From 369c05fe7783ed39542e63243d0e7f0ebff57f7e Mon Sep 17 00:00:00 2001 From: Jonathan Gallimore Date: Tue, 14 Sep 2021 12:53:35 +0100 Subject: [PATCH] AMQ-8275 eliminate use of reflection for SNI on SslTransport (cherry picked from commit 34c4e186fe3d71c82866e89afd2706a3619ca2b4) --- .../activemq/transport/tcp/SslTransport.java | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java index 0d57d92aa0..6e24558f27 100644 --- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java +++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java @@ -22,8 +22,9 @@ import java.net.SocketException; import java.net.URI; import java.net.UnknownHostException; import java.security.cert.X509Certificate; -import java.util.HashMap; +import java.util.Collections; +import javax.net.ssl.SNIHostName; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; @@ -31,7 +32,6 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import org.apache.activemq.command.ConnectionInfo; -import org.apache.activemq.util.IntrospectionSupport; import org.apache.activemq.wireformat.WireFormat; /** @@ -70,15 +70,6 @@ public class SslTransport extends TcpTransport { super(wireFormat, socketFactory, remoteLocation, localLocation); if (this.socket != null) { ((SSLSocket)this.socket).setNeedClientAuth(needClientAuth); - - // Lets try to configure the SSL SNI field. Handy in case your using - // a single proxy to route to different messaging apps. - - // On java 1.7 it seems like it can only be configured via reflection. - // TODO: find out if this will work on java 1.8 - HashMap props = new HashMap(); - props.put("host", remoteLocation.getHost()); - IntrospectionSupport.setProperties(this.socket, props); } } @@ -127,12 +118,18 @@ public class SslTransport extends TcpTransport { } } - if (verifyHostName) { - SSLParameters sslParams = new SSLParameters(); - sslParams.setEndpointIdentificationAlgorithm("HTTPS"); - ((SSLSocket)this.socket).setSSLParameters(sslParams); + // Lets try to configure the SSL SNI field. Handy in case your using + // a single proxy to route to different messaging apps. + final SSLParameters sslParams = new SSLParameters(); + if (remoteLocation != null) { + sslParams.setServerNames(Collections.singletonList(new SNIHostName(remoteLocation.getHost()))); } + if (verifyHostName) { + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + } + + ((SSLSocket)this.socket).setSSLParameters(sslParams); super.initialiseSocket(sock); }