mirror of https://github.com/apache/activemq.git
Updates TransportServer API so that JaasDualAuthenticationBroker can tell when its dealing with a TransportServer that will provide SSL connections and it can validate client certificate chains from ConnectionInfo. Also updated the properties files to reflect the newly generated certificates. git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1400155 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2db73e2b7e
commit
0fffe21720
|
@ -16,6 +16,16 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.activemq.transport.amqp;
|
package org.apache.activemq.transport.amqp;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.Socket;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
|
||||||
|
import javax.net.ServerSocketFactory;
|
||||||
|
import javax.net.SocketFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
|
||||||
import org.apache.activemq.broker.SslContext;
|
import org.apache.activemq.broker.SslContext;
|
||||||
import org.apache.activemq.transport.Transport;
|
import org.apache.activemq.transport.Transport;
|
||||||
import org.apache.activemq.transport.TransportServer;
|
import org.apache.activemq.transport.TransportServer;
|
||||||
|
@ -23,15 +33,6 @@ import org.apache.activemq.transport.tcp.TcpTransport;
|
||||||
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
||||||
import org.apache.activemq.wireformat.WireFormat;
|
import org.apache.activemq.wireformat.WireFormat;
|
||||||
|
|
||||||
import javax.net.ServerSocketFactory;
|
|
||||||
import javax.net.SocketFactory;
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.Socket;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URISyntaxException;
|
|
||||||
import java.net.UnknownHostException;
|
|
||||||
|
|
||||||
public class AmqpNioSslTransportFactory extends AmqpNioTransportFactory {
|
public class AmqpNioSslTransportFactory extends AmqpNioTransportFactory {
|
||||||
|
|
||||||
SSLContext context;
|
SSLContext context;
|
||||||
|
@ -46,6 +47,11 @@ public class AmqpNioSslTransportFactory extends AmqpNioTransportFactory {
|
||||||
}
|
}
|
||||||
return transport;
|
return transport;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,13 @@
|
||||||
|
|
||||||
package org.apache.activemq.security;
|
package org.apache.activemq.security;
|
||||||
|
|
||||||
import org.apache.activemq.broker.*;
|
import org.apache.activemq.broker.Broker;
|
||||||
import org.apache.activemq.broker.jmx.ManagedTransportConnector;
|
import org.apache.activemq.broker.BrokerFilter;
|
||||||
|
import org.apache.activemq.broker.ConnectionContext;
|
||||||
|
import org.apache.activemq.broker.Connector;
|
||||||
|
import org.apache.activemq.broker.EmptyBroker;
|
||||||
|
import org.apache.activemq.broker.TransportConnector;
|
||||||
import org.apache.activemq.command.ConnectionInfo;
|
import org.apache.activemq.command.ConnectionInfo;
|
||||||
|
|
||||||
import org.apache.activemq.transport.tcp.SslTransportServer;
|
import org.apache.activemq.transport.tcp.SslTransportServer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -86,7 +89,7 @@ public class JaasDualAuthenticationBroker extends BrokerFilter {
|
||||||
Connector connector = context.getConnector();
|
Connector connector = context.getConnector();
|
||||||
if (connector instanceof TransportConnector) {
|
if (connector instanceof TransportConnector) {
|
||||||
TransportConnector transportConnector = (TransportConnector) connector;
|
TransportConnector transportConnector = (TransportConnector) connector;
|
||||||
isSSL = (transportConnector.getServer() instanceof SslTransportServer);
|
isSSL = transportConnector.getServer().isSslServer();
|
||||||
} else {
|
} else {
|
||||||
isSSL = false;
|
isSSL = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,4 +55,14 @@ public interface TransportServer extends Service {
|
||||||
*/
|
*/
|
||||||
InetSocketAddress getSocketAddress();
|
InetSocketAddress getSocketAddress();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* For TransportServers that provide SSL connections to their connected peers they should
|
||||||
|
* return true here if and only if they populate the ConnectionInfo command presented to
|
||||||
|
* the Broker with the peers certificate chain so that the broker knows it can use that
|
||||||
|
* information to authenticate the connected peer.
|
||||||
|
*
|
||||||
|
* @return true if this transport server provides SSL level security over its
|
||||||
|
* connections.
|
||||||
|
*/
|
||||||
|
boolean isSslServer();
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,4 +56,7 @@ public class TransportServerFilter implements TransportServer {
|
||||||
return next.getSocketAddress();
|
return next.getSocketAddress();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return next.isSslServer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,23 +17,6 @@
|
||||||
|
|
||||||
package org.apache.activemq.transport.nio;
|
package org.apache.activemq.transport.nio;
|
||||||
|
|
||||||
import org.apache.activemq.broker.SslContext;
|
|
||||||
import org.apache.activemq.transport.Transport;
|
|
||||||
import org.apache.activemq.transport.TransportServer;
|
|
||||||
import org.apache.activemq.transport.tcp.SslTransport;
|
|
||||||
import org.apache.activemq.transport.tcp.SslTransportFactory;
|
|
||||||
import org.apache.activemq.transport.tcp.TcpTransport;
|
|
||||||
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
|
||||||
import org.apache.activemq.util.IOExceptionSupport;
|
|
||||||
import org.apache.activemq.util.IntrospectionSupport;
|
|
||||||
import org.apache.activemq.wireformat.WireFormat;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
import javax.net.ServerSocketFactory;
|
|
||||||
import javax.net.SocketFactory;
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import javax.net.ssl.SSLSocketFactory;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
@ -41,6 +24,22 @@ import java.net.URISyntaxException;
|
||||||
import java.net.UnknownHostException;
|
import java.net.UnknownHostException;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.net.ServerSocketFactory;
|
||||||
|
import javax.net.SocketFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
|
||||||
|
import org.apache.activemq.broker.SslContext;
|
||||||
|
import org.apache.activemq.transport.Transport;
|
||||||
|
import org.apache.activemq.transport.TransportServer;
|
||||||
|
import org.apache.activemq.transport.tcp.SslTransport;
|
||||||
|
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
||||||
|
import org.apache.activemq.util.IOExceptionSupport;
|
||||||
|
import org.apache.activemq.util.IntrospectionSupport;
|
||||||
|
import org.apache.activemq.wireformat.WireFormat;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class NIOSSLTransportFactory extends NIOTransportFactory {
|
public class NIOSSLTransportFactory extends NIOTransportFactory {
|
||||||
private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransportFactory.class);
|
private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransportFactory.class);
|
||||||
SSLContext context;
|
SSLContext context;
|
||||||
|
@ -54,6 +53,11 @@ public class NIOSSLTransportFactory extends NIOTransportFactory {
|
||||||
}
|
}
|
||||||
return transport;
|
return transport;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,16 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.activemq.transport.stomp;
|
package org.apache.activemq.transport.stomp;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.Socket;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
|
||||||
|
import javax.net.ServerSocketFactory;
|
||||||
|
import javax.net.SocketFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
|
||||||
import org.apache.activemq.broker.SslContext;
|
import org.apache.activemq.broker.SslContext;
|
||||||
import org.apache.activemq.transport.Transport;
|
import org.apache.activemq.transport.Transport;
|
||||||
import org.apache.activemq.transport.TransportServer;
|
import org.apache.activemq.transport.TransportServer;
|
||||||
|
@ -23,15 +33,6 @@ import org.apache.activemq.transport.tcp.TcpTransport;
|
||||||
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
import org.apache.activemq.transport.tcp.TcpTransportServer;
|
||||||
import org.apache.activemq.wireformat.WireFormat;
|
import org.apache.activemq.wireformat.WireFormat;
|
||||||
|
|
||||||
import javax.net.ServerSocketFactory;
|
|
||||||
import javax.net.SocketFactory;
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.Socket;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URISyntaxException;
|
|
||||||
import java.net.UnknownHostException;
|
|
||||||
|
|
||||||
public class StompNIOSSLTransportFactory extends StompNIOTransportFactory {
|
public class StompNIOSSLTransportFactory extends StompNIOTransportFactory {
|
||||||
|
|
||||||
SSLContext context;
|
SSLContext context;
|
||||||
|
@ -46,6 +47,11 @@ public class StompNIOSSLTransportFactory extends StompNIOTransportFactory {
|
||||||
}
|
}
|
||||||
return transport;
|
return transport;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,6 @@ public class SslTransportServer extends TcpTransportServer {
|
||||||
// Specifies if sockets created from this server should wantClientAuth.
|
// Specifies if sockets created from this server should wantClientAuth.
|
||||||
private boolean wantClientAuth;
|
private boolean wantClientAuth;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a ssl transport server for the specified url using the provided
|
* Creates a ssl transport server for the specified url using the provided
|
||||||
* serverSocketFactory
|
* serverSocketFactory
|
||||||
|
@ -56,10 +55,7 @@ public class SslTransportServer extends TcpTransportServer {
|
||||||
* @throws IOException passed up from TcpTransportFactory.
|
* @throws IOException passed up from TcpTransportFactory.
|
||||||
* @throws URISyntaxException passed up from TcpTransportFactory.
|
* @throws URISyntaxException passed up from TcpTransportFactory.
|
||||||
*/
|
*/
|
||||||
public SslTransportServer(
|
public SslTransportServer(SslTransportFactory transportFactory, URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
|
||||||
SslTransportFactory transportFactory,
|
|
||||||
URI location,
|
|
||||||
SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
|
|
||||||
super(transportFactory, location, serverSocketFactory);
|
super(transportFactory, location, serverSocketFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -126,4 +122,10 @@ public class SslTransportServer extends TcpTransportServer {
|
||||||
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
|
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
|
||||||
return new SslTransport(format, (SSLSocket)socket);
|
return new SslTransport(format, (SSLSocket)socket);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -119,7 +119,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
super(location);
|
super(location);
|
||||||
this.transportFactory = transportFactory;
|
this.transportFactory = transportFactory;
|
||||||
this.serverSocketFactory = serverSocketFactory;
|
this.serverSocketFactory = serverSocketFactory;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void bind() throws IOException {
|
public void bind() throws IOException {
|
||||||
|
@ -130,10 +129,8 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
InetAddress addr = InetAddress.getByName(host);
|
InetAddress addr = InetAddress.getByName(host);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
this.serverSocket = serverSocketFactory.createServerSocket(bind.getPort(), backlog, addr);
|
this.serverSocket = serverSocketFactory.createServerSocket(bind.getPort(), backlog, addr);
|
||||||
configureServerSocket(this.serverSocket);
|
configureServerSocket(this.serverSocket);
|
||||||
|
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw IOExceptionSupport.create("Failed to bind to server socket: " + bind + " due to: " + e, e);
|
throw IOExceptionSupport.create("Failed to bind to server socket: " + bind + " due to: " + e, e);
|
||||||
}
|
}
|
||||||
|
@ -235,7 +232,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
return startLogging;
|
return startLogging;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public void setStartLogging(boolean startLogging) {
|
public void setStartLogging(boolean startLogging) {
|
||||||
this.startLogging = startLogging;
|
this.startLogging = startLogging;
|
||||||
}
|
}
|
||||||
|
@ -268,7 +264,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
this.useQueueForAccept = useQueueForAccept;
|
this.useQueueForAccept = useQueueForAccept;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* pull Sockets from the ServerSocket
|
* pull Sockets from the ServerSocket
|
||||||
*/
|
*/
|
||||||
|
@ -435,29 +430,29 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getSoTimeout() {
|
public int getSoTimeout() {
|
||||||
return soTimeout;
|
return soTimeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setSoTimeout(int soTimeout) {
|
public void setSoTimeout(int soTimeout) {
|
||||||
this.soTimeout = soTimeout;
|
this.soTimeout = soTimeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getSocketBufferSize() {
|
public int getSocketBufferSize() {
|
||||||
return socketBufferSize;
|
return socketBufferSize;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setSocketBufferSize(int socketBufferSize) {
|
public void setSocketBufferSize(int socketBufferSize) {
|
||||||
this.socketBufferSize = socketBufferSize;
|
this.socketBufferSize = socketBufferSize;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getConnectionTimeout() {
|
public int getConnectionTimeout() {
|
||||||
return connectionTimeout;
|
return connectionTimeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setConnectionTimeout(int connectionTimeout) {
|
public void setConnectionTimeout(int connectionTimeout) {
|
||||||
this.connectionTimeout = connectionTimeout;
|
this.connectionTimeout = connectionTimeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the maximumConnections
|
* @return the maximumConnections
|
||||||
|
@ -473,7 +468,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
this.maximumConnections = maximumConnections;
|
this.maximumConnections = maximumConnections;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public void started(Service service) {
|
public void started(Service service) {
|
||||||
this.currentTransportCount++;
|
this.currentTransportCount++;
|
||||||
}
|
}
|
||||||
|
@ -481,4 +475,9 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
||||||
public void stopped(Service service) {
|
public void stopped(Service service) {
|
||||||
this.currentTransportCount--;
|
this.currentTransportCount--;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,6 @@ import org.apache.activemq.transport.TransportServer;
|
||||||
import org.apache.activemq.transport.TransportServerSupport;
|
import org.apache.activemq.transport.TransportServerSupport;
|
||||||
import org.apache.activemq.transport.reliable.ReliableTransport;
|
import org.apache.activemq.transport.reliable.ReliableTransport;
|
||||||
import org.apache.activemq.transport.reliable.ReplayStrategy;
|
import org.apache.activemq.transport.reliable.ReplayStrategy;
|
||||||
import org.apache.activemq.transport.reliable.Replayer;
|
|
||||||
import org.apache.activemq.util.ServiceStopper;
|
import org.apache.activemq.util.ServiceStopper;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -175,4 +174,9 @@ public class UdpTransportServer extends TransportServerSupport {
|
||||||
public InetSocketAddress getSocketAddress() {
|
public InetSocketAddress getSocketAddress() {
|
||||||
return serverTransport.getLocalSocketAddress();
|
return serverTransport.getLocalSocketAddress();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -137,4 +137,9 @@ public class VMTransportServer implements TransportServer {
|
||||||
public int getConnectionCount() {
|
public int getConnectionCount() {
|
||||||
return connectionCount.intValue();
|
return connectionCount.intValue();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,5 +15,5 @@
|
||||||
## limitations under the License.
|
## limitations under the License.
|
||||||
## ---------------------------------------------------------------------------
|
## ---------------------------------------------------------------------------
|
||||||
|
|
||||||
client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
|
client=CN=client, OU=activemq, O=apache
|
||||||
broker2=CN=broker2, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
|
broker2=CN=broker2, OU=activemq, O=apache
|
|
@ -15,5 +15,5 @@
|
||||||
## limitations under the License.
|
## limitations under the License.
|
||||||
## ---------------------------------------------------------------------------
|
## ---------------------------------------------------------------------------
|
||||||
|
|
||||||
client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
|
client=CN=client, OU=activemq, O=apache
|
||||||
broker1=CN=broker1, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
|
broker1=CN=broker1, OU=activemq, O=apache
|
|
@ -114,4 +114,9 @@ public class HttpTransportServer extends WebTransportServerSupport {
|
||||||
socketConnectorFactory.setTransportOptions(transportOptions);
|
socketConnectorFactory.setTransportOptions(transportOptions);
|
||||||
super.setTransportOption(transportOptions);
|
super.setTransportOption(transportOptions);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -100,4 +100,9 @@ public class WSTransportServer extends WebTransportServerSupport {
|
||||||
super.setTransportOption(transportOptions);
|
super.setTransportOption(transportOptions);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSslServer() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue