resolve https://issues.apache.org/activemq/browse/AMQ-2384 - not exactly the patch but allowing the introspector to work, which is more generic with some tests, thanks phil for the impetus on this

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@929618 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Gary Tully 2010-03-31 16:54:49 +00:00
parent 63b4de13e6
commit 9822d58d04
3 changed files with 107 additions and 1 deletions

View File

@ -30,6 +30,8 @@ import java.util.Map;
import java.util.Set;
import java.util.Map.Entry;
import javax.net.ssl.SSLServerSocket;
import org.apache.activemq.command.ActiveMQDestination;
@ -53,6 +55,7 @@ public final class IntrospectionSupport {
newSearchPath, existingSearchPath.length,
additionalPath.length);
PropertyEditorManager.setEditorSearchPath(newSearchPath);
PropertyEditorManager.registerEditor(String[].class, StringArrayEditor.class);
}
}
@ -179,6 +182,10 @@ public final class IntrospectionSupport {
public static boolean setProperty(Object target, String name, Object value) {
try {
Class clazz = target.getClass();
if (target instanceof SSLServerSocket) {
// overcome illegal access issues with internal implementation class
clazz = SSLServerSocket.class;
}
Method setter = findSetterMethod(clazz, name);
if (setter == null) {
return false;

View File

@ -0,0 +1,39 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.util;
import java.beans.PropertyEditorSupport;
import org.springframework.util.StringUtils;
public class StringArrayEditor extends PropertyEditorSupport {
public static final String DEFAULT_SEPARATOR = ",";
public String getAsText() {
return getValue().toString();
}
public void setAsText(String text) throws IllegalArgumentException {
String[] array = StringUtils.delimitedListToStringArray(text, ListEditor.DEFAULT_SEPARATOR, null);
setValue(array);
}
}

View File

@ -20,10 +20,16 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@ -33,10 +39,17 @@ import junit.textui.TestRunner;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.broker.SslBrokerService;
import org.apache.activemq.broker.SslContext;
import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.transport.TransportBrokerTestSupport;
import org.apache.activemq.transport.TransportFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class SslBrokerServiceTest extends TransportBrokerTestSupport {
private static final Log LOG = LogFactory.getLog(SslBrokerServiceTest.class);
TransportConnector needClientAuthConnector;
TransportConnector limitedCipherSuites;
protected String getBindLocation() {
return "ssl://localhost:0";
@ -50,6 +63,8 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
KeyManager[] km = getKeyManager();
TrustManager[] tm = getTrustManager();
connector = service.addSslConnector(getBindLocation(), km, tm, null);
limitedCipherSuites = service.addSslConnector("ssl://localhost:0?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", km, tm, null);
needClientAuthConnector = service.addSslConnector("ssl://localhost:0?transport.needClientAuth=true", km, tm, null);
// for client side
SslTransportFactory sslFactory = new SslTransportFactory();
@ -60,6 +75,51 @@ public class SslBrokerServiceTest extends TransportBrokerTestSupport {
return service;
}
public void testNeedClientAuth() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
// no client cert
context.init(null, getTrustManager(), null);
try {
makeSSLConnection(context, null, needClientAuthConnector);
fail("expected failure on no client cert");
} catch (SSLException expected) {
expected.printStackTrace();
}
// should work with regular connector
makeSSLConnection(context, null, connector);
}
public void testCipherSuitesDisabled() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
context.init(getKeyManager(), getTrustManager(), null);
// Enable only one cipher suite which is not enabled on the server
try {
makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_MD5" }, limitedCipherSuites);
fail("expected failure on non allowed cipher suite");
} catch (SSLException expectedOnNotAnAvailableSuite) {
}
// ok with the enabled one
makeSSLConnection(context, new String[]{ "SSL_RSA_WITH_RC4_128_SHA" }, limitedCipherSuites);
}
private void makeSSLConnection(SSLContext context, String enabledSuites[], TransportConnector connector) throws Exception,
UnknownHostException, SocketException {
SSLSocket sslSocket = (SSLSocket) context.getSocketFactory().createSocket("localhost", connector.getUri().getPort());
if (enabledSuites != null) {
sslSocket.setEnabledCipherSuites(enabledSuites);
}
sslSocket.setSoTimeout(5000);
SSLSession session = sslSocket.getSession();
sslSocket.startHandshake();
LOG.info("cyphersuite: " + session.getCipherSuite());
LOG.info("peer port: " + session.getPeerPort());
LOG.info("peer cert: " + session.getPeerCertificateChain()[0].toString());
}
private TrustManager[] getTrustManager() throws Exception {
TrustManager[] trustStoreManagers = null;