Jukka Aalto created AMQ-9473:
--------------------------------
Summary: Client SSL Socket configuration fails while settings
parameters
Key: AMQ-9473
URL: https://issues.apache.org/jira/browse/AMQ-9473
Project: ActiveMQ Classic
Issue Type: Bug
Affects Versions: 6.0.1
Environment: Windows and Java 21
Reporter: Jukka Aalto
Client connection creation fails when setting socket parameters.
Exception was thrown, when I tried to set enabledProtocols parameter using url:
ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3
Exception is also thrown, when using tcpNoDelay parameter. It is thrown
probably with most of the parameters related to sockets.
Here is the exception thrown:
{code:java}
java.lang.reflect.InaccessibleObjectException: Unable to make public void
sun.security.ssl.SSLSocketImpl.setEnabledProtocols(java.lang.String[])
accessible: module java.base does not "exports sun.security.ssl" to unnamed
module @48f2bd5b
13:22:43.976 [main] ERROR org.apache.activemq.util.IntrospectionSupport - Could
not set property enabledProtocols on SSLSocket[hostname=127.0.0.1, port=12345,
Session(...)]
at
java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:391)
~[?:?]
at
java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:367)
~[?:?]
at
java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:315)
~[?:?]
at java.lang.reflect.Method.checkCanSetAccessible(Method.java:203)
~[?:?]
at java.lang.reflect.Method.setAccessible(Method.java:197) ~[?:?]
at
org.apache.activemq.util.IntrospectionSupport.setProperty(IntrospectionSupport.java:184)
[test/:6.0.1]
at
org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:155)
[test/:6.0.1]
at
org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:140)
[test/:6.0.1]
at
org.apache.activemq.transport.tcp.TcpTransport.initialiseSocket(TcpTransport.java:449)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.tcp.SslTransport.initialiseSocket(SslTransport.java:137)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:542)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.tcp.TcpTransport.doStart(TcpTransport.java:488)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.AbstractInactivityMonitor.start(AbstractInactivityMonitor.java:172)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.InactivityMonitor.start(InactivityMonitor.java:52)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:72)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:399)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:349)
[activemq-client-6.0.1.jar:6.0.1]
at
org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:245)
[activemq-client-6.0.1.jar:6.0.1]
at
test.ActiveMQClientSSLSocketParameter.main(ActiveMQClientSSLSocketParameter.java:25)
[test/:?]
{code}
Here is example to reproduce issue:
{code:java}
package test;
import java.io.IOException;
import java.net.ServerSocket;
import org.apache.activemq.ActiveMQSslConnectionFactory;
public class ActiveMQClientSSLSocketParameter {
public static void main(String[] args) throws Exception{
// Dummy server
ServerSocket server = new ServerSocket(12345);
new Thread(() -> {
try {
var client = server.accept();
client.close();
}catch(Exception e) {
e.printStackTrace();
}
}).start();
var factory = new
ActiveMQSslConnectionFactory("ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3");
// or socket.enabledCipherSuites=TLS_AES_256_GCM_SHA384
try(var connection = factory.createConnection()){
//NOP
} finally {
try {
server.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
{code}
Fix seems to be trivial, because same kind of issue is already corrected with
server side (SSLServerSocket). See line
https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-client/src/main/java/org/apache/activemq/util/IntrospectionSupport.java#L172
Snippet from IntrospectionSupport:
{code}
public static boolean setProperty(Object target, String name, Object value) {
try {
Class<?> clazz = target.getClass();
if (target instanceof SSLServerSocket) {
// overcome illegal access issues with internal implementation
class
clazz = SSLServerSocket.class;
}
// ...
{code}
Fix for this issue would be:
{code}
public static boolean setProperty(Object target, String name, Object value) {
try {
Class<?> clazz = target.getClass();
if (target instanceof SSLServerSocket) {
// overcome illegal access issues with internal implementation
class
clazz = SSLServerSocket.class;
} else if (target instanceof javax.net.ssl.SSLSocket) {
// overcome illegal access issues with internal implementation
class
clazz = javax.net.ssl.SSLSocket.class;
}
// ...
{code}
There is also similar code
(https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-jms-pool/src/main/java/org/apache/activemq/jms/pool/IntrospectionSupport.java#L87),
which probably should be corrected the same manner.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
