Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix for: https://issues.apache.org/jira/browse/AMQ-3996 

Updates TransportServer API so that JaasDualAuthenticationBroker can tell when its dealing with a TransportServer that will provide SSL connections and it can validate client certificate chains from ConnectionInfo.  Also updated the properties files to reflect the newly generated certificates. 

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1400155 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Timothy A. Bish 2012-10-19 16:21:53 +00:00
parent 2db73e2b7e
commit 0fffe21720
14 changed files with 181 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
activemq-amqp/src/main/java/org/apache/activemq/transport/amqp/AmqpNioSslTransportFactory.java
View File

@ -16,6 +16,16 @@
*/
package org.apache.activemq.transport.amqp;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportServer;
@ -23,15 +33,6 @@ import org.apache.activemq.transport.tcp.TcpTransport;
import org.apache.activemq.transport.tcp.TcpTransportServer;
import org.apache.activemq.wireformat.WireFormat;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
public class AmqpNioSslTransportFactory extends AmqpNioTransportFactory {
SSLContext context;
@ -46,6 +47,11 @@ public class AmqpNioSslTransportFactory extends AmqpNioTransportFactory {
}
return transport;
}
@Override
public boolean isSslServer() {
return true;
}
};
}

11
activemq-core/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java
View File

@ -17,10 +17,13 @@
package org.apache.activemq.security;
import org.apache.activemq.broker.*;
import org.apache.activemq.broker.jmx.ManagedTransportConnector;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerFilter;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.broker.Connector;
import org.apache.activemq.broker.EmptyBroker;
import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.transport.tcp.SslTransportServer;
/**
@ -86,7 +89,7 @@ public class JaasDualAuthenticationBroker extends BrokerFilter {
Connector connector = context.getConnector();
if (connector instanceof TransportConnector) {
TransportConnector transportConnector = (TransportConnector) connector;
isSSL = (transportConnector.getServer() instanceof SslTransportServer);
isSSL = transportConnector.getServer().isSslServer();
} else {
isSSL = false;
}

10
activemq-core/src/main/java/org/apache/activemq/transport/TransportServer.java
View File

@ -55,4 +55,14 @@ public interface TransportServer extends Service {
*/
InetSocketAddress getSocketAddress();
/**
* For TransportServers that provide SSL connections to their connected peers they should
* return true here if and only if they populate the ConnectionInfo command presented to
* the Broker with the peers certificate chain so that the broker knows it can use that
* information to authenticate the connected peer.
*
* @return true if this transport server provides SSL level security over its
* connections.
*/
boolean isSslServer();
}

3
activemq-core/src/main/java/org/apache/activemq/transport/TransportServerFilter.java
View File

@ -56,4 +56,7 @@ public class TransportServerFilter implements TransportServer {
return next.getSocketAddress();
}
public boolean isSslServer() {
return next.isSslServer();
}
}

38
activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportFactory.java
View File

@ -17,23 +17,6 @@
package org.apache.activemq.transport.nio;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportServer;
import org.apache.activemq.transport.tcp.SslTransport;
import org.apache.activemq.transport.tcp.SslTransportFactory;
import org.apache.activemq.transport.tcp.TcpTransport;
import org.apache.activemq.transport.tcp.TcpTransportServer;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.activemq.util.IntrospectionSupport;
import org.apache.activemq.wireformat.WireFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
@ -41,6 +24,22 @@ import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.Map;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportServer;
import org.apache.activemq.transport.tcp.SslTransport;
import org.apache.activemq.transport.tcp.TcpTransportServer;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.activemq.util.IntrospectionSupport;
import org.apache.activemq.wireformat.WireFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class NIOSSLTransportFactory extends NIOTransportFactory {
private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransportFactory.class);
SSLContext context;
@ -54,6 +53,11 @@ public class NIOSSLTransportFactory extends NIOTransportFactory {
}
return transport;
}
@Override
public boolean isSslServer() {
return true;
}
};
}

24
activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompNIOSSLTransportFactory.java
View File

@ -16,6 +16,16 @@
*/
package org.apache.activemq.transport.stomp;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportServer;
@ -23,15 +33,6 @@ import org.apache.activemq.transport.tcp.TcpTransport;
import org.apache.activemq.transport.tcp.TcpTransportServer;
import org.apache.activemq.wireformat.WireFormat;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
public class StompNIOSSLTransportFactory extends StompNIOTransportFactory {
SSLContext context;
@ -46,6 +47,11 @@ public class StompNIOSSLTransportFactory extends StompNIOTransportFactory {
}
return transport;
}
@Override
public boolean isSslServer() {
return false;
}
};
}

12
activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
View File

@ -45,7 +45,6 @@ public class SslTransportServer extends TcpTransportServer {
// Specifies if sockets created from this server should wantClientAuth.
private boolean wantClientAuth;
/**
* Creates a ssl transport server for the specified url using the provided
* serverSocketFactory
@ -56,10 +55,7 @@ public class SslTransportServer extends TcpTransportServer {
* @throws IOException passed up from TcpTransportFactory.
* @throws URISyntaxException passed up from TcpTransportFactory.
*/
public SslTransportServer(
SslTransportFactory transportFactory,
URI location,
SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
public SslTransportServer(SslTransportFactory transportFactory, URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
super(transportFactory, location, serverSocketFactory);
}
@ -126,4 +122,10 @@ public class SslTransportServer extends TcpTransportServer {
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
return new SslTransport(format, (SSLSocket)socket);
}
@Override
public boolean isSslServer() {
return true;
}
}

47
activemq-core/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
View File

@ -119,7 +119,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
super(location);
this.transportFactory = transportFactory;
this.serverSocketFactory = serverSocketFactory;
}
public void bind() throws IOException {
@ -130,10 +129,8 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
InetAddress addr = InetAddress.getByName(host);
try {
this.serverSocket = serverSocketFactory.createServerSocket(bind.getPort(), backlog, addr);
configureServerSocket(this.serverSocket);
} catch (IOException e) {
throw IOExceptionSupport.create("Failed to bind to server socket: " + bind + " due to: " + e, e);
}
@ -235,7 +232,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
return startLogging;
}
public void setStartLogging(boolean startLogging) {
this.startLogging = startLogging;
}
@ -268,7 +264,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
this.useQueueForAccept = useQueueForAccept;
}
/**
* pull Sockets from the ServerSocket
*/
@ -435,29 +430,29 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
}
public int getSoTimeout() {
return soTimeout;
}
public int getSoTimeout() {
return soTimeout;
}
public void setSoTimeout(int soTimeout) {
this.soTimeout = soTimeout;
}
public void setSoTimeout(int soTimeout) {
this.soTimeout = soTimeout;
}
public int getSocketBufferSize() {
return socketBufferSize;
}
public int getSocketBufferSize() {
return socketBufferSize;
}
public void setSocketBufferSize(int socketBufferSize) {
this.socketBufferSize = socketBufferSize;
}
public void setSocketBufferSize(int socketBufferSize) {
this.socketBufferSize = socketBufferSize;
}
public int getConnectionTimeout() {
return connectionTimeout;
}
public int getConnectionTimeout() {
return connectionTimeout;
}
public void setConnectionTimeout(int connectionTimeout) {
this.connectionTimeout = connectionTimeout;
}
public void setConnectionTimeout(int connectionTimeout) {
this.connectionTimeout = connectionTimeout;
}
/**
* @return the maximumConnections
@ -473,7 +468,6 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
this.maximumConnections = maximumConnections;
}
public void started(Service service) {
this.currentTransportCount++;
}
@ -481,4 +475,9 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
public void stopped(Service service) {
this.currentTransportCount--;
}
@Override
public boolean isSslServer() {
return false;
}
}

6
activemq-core/src/main/java/org/apache/activemq/transport/udp/UdpTransportServer.java
View File

@ -34,7 +34,6 @@ import org.apache.activemq.transport.TransportServer;
import org.apache.activemq.transport.TransportServerSupport;
import org.apache.activemq.transport.reliable.ReliableTransport;
import org.apache.activemq.transport.reliable.ReplayStrategy;
import org.apache.activemq.transport.reliable.Replayer;
import org.apache.activemq.util.ServiceStopper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -175,4 +174,9 @@ public class UdpTransportServer extends TransportServerSupport {
public InetSocketAddress getSocketAddress() {
return serverTransport.getLocalSocketAddress();
}
@Override
public boolean isSslServer() {
return false;
}
}

5
activemq-core/src/main/java/org/apache/activemq/transport/vm/VMTransportServer.java
View File

@ -137,4 +137,9 @@ public class VMTransportServer implements TransportServer {
public int getConnectionCount() {
return connectionCount.intValue();
}
@Override
public boolean isSslServer() {
return false;
}
}

4
activemq-core/src/test/resources/org/apache/activemq/security/users1.properties
View File

@ -15,5 +15,5 @@
## limitations under the License.
## ---------------------------------------------------------------------------
client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
broker2=CN=broker2, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
client=CN=client, OU=activemq, O=apache
broker2=CN=broker2, OU=activemq, O=apache

4
activemq-core/src/test/resources/org/apache/activemq/security/users2.properties
View File

@ -15,5 +15,5 @@
## limitations under the License.
## ---------------------------------------------------------------------------
client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
broker1=CN=broker1, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
client=CN=client, OU=activemq, O=apache
broker1=CN=broker1, OU=activemq, O=apache

5
activemq-optional/src/main/java/org/apache/activemq/transport/http/HttpTransportServer.java
View File

@ -114,4 +114,9 @@ public class HttpTransportServer extends WebTransportServerSupport {
socketConnectorFactory.setTransportOptions(transportOptions);
super.setTransportOption(transportOptions);
}
@Override
public boolean isSslServer() {
return false;
}
}

5
activemq-optional/src/main/java/org/apache/activemq/transport/ws/WSTransportServer.java
View File

@ -100,4 +100,9 @@ public class WSTransportServer extends WebTransportServerSupport {
super.setTransportOption(transportOptions);
}
@Override
public boolean isSslServer() {
return false;
}
}