This closes #3321
This commit is contained in:
commit
99ac060b88
|
@ -86,7 +86,7 @@ under the License.
|
||||||
<ignore>${noServer}</ignore>
|
<ignore>${noServer}</ignore>
|
||||||
<spawn>true</spawn>
|
<spawn>true</spawn>
|
||||||
<location>${basedir}/target/server1</location>
|
<location>${basedir}/target/server1</location>
|
||||||
<testURI>tcp://localhost:5771</testURI>
|
<testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/activemq.example.truststore;trustStorePassword=activemqexample</testURI>
|
||||||
<args>
|
<args>
|
||||||
<param>run</param>
|
<param>run</param>
|
||||||
</args>
|
</args>
|
||||||
|
@ -102,7 +102,7 @@ under the License.
|
||||||
<spawn>true</spawn>
|
<spawn>true</spawn>
|
||||||
<ignore>${noServer}</ignore>
|
<ignore>${noServer}</ignore>
|
||||||
<location>${basedir}/target/server0</location>
|
<location>${basedir}/target/server0</location>
|
||||||
<testURI>tcp://localhost:5671</testURI>
|
<testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/activemq.example.truststore;trustStorePassword=activemqexample</testURI>
|
||||||
<args>
|
<args>
|
||||||
<param>run</param>
|
<param>run</param>
|
||||||
</args>
|
</args>
|
||||||
|
|
|
@ -6,4 +6,6 @@ This example demonstrates how you can create a broker connection from one broker
|
||||||
|
|
||||||
You basically configured the broker connection on broker.xml and this example will give you two working servers where you send messages in one broker and receive it on another broker.
|
You basically configured the broker connection on broker.xml and this example will give you two working servers where you send messages in one broker and receive it on another broker.
|
||||||
|
|
||||||
The Broker connection on this example is configured to use SSL. The client connections here are using regular connections.
|
The connection between the two brokers as well as the client connections are all configured to use SSL.
|
||||||
|
|
||||||
|
The keystore and trustores used in the example were generated with store-generation.txt
|
||||||
|
|
|
@ -35,7 +35,7 @@ public class BrokerConnectionSenderSSL {
|
||||||
|
|
||||||
public static void main(final String[] args) throws Exception {
|
public static void main(final String[] args) throws Exception {
|
||||||
Connection connectionOnServer0 = null;
|
Connection connectionOnServer0 = null;
|
||||||
ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5672?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false");
|
ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample");
|
||||||
|
|
||||||
// Step 1. Create a connection on server0, and send a few messages
|
// Step 1. Create a connection on server0, and send a few messages
|
||||||
try {
|
try {
|
||||||
|
@ -58,7 +58,7 @@ public class BrokerConnectionSenderSSL {
|
||||||
// Step 2. create a connection on server1, and receive a few messages.
|
// Step 2. create a connection on server1, and receive a few messages.
|
||||||
// the sender on the broker conneciton will take care of the transfer.
|
// the sender on the broker conneciton will take care of the transfer.
|
||||||
Connection connectionOnServer1 = null;
|
Connection connectionOnServer1 = null;
|
||||||
ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5772?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample&transport.verifyHost=false");
|
ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server1/etc/activemq.example.truststore&transport.trustStorePassword=activemqexample");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
connectionOnServer1 = connectionFactoryServer1.createConnection();
|
connectionOnServer1 = connectionFactoryServer1.createConnection();
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -31,12 +31,12 @@ under the License.
|
||||||
<!-- Acceptors -->
|
<!-- Acceptors -->
|
||||||
<acceptors>
|
<acceptors>
|
||||||
<!-- keystores will be found automatically if they are on the classpath -->
|
<!-- keystores will be found automatically if they are on the classpath -->
|
||||||
<acceptor name="artemis">tcp://0.0.0.0:5671?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor>
|
<!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
|
||||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5672?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
|
<acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE</acceptor>
|
||||||
</acceptors>
|
</acceptors>
|
||||||
|
|
||||||
<broker-connections>
|
<broker-connections>
|
||||||
<amqp-connection uri="tcp://localhost:5772?sslEnabled=true;trustStorePath=activemq.example.truststore;trustStorePassword=activemqexample" name="otherSSL" retry-interval="1000">
|
<amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=activemq.example.truststore;trustStorePassword=activemqexample" name="otherBrokerSSL" retry-interval="1000">
|
||||||
<sender address-match="#"/>
|
<sender address-match="#"/>
|
||||||
</amqp-connection>
|
</amqp-connection>
|
||||||
</broker-connections>
|
</broker-connections>
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -31,8 +31,8 @@ under the License.
|
||||||
<!-- Acceptors -->
|
<!-- Acceptors -->
|
||||||
<acceptors>
|
<acceptors>
|
||||||
<!-- keystores will be found automatically if they are on the classpath -->
|
<!-- keystores will be found automatically if they are on the classpath -->
|
||||||
<acceptor name="artemis">tcp://0.0.0.0:5771?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor>
|
<!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
|
||||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5772?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
|
<acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;protocols=AMQP,CORE</acceptor>
|
||||||
</acceptors>
|
</acceptors>
|
||||||
|
|
||||||
<!-- Other config -->
|
<!-- Other config -->
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
# The various SSL stores and certificates were created with the following commands:
|
||||||
|
# This can be run as a script by sourcing the file, e.g ". store-generation.txt"
|
||||||
|
|
||||||
|
|
||||||
|
# Clean up any existing files
|
||||||
|
# ---------------------------
|
||||||
|
rm -f *.crt *.csr *.keystore *.truststore
|
||||||
|
rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.truststore
|
||||||
|
rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.truststore
|
||||||
|
|
||||||
|
# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
|
||||||
|
# ----------------------------------------------------------------------------------------------------
|
||||||
|
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -keypass activemqexample -alias ca -genkey -keyalg "RSA" -keysize 2048 -dname "O=My Trusted Example Inc.,CN=my-example-ca.org" -validity 9999 -ext bc:c=ca:true
|
||||||
|
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -exportcert -rfc > ca.crt
|
||||||
|
|
||||||
|
# Create a key pair, and sign it with the CA:
|
||||||
|
# -------------------------------------------
|
||||||
|
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -alias broker -genkey -keyalg "RSA" -keysize 2048 -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA
|
||||||
|
|
||||||
|
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -alias broker -certreq -file broker.csr
|
||||||
|
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -gencert -rfc -infile broker.csr -outfile broker.crt -validity 9999 -ext bc=ca:false -ext eku=sA
|
||||||
|
|
||||||
|
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
|
||||||
|
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias broker -file broker.crt
|
||||||
|
|
||||||
|
# Create trust store, import the CA cert:
|
||||||
|
# -------------------------------------------------------
|
||||||
|
keytool -storetype pkcs12 -keystore activemq.example.truststore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
|
||||||
|
keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jceks.truststore -srcstoretype pkcs12 -deststoretype jceks -srcstorepass activemqexample -deststorepass activemqexample
|
||||||
|
keytool -importkeystore -srckeystore activemq.example.truststore -destkeystore broker-jks.truststore -srcstoretype pkcs12 -deststoretype jks -srcstorepass activemqexample -deststorepass activemqexample
|
||||||
|
|
||||||
|
# Copy the stores into place
|
||||||
|
cp activemq.example.truststore src/main/resources/activemq/server1/
|
||||||
|
cp activemq.example.keystore src/main/resources/activemq/server1/
|
||||||
|
|
||||||
|
cp activemq.example.truststore src/main/resources/activemq/server0/
|
||||||
|
cp activemq.example.keystore src/main/resources/activemq/server0/
|
||||||
|
|
||||||
|
# Clean up tmp files
|
||||||
|
rm -f *.crt *.csr *.keystore *.truststore
|
Loading…
Reference in New Issue