ARTEMIS-590 connector option to use default SSL context
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/7e0fedf5 Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/7e0fedf5 Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/7e0fedf5 Branch: refs/heads/master Commit: 7e0fedf52e9d15f37ef85363dddc3fdf4c6925b1 Parents: 1e89bad Author: Justin Bertram <[email protected]> Authored: Tue Apr 18 11:40:08 2017 -0500 Committer: Martyn Taylor <[email protected]> Committed: Fri Apr 28 10:14:09 2017 +0100 ---------------------------------------------------------------------- .../remoting/impl/netty/NettyConnector.java | 83 +++++++++++--------- .../remoting/impl/netty/TransportConstants.java | 5 ++ docs/user-manual/en/configuring-transports.md | 9 +++ .../ssl/CoreClientOverOneWaySSLTest.java | 27 +++++++ 4 files changed, 87 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java ---------------------------------------------------------------------- diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java index 15c048b..ebe97ec 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java @@ -206,6 +206,8 @@ public class NettyConnector extends AbstractConnector { private boolean verifyHost; + private boolean useDefaultSslContext; + private boolean tcpNoDelay; private int tcpSendBufferSize; @@ -326,6 +328,8 @@ public class NettyConnector extends AbstractConnector { enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration); verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration); + + useDefaultSslContext = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT, configuration); } else { keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER; keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH; @@ -336,6 +340,7 @@ public class NettyConnector extends AbstractConnector { enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES; enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS; verifyHost = TransportConstants.DEFAULT_VERIFY_HOST; + useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT; } tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, TransportConstants.DEFAULT_TCP_NODELAY, configuration); @@ -440,47 +445,51 @@ public class NettyConnector extends AbstractConnector { final SSLContext context; if (sslEnabled) { try { - // HORNETQ-680 - override the server-side config if client-side system properties are set - String realKeyStorePath = keyStorePath; - String realKeyStoreProvider = keyStoreProvider; - String realKeyStorePassword = keyStorePassword; - if (System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME) != null) { - realKeyStorePath = System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME); - } - if (System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME) != null) { - realKeyStorePassword = System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME); - } + if (useDefaultSslContext) { + context = SSLContext.getDefault(); + } else { + // HORNETQ-680 - override the server-side config if client-side system properties are set + String realKeyStorePath = keyStorePath; + String realKeyStoreProvider = keyStoreProvider; + String realKeyStorePassword = keyStorePassword; + if (System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME) != null) { + realKeyStorePath = System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME); + } + if (System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME) != null) { + realKeyStorePassword = System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME); + } - if (System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME) != null) { - realKeyStoreProvider = System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME); - } - if (System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME) != null) { - realKeyStorePath = System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME); - } - if (System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME) != null) { - realKeyStorePassword = System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME); - } + if (System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME) != null) { + realKeyStoreProvider = System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME); + } + if (System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME) != null) { + realKeyStorePath = System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME); + } + if (System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME) != null) { + realKeyStorePassword = System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME); + } - String realTrustStorePath = trustStorePath; - String realTrustStoreProvider = trustStoreProvider; - String realTrustStorePassword = trustStorePassword; - if (System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME) != null) { - realTrustStorePath = System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME); - } - if (System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME) != null) { - realTrustStorePassword = System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME); - } + String realTrustStorePath = trustStorePath; + String realTrustStoreProvider = trustStoreProvider; + String realTrustStorePassword = trustStorePassword; + if (System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME) != null) { + realTrustStorePath = System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME); + } + if (System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME) != null) { + realTrustStorePassword = System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME); + } - if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME) != null) { - realTrustStoreProvider = System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME); - } - if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME) != null) { - realTrustStorePath = System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME); - } - if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME) != null) { - realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME); + if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME) != null) { + realTrustStoreProvider = System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME); + } + if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME) != null) { + realTrustStorePath = System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME); + } + if (System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME) != null) { + realTrustStorePassword = System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME); + } + context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword); } - context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword); } catch (Exception e) { close(); IllegalStateException ise = new IllegalStateException("Unable to create NettyConnector for " + host + ":" + port); http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java ---------------------------------------------------------------------- diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java index 69eaa94..428a3a0 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java @@ -101,6 +101,8 @@ public class TransportConstants { public static final String BACKLOG_PROP_NAME = "backlog"; + public static final String USE_DEFAULT_SSL_CONTEXT_PROP_NAME = "useDefaultSslContext"; + public static final String NETTY_VERSION; /** @@ -181,6 +183,8 @@ public class TransportConstants { public static final boolean DEFAULT_VERIFY_HOST = false; + public static final boolean DEFAULT_USE_DEFAULT_SSL_CONTEXT = false; + public static final boolean DEFAULT_TCP_NODELAY = true; public static final int DEFAULT_TCP_SENDBUFFER_SIZE = 1024 * 1024; @@ -321,6 +325,7 @@ public class TransportConstants { allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropMaskPassword()); allowableConnectorKeys.add(ActiveMQDefaultConfiguration.getPropPasswordCodec()); allowableConnectorKeys.add(TransportConstants.NETTY_CONNECT_TIMEOUT); + allowableConnectorKeys.add(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME); ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys); http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/docs/user-manual/en/configuring-transports.md ---------------------------------------------------------------------- diff --git a/docs/user-manual/en/configuring-transports.md b/docs/user-manual/en/configuring-transports.md index d3adfef..ff8f534 100644 --- a/docs/user-manual/en/configuring-transports.md +++ b/docs/user-manual/en/configuring-transports.md @@ -416,6 +416,15 @@ following additional properties: Valid values are `true` or `false`. Default is `false`. +- `useDefaultSslContext` + + Only valid on a `connector`. Allows the `connector` to use the "default" SSL + context (via `SSLContext.getDefault()`) which can be set programmatically by + the client (via `SSLContext.setDefault(SSLContext)`). If set to `true` all + other SSL related parameters except for `sslEnabled` are ignored. + + Valid values are `true` or `false`. Default is `false`. + ## Configuring Netty HTTP Netty HTTP tunnels packets over the HTTP protocol. It can be useful in http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7e0fedf5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java index 141a6b8..e848339 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java @@ -133,6 +133,33 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { } @Test + public void testOneWaySSLUsingDefaultSslContext() throws Exception { + createCustomSslServer(); + String text = RandomUtil.randomString(); + + tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true); + + SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD)); + + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); + ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); + ClientSession session = addClientSession(sf.createSession(false, true, true)); + session.createQueue(CoreClientOverOneWaySSLTest.QUEUE, CoreClientOverOneWaySSLTest.QUEUE, false); + ClientProducer producer = addClientProducer(session.createProducer(CoreClientOverOneWaySSLTest.QUEUE)); + + ClientMessage message = createTextMessage(session, text); + producer.send(message); + + ClientConsumer consumer = addClientConsumer(session.createConsumer(CoreClientOverOneWaySSLTest.QUEUE)); + session.start(); + + ClientMessage m = consumer.receive(1000); + Assert.assertNotNull(m); + Assert.assertEquals(text, m.getBodyBuffer().readString()); + } + + @Test public void testOneWaySSLVerifyHost() throws Exception { createCustomSslServer(null, null, true); String text = RandomUtil.randomString();
