Repository: activemq Updated Branches: refs/heads/master ef6b1e107 -> f09b9203a
https://issues.apache.org/jira/browse/AMQ-6021 - mqtt+nio+ssl certificate authentication Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/f09b9203 Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/f09b9203 Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/f09b9203 Branch: refs/heads/master Commit: f09b9203a045cc1db6ba0b47a270b9f5288bbb7c Parents: ef6b1e1 Author: Dejan Bosanac <[email protected]> Authored: Fri Oct 23 15:25:13 2015 +0200 Committer: Dejan Bosanac <[email protected]> Committed: Fri Oct 23 15:25:33 2015 +0200 ---------------------------------------------------------------------- .../mqtt/MQTTNIOSSLTransportFactory.java | 8 ++- .../transport/mqtt/MQTTTransportFilter.java | 16 +++--- .../org/apache/activemq/bugs/AMQ4133Test.java | 56 +++++++++++++++----- ...InconsistentConnectorPropertiesBehaviour.xml | 2 + 4 files changed, 62 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java ---------------------------------------------------------------------- diff --git a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java index b3a74bc..87fc48e 100644 --- a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java +++ b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTNIOSSLTransportFactory.java @@ -31,9 +31,11 @@ import javax.net.ssl.SSLEngine; import org.apache.activemq.broker.SslContext; import org.apache.activemq.transport.Transport; import org.apache.activemq.transport.TransportServer; +import org.apache.activemq.transport.nio.NIOSSLTransportServer; import org.apache.activemq.transport.tcp.TcpTransport; import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer; import org.apache.activemq.transport.tcp.TcpTransportServer; +import org.apache.activemq.util.IntrospectionSupport; import org.apache.activemq.wireformat.WireFormat; public class MQTTNIOSSLTransportFactory extends MQTTNIOTransportFactory { @@ -42,13 +44,17 @@ public class MQTTNIOSSLTransportFactory extends MQTTNIOTransportFactory { @Override protected TcpTransportServer createTcpTransportServer(URI location, ServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { - TcpTransportServer result = new TcpTransportServer(this, location, serverSocketFactory) { + NIOSSLTransportServer result = new NIOSSLTransportServer(context, this, location, serverSocketFactory) { @Override protected Transport createTransport(Socket socket, WireFormat format) throws IOException { MQTTNIOSSLTransport transport = new MQTTNIOSSLTransport(format, socket); if (context != null) { transport.setSslContext(context); } + + transport.setNeedClientAuth(isNeedClientAuth()); + transport.setWantClientAuth(isWantClientAuth()); + return transport; } }; http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java ---------------------------------------------------------------------- diff --git a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java index 824654f..b15ff8b 100644 --- a/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java +++ b/activemq-mqtt/src/main/java/org/apache/activemq/transport/mqtt/MQTTTransportFilter.java @@ -27,6 +27,7 @@ import org.apache.activemq.command.Command; import org.apache.activemq.transport.Transport; import org.apache.activemq.transport.TransportFilter; import org.apache.activemq.transport.TransportListener; +import org.apache.activemq.transport.nio.NIOSSLTransport; import org.apache.activemq.transport.tcp.SslTransport; import org.apache.activemq.util.IOExceptionSupport; import org.apache.activemq.wireformat.WireFormat; @@ -165,14 +166,17 @@ public class MQTTTransportFilter extends TransportFilter implements MQTTTranspor @Override public X509Certificate[] getPeerCertificates() { + X509Certificate[] peerCerts = null; if (next instanceof SslTransport) { - X509Certificate[] peerCerts = ((SslTransport) next).getPeerCertificates(); - if (trace && peerCerts != null) { - LOG.debug("Peer Identity has been verified\n"); - } - return peerCerts; + peerCerts = ((SslTransport) next).getPeerCertificates(); + } + if (next instanceof NIOSSLTransport) { + peerCerts = ((NIOSSLTransport)next).getPeerCertificates(); + } + if (trace && peerCerts != null) { + LOG.debug("Peer Identity has been verified\n"); } - return null; + return peerCerts; } public boolean isTrace() { http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java index 9ca08bb..6474088 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4133Test.java @@ -16,22 +16,23 @@ */ package org.apache.activemq.bugs; -import java.net.Socket; - -import javax.net.SocketFactory; -import javax.net.ssl.SSLSocketFactory; - import junit.framework.TestCase; - import org.apache.activemq.broker.BrokerFactory; import org.apache.activemq.broker.BrokerService; +import org.apache.activemq.spring.SpringSslContext; import org.apache.activemq.transport.stomp.Stomp; import org.apache.activemq.transport.stomp.StompConnection; import org.apache.activemq.transport.stomp.StompFrame; +import org.fusesource.mqtt.client.MQTT; import org.junit.After; import org.junit.Before; import org.junit.Test; +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import java.net.Socket; + public class AMQ4133Test { protected String java_security_auth_login_config = "java.security.auth.login.config"; @@ -53,6 +54,13 @@ public class AMQ4133Test { broker.start(); broker.waitUntilStarted(); + + System.setProperty("javax.net.ssl.trustStore", certBase + "/" + "broker1.ks"); + System.setProperty("javax.net.ssl.trustStorePassword", "password"); + System.setProperty("javax.net.ssl.trustStoreType", "jks"); + System.setProperty("javax.net.ssl.keyStore", certBase + "/" + "client.ks"); + System.setProperty("javax.net.ssl.keyStorePassword", "password"); + System.setProperty("javax.net.ssl.keyStoreType", "jks"); } @After @@ -83,14 +91,17 @@ public class AMQ4133Test { stompConnectTo("localhost", broker.getConnectorByName("stomp+nio+ssl+special").getConnectUri().getPort()); } - public Socket createSocket(String host, int port) throws Exception { - System.setProperty("javax.net.ssl.trustStore", certBase + "/" + "broker1.ks"); - System.setProperty("javax.net.ssl.trustStorePassword", "password"); - System.setProperty("javax.net.ssl.trustStoreType", "jks"); - System.setProperty("javax.net.ssl.keyStore", certBase + "/" + "client.ks"); - System.setProperty("javax.net.ssl.keyStorePassword", "password"); - System.setProperty("javax.net.ssl.keyStoreType", "jks"); + @Test + public void mqttSSLNeedClientAuthTrue() throws Exception { + mqttConnectTo("localhost", broker.getConnectorByName("mqtt+ssl").getConnectUri().getPort()); + } + + @Test + public void mqttNIOSSLNeedClientAuthTrue() throws Exception { + mqttConnectTo("localhost", broker.getConnectorByName("mqtt+nio+ssl").getConnectUri().getPort()); + } + public Socket createSocket(String host, int port) throws Exception { SocketFactory factory = SSLSocketFactory.getDefault(); return factory.createSocket(host, port); } @@ -104,4 +115,23 @@ public class AMQ4133Test { stompConnection.close(); } + public void mqttConnectTo(String host, int port) throws Exception { + MQTT mqtt = new MQTT(); + mqtt.setConnectAttemptsMax(1); + mqtt.setReconnectAttemptsMax(0); + mqtt.setHost("tls://" + host + ":" + port); + mqtt.setClientId("test"); + mqtt.setCleanSession(true); + + SpringSslContext context = new SpringSslContext(); + context.setKeyStore(certBase + "/" + "client.ks"); + context.setKeyStorePassword("password"); + context.setTrustStore(certBase + "/" + "broker1.ks"); + context.setTrustStorePassword("password"); + context.afterPropertiesSet(); + + mqtt.setSslContext(SSLContext.getDefault()); + mqtt.blockingConnection().connect(); + } + } http://git-wip-us.apache.org/repos/asf/activemq/blob/f09b9203/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml index 325e354..c672f6d 100644 --- a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml +++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml @@ -40,6 +40,8 @@ <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" /> <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true" /> <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> </transportConnectors> </broker>
