Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https://issues.apache.org/jira/browse/AMQ-5295 

HTTPS Network Connector doesn't work with Mutual authentication-
HTTPSClientTransport uses wrong SSLSocketFactory
This commit is contained in:
Timothy Bish 2014-08-13 12:44:25 -04:00
parent 00921f22ff
commit 14678e1c44
1 changed files with 46 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
activemq-http/src/main/java/org/apache/activemq/transport/https/HttpsClientTransport.java
View File

@ -17,20 +17,18 @@
*/ */
package org.apache.activemq.transport.https; package org.apache.activemq.transport.https;
import java.io.IOException;
import java.net.URI;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.transport.http.HttpClientTransport; import org.apache.activemq.transport.http.HttpClientTransport;
import org.apache.activemq.transport.util.TextWireFormat; import org.apache.activemq.transport.util.TextWireFormat;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.conn.PoolingClientConnectionManager; import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.URI;
import java.security.KeyStore;
public class HttpsClientTransport extends HttpClientTransport { public class HttpsClientTransport extends HttpClientTransport {
@ -48,10 +46,7 @@ public class HttpsClientTransport extends HttpClientTransport {
SchemeRegistry schemeRegistry = new SchemeRegistry(); SchemeRegistry schemeRegistry = new SchemeRegistry();
try { try {
// register the default socket factory so that it looks at the javax.net.ssl.keyStore, SSLSocketFactory sslSocketFactory = new SSLSocketFactory(createSocketFactory(),
// javax.net.ssl.trustStore, etc, properties by default
SSLSocketFactory sslSocketFactory =
new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory)); schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
return schemeRegistry; return schemeRegistry;
@ -59,4 +54,25 @@ public class HttpsClientTransport extends HttpClientTransport {
throw new IllegalStateException("Failure trying to create scheme registry", e); throw new IllegalStateException("Failure trying to create scheme registry", e);
} }
} }
/**
* Creates a new SSL SocketFactory. The given factory will use user-provided
* key and trust managers (if the user provided them).
*
* @return Newly created (Ssl)SocketFactory.
* @throws IOException
*/
protected javax.net.ssl.SSLSocketFactory createSocketFactory() throws IOException {
if (SslContext.getCurrentSslContext() != null) {
SslContext ctx = SslContext.getCurrentSslContext();
try {
return ctx.getSSLContext().getSocketFactory();
} catch (Exception e) {
throw IOExceptionSupport.create(e);
}
} else {
return (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
}
}
} }