *type* of store
|
||||||
|
* (e.g. PKCS12, PKCS11, JKS, JCEKS, etc.), but new clients use these to set the *provider* (as the name
|
||||||
|
* implies). This method checks to see if the provider property matches what is expected from old clients
|
||||||
|
* and if so returns they proper provider and type properties to use with the new client implementation.
|
||||||
|
*
|
||||||
|
* @param storeProvider
|
||||||
|
* @param storeType
|
||||||
|
* @return a Pair<String, String> representing the provider and type to use (in that order)
|
||||||
|
*/
|
||||||
|
public static Pair<String, String> getValidProviderAndType(String storeProvider, String storeType) {
|
||||||
|
if (storeProvider != null && (storeProvider.startsWith("PKCS") || storeProvider.equals("JKS") || storeProvider.equals("JCEKS"))) {
|
||||||
|
ActiveMQClientLogger.LOGGER.oldStoreProvider(storeProvider);
|
||||||
|
return new Pair<>(null, storeProvider);
|
||||||
|
}
|
||||||
|
return new Pair<>(storeProvider, storeType);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -289,17 +289,23 @@ public class NettyAcceptor extends AbstractAcceptor {
|
||||||
host = ConfigurationHelper.getStringProperty(TransportConstants.HOST_PROP_NAME, TransportConstants.DEFAULT_HOST, configuration);
|
host = ConfigurationHelper.getStringProperty(TransportConstants.HOST_PROP_NAME, TransportConstants.DEFAULT_HOST, configuration);
|
||||||
port = ConfigurationHelper.getIntProperty(TransportConstants.PORT_PROP_NAME, TransportConstants.DEFAULT_PORT, configuration);
|
port = ConfigurationHelper.getIntProperty(TransportConstants.PORT_PROP_NAME, TransportConstants.DEFAULT_PORT, configuration);
|
||||||
if (sslEnabled) {
|
if (sslEnabled) {
|
||||||
keyStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PROVIDER, configuration);
|
Pair<String, String> keyStoreCompat = SSLSupport.getValidProviderAndType(ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PROVIDER, configuration),
|
||||||
|
ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_TYPE, configuration));
|
||||||
|
|
||||||
keyStoreType = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_TYPE, configuration);
|
keyStoreProvider = keyStoreCompat.getA();
|
||||||
|
|
||||||
|
keyStoreType = keyStoreCompat.getB();
|
||||||
|
|
||||||
keyStorePath = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PATH, configuration);
|
keyStorePath = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PATH, configuration);
|
||||||
|
|
||||||
keyStorePassword = ConfigurationHelper.getPasswordProperty(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, configuration, ActiveMQDefaultConfiguration.getPropMaskPassword(), ActiveMQDefaultConfiguration.getPropPasswordCodec());
|
keyStorePassword = ConfigurationHelper.getPasswordProperty(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, configuration, ActiveMQDefaultConfiguration.getPropMaskPassword(), ActiveMQDefaultConfiguration.getPropPasswordCodec());
|
||||||
|
|
||||||
trustStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, configuration);
|
Pair<String, String> trustStoreCompat = SSLSupport.getValidProviderAndType(ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, configuration),
|
||||||
|
ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_TYPE, configuration));
|
||||||
|
|
||||||
trustStoreType = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_TYPE, configuration);
|
trustStoreProvider = trustStoreCompat.getA();
|
||||||
|
|
||||||
|
trustStoreType = trustStoreCompat.getB();
|
||||||
|
|
||||||
trustStorePath = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PATH, configuration);
|
trustStorePath = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PATH, configuration);
|
||||||
|
|
||||||
|
|
|
@ -27,6 +27,7 @@ import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException;
|
||||||
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
import org.apache.activemq.artemis.api.core.ActiveMQException;
|
||||||
import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
|
import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
|
||||||
import org.apache.activemq.artemis.api.core.Message;
|
import org.apache.activemq.artemis.api.core.Message;
|
||||||
|
import org.apache.activemq.artemis.api.core.Pair;
|
||||||
import org.apache.activemq.artemis.api.core.QueueConfiguration;
|
import org.apache.activemq.artemis.api.core.QueueConfiguration;
|
||||||
import org.apache.activemq.artemis.api.core.RoutingType;
|
import org.apache.activemq.artemis.api.core.RoutingType;
|
||||||
import org.apache.activemq.artemis.api.core.SimpleString;
|
import org.apache.activemq.artemis.api.core.SimpleString;
|
||||||
|
@ -43,10 +44,12 @@ import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
|
||||||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||||
import org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport;
|
import org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport;
|
||||||
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
||||||
|
import org.apache.activemq.artemis.logs.AssertionLoggerHandler;
|
||||||
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
|
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
|
||||||
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
|
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
|
||||||
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
|
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
|
||||||
import org.apache.activemq.artemis.utils.RandomUtil;
|
import org.apache.activemq.artemis.utils.RandomUtil;
|
||||||
|
import org.junit.After;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -60,19 +63,23 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
@Parameterized.Parameters(name = "storeProvider={0}, storeType={1}")
|
@Parameterized.Parameters(name = "storeProvider={0}, storeType={1}")
|
||||||
public static Collection getParameters() {
|
public static Collection getParameters() {
|
||||||
return Arrays.asList(new Object[][]{
|
return Arrays.asList(new Object[][]{
|
||||||
{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_TYPE},
|
{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_TYPE, false},
|
||||||
{"SunJCE", "JCEKS"},
|
{"SunJCE", "JCEKS", false},
|
||||||
{"SUN", "JKS"},
|
{"SUN", "JKS", false},
|
||||||
{"SunJSSE", "PKCS12"}
|
{"SunJSSE", "PKCS12", false},
|
||||||
|
{"JCEKS", null, true}, // for compatibility with old keyStoreProvider
|
||||||
|
{"JKS", null, true}, // for compatibility with old keyStoreProvider
|
||||||
|
{"PKCS12", null, true} // for compatibility with old keyStoreProvider
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public CoreClientOverOneWaySSLTest(String storeProvider, String storeType) {
|
public CoreClientOverOneWaySSLTest(String storeProvider, String storeType, boolean generateWarning) {
|
||||||
this.storeProvider = storeProvider;
|
this.storeProvider = storeProvider;
|
||||||
this.storeType = storeType;
|
this.storeType = storeType;
|
||||||
suffix = storeType.toLowerCase();
|
this.generateWarning = generateWarning;
|
||||||
|
suffix = storeType == null || storeType.length() == 0 ? storeProvider.toLowerCase() : storeType.toLowerCase();
|
||||||
// keytool expects PKCS12 stores to use the extension "p12"
|
// keytool expects PKCS12 stores to use the extension "p12"
|
||||||
if (storeType.equals("PKCS12")) {
|
if (suffix.equalsIgnoreCase("PKCS12")) {
|
||||||
suffix = "p12";
|
suffix = "p12";
|
||||||
}
|
}
|
||||||
SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix;
|
SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix;
|
||||||
|
@ -123,6 +130,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
* keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
|
* keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
|
||||||
* keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
|
* keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
|
||||||
*/
|
*/
|
||||||
|
private boolean generateWarning;
|
||||||
private String storeProvider;
|
private String storeProvider;
|
||||||
private String storeType;
|
private String storeType;
|
||||||
private String SERVER_SIDE_KEYSTORE;
|
private String SERVER_SIDE_KEYSTORE;
|
||||||
|
@ -133,6 +141,21 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
|
|
||||||
private TransportConfiguration tc;
|
private TransportConfiguration tc;
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void validateLogging() {
|
||||||
|
AssertionLoggerHandler.startCapture();
|
||||||
|
}
|
||||||
|
|
||||||
|
@After
|
||||||
|
public void afterValidateLogging() {
|
||||||
|
if (this.generateWarning) {
|
||||||
|
Assert.assertTrue(AssertionLoggerHandler.findText("AMQ212080"));
|
||||||
|
} else {
|
||||||
|
Assert.assertFalse(AssertionLoggerHandler.findText("AMQ212080"));
|
||||||
|
}
|
||||||
|
AssertionLoggerHandler.clear();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOneWaySSL() throws Exception {
|
public void testOneWaySSL() throws Exception {
|
||||||
createCustomSslServer();
|
createCustomSslServer();
|
||||||
|
@ -324,10 +347,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
String text = RandomUtil.randomString();
|
String text = RandomUtil.randomString();
|
||||||
|
|
||||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + PASSWORD;
|
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + PASSWORD;
|
||||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||||
url += ";trustStoreProvider=" + storeProvider;
|
url += ";trustStoreProvider=" + storeProvider;
|
||||||
}
|
}
|
||||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||||
url += ";trustStoreType=" + storeType;
|
url += ";trustStoreType=" + storeType;
|
||||||
}
|
}
|
||||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||||
|
@ -359,10 +382,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
|
|
||||||
String masked = codec.encode(PASSWORD);
|
String masked = codec.encode(PASSWORD);
|
||||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + masked + ";activemq.usemaskedpassword=true";
|
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + masked + ";activemq.usemaskedpassword=true";
|
||||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||||
url += ";trustStoreProvider=" + storeProvider;
|
url += ";trustStoreProvider=" + storeProvider;
|
||||||
}
|
}
|
||||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||||
url += ";trustStoreType=" + storeType;
|
url += ";trustStoreType=" + storeType;
|
||||||
}
|
}
|
||||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||||
|
@ -394,10 +417,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
String masked = codec.encode(PASSWORD);
|
String masked = codec.encode(PASSWORD);
|
||||||
|
|
||||||
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=ENC(" + masked + ")";
|
String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=ENC(" + masked + ")";
|
||||||
if (!storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
||||||
url += ";trustStoreProvider=" + storeProvider;
|
url += ";trustStoreProvider=" + storeProvider;
|
||||||
}
|
}
|
||||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
|
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_TRUSTSTORE_TYPE)) {
|
||||||
url += ";trustStoreType=" + storeType;
|
url += ";trustStoreType=" + storeType;
|
||||||
}
|
}
|
||||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url));
|
||||||
|
@ -426,9 +449,10 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||||
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
|
tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
|
||||||
|
|
||||||
|
Pair<String, String> compat = SSLSupport.getValidProviderAndType(storeProvider, storeType);
|
||||||
SSLContext.setDefault(new SSLSupport()
|
SSLContext.setDefault(new SSLSupport()
|
||||||
.setTruststoreProvider(storeProvider)
|
.setTruststoreProvider(compat.getA())
|
||||||
.setTruststoreType(storeType)
|
.setTruststoreType(compat.getB())
|
||||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||||
.setTruststorePassword(PASSWORD)
|
.setTruststorePassword(PASSWORD)
|
||||||
.createContext());
|
.createContext());
|
||||||
|
@ -777,7 +801,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, storeType);
|
tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, storeType);
|
||||||
tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE);
|
tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE);
|
||||||
tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD);
|
tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD);
|
||||||
tc.getParams().put(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, "TLSv1");
|
tc.getParams().put(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, "TLSv1.2");
|
||||||
|
|
||||||
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
|
ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
|
||||||
ClientSessionFactory sf = null;
|
ClientSessionFactory sf = null;
|
||||||
|
@ -805,7 +829,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOneWaySSLWithGoodServerProtocol() throws Exception {
|
public void testOneWaySSLWithGoodServerProtocol() throws Exception {
|
||||||
createCustomSslServer(null, "TLSv1");
|
createCustomSslServer(null, "TLSv1.2");
|
||||||
String text = RandomUtil.randomString();
|
String text = RandomUtil.randomString();
|
||||||
|
|
||||||
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
|
||||||
|
@ -857,7 +881,8 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
*/
|
*/
|
||||||
for (int i = 0; i < suites.length; i++) {
|
for (int i = 0; i < suites.length; i++) {
|
||||||
String suite = suites[i];
|
String suite = suites[i];
|
||||||
if ((storeType.equals("JCEKS") && suite.contains("RSA") && !suite.contains("ECDH_")) || (!storeType.equals("JCEKS") && !suite.contains("ECDSA") && suite.contains("RSA"))) {
|
String storeType = SSLSupport.getValidProviderAndType(this.storeProvider, this.storeType).getB();
|
||||||
|
if (storeType != null && ((storeType.equals("JCEKS") && suite.contains("RSA") && !suite.contains("ECDH_")) || (!storeType.equals("JCEKS") && !suite.contains("ECDSA") && suite.contains("RSA")))) {
|
||||||
result = suite;
|
result = suite;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -867,13 +892,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String[] getEnabledCipherSuites() throws Exception {
|
public String[] getEnabledCipherSuites() throws Exception {
|
||||||
|
Pair<String, String> compat = SSLSupport.getValidProviderAndType(storeProvider, storeType);
|
||||||
SSLContext context = new SSLSupport()
|
SSLContext context = new SSLSupport()
|
||||||
.setKeystoreProvider(storeProvider)
|
.setKeystoreProvider(compat.getA())
|
||||||
.setKeystoreType(storeType)
|
.setKeystoreType(compat.getB())
|
||||||
.setKeystorePath(SERVER_SIDE_KEYSTORE)
|
.setKeystorePath(SERVER_SIDE_KEYSTORE)
|
||||||
.setKeystorePassword(PASSWORD)
|
.setKeystorePassword(PASSWORD)
|
||||||
.setTruststoreProvider(storeProvider)
|
.setTruststoreProvider(compat.getA())
|
||||||
.setTruststoreType(storeType)
|
.setTruststoreType(compat.getB())
|
||||||
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
.setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
|
||||||
.setTruststorePassword(PASSWORD)
|
.setTruststorePassword(PASSWORD)
|
||||||
.createContext();
|
.createContext();
|
||||||
|
|
|
@ -76,7 +76,11 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
||||||
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
||||||
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
{"SunJSSE", "PKCS12", TransportConstants.OPENSSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||||
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER},
|
||||||
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}
|
{"SunJSSE", "PKCS12", TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||||
|
{TransportConstants.DEFAULT_KEYSTORE_TYPE, null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||||
|
{"JCEKS", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||||
|
{"JKS", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER},
|
||||||
|
{"PKCS12", null, TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -86,9 +90,9 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
||||||
this.clientSSLProvider = clientSSLProvider;
|
this.clientSSLProvider = clientSSLProvider;
|
||||||
this.serverSSLProvider = serverSSLProvider;
|
this.serverSSLProvider = serverSSLProvider;
|
||||||
|
|
||||||
String suffix = storeType.toLowerCase();
|
String suffix = storeType == null || storeType.length() == 0 ? storeProvider.toLowerCase() : storeType.toLowerCase();
|
||||||
// keytool expects PKCS12 stores to use the extension "p12"
|
// keytool expects PKCS12 stores to use the extension "p12"
|
||||||
if (storeType.equals("PKCS12")) {
|
if (suffix.equalsIgnoreCase("PKCS12")) {
|
||||||
suffix = "p12";
|
suffix = "p12";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -364,7 +368,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
|
||||||
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_KEYSTORE_PROVIDER)) {
|
if (storeProvider != null && !storeProvider.equals(TransportConstants.DEFAULT_KEYSTORE_PROVIDER)) {
|
||||||
uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeProvider);
|
uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeProvider);
|
||||||
}
|
}
|
||||||
if (!storeType.equals(TransportConstants.DEFAULT_KEYSTORE_TYPE)) {
|
if (storeType != null && !storeType.equals(TransportConstants.DEFAULT_KEYSTORE_TYPE)) {
|
||||||
uri.append("&").append(TransportConstants.KEYSTORE_TYPE_PROP_NAME).append("=").append(storeType);
|
uri.append("&").append(TransportConstants.KEYSTORE_TYPE_PROP_NAME).append("=").append(storeType);
|
||||||
}
|
}
|
||||||
uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE);
|
uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE);
|
||||||
|
|
Loading…
Reference in New Issue