This is an automated email from the ASF dual-hosted git repository.
tabish pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 3a10faa949 ARTEMIS-5465 Resolve USER_NAME key with
TextFileCertificateLoginModule
3a10faa949 is described below
commit 3a10faa94908b83d58e5e5ccd15708570bfcb5e4
Author: Domenico Francesco Bruscino <[email protected]>
AuthorDate: Thu May 29 11:44:05 2025 +0200
ARTEMIS-5465 Resolve USER_NAME key with TextFileCertificateLoginModule
---
.../protocol/amqp/proton/AMQPRoutingContext.java | 2 +-
.../core/protocol/mqtt/MQTTProtocolHandler.java | 2 +-
.../core/protocol/mqtt/MQTTRoutingContext.java | 5 +-
.../core/protocol/mqtt/MQTTRoutingHandler.java | 5 +-
.../protocol/openwire/OpenWireRoutingContext.java | 3 +-
.../protocol/core/impl/ActiveMQPacketHandler.java | 2 +-
.../protocol/core/impl/ActiveMQRoutingContext.java | 5 +-
.../protocol/core/impl/ActiveMQRoutingHandler.java | 5 +-
.../tests/integration/routing/KeyTypeTest.java | 166 +++++++++++++++------
.../tests/integration/routing/RoutingTestBase.java | 35 ++++-
10 files changed, 164 insertions(+), 66 deletions(-)
diff --git
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPRoutingContext.java
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPRoutingContext.java
index 6cfc8e4b0f..acfd9fb94c 100644
---
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPRoutingContext.java
+++
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPRoutingContext.java
@@ -30,7 +30,7 @@ public class AMQPRoutingContext extends RoutingContext {
public AMQPRoutingContext(AMQPConnectionContext connectionContext,
Connection protonConnection) {
super(connectionContext.getConnectionCallback().getProtonConnectionDelegate(),
connectionContext.getRemoteContainer(),
- connectionContext.getSASLResult() != null ?
connectionContext.getSASLResult().getUser() : null);
+ connectionContext.getValidatedUser() != null ?
connectionContext.getValidatedUser() : connectionContext.getUser());
this.protonConnection = protonConnection;
}
}
diff --git
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
index 484537578d..c6da66b0bf 100644
---
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
+++
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
@@ -259,7 +259,7 @@ public class MQTTProtocolHandler extends
ChannelInboundHandlerAdapter {
protocolManager.getStateManager().addConnectedClient(session.getConnection().getClientID(),
session.getConnection());
}
- if (connection.getTransportConnection().getRouter() == null ||
!protocolManager.getRoutingHandler().route(connection, session, connect)) {
+ if (connection.getTransportConnection().getRouter() == null ||
!protocolManager.getRoutingHandler().route(connection, session,
validationData.getB() != null ? validationData.getB() : username)) {
calculateKeepAlive(connect);
session.getConnectionManager().connect(connect,
validationData.getB(), username, password);
diff --git
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingContext.java
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingContext.java
index 985205b8c3..cb09b14867 100644
---
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingContext.java
+++
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingContext.java
@@ -16,7 +16,6 @@
*/
package org.apache.activemq.artemis.core.protocol.mqtt;
-import io.netty.handler.codec.mqtt.MqttConnectMessage;
import org.apache.activemq.artemis.core.server.routing.RoutingContext;
public class MQTTRoutingContext extends RoutingContext {
@@ -29,8 +28,8 @@ public class MQTTRoutingContext extends RoutingContext {
}
- public MQTTRoutingContext(MQTTConnection mqttConnection, MQTTSession
mqttSession, MqttConnectMessage connect) {
- super(mqttConnection, mqttConnection.getClientID(),
connect.payload().userName());
+ public MQTTRoutingContext(MQTTConnection mqttConnection, MQTTSession
mqttSession, String username) {
+ super(mqttConnection, mqttConnection.getClientID(), username);
this.mqttSession = mqttSession;
}
}
diff --git
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingHandler.java
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingHandler.java
index a66e3cf241..0d6ac484cf 100644
---
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingHandler.java
+++
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTRoutingHandler.java
@@ -16,7 +16,6 @@
*/
package org.apache.activemq.artemis.core.protocol.mqtt;
-import io.netty.handler.codec.mqtt.MqttConnectMessage;
import io.netty.handler.codec.mqtt.MqttProperties;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
@@ -31,8 +30,8 @@ public class MQTTRoutingHandler extends
RoutingHandler<MQTTRoutingContext> {
super(server);
}
- public boolean route(MQTTConnection mqttConnection, MQTTSession
mqttSession, MqttConnectMessage connect) throws Exception {
- return route(new MQTTRoutingContext(mqttConnection, mqttSession,
connect));
+ public boolean route(MQTTConnection mqttConnection, MQTTSession
mqttSession, String username) throws Exception {
+ return route(new MQTTRoutingContext(mqttConnection, mqttSession,
username));
}
@Override
diff --git
a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireRoutingContext.java
b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireRoutingContext.java
index 2af059e282..32177cfc8d 100644
---
a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireRoutingContext.java
+++
b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireRoutingContext.java
@@ -30,7 +30,8 @@ public class OpenWireRoutingContext extends RoutingContext {
public OpenWireRoutingContext(OpenWireConnection openWireConnection,
ConnectionInfo connectionInfo) {
- super(openWireConnection.getRemotingConnection(),
connectionInfo.getClientId(), connectionInfo.getUserName());
+ super(openWireConnection.getRemotingConnection(),
connectionInfo.getClientId(),
+ openWireConnection.getValidatedUser() != null ?
openWireConnection.getValidatedUser() : connectionInfo.getUserName());
this.openWireConnection = openWireConnection;
}
}
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
index 9854ec3786..87fc1c00c1 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
@@ -182,7 +182,7 @@ public class ActiveMQPacketHandler implements
ChannelHandler {
final String validatedUser = server.validateUser(activeMQPrincipal ==
null ? request.getUsername() : activeMQPrincipal.getUserName(),
activeMQPrincipal == null ? request.getPassword() :
activeMQPrincipal.getPassword(), connection,
protocolManager.getSecurityDomain());
if (connection.getTransportConnection().getRouter() != null) {
- protocolManager.getRoutingHandler().route(connection, request);
+ protocolManager.getRoutingHandler().route(connection,
validatedUser != null ? validatedUser : request.getUsername());
}
OperationContext sessionOperationContext =
server.newOperationContext();
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingContext.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingContext.java
index 6e2939dd7e..5ebf05f591 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingContext.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingContext.java
@@ -17,11 +17,10 @@
package org.apache.activemq.artemis.core.protocol.core.impl;
import org.apache.activemq.artemis.core.protocol.core.CoreRemotingConnection;
-import
org.apache.activemq.artemis.core.protocol.core.impl.wireformat.CreateSessionMessage;
import org.apache.activemq.artemis.core.server.routing.RoutingContext;
public class ActiveMQRoutingContext extends RoutingContext {
- public ActiveMQRoutingContext(CoreRemotingConnection connection,
CreateSessionMessage message) {
- super(connection, connection.getClientID(), message.getUsername());
+ public ActiveMQRoutingContext(CoreRemotingConnection connection, String
username) {
+ super(connection, connection.getClientID(), username);
}
}
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingHandler.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingHandler.java
index 6011ec8d3a..05e215958c 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingHandler.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQRoutingHandler.java
@@ -18,7 +18,6 @@ package org.apache.activemq.artemis.core.protocol.core.impl;
import org.apache.activemq.artemis.api.core.DisconnectReason;
import org.apache.activemq.artemis.core.protocol.core.CoreRemotingConnection;
-import
org.apache.activemq.artemis.core.protocol.core.impl.wireformat.CreateSessionMessage;
import org.apache.activemq.artemis.core.server.ActiveMQMessageBundle;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.routing.RoutingHandler;
@@ -29,12 +28,12 @@ public class ActiveMQRoutingHandler extends
RoutingHandler<ActiveMQRoutingContex
super(server);
}
- public boolean route(CoreRemotingConnection connection,
CreateSessionMessage message) throws Exception {
+ public boolean route(CoreRemotingConnection connection, String username)
throws Exception {
if (!connection.isVersionSupportRouting()) {
throw ActiveMQMessageBundle.BUNDLE.incompatibleClientServer();
}
- return route(new ActiveMQRoutingContext(connection, message));
+ return route(new ActiveMQRoutingContext(connection, username));
}
@Override
diff --git
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/KeyTypeTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/KeyTypeTest.java
index 1cd8f99c28..5bfddae8f1 100644
---
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/KeyTypeTest.java
+++
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/KeyTypeTest.java
@@ -36,22 +36,33 @@ import
org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager
import
org.apache.activemq.artemis.tests.extensions.parameterized.ParameterizedTestExtension;
import org.apache.activemq.artemis.tests.extensions.parameterized.Parameters;
import org.apache.activemq.artemis.tests.integration.security.SecurityTest;
+import org.eclipse.paho.client.mqttv3.MqttClient;
+import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
+import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.UUID;
import java.util.stream.Collectors;
@ExtendWith(ParameterizedTestExtension.class)
@@ -63,7 +74,7 @@ public class KeyTypeTest extends RoutingTestBase {
public static Collection<Object[]> data() {
Collection<Object[]> data = new ArrayList<>();
- for (String protocol : Arrays.asList(new String[] {AMQP_PROTOCOL,
CORE_PROTOCOL, OPENWIRE_PROTOCOL})) {
+ for (String protocol : Arrays.asList(AMQP_PROTOCOL, CORE_PROTOCOL,
MQTT_PROTOCOL, OPENWIRE_PROTOCOL)) {
data.add(new Object[] {protocol});
}
@@ -107,14 +118,8 @@ public class KeyTypeTest extends RoutingTestBase {
setupRouterServerWithDiscovery(0, KeyType.CLIENT_ID, MOCK_POLICY_NAME,
null, true, null, 1);
startServers(0);
- ConnectionFactory connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
- TransportConstants.DEFAULT_PORT + 0, "test", null, null);
-
- keys.clear();
-
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
- }
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ "test", null, null, false, false, -1);
assertEquals(1, keys.size());
assertEquals("test", keys.get(0));
@@ -146,14 +151,8 @@ public class KeyTypeTest extends RoutingTestBase {
waitForFailoverTopology(1);
- ConnectionFactory connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
-
TransportConstants.DEFAULT_PORT + 1, "test", null, null);
-
- keys.clear();
-
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
- }
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 1,
+ "test", null, null, false, false, -1);
assertEquals(1, keys.size());
assertEquals("test", keys.get(0));
@@ -181,12 +180,8 @@ public class KeyTypeTest extends RoutingTestBase {
setupRouterServerWithDiscovery(0, KeyType.SNI_HOST, MOCK_POLICY_NAME,
null, true, null, 1);
startServers(0);
- ConnectionFactory connectionFactory = createFactory(protocol, true,
localHostname,
- TransportConstants.DEFAULT_PORT + 0, null, null, null);
-
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
- }
+ testConnection(localHostname, TransportConstants.DEFAULT_PORT + 0,
+ null, null, null, true, false, -1);
assertEquals(1, keys.size());
assertEquals(localHostname, keys.get(0));
@@ -198,12 +193,8 @@ public class KeyTypeTest extends RoutingTestBase {
setupRouterServerWithDiscovery(0, KeyType.SOURCE_IP, MOCK_POLICY_NAME,
null, true, null, 1);
startServers(0);
- ConnectionFactory connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
- TransportConstants.DEFAULT_PORT + 0, null, null, null);
-
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
- }
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ null, null, null, false, false, -1);
assertEquals(1, keys.size());
assertEquals(InetAddress.getLoopbackAddress().getHostAddress(),
keys.get(0));
@@ -215,17 +206,40 @@ public class KeyTypeTest extends RoutingTestBase {
setupRouterServerWithDiscovery(0, KeyType.USER_NAME, MOCK_POLICY_NAME,
null, true, null, 1);
startServers(0);
- ConnectionFactory connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
- TransportConstants.DEFAULT_PORT + 0, null, "admin", "admin");
-
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
- }
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ null, "admin", "admin", false, false, -1);
assertEquals(1, keys.size());
assertEquals("admin", keys.get(0));
}
+ @TestTemplate
+ public void testUserNameKeyFromCertificate() throws Exception {
+ setupPrimaryServerWithDiscovery(0, GROUP_ADDRESS, GROUP_PORT, true,
true, false);
+ getDefaultServerAcceptor(0).getParams().put("securityDomain",
"CertLogin");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME,
true);
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME,
"server-keystore.jks");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME,
"securepass");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME,
"true");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME,
"true");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,
"client-ca-truststore.jks");
+
getDefaultServerAcceptor(0).getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME,
"securepass");
+
+ getServer(0).getConfiguration().setSecurityEnabled(true);
+ getServer(0).getSecurityRepository().addMatch("#", Collections.singleton(
+ new Role("programmers", true, true, true, true, true, true,
true, true, true, true, false, false)));
+
+ setupRouterServerWithDiscovery(0, KeyType.USER_NAME, MOCK_POLICY_NAME,
null, true, null, 1);
+
+ startServers(0);
+
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ null, null, null, true, true, -1);
+
+ assertEquals(1, keys.size());
+ assertEquals("first", keys.get(0));
+ }
+
@TestTemplate
public void testRoleNameKeyLocalTarget() throws Exception {
ActiveMQJAASSecurityManager securityManager = new
ActiveMQJAASSecurityManager("PropertiesLogin");
@@ -241,23 +255,83 @@ public class KeyTypeTest extends RoutingTestBase {
startServers(0);
- final int noRetriesSuchThatWeGetAnErrorOnRejection = 0;
- ConnectionFactory connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
-
TransportConstants.DEFAULT_PORT + 0, null, "a", "a",
noRetriesSuchThatWeGetAnErrorOnRejection);
-
// expect disconnect/reject as not role b
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
+ try {
+ final int noRetriesSuchThatWeGetAnErrorOnRejection = 0;
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ null, "a", "a", false, false,
noRetriesSuchThatWeGetAnErrorOnRejection);
fail("Expect to be rejected as not in role b");
} catch (Exception expectedButNotSpecificDueToDifferentProtocolsInPlay) {
}
- connectionFactory = createFactory(protocol, false,
TransportConstants.DEFAULT_HOST,
- TransportConstants.DEFAULT_PORT + 0,
null, "b", "b");
+ testConnection(TransportConstants.DEFAULT_HOST,
TransportConstants.DEFAULT_PORT + 0,
+ null, "b", "b", false, false, -1);
+ }
+
+ private void testConnection(String host, int port, String clientID, String
user, String password, boolean sslEnabled, boolean needClientAuth, int retries)
throws Exception {
+ if (MQTT_PROTOCOL.equals(protocol)) {
+ for (int i = 0; retries == -1 || i <= retries; i++) {
+ try {
+ testMQTTConnection(host, port, clientID, user, password,
sslEnabled, needClientAuth);
+ break;
+ } catch (Throwable t) {
+ if (i == retries) {
+ throw t;
+ }
+ }
+ }
+ } else {
+ ConnectionFactory connectionFactory = createFactory(protocol,
sslEnabled, host,
+ port, clientID, user, password, needClientAuth, retries);
+
+ try (Connection connection = connectionFactory.createConnection()) {
+ connection.start();
+ }
+ }
+ }
+
+ private void testMQTTConnection(String host, int port, String clientID,
String user, String password, boolean sslEnabled, boolean needClientAuth)
throws Exception {
+ MqttConnectOptions connOpts = new MqttConnectOptions();
+ connOpts.setCleanSession(true);
+ connOpts.setUserName(user);
+ if (password != null) {
+ connOpts.setPassword(password.toCharArray());
+ }
+
+ String serverURIScheme = "tcp";
+
+ if (sslEnabled) {
+ serverURIScheme = "ssl";
+
+ SSLContext sslContext = SSLContext.getInstance("TLS");
+
+ KeyManager[] kms = null;
+ if (needClientAuth) {
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+
keyStore.load(getClass().getClassLoader().getResourceAsStream("client-keystore.jks"),
"securepass".toCharArray());
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore, "securepass".toCharArray());
+ kms = kmf.getKeyManagers();
+ }
+
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+
trustStore.load(getClass().getClassLoader().getResourceAsStream("server-ca-truststore.jks"),
"securepass".toCharArray());
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(trustStore);
+
+ sslContext.init(kms, tmf.getTrustManagers(), null); // null
KeyManagers, null TrustManagers, null SecureRandom
+
+ SSLSocketFactory socketFactory = sslContext.getSocketFactory();
+ connOpts.setSocketFactory(socketFactory);
+ }
+
+ if (clientID == null) {
+ clientID = UUID.randomUUID().toString();
+ }
- // expect to be accepted, b has role b
- try (Connection connection = connectionFactory.createConnection()) {
- connection.start();
+ try (MqttClient mqttClient = new MqttClient(serverURIScheme + "://" +
host + ":" + port, clientID, new MemoryPersistence())) {
+ mqttClient.connect(connOpts);
+ mqttClient.disconnect();
}
}
diff --git
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/RoutingTestBase.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/RoutingTestBase.java
index 6d8c829a11..12236b1e6c 100644
---
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/RoutingTestBase.java
+++
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/routing/RoutingTestBase.java
@@ -39,6 +39,7 @@ import org.apache.qpid.jms.JmsConnectionFactory;
public class RoutingTestBase extends ClusterTestBase {
protected static final String AMQP_PROTOCOL = "AMQP";
protected static final String CORE_PROTOCOL = "CORE";
+ protected static final String MQTT_PROTOCOL = "MQTT";
protected static final String OPENWIRE_PROTOCOL = "OPENWIRE";
protected static final String CLUSTER_POOL = "CLUSTER";
@@ -160,10 +161,10 @@ public class RoutingTestBase extends ClusterTestBase {
}
protected ConnectionFactory createFactory(String protocol, boolean
sslEnabled, String host, int port, String clientID, String user, String
password) throws Exception {
- return createFactory(protocol, sslEnabled, host, port, clientID, user,
password, -1);
+ return createFactory(protocol, sslEnabled, host, port, clientID, user,
password, false, -1);
}
- protected ConnectionFactory createFactory(String protocol, boolean
sslEnabled, String host, int port, String clientID, String user, String
password, int retries) throws Exception {
+ protected ConnectionFactory createFactory(String protocol, boolean
sslEnabled, String host, int port, String clientID, String user, String
password, boolean needClientAuth, int retries) throws Exception {
switch (protocol) {
case CORE_PROTOCOL: {
StringBuilder urlBuilder = new StringBuilder();
@@ -172,7 +173,7 @@ public class RoutingTestBase extends ClusterTestBase {
urlBuilder.append(host);
urlBuilder.append(":");
urlBuilder.append(port);
-
urlBuilder.append("?ha=true&reconnectAttempts=10&initialConnectAttempts=" +
retries);
+
urlBuilder.append("?ha=true&reconnectAttempts=10&retryInterval=250&initialConnectAttempts="
+ retries);
urlBuilder.append("&sniHost=");
urlBuilder.append(host);
@@ -197,6 +198,18 @@ public class RoutingTestBase extends ClusterTestBase {
urlBuilder.append(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME);
urlBuilder.append("=");
urlBuilder.append("securepass");
+
+ if (needClientAuth) {
+ urlBuilder.append("&");
+
urlBuilder.append(TransportConstants.KEYSTORE_PATH_PROP_NAME);
+ urlBuilder.append("=");
+ urlBuilder.append("client-keystore.jks");
+
+ urlBuilder.append("&");
+
urlBuilder.append(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME);
+ urlBuilder.append("=");
+ urlBuilder.append("securepass");
+ }
}
return new ActiveMQConnectionFactory(urlBuilder.toString(), user,
password);
@@ -214,7 +227,15 @@ public class RoutingTestBase extends ClusterTestBase {
urlBuilder.append("?transport.trustStoreLocation=");
urlBuilder.append(getClass().getClassLoader().getResource("server-ca-truststore.jks").getFile());
- urlBuilder.append("&transport.trustStorePassword=securepass)");
+ urlBuilder.append("&transport.trustStorePassword=securepass");
+
+ if (needClientAuth) {
+ urlBuilder.append("&transport.keyStoreLocation=");
+
urlBuilder.append(getClass().getClassLoader().getResource("client-keystore.jks").getFile());
+ urlBuilder.append("&transport.keyStorePassword=securepass");
+ }
+
+ urlBuilder.append(")");
} else {
urlBuilder.append("amqp://");
urlBuilder.append(host);
@@ -264,6 +285,12 @@ public class RoutingTestBase extends ClusterTestBase {
sslConnectionFactory.setPassword(password);
sslConnectionFactory.setTrustStore("server-ca-truststore.jks");
sslConnectionFactory.setTrustStorePassword("securepass");
+
+ if (needClientAuth) {
+ sslConnectionFactory.setKeyStore("client-keystore.jks");
+ sslConnectionFactory.setKeyStorePassword("securepass");
+ }
+
return sslConnectionFactory;
} else {
return new org.apache.activemq.ActiveMQConnectionFactory(user,
password, urlBuilder.toString());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
