From e6285b74267903476b90e1fc826fd8ac8788f698 Mon Sep 17 00:00:00 2001 From: "Timothy A. Bish" Date: Thu, 25 Oct 2012 23:16:57 +0000 Subject: [PATCH] fix for: https://issues.apache.org/jira/browse/AMQ-4133 git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1402354 13f79535-47bb-0310-9956-ffa450edef68 --- .../transport/nio/NIOSSLTransportFactory.java | 48 +++----- .../transport/nio/NIOSSLTransportServer.java | 78 +++++++++++++ .../stomp/StompNIOSSLTransportFactory.java | 19 +-- .../org/apache/activemq/bugs/AMQ4133Test.java | 108 ++++++++++++++++++ ...consistentConnectorPropertiesBehaviour.xml | 46 ++++++++ 5 files changed, 259 insertions(+), 40 deletions(-) create mode 100644 activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportServer.java create mode 100644 activemq-core/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java create mode 100644 activemq-core/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml diff --git a/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportFactory.java b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportFactory.java index a995f2f70f..26e59e400d 100644 --- a/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportFactory.java +++ b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportFactory.java @@ -18,7 +18,6 @@ package org.apache.activemq.transport.nio; import java.io.IOException; -import java.net.Socket; import java.net.URI; import java.net.URISyntaxException; import java.net.UnknownHostException; @@ -42,48 +41,35 @@ import org.slf4j.LoggerFactory; public class NIOSSLTransportFactory extends NIOTransportFactory { private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransportFactory.class); - SSLContext context; + + protected SSLContext context; protected TcpTransportServer createTcpTransportServer(URI location, ServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { - return new TcpTransportServer(this, location, serverSocketFactory) { - protected Transport createTransport(Socket socket, WireFormat format) throws IOException { - NIOSSLTransport transport = new NIOSSLTransport(format, socket); - if (context != null) { - transport.setSslContext(context); - } - return transport; - } - - @Override - public boolean isSslServer() { - return true; - } - }; + return new NIOSSLTransportServer(context, this, location, serverSocketFactory); } @Override public TransportServer doBind(URI location) throws IOException { - if (SslContext.getCurrentSslContext() != null) { - try { - context = SslContext.getCurrentSslContext().getSSLContext(); - } catch (Exception e) { - throw new IOException(e); - } - } + if (SslContext.getCurrentSslContext() != null) { + try { + context = SslContext.getCurrentSslContext().getSSLContext(); + } catch (Exception e) { + throw new IOException(e); + } + } return super.doBind(location); } - /** - * Overriding to allow for proper configuration through reflection but delegate to get common - * configuration + * Overriding to allow for proper configuration through reflection but + * delegate to get common configuration */ public Transport compositeConfigure(Transport transport, WireFormat format, Map options) { - if (transport instanceof SslTransport) { - SslTransport sslTransport = (SslTransport)transport.narrow(SslTransport.class); + if (transport instanceof SslTransport) { + SslTransport sslTransport = (SslTransport) transport.narrow(SslTransport.class); IntrospectionSupport.setProperties(sslTransport, options); } else if (transport instanceof NIOSSLTransport) { - NIOSSLTransport sslTransport = (NIOSSLTransport)transport.narrow(NIOSSLTransport.class); + NIOSSLTransport sslTransport = (NIOSSLTransport) transport.narrow(NIOSSLTransport.class); IntrospectionSupport.setProperties(sslTransport, options); } @@ -109,7 +95,7 @@ public class NIOSSLTransportFactory extends NIOTransportFactory { } } SocketFactory socketFactory = createSocketFactory(); - return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false); + return new SslTransport(wf, (SSLSocketFactory) socketFactory, location, localLocation, false); } /** @@ -120,7 +106,7 @@ public class NIOSSLTransportFactory extends NIOTransportFactory { * @throws IOException */ protected SocketFactory createSocketFactory() throws IOException { - if( SslContext.getCurrentSslContext()!=null ) { + if (SslContext.getCurrentSslContext() != null) { SslContext ctx = SslContext.getCurrentSslContext(); try { return ctx.getSSLContext().getSocketFactory(); diff --git a/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportServer.java b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportServer.java new file mode 100644 index 0000000000..06a310b532 --- /dev/null +++ b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransportServer.java @@ -0,0 +1,78 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.transport.nio; + +import java.io.IOException; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; + +import javax.net.ServerSocketFactory; +import javax.net.ssl.SSLContext; + +import org.apache.activemq.transport.Transport; +import org.apache.activemq.transport.tcp.TcpTransportFactory; +import org.apache.activemq.transport.tcp.TcpTransportServer; +import org.apache.activemq.wireformat.WireFormat; + +public class NIOSSLTransportServer extends TcpTransportServer { + + private SSLContext context; + + public NIOSSLTransportServer(SSLContext context, TcpTransportFactory transportFactory, URI location, ServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { + super(transportFactory, location, serverSocketFactory); + + this.context = context; + } + + private boolean needClientAuth; + private boolean wantClientAuth; + + @Override + protected Transport createTransport(Socket socket, WireFormat format) throws IOException { + NIOSSLTransport transport = new NIOSSLTransport(format, socket); + if (context != null) { + transport.setSslContext(context); + } + + transport.setNeedClientAuth(needClientAuth); + transport.setWantClientAuth(wantClientAuth); + + return transport; + } + + @Override + public boolean isSslServer() { + return true; + } + + public boolean isNeedClientAuth() { + return this.needClientAuth; + } + + public void setNeedClientAuth(boolean value) { + this.needClientAuth = value; + } + + public boolean isWantClientAuth() { + return this.wantClientAuth; + } + + public void setWantClientAuth(boolean value) { + this.wantClientAuth = value; + } +} diff --git a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompNIOSSLTransportFactory.java b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompNIOSSLTransportFactory.java index d771660fe9..94fb559ad1 100644 --- a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompNIOSSLTransportFactory.java +++ b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/StompNIOSSLTransportFactory.java @@ -29,28 +29,30 @@ import javax.net.ssl.SSLContext; import org.apache.activemq.broker.SslContext; import org.apache.activemq.transport.Transport; import org.apache.activemq.transport.TransportServer; +import org.apache.activemq.transport.nio.NIOSSLTransportServer; import org.apache.activemq.transport.tcp.TcpTransport; import org.apache.activemq.transport.tcp.TcpTransportServer; import org.apache.activemq.wireformat.WireFormat; public class StompNIOSSLTransportFactory extends StompNIOTransportFactory { - SSLContext context; + protected SSLContext context; @Override protected TcpTransportServer createTcpTransportServer(URI location, ServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { - return new TcpTransportServer(this, location, serverSocketFactory) { + return new NIOSSLTransportServer(context, this, location, serverSocketFactory) { + + @Override protected Transport createTransport(Socket socket, WireFormat format) throws IOException { StompNIOSSLTransport transport = new StompNIOSSLTransport(format, socket); if (context != null) { transport.setSslContext(context); } - return transport; - } - @Override - public boolean isSslServer() { - return true; + transport.setNeedClientAuth(isNeedClientAuth()); + transport.setWantClientAuth(isWantClientAuth()); + + return transport; } }; } @@ -62,7 +64,7 @@ public class StompNIOSSLTransportFactory extends StompNIOTransportFactory { @Override public TransportServer doBind(URI location) throws IOException { - if (SslContext.getCurrentSslContext() != null) { + if (SslContext.getCurrentSslContext() != null) { try { context = SslContext.getCurrentSslContext().getSSLContext(); } catch (Exception e) { @@ -71,5 +73,4 @@ public class StompNIOSSLTransportFactory extends StompNIOTransportFactory { } return super.doBind(location); } - } diff --git a/activemq-core/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java b/activemq-core/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java new file mode 100644 index 0000000000..5fd8e6f74e --- /dev/null +++ b/activemq-core/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java @@ -0,0 +1,108 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.bugs; + +import java.io.File; +import java.net.Socket; + +import junit.framework.TestCase; +import org.apache.activemq.broker.BrokerFactory; +import org.apache.activemq.broker.BrokerService; +import org.apache.activemq.transport.stomp.Stomp; +import org.apache.activemq.transport.stomp.StompConnection; +import org.apache.activemq.transport.stomp.StompFrame; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLSocketFactory; + +public class AMQ4133Test { + + protected String java_security_auth_login_config = "java.security.auth.login.config"; + protected String xbean = "xbean:"; + protected String confBase = "src/test/resources/org/apache/activemq/bugs/amq4126"; + protected String certBase = "src/test/resources/org/apache/activemq/security"; + protected String sep = File.separator; + protected String activemqXml = "InconsistentConnectorPropertiesBehaviour.xml"; + protected BrokerService broker; + + protected String oldLoginConf = null; + + @Before + public void before() throws Exception { + if (System.getProperty(java_security_auth_login_config) != null) { + oldLoginConf = System.getProperty(java_security_auth_login_config); + } + System.setProperty(java_security_auth_login_config, confBase + sep + "login.config"); + broker = BrokerFactory.createBroker(xbean + confBase + sep + activemqXml); + + broker.start(); + broker.waitUntilStarted(); + } + + @After + public void after() throws Exception { + if (broker != null) { + broker.stop(); + broker.waitUntilStopped(); + } + } + + @Test + public void stompSSLTransportNeedClientAuthTrue() throws Exception { + stompConnectTo("localhost", broker.getConnectorByName("stomp+ssl").getConnectUri().getPort()); + } + + @Test + public void stompSSLNeedClientAuthTrue() throws Exception { + stompConnectTo("localhost", broker.getConnectorByName("stomp+ssl+special").getConnectUri().getPort()); + } + + @Test + public void stompNIOSSLTransportNeedClientAuthTrue() throws Exception { + stompConnectTo("localhost", broker.getConnectorByName("stomp+nio+ssl").getConnectUri().getPort()); + } + + @Test + public void stompNIOSSLNeedClientAuthTrue() throws Exception { + stompConnectTo("localhost", broker.getConnectorByName("stomp+nio+ssl+special").getConnectUri().getPort()); + } + + public Socket createSocket(String host, int port) throws Exception { + System.setProperty("javax.net.ssl.trustStore", certBase + sep + "broker1.ks"); + System.setProperty("javax.net.ssl.trustStorePassword", "password"); + System.setProperty("javax.net.ssl.trustStoreType", "jks"); + System.setProperty("javax.net.ssl.keyStore", certBase + sep + "client.ks"); + System.setProperty("javax.net.ssl.keyStorePassword", "password"); + System.setProperty("javax.net.ssl.keyStoreType", "jks"); + + SocketFactory factory = SSLSocketFactory.getDefault(); + return factory.createSocket(host, port); + } + + public void stompConnectTo(String host, int port) throws Exception { + StompConnection stompConnection = new StompConnection(); + stompConnection.open(createSocket(host, port)); + stompConnection.sendFrame("CONNECT\n" + "\n" + Stomp.NULL); + StompFrame f = stompConnection.receive(); + TestCase.assertEquals(f.getBody(), "CONNECTED", f.getAction()); + stompConnection.close(); + } + +} diff --git a/activemq-core/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml b/activemq-core/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml new file mode 100644 index 0000000000..325e354d6b --- /dev/null +++ b/activemq-core/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + +