mirror of https://github.com/apache/activemq.git
resolve https://issues.apache.org/activemq/browse/AMQ-2384 - not exactly the patch but allowing the introspector to work, which is more generic with some tests, thanks phil for the impetus on this
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@929618 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
63b4de13e6
commit
9822d58d04
|
@ -30,6 +30,8 @@ import java.util.Map;
|
|||
import java.util.Set;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
import javax.net.ssl.SSLServerSocket;
|
||||
|
||||
import org.apache.activemq.command.ActiveMQDestination;
|
||||
|
||||
|
||||
|
@ -53,6 +55,7 @@ public final class IntrospectionSupport {
|
|||
newSearchPath, existingSearchPath.length,
|
||||
additionalPath.length);
|
||||
PropertyEditorManager.setEditorSearchPath(newSearchPath);
|
||||
PropertyEditorManager.registerEditor(String[].class, StringArrayEditor.class);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -179,6 +182,10 @@ public final class IntrospectionSupport {
|
|||
public static boolean setProperty(Object target, String name, Object value) {
|
||||
try {
|
||||
Class clazz = target.getClass();
|
||||
if (target instanceof SSLServerSocket) {
|
||||
// overcome illegal access issues with internal implementation class
|
||||
clazz = SSLServerSocket.class;
|
||||
}
|
||||
Method setter = findSetterMethod(clazz, name);
|
||||
if (setter == null) {
|
||||
return false;
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.util;
|
||||
|
||||
import java.beans.PropertyEditorSupport;
|
||||
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
||||
public class StringArrayEditor extends PropertyEditorSupport {
|
||||
|
||||
public static final String DEFAULT_SEPARATOR = ",";
|
||||
|
||||
public String getAsText() {
|
||||
return getValue().toString();
|
||||
}
|
||||
|
||||
|
||||
public void setAsText(String text) throws IllegalArgumentException {
|
||||
String[] array = StringUtils.delimitedListToStringArray(text, ListEditor.DEFAULT_SEPARATOR, null);
|
||||
setValue(array);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -20,10 +20,16 @@ import java.io.ByteArrayInputStream;
|
|||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.net.SocketException;
|
||||
import java.net.UnknownHostException;
|
||||
import java.security.KeyStore;
|
||||
|
||||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
|
||||
|
@ -33,10 +39,17 @@ import junit.textui.TestRunner;
|
|||
import org.apache.activemq.broker.BrokerService;
|
||||
import org.apache.activemq.broker.SslBrokerService;
|
||||
import org.apache.activemq.broker.SslContext;
|
||||
import org.apache.activemq.broker.TransportConnector;
|
||||
import org.apache.activemq.transport.TransportBrokerTestSupport;
|
||||
import org.apache.activemq.transport.TransportFactory;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
public class SslBrokerServiceTest extends TransportBrokerTestSupport {
|
||||
private static final Log LOG = LogFactory.getLog(SslBrokerServiceTest.class);
|
||||
|
||||
TransportConnector needClientAuthConnector;
|
||||
TransportConnector limitedCipherSuites;
|
||||
|
||||
protected String getBindLocation() {
|
||||
return "ssl://localhost:0";
|
||||
|
@ -50,6 +63,8 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
|
|||
KeyManager[] km = getKeyManager();
|
||||
TrustManager[] tm = getTrustManager();
|
||||
connector = service.addSslConnector(getBindLocation(), km, tm, null);
|
||||
limitedCipherSuites = service.addSslConnector("ssl://localhost:0?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", km, tm, null);
|
||||
needClientAuthConnector = service.addSslConnector("ssl://localhost:0?transport.needClientAuth=true", km, tm, null);
|
||||
|
||||
// for client side
|
||||
SslTransportFactory sslFactory = new SslTransportFactory();
|
||||
|
@ -60,6 +75,51 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
|
|||
return service;
|
||||
}
|
||||
|
||||
public void testNeedClientAuth() throws Exception {
|
||||
SSLContext context = SSLContext.getInstance("TLS");
|
||||
// no client cert
|
||||
context.init(null, getTrustManager(), null);
|
||||
|
||||
try {
|
||||
makeSSLConnection(context, null, needClientAuthConnector);
|
||||
fail("expected failure on no client cert");
|
||||
} catch (SSLException expected) {
|
||||
expected.printStackTrace();
|
||||
}
|
||||
// should work with regular connector
|
||||
makeSSLConnection(context, null, connector);
|
||||
}
|
||||
|
||||
public void testCipherSuitesDisabled() throws Exception {
|
||||
SSLContext context = SSLContext.getInstance("TLS");
|
||||
context.init(getKeyManager(), getTrustManager(), null);
|
||||
|
||||
// Enable only one cipher suite which is not enabled on the server
|
||||
try {
|
||||
makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_MD5" }, limitedCipherSuites);
|
||||
fail("expected failure on non allowed cipher suite");
|
||||
} catch (SSLException expectedOnNotAnAvailableSuite) {
|
||||
}
|
||||
|
||||
// ok with the enabled one
|
||||
makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_SHA" }, limitedCipherSuites);
|
||||
}
|
||||
|
||||
private void makeSSLConnection(SSLContext context, String enabledSuites[], TransportConnector connector) throws Exception,
|
||||
UnknownHostException, SocketException {
|
||||
SSLSocket sslSocket = (SSLSocket) context.getSocketFactory().createSocket("localhost", connector.getUri().getPort());
|
||||
|
||||
if (enabledSuites != null) {
|
||||
sslSocket.setEnabledCipherSuites(enabledSuites);
|
||||
}
|
||||
sslSocket.setSoTimeout(5000);
|
||||
|
||||
SSLSession session = sslSocket.getSession();
|
||||
sslSocket.startHandshake();
|
||||
LOG.info("cyphersuite: " + session.getCipherSuite());
|
||||
LOG.info("peer port: " + session.getPeerPort());
|
||||
LOG.info("peer cert: " + session.getPeerCertificateChain()[0].toString());
|
||||
}
|
||||
|
||||
private TrustManager[] getTrustManager() throws Exception {
|
||||
TrustManager[] trustStoreManagers = null;
|
||||
|
|
Loading…
Reference in New Issue