mirror of https://github.com/apache/activemq.git
Add support for hostname verification
(cherry picked from commit 69fad2a135
)
This commit is contained in:
parent
2373aa1320
commit
bde7097fb8
|
@ -185,7 +185,7 @@ public class AmqpTestSupport {
|
|||
}
|
||||
if (isUseSslConnector()) {
|
||||
connector = brokerService.addConnector(
|
||||
"amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
|
||||
"amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
|
||||
amqpSslPort = connector.getConnectUri().getPort();
|
||||
amqpSslURI = connector.getPublishableConnectURI();
|
||||
LOG.debug("Using amqp+ssl port " + amqpSslPort);
|
||||
|
@ -199,7 +199,7 @@ public class AmqpTestSupport {
|
|||
}
|
||||
if (isUseNioPlusSslConnector()) {
|
||||
connector = brokerService.addConnector(
|
||||
"amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
|
||||
"amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
|
||||
amqpNioPlusSslPort = connector.getConnectUri().getPort();
|
||||
amqpNioPlusSslURI = connector.getPublishableConnectURI();
|
||||
LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);
|
||||
|
|
|
@ -79,7 +79,7 @@ public class JMSClientAutoSslAuthTest extends JMSClientTestSupport {
|
|||
|
||||
@Override
|
||||
protected String getAdditionalConfig() {
|
||||
return "?transport.needClientAuth=true";
|
||||
return "?transport.needClientAuth=true&transport.verifyHostName=false";
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -30,6 +30,7 @@ import javax.net.SocketFactory;
|
|||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLEngineResult;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
|
||||
import org.apache.activemq.thread.TaskRunnerFactory;
|
||||
import org.apache.activemq.util.IOExceptionSupport;
|
||||
|
@ -89,6 +90,12 @@ public class AutoInitNioSSLTransport extends NIOSSLTransport {
|
|||
sslEngine = sslContext.createSSLEngine();
|
||||
}
|
||||
|
||||
if (verifyHostName) {
|
||||
SSLParameters sslParams = new SSLParameters();
|
||||
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
sslEngine.setSSLParameters(sslParams);
|
||||
}
|
||||
|
||||
sslEngine.setUseClientMode(false);
|
||||
if (enabledCipherSuites != null) {
|
||||
sslEngine.setEnabledCipherSuites(enabledCipherSuites);
|
||||
|
|
|
@ -36,6 +36,7 @@ import javax.net.ssl.SSLContext;
|
|||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLEngineResult;
|
||||
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
|
||||
|
@ -56,6 +57,7 @@ public class NIOSSLTransport extends NIOTransport {
|
|||
protected boolean wantClientAuth;
|
||||
protected String[] enabledCipherSuites;
|
||||
protected String[] enabledProtocols;
|
||||
protected boolean verifyHostName = true;
|
||||
|
||||
protected SSLContext sslContext;
|
||||
protected SSLEngine sslEngine;
|
||||
|
@ -119,6 +121,12 @@ public class NIOSSLTransport extends NIOTransport {
|
|||
sslEngine = sslContext.createSSLEngine();
|
||||
}
|
||||
|
||||
if (verifyHostName) {
|
||||
SSLParameters sslParams = new SSLParameters();
|
||||
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
sslEngine.setSSLParameters(sslParams);
|
||||
}
|
||||
|
||||
sslEngine.setUseClientMode(false);
|
||||
if (enabledCipherSuites != null) {
|
||||
sslEngine.setEnabledCipherSuites(enabledCipherSuites);
|
||||
|
@ -543,4 +551,12 @@ public class NIOSSLTransport extends NIOTransport {
|
|||
public void setEnabledProtocols(String[] enabledProtocols) {
|
||||
this.enabledProtocols = enabledProtocols;
|
||||
}
|
||||
|
||||
public boolean isVerifyHostName() {
|
||||
return verifyHostName;
|
||||
}
|
||||
|
||||
public void setVerifyHostName(boolean verifyHostName) {
|
||||
this.verifyHostName = verifyHostName;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,14 @@
|
|||
package org.apache.activemq.transport.tcp;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Socket;
|
||||
import java.net.SocketException;
|
||||
import java.net.URI;
|
||||
import java.net.UnknownHostException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.HashMap;
|
||||
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
|
@ -43,6 +46,8 @@ import org.apache.activemq.wireformat.WireFormat;
|
|||
*/
|
||||
public class SslTransport extends TcpTransport {
|
||||
|
||||
private Boolean verifyHostName = null;
|
||||
|
||||
/**
|
||||
* Connect to a remote node such as a Broker.
|
||||
*
|
||||
|
@ -73,6 +78,37 @@ public class SslTransport extends TcpTransport {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
|
||||
//This needs to default to null because this transport class is used for both a server transport
|
||||
//and a client connection and if we default it to a value it might override the transport server setting
|
||||
//that was configured inside TcpTransportServer
|
||||
|
||||
//The idea here is that if this is a server transport then verifyHostName will be set by the setter
|
||||
//below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName
|
||||
//then it will be null and we can check socketOptions
|
||||
|
||||
//Unfortunately we have to do this to stay consistent because every other SSL option on the client
|
||||
//side is configured using socket. but this particular option isn't actually part of the socket
|
||||
//so it makes it tricky
|
||||
if (verifyHostName == null) {
|
||||
if (socketOptions != null && socketOptions.containsKey("verifyHostName")) {
|
||||
verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
|
||||
socketOptions.remove("verifyHostName");
|
||||
} else {
|
||||
verifyHostName = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (verifyHostName) {
|
||||
SSLParameters sslParams = new SSLParameters();
|
||||
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
((SSLSocket)this.socket).setSSLParameters(sslParams);
|
||||
}
|
||||
|
||||
super.initialiseSocket(sock);
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize from a ServerSocket. No access to needClientAuth is given
|
||||
* since it is already set within the provided socket.
|
||||
|
@ -108,6 +144,10 @@ public class SslTransport extends TcpTransport {
|
|||
super.doConsume(command);
|
||||
}
|
||||
|
||||
public void setVerifyHostName(Boolean verifyHostName) {
|
||||
this.verifyHostName = verifyHostName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return peer certificate chain associated with the ssl socket
|
||||
*/
|
||||
|
|
|
@ -100,6 +100,7 @@ public class SslTransportServer extends TcpTransportServer {
|
|||
*
|
||||
* @throws IOException passed up from TcpTransportServer.
|
||||
*/
|
||||
@Override
|
||||
public void bind() throws IOException {
|
||||
super.bind();
|
||||
if (needClientAuth) {
|
||||
|
@ -119,6 +120,7 @@ public class SslTransportServer extends TcpTransportServer {
|
|||
* @return The newly return (SSL) Transport.
|
||||
* @throws IOException
|
||||
*/
|
||||
@Override
|
||||
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
|
||||
return new SslTransport(format, (SSLSocket)socket);
|
||||
}
|
||||
|
|
|
@ -133,7 +133,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
|
|||
protected final AtomicReference<CountDownLatch> stoppedLatch = new AtomicReference<CountDownLatch>();
|
||||
protected volatile int receiveCounter;
|
||||
|
||||
private Map<String, Object> socketOptions;
|
||||
protected Map<String, Object> socketOptions;
|
||||
private int soLinger = Integer.MIN_VALUE;
|
||||
private Boolean keepAlive;
|
||||
private Boolean tcpNoDelay;
|
||||
|
@ -751,6 +751,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
|
|||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public WireFormat getWireFormat() {
|
||||
return wireFormat;
|
||||
}
|
||||
|
|
|
@ -40,6 +40,7 @@ import java.util.concurrent.TimeUnit;
|
|||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
|
||||
import javax.net.ServerSocketFactory;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import javax.net.ssl.SSLServerSocket;
|
||||
|
||||
import org.apache.activemq.Service;
|
||||
|
@ -79,6 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
|||
protected int minmumWireFormatVersion;
|
||||
protected boolean useQueueForAccept = true;
|
||||
protected boolean allowLinkStealing;
|
||||
protected boolean verifyHostName = true;
|
||||
|
||||
/**
|
||||
* trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer
|
||||
|
@ -172,6 +174,16 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
|||
// see: https://issues.apache.org/jira/browse/AMQ-4582
|
||||
//
|
||||
if (socket instanceof SSLServerSocket) {
|
||||
if (transportOptions.containsKey("verifyHostName")) {
|
||||
verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString());
|
||||
}
|
||||
|
||||
if (verifyHostName) {
|
||||
SSLParameters sslParams = new SSLParameters();
|
||||
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
|
||||
}
|
||||
|
||||
if (transportOptions.containsKey("enabledCipherSuites")) {
|
||||
Object cipherSuites = transportOptions.remove("enabledCipherSuites");
|
||||
|
||||
|
@ -180,6 +192,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
|
|||
"Invalid transport options {enabledCipherSuites=%s}", cipherSuites));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//AMQ-6599 - don't strip out set properties on the socket as we need to set them
|
||||
|
|
|
@ -55,7 +55,7 @@ public class MQTTAutoSslAuthTest extends MQTTTestSupport {
|
|||
*/
|
||||
public MQTTAutoSslAuthTest(String protocol) {
|
||||
this.protocol = protocol;
|
||||
protocolConfig = "transport.needClientAuth=true";
|
||||
protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -54,13 +54,13 @@ public class StompSslAuthTest extends StompTest {
|
|||
|
||||
@Override
|
||||
public void addOpenWireConnector() throws Exception {
|
||||
TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?needClientAuth=true");
|
||||
cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString());
|
||||
TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false");
|
||||
cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getAdditionalConfig() {
|
||||
return "?needClientAuth=true";
|
||||
return "?needClientAuth=true&transport.verifyHostName=false";
|
||||
}
|
||||
|
||||
// NOOP - These operations handled by jaas cert login module
|
||||
|
|
|
@ -102,7 +102,7 @@ public class StompAutoSslAuthTest extends StompTestSupport {
|
|||
|
||||
@Override
|
||||
protected String getAdditionalConfig() {
|
||||
return "?transport.needClientAuth=true";
|
||||
return "?transport.needClientAuth=true&transport.verifyHostName=false";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -121,7 +121,7 @@ public class AMQ4126Test {
|
|||
|
||||
public void openwireConnectTo(String connectorName, String username, String password) throws Exception {
|
||||
URI brokerURI = broker.getConnectorByName(connectorName).getConnectUri();
|
||||
String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort();
|
||||
String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort() + "?socket.verifyHostName=false";
|
||||
ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory(uri);
|
||||
cf.setTrustStore("org/apache/activemq/security/broker1.ks");
|
||||
cf.setTrustStorePassword("password");
|
||||
|
|
|
@ -71,7 +71,7 @@ public class AMQ6599Test {
|
|||
brokerService.setPersistent(false);
|
||||
|
||||
TransportConnector connector = brokerService.addConnector(protocol +
|
||||
"://localhost:0?transport.soTimeout=3500");
|
||||
"://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false");
|
||||
connector.setName("connector");
|
||||
uri = connector.getPublishableConnectString();
|
||||
|
||||
|
|
|
@ -47,14 +47,14 @@ public class NetworkReconnectSslNioTest {
|
|||
remote.setSslContext(sslContext);
|
||||
remote.setUseJmx(false);
|
||||
remote.setPersistent(false);
|
||||
final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0");
|
||||
final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false");
|
||||
remote.start();
|
||||
|
||||
BrokerService local = new BrokerService();
|
||||
local.setSslContext(sslContext);
|
||||
local.setUseJmx(false);
|
||||
local.setPersistent(false);
|
||||
final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + ")?useExponentialBackOff=false&initialReconnectDelay=10");
|
||||
final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + "?socket.verifyHostName=false" + ")?useExponentialBackOff=false&initialReconnectDelay=10");
|
||||
local.start();
|
||||
|
||||
assertTrue("Bridge created", Wait.waitFor(new Wait.Condition() {
|
||||
|
|
|
@ -75,7 +75,7 @@ public class AutoSslAuthTest {
|
|||
BrokerService brokerService = new BrokerService();
|
||||
brokerService.setPersistent(false);
|
||||
|
||||
TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true");
|
||||
TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
|
||||
connector.setName("auto");
|
||||
uri = connector.getPublishableConnectString();
|
||||
|
||||
|
@ -126,7 +126,7 @@ public class AutoSslAuthTest {
|
|||
@Test(timeout = 60000)
|
||||
public void testConnect() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory();
|
||||
factory.setBrokerURL(uri);
|
||||
factory.setBrokerURL(uri + "?socket.verifyHostName=false");
|
||||
|
||||
//Create 5 connections to make sure all are properly set
|
||||
for (int i = 0; i < 5; i++) {
|
||||
|
|
|
@ -103,8 +103,14 @@ public class AutoTransportConnectionsTest {
|
|||
}
|
||||
|
||||
public void configureConnectorAndStart(String bindAddress) throws Exception {
|
||||
if (bindAddress.contains("ssl")) {
|
||||
bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false";
|
||||
}
|
||||
connector = service.addConnector(bindAddress);
|
||||
connectionUri = connector.getPublishableConnectString();
|
||||
if (connectionUri.contains("ssl")) {
|
||||
connectionUri += connectionUri.contains("?") ? "&socket.verifyHostName=false" : "?socket.verifyHostName=false";
|
||||
}
|
||||
service.start();
|
||||
service.waitUntilStarted();
|
||||
}
|
||||
|
|
|
@ -17,14 +17,14 @@
|
|||
package org.apache.activemq.transport.nio;
|
||||
|
||||
import javax.jms.Connection;
|
||||
import javax.jms.JMSException;
|
||||
import javax.jms.Message;
|
||||
import javax.jms.MessageConsumer;
|
||||
import javax.jms.MessageProducer;
|
||||
import javax.jms.Queue;
|
||||
import javax.jms.Session;
|
||||
import javax.jms.TextMessage;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import javax.net.ssl.SSLHandshakeException;
|
||||
|
||||
import org.apache.activemq.ActiveMQConnectionFactory;
|
||||
import org.apache.activemq.broker.BrokerService;
|
||||
|
@ -33,6 +33,8 @@ import org.junit.After;
|
|||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
public class NIOSSLBasicTest {
|
||||
|
||||
public static final String KEYSTORE_TYPE = "jks";
|
||||
|
@ -78,25 +80,40 @@ public class NIOSSLBasicTest {
|
|||
|
||||
@Test
|
||||
public void basicConnector() throws Exception {
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
|
||||
stopBroker(broker);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enabledCipherSuites() throws Exception {
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
|
||||
stopBroker(broker);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enabledProtocols() throws Exception {
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
|
||||
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
|
||||
stopBroker(broker);
|
||||
}
|
||||
|
||||
//Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name
|
||||
@Test(expected = Exception.class)
|
||||
public void verifyHostNameError() throws Exception {
|
||||
BrokerService broker = null;
|
||||
try {
|
||||
broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true");
|
||||
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
|
||||
} finally {
|
||||
if (broker != null) {
|
||||
stopBroker(broker);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public void basicSendReceive(String uri) throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri);
|
||||
Connection connection = factory.createConnection();
|
||||
|
|
|
@ -74,7 +74,7 @@ public class NIOSSLLoadTest {
|
|||
broker = new BrokerService();
|
||||
broker.setPersistent(false);
|
||||
broker.setUseJmx(false);
|
||||
connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
|
||||
connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
|
||||
|
@ -113,6 +113,7 @@ public class NIOSSLLoadTest {
|
|||
}
|
||||
|
||||
Wait.waitFor(new Wait.Condition() {
|
||||
@Override
|
||||
public boolean isSatisified() throws Exception {
|
||||
return getReceived() == PRODUCER_COUNT * MESSAGE_COUNT;
|
||||
}
|
||||
|
|
|
@ -30,11 +30,11 @@ import javax.jms.Session;
|
|||
|
||||
@SuppressWarnings("javadoc")
|
||||
public class NIOSSLWindowSizeTest extends TestCase {
|
||||
|
||||
|
||||
BrokerService broker;
|
||||
Connection connection;
|
||||
Session session;
|
||||
|
||||
|
||||
public static final String KEYSTORE_TYPE = "jks";
|
||||
public static final String PASSWORD = "password";
|
||||
public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore";
|
||||
|
@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase {
|
|||
public static final int MESSAGE_SIZE = 65536;
|
||||
|
||||
byte[] messageData;
|
||||
|
||||
|
||||
@Override
|
||||
protected void setUp() throws Exception {
|
||||
System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE);
|
||||
|
@ -59,19 +59,19 @@ public class NIOSSLWindowSizeTest extends TestCase {
|
|||
broker = new BrokerService();
|
||||
broker.setPersistent(false);
|
||||
broker.setUseJmx(false);
|
||||
TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true");
|
||||
TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
|
||||
|
||||
messageData = new byte[MESSAGE_SIZE];
|
||||
for (int i = 0; i < MESSAGE_SIZE; i++)
|
||||
{
|
||||
messageData[i] = (byte) (i & 0xff);
|
||||
}
|
||||
|
||||
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort());
|
||||
connection = factory.createConnection();
|
||||
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
connection.start();
|
||||
}
|
||||
|
||||
|
@ -100,14 +100,14 @@ public class NIOSSLWindowSizeTest extends TestCase {
|
|||
prod.send(msg);
|
||||
} finally {
|
||||
prod.close();
|
||||
}
|
||||
}
|
||||
MessageConsumer cons = null;
|
||||
try
|
||||
try
|
||||
{
|
||||
cons = session.createConsumer(dest);
|
||||
assertNotNull(cons.receive(30000L));
|
||||
} finally {
|
||||
cons.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,10 +33,12 @@ public class SslTransportFactoryTest extends TestCase {
|
|||
private SslTransportFactory factory;
|
||||
private boolean verbose;
|
||||
|
||||
@Override
|
||||
protected void setUp() throws Exception {
|
||||
factory = new SslTransportFactory();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
}
|
||||
|
@ -96,6 +98,12 @@ public class SslTransportFactoryTest extends TestCase {
|
|||
// -1 since the option range is [-1,1], not [0,2].
|
||||
optionSettings[j] = getMthNaryDigit(i, j, 3) - 1;
|
||||
|
||||
//We now always set options to a default we default verifyHostName to true
|
||||
//so we setSSLParameters so make the not set value = 0
|
||||
if (optionSettings[j] == -1) {
|
||||
optionSettings[j] = 0;
|
||||
}
|
||||
|
||||
if (optionSettings[j] != -1) {
|
||||
options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false");
|
||||
}
|
||||
|
|
|
@ -36,12 +36,12 @@
|
|||
</sslContext>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true" />
|
||||
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true" />
|
||||
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
</transportConnectors>
|
||||
|
||||
</broker>
|
||||
|
|
|
@ -36,10 +36,10 @@
|
|||
</sslContext>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
|
||||
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
<transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
|
||||
</transportConnectors>
|
||||
|
||||
</broker>
|
||||
|
|
|
@ -171,7 +171,7 @@
|
|||
</systemUsage>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
|
||||
<transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
|
||||
</transportConnectors>
|
||||
</broker>
|
||||
</beans>
|
||||
|
|
|
@ -171,7 +171,7 @@
|
|||
</systemUsage>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
|
||||
<transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
|
||||
</transportConnectors>
|
||||
</broker>
|
||||
</beans>
|
||||
|
|
Loading…
Reference in New Issue