[1/2] activemq-artemis git commit: ARTEMIS-1926 refactor SSLSupport

clebertsuconic Mon, 18 Jun 2018 13:15:40 -0700

Repository: activemq-artemis
Updated Branches:
  refs/heads/master 16b2bcba6 -> 34062838e



ARTEMIS-1926 refactor SSLSupport


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/57ed5b05
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/57ed5b05
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/57ed5b05

Branch: refs/heads/master
Commit: 57ed5b0530d4b5d74909deb81121f473718b352e
Parents: 16b2bcb
Author: Justin Bertram <jbert...@apache.org>
Authored: Tue Jun 12 15:27:48 2018 -0500
Committer: Clebert Suconic <clebertsuco...@apache.org>
Committed: Mon Jun 18 16:15:13 2018 -0400

----------------------------------------------------------------------
 .../remoting/impl/netty/NettyConnector.java     |  52 ++++--
 .../core/remoting/impl/ssl/SSLSupport.java      | 183 +++++++++++--------
 .../core/remoting/impl/netty/NettyAcceptor.java |  20 +-
 .../management/ConnectorServerFactory.java      |   9 +-
 .../cli/test/WebServerComponentTest.java        |  16 +-
 .../jms/example/MqttCrlEnabledExample.java      |   7 +-
 .../mqtt/imported/MQTTSecurityCRLTest.java      |   7 +-
 .../ssl/CoreClientOverOneWaySSLTest.java        |  15 +-
 .../NettyConnectorWithHTTPUpgradeTest.java      |   5 +-
 .../core/remoting/impl/ssl/SSLSupportTest.java  | 102 +++++++++--
 10 files changed, 295 insertions(+), 121 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
----------------------------------------------------------------------
diff --git 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
index b32da92..284d0b9 100644
--- 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
+++ 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
@@ -533,7 +533,7 @@ public class NettyConnector extends AbstractConnector {
                if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
                   engine = loadOpenSslEngine(channel.alloc(), 
realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, 
realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
                } else {
-                  engine = loadJdkSslEngine(useDefaultSslContext, 
realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, 
realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
+                  engine = loadJdkSslEngine(realKeyStoreProvider, 
realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, 
realTrustStorePath, realTrustStorePassword);
                }
 
                engine.setUseClientMode(true);
@@ -607,18 +607,26 @@ public class NettyConnector extends AbstractConnector {
       ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, 
TransportConstants.NETTY_VERSION, host, port);
    }
 
-   private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext,
-                                      String realKeyStoreProvider,
-                                      String realKeyStorePath,
-                                      String realKeyStorePassword,
-                                      String realTrustStoreProvider,
-                                      String realTrustStorePath,
-                                      String realTrustStorePassword) throws 
Exception {
+   private SSLEngine loadJdkSslEngine(String keystoreProvider,
+                                      String keystorePath,
+                                      String keystorePassword,
+                                      String truststoreProvider,
+                                      String truststorePath,
+                                      String truststorePassword) throws 
Exception {
       SSLContext context;
       if (useDefaultSslContext) {
          context = SSLContext.getDefault();
       } else {
-         context = SSLSupport.createContext(realKeyStoreProvider, 
realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, 
realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
+         context = new SSLSupport()
+            .setKeystoreProvider(keystoreProvider)
+            .setKeystorePath(keystorePath)
+            .setKeystorePassword(keystorePassword)
+            .setTruststoreProvider(truststoreProvider)
+            .setTruststorePath(truststorePath)
+            .setTruststorePassword(truststorePassword)
+            .setTrustAll(trustAll)
+            .setCrlPath(crlPath)
+            .createContext();
       }
       Subject subject = null;
       if (kerb5Config != null) {
@@ -642,14 +650,24 @@ public class NettyConnector extends AbstractConnector {
    }
 
    private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
-                                       String realKeyStoreProvider,
-                                       String realKeyStorePath,
-                                       String realKeyStorePassword,
-                                       String realTrustStoreProvider,
-                                       String realTrustStorePath,
-                                       String realTrustStorePassword) throws 
Exception {
-
-      SslContext context = 
SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, 
realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, 
realTrustStorePassword, sslProvider, trustAll);
+                                       String keystoreProvider,
+                                       String keystorePath,
+                                       String keystorePassword,
+                                       String truststoreProvider,
+                                       String truststorePath,
+                                       String truststorePassword) throws 
Exception {
+
+
+      SslContext context = new SSLSupport()
+         .setKeystoreProvider(keystoreProvider)
+         .setKeystorePath(keystorePath)
+         .setKeystorePassword(keystorePassword)
+         .setTruststoreProvider(truststoreProvider)
+         .setTruststorePath(truststorePath)
+         .setTruststorePassword(truststorePassword)
+         .setSslProvider(sslProvider)
+         .setTrustAll(trustAll)
+         .createNettyClientContext();
 
       Subject subject = null;
       if (kerb5Config != null) {

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
----------------------------------------------------------------------
diff --git 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
index 905e19e..89994c2 100644
--- 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
+++ 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
@@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
 import org.apache.activemq.artemis.utils.ClassloadingUtil;
 
 /**
@@ -53,80 +54,117 @@ import org.apache.activemq.artemis.utils.ClassloadingUtil;
  * null keystore path.
  */
 public class SSLSupport {
-   // Public --------------------------------------------------------
+   private String keystoreProvider = 
TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
+   private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
+   private String keystorePassword = 
TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
+   private String truststoreProvider = 
TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER;
+   private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
+   private String truststorePassword = 
TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
+   private String crlPath = TransportConstants.DEFAULT_CRL_PATH;
+   private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
+   private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL;
+
+   public String getKeystoreProvider() {
+      return keystoreProvider;
+   }
+
+   public SSLSupport setKeystoreProvider(String keystoreProvider) {
+      this.keystoreProvider = keystoreProvider;
+      return this;
+   }
+
+   public String getKeystorePath() {
+      return keystorePath;
+   }
+
+   public SSLSupport setKeystorePath(String keystorePath) {
+      this.keystorePath = keystorePath;
+      return this;
+   }
+
+   public String getKeystorePassword() {
+      return keystorePassword;
+   }
+
+   public SSLSupport setKeystorePassword(String keystorePassword) {
+      this.keystorePassword = keystorePassword;
+      return this;
+   }
+
+   public String getTruststoreProvider() {
+      return truststoreProvider;
+   }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword) 
throws Exception {
+   public SSLSupport setTruststoreProvider(String truststoreProvider) {
+      this.truststoreProvider = truststoreProvider;
+      return this;
+   }
 
-      return SSLSupport.createContext(keystoreProvider, keystorePath, 
keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, 
false, null);
+   public String getTruststorePath() {
+      return truststorePath;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final String crlPath) throws 
Exception {
+   public SSLSupport setTruststorePath(String truststorePath) {
+      this.truststorePath = truststorePath;
+      return this;
+   }
 
-      return SSLSupport.createContext(keystoreProvider, keystorePath, 
keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, 
false, crlPath);
+   public String getTruststorePassword() {
+      return truststorePassword;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final boolean trustAll) throws 
Exception {
-      return SSLSupport.createContext(keystoreProvider, keystorePath, 
keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, 
trustAll, null);
+   public SSLSupport setTruststorePassword(String truststorePassword) {
+      this.truststorePassword = truststorePassword;
+      return this;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final boolean trustAll,
-                                          final String crlPath) throws 
Exception {
+   public String getCrlPath() {
+      return crlPath;
+   }
+
+   public SSLSupport setCrlPath(String crlPath) {
+      this.crlPath = crlPath;
+      return this;
+   }
+
+   public String getSslProvider() {
+      return sslProvider;
+   }
+
+   public SSLSupport setSslProvider(String sslProvider) {
+      this.sslProvider = sslProvider;
+      return this;
+   }
+
+   public boolean isTrustAll() {
+      return trustAll;
+   }
+
+   public SSLSupport setTrustAll(boolean trustAll) {
+      this.trustAll = trustAll;
+      return this;
+   }
+
+   public SSLContext createContext() throws Exception {
       SSLContext context = SSLContext.getInstance("TLS");
-      KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, 
keystorePath, keystorePassword);
-      TrustManager[] trustManagers = 
SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, 
trustStorePassword, trustAll, crlPath);
+      KeyManager[] keyManagers = loadKeyManagers();
+      TrustManager[] trustManagers = loadTrustManagers();
       context.init(keyManagers, trustManagers, new SecureRandom());
       return context;
    }
 
-   public static SslContext createNettyContext(final String keystoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword,
-                                               final String trustStoreProvider,
-                                               final String trustStorePath,
-                                               final String trustStorePassword,
-                                               final String sslProvider) 
throws Exception {
-
+   public SslContext createNettyContext() throws Exception {
       KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, 
keystorePath, keystorePassword);
       KeyManagerFactory keyManagerFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
-      return 
SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider,
 trustStorePath, trustStorePassword, false, null)).build();
+      return 
SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build();
    }
 
-   public static SslContext createNettyClientContext(final String 
keystoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword,
-                                               final String trustStoreProvider,
-                                               final String trustStorePath,
-                                               final String trustStorePassword,
-                                               final String sslProvider,
-                                               final boolean trustAll  ) 
throws Exception {
+   public SslContext createNettyClientContext() throws Exception {
       KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, 
keystorePath, keystorePassword);
       KeyManagerFactory keyManagerFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       keyManagerFactory.init(keyStore, keystorePassword == null ? null : 
keystorePassword.toCharArray());
-      return 
SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider,
 trustStorePath, trustStorePassword, trustAll, null)).build();
+      return 
SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build();
    }
 
 
@@ -151,19 +189,15 @@ public class SSLSupport {
    }
 
    // Private -------------------------------------------------------
-   private static TrustManagerFactory loadTrustManagerFactory(final String 
trustStoreProvider,
-                                                              final String 
trustStorePath,
-                                                              final String 
trustStorePassword,
-                                                              final boolean 
trustAll,
-                                                              final String 
crlPath) throws Exception {
+   private TrustManagerFactory loadTrustManagerFactory() throws Exception {
       if (trustAll) {
          //This is useful for testing but not should be used outside of that 
purpose
          return InsecureTrustManagerFactory.INSTANCE;
-      } else if (trustStorePath == null && (trustStoreProvider == null || 
!"PKCS11".equals(trustStoreProvider.toUpperCase()))) {
+      } else if (truststorePath == null && (truststoreProvider == null || 
!"PKCS11".equals(truststoreProvider.toUpperCase()))) {
          return null;
       } else {
          TrustManagerFactory trustMgrFactory = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-         KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, 
trustStorePath, trustStorePassword);
+         KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, 
truststorePath, truststorePassword);
          boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
 
          boolean initialized = false;
@@ -171,7 +205,7 @@ public class SSLSupport {
             PKIXBuilderParameters pkixParams = new 
PKIXBuilderParameters(trustStore, new X509CertSelector());
             if (crlPath != null) {
                pkixParams.setRevocationEnabled(true);
-               Collection<? extends CRL> crlList = loadCRL(crlPath);
+               Collection<? extends CRL> crlList = loadCRL();
                if (crlList != null) {
                   pkixParams.addCertStore(CertStore.getInstance("Collection", 
new CollectionCertStoreParameters(crlList)));
                }
@@ -187,25 +221,19 @@ public class SSLSupport {
       }
    }
 
-   private static TrustManager[] loadTrustManager(final String 
trustStoreProvider,
-                                                  final String trustStorePath,
-                                                  final String 
trustStorePassword,
-                                                  final boolean trustAll,
-                                                  final String crlPath) throws 
Exception {
-      TrustManagerFactory trustManagerFactory = 
loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, 
trustAll, crlPath);
+   private TrustManager[] loadTrustManagers() throws Exception {
+      TrustManagerFactory trustManagerFactory = loadTrustManagerFactory();
       if (trustManagerFactory == null) {
          return null;
       }
       return trustManagerFactory.getTrustManagers();
    }
 
-   private static Collection<? extends CRL> loadCRL(String crlPath) throws 
Exception {
+   private Collection<? extends CRL> loadCRL() throws Exception {
       if (crlPath == null) {
          return null;
       }
-
-      URL resource = SSLSupport.validateStoreURL(crlPath);
-
+      URL resource = validateStoreURL(crlPath);
       try (InputStream is = resource.openStream()) {
          return CertificateFactory.getInstance("X.509").generateCRLs(is);
       }
@@ -233,25 +261,20 @@ public class SSLSupport {
       return ks;
    }
 
-   private static KeyManager[] loadKeyManagers(final String keyStoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword) 
throws Exception {
-
-      KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, 
keystorePath, keystorePassword);
+   private KeyManager[] loadKeyManagers() throws Exception {
+      KeyManagerFactory factory = loadKeyManagerFactory();
       if (factory == null) {
          return null;
       }
       return factory.getKeyManagers();
    }
 
-   private static KeyManagerFactory loadKeyManagerFactory(final String 
keyStoreProvider,
-                                                          final String 
keystorePath,
-                                                          final String 
keystorePassword) throws Exception {
-      if (keystorePath == null && (keyStoreProvider == null || 
!"PKCS11".equals(keyStoreProvider.toUpperCase()))) {
+   private KeyManagerFactory loadKeyManagerFactory() throws Exception {
+      if (keystorePath == null && (keystoreProvider == null || 
!"PKCS11".equals(keystoreProvider.toUpperCase()))) {
          return null;
       } else {
          KeyManagerFactory kmf = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-         KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, 
keystorePassword);
+         KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, 
keystorePassword);
          kmf.init(ks, keystorePassword == null ? null : 
keystorePassword.toCharArray());
          return kmf;
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
----------------------------------------------------------------------
diff --git 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
index ed1a941..fb46ff4 100644
--- 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
+++ 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
@@ -542,7 +542,15 @@ public class NettyAcceptor extends AbstractAcceptor {
       try {
          if (kerb5Config == null && keyStorePath == null && 
TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
             throw new IllegalArgumentException("If \"" + 
TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + 
TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless 
an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has 
been specified.");
-         context = SSLSupport.createContext(keyStoreProvider, keyStorePath, 
keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, 
crlPath);
+         context = new SSLSupport()
+            .setKeystoreProvider(keyStoreProvider)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(trustStoreProvider)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .setCrlPath(crlPath)
+            .createContext();
       } catch (Exception e) {
          IllegalStateException ise = new IllegalStateException("Unable to 
create NettyAcceptor for " + host + ":" + port);
          ise.initCause(e);
@@ -573,7 +581,15 @@ public class NettyAcceptor extends AbstractAcceptor {
       try {
          if (kerb5Config == null && keyStorePath == null && 
TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
             throw new IllegalArgumentException("If \"" + 
TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + 
TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless 
an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has 
been specified.");
-         context = SSLSupport.createNettyContext(keyStoreProvider, 
keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, 
trustStorePassword, sslProvider);
+         context = new SSLSupport()
+            .setKeystoreProvider(keyStoreProvider)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(trustStoreProvider)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .setSslProvider(sslProvider)
+            .createNettyContext();
       } catch (Exception e) {
          IllegalStateException ise = new IllegalStateException("Unable to 
create NettyAcceptor for " + host + ":" + port);
          ise.initCause(e);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
----------------------------------------------------------------------
diff --git 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
index 2c66acb..4ae7e3e 100644
--- 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
+++ 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
@@ -232,7 +232,14 @@ public class ConnectorServerFactory {
 
    //todo fix
    private void setupSsl() throws Exception {
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, 
keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, 
trustStorePassword);
+      SSLContext context = new SSLSupport()
+         .setKeystoreProvider(keyStoreProvider)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(trustStoreProvider)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
       SSLServerSocketFactory sssf = context.getServerSocketFactory();
       RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, 
this.isClientAuth(), rmiServerHost);
       RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
----------------------------------------------------------------------
diff --git 
a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
 
b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
index 1f1a946..fb6461e 100644
--- 
a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
+++ 
b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
@@ -177,9 +177,13 @@ public class WebServerComponentTest extends Assert {
       webServerComponent.start();
       final int port = webServerComponent.getPort();
       // Make the connection attempt.
-      String keyStoreProvider = "JKS";
 
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, 
webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), 
keyStoreProvider, webServerDTO.keyStorePath, 
webServerDTO.getKeyStorePassword());
+      SSLContext context = new SSLSupport()
+         .setKeystorePath(webServerDTO.keyStorePath)
+         .setKeystorePassword(webServerDTO.getKeyStorePassword())
+         .setTruststorePath(webServerDTO.keyStorePath)
+         .setTruststorePassword(webServerDTO.getKeyStorePassword())
+         .createContext();
 
       SSLEngine engine = context.createSSLEngine();
       engine.setUseClientMode(true);
@@ -233,9 +237,13 @@ public class WebServerComponentTest extends Assert {
       webServerComponent.start();
       final int port = webServerComponent.getPort();
       // Make the connection attempt.
-      String keyStoreProvider = "JKS";
 
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, 
webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), 
keyStoreProvider, webServerDTO.trustStorePath, 
webServerDTO.getTrustStorePassword());
+      SSLContext context = new SSLSupport()
+         .setKeystorePath(webServerDTO.keyStorePath)
+         .setKeystorePassword(webServerDTO.getKeyStorePassword())
+         .setTruststorePath(webServerDTO.trustStorePath)
+         .setTruststorePassword(webServerDTO.getTrustStorePassword())
+         .createContext();
 
       SSLEngine engine = context.createSSLEngine();
       engine.setUseClientMode(true);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
----------------------------------------------------------------------
diff --git 
a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
 
b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
index a4ddf6a..46e0ad1 100644
--- 
a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
+++ 
b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
@@ -72,7 +72,12 @@ public class MqttCrlEnabledExample {
       mqtt.setConnectAttemptsMax(0);
       mqtt.setReconnectAttemptsMax(0);
       mqtt.setHost(host);
-      mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, 
keystorePass, "JKS", truststorePath, truststorePass));
+      mqtt.setSslContext(new SSLSupport()
+                            .setKeystorePath(keystorePath)
+                            .setKeystorePassword(keystorePass)
+                            .setTruststorePath(truststorePath)
+                            .setTruststorePassword(truststorePass)
+                            .createContext());
       mqtt.setCleanSession(true);
 
       BlockingConnection connection = mqtt.blockingConnection();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
----------------------------------------------------------------------
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
index 4f88661..dd45f5c 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
@@ -235,7 +235,12 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase {
       mqtt.setConnectAttemptsMax(1);
       mqtt.setReconnectAttemptsMax(0);
       mqtt.setHost(host);
-      SSLContext sslContext = 
SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, 
keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, 
truststorePath, truststorePass);
+      SSLContext sslContext = new SSLSupport()
+         .setKeystorePath(keystorePath)
+         .setKeystorePassword(keystorePass)
+         .setTruststorePath(truststorePath)
+         .setTruststorePassword(truststorePass)
+         .createContext();
       mqtt.setSslContext(sslContext);
 
       BlockingConnection connection = mqtt.blockingConnection();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
----------------------------------------------------------------------
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
index b9b9bc8..2bc3212 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@@ -239,7 +239,11 @@ public class CoreClientOverOneWaySSLTest extends 
ActiveMQTestBase {
       tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
       tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, 
true);
 
-      
SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER,
 TransportConstants.DEFAULT_KEYSTORE_PATH, 
TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, 
CLIENT_SIDE_TRUSTSTORE, PASSWORD));
+      SSLContext.setDefault(new SSLSupport()
+                               .setTruststoreProvider(storeType)
+                               .setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
+                               .setTruststorePassword(PASSWORD)
+                               .createContext());
 
       ServerLocator locator = 
addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
       ClientSessionFactory sf = 
addSessionFactory(createSessionFactory(locator));
@@ -662,7 +666,14 @@ public class CoreClientOverOneWaySSLTest extends 
ActiveMQTestBase {
    }
 
    public String[] getEnabledCipherSuites() throws Exception {
-      SSLContext context = SSLSupport.createContext(storeType, 
SERVER_SIDE_KEYSTORE, PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD);
+      SSLContext context = new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(SERVER_SIDE_KEYSTORE)
+         .setKeystorePassword(PASSWORD)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
+         .setTruststorePassword(PASSWORD)
+         .createContext();
       SSLEngine engine = context.createSSLEngine();
       return engine.getEnabledCipherSuites();
    }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
----------------------------------------------------------------------
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
index b93dc44..96ecb56 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
@@ -210,7 +210,10 @@ public class NettyConnectorWithHTTPUpgradeTest extends 
ActiveMQTestBase {
       ServerBootstrap b = new ServerBootstrap();
       final SSLContext context;
       if (useSSL) {
-         context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, 
PASSWORD, null, null, null);
+         context = new SSLSupport()
+            .setKeystorePath(SERVER_SIDE_KEYSTORE)
+            .setKeystorePassword(PASSWORD)
+            .createContext();
       } else {
          context = null;
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
----------------------------------------------------------------------
diff --git 
a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
 
b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
index 3cb6e6d..256be64 100644
--- 
a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
+++ 
b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
@@ -73,32 +73,60 @@ public class SSLSupportTest extends ActiveMQTestBase {
 
    @Test
    public void testContextWithRightParameters() throws Exception {
-      SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, 
storeType, trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    // This is valid as it will create key and trust managers with system 
defaults
    @Test
    public void testContextWithNullParameters() throws Exception {
-      SSLSupport.createContext(null, null, null, null, null, null);
+      new SSLSupport().createContext();
    }
 
    @Test
    public void testContextWithKeyStorePathAsURL() throws Exception {
       URL url = 
Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
-      SSLSupport.createContext(storeType, url.toString(), keyStorePassword, 
storeType, trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(url.toString())
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithKeyStorePathAsFile() throws Exception {
       URL url = 
Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
       File file = new File(url.toURI());
-      SSLSupport.createContext(storeType, file.getAbsolutePath(), 
keyStorePassword, storeType, trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(file.getAbsolutePath())
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithBadKeyStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, "not a keystore", 
keyStorePassword, storeType, trustStorePath, trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath("not a keystore")
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -107,7 +135,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithNullKeyStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, null, keyStorePassword, 
storeType, trustStorePath, trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(null)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
       } catch (Exception e) {
          Assert.fail();
       }
@@ -122,13 +157,27 @@ public class SSLSupportTest extends ActiveMQTestBase {
          return;
       }
 
-      SSLSupport.createContext(storeType, "src/test/resources/" + 
keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath("src/test/resources/" + keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithBadKeyStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, "bad password", 
storeType, trustStorePath, trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword("bad password")
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -137,7 +186,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithNullKeyStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, null, storeType, 
trustStorePath, trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(null)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
          assertFalse(e instanceof NullPointerException);
@@ -147,7 +203,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithBadTrustStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, 
storeType, "not a trust store", trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath("not a trust store")
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -156,7 +219,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithBadTrustStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, 
storeType, trustStorePath, "bad passord");
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword("bad passord")
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -166,6 +236,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    public void testContextWithTrustAll() throws Exception {
       //This is using a bad password but should not fail because the trust 
store should be ignored with
       //the trustAll flag set to true
-      SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, 
storeType, trustStorePath, "bad passord", true);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword("bad passord")
+         .setTrustAll(true)
+         .createContext();
    }
 }

[1/2] activemq-artemis git commit: ARTEMIS-1926 refactor SSLSupport

Reply via email to