[jira] [Work logged] (AMQ-9473) Client SSL Socket configuration fails while settings parameters

Thu, 11 Apr 2024 08:13:19 -0700 


     [ 
https://issues.apache.org/jira/browse/AMQ-9473?focusedWorklogId=914210&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-914210
 ]

ASF GitHub Bot logged work on AMQ-9473:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Apr/24 15:12
            Start Date: 11/Apr/24 15:12
    Worklog Time Spent: 10m 
      Work Description: mattrpav commented on PR #1202:
URL: https://github.com/apache/activemq/pull/1202#issuecomment-2049929214

   We should add a unit test for this JIRA 
https://issues.apache.org/jira/browse/AMQ-9478 assigned to 6.2.0




Issue Time Tracking
-------------------

    Worklog Id:     (was: 914210)
    Time Spent: 0.5h  (was: 20m)

> Client SSL Socket configuration fails while settings parameters
> ---------------------------------------------------------------
>
>                 Key: AMQ-9473
>                 URL: https://issues.apache.org/jira/browse/AMQ-9473
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>    Affects Versions: 6.0.1
>         Environment: Windows and Java 21
>            Reporter: Jukka Aalto
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 6.2.0, 5.18.5, 6.1.2
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Client connection creation fails when setting socket parameters.
> Exception was thrown, when I tried to set enabledProtocols parameter using 
> url:
> ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3
> Exception is also thrown, when using tcpNoDelay parameter. It is thrown 
> probably with most of the parameters related to sockets.
> Here is the exception thrown:
> {code:java}
> java.lang.reflect.InaccessibleObjectException: Unable to make public void 
> sun.security.ssl.SSLSocketImpl.setEnabledProtocols(java.lang.String[]) 
> accessible: module java.base does not "exports sun.security.ssl" to unnamed 
> module @48f2bd5b
> 13:22:43.976 [main] ERROR org.apache.activemq.util.IntrospectionSupport - 
> Could not set property enabledProtocols on SSLSocket[hostname=127.0.0.1, 
> port=12345, Session(...)]
>             at 
> java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:391)
>  ~[?:?]
>             at 
> java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:367)
>  ~[?:?]
>             at 
> java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:315)
>  ~[?:?]
>             at 
> java.lang.reflect.Method.checkCanSetAccessible(Method.java:203) ~[?:?]
>             at java.lang.reflect.Method.setAccessible(Method.java:197) ~[?:?]
>             at 
> org.apache.activemq.util.IntrospectionSupport.setProperty(IntrospectionSupport.java:184)
>  [test/:6.0.1]
>             at 
> org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:155)
>  [test/:6.0.1]
>             at 
> org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:140)
>  [test/:6.0.1]
>             at 
> org.apache.activemq.transport.tcp.TcpTransport.initialiseSocket(TcpTransport.java:449)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.tcp.SslTransport.initialiseSocket(SslTransport.java:137)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:542) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.tcp.TcpTransport.doStart(TcpTransport.java:488) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.AbstractInactivityMonitor.start(AbstractInactivityMonitor.java:172)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.InactivityMonitor.start(InactivityMonitor.java:52)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:72)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) 
> [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:399)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:349)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:245)
>  [activemq-client-6.0.1.jar:6.0.1]
>             at 
> test.ActiveMQClientSSLSocketParameter.main(ActiveMQClientSSLSocketParameter.java:25)
>  [test/:?]
> {code}
> Here is example to reproduce issue:
> {code:java}
> package test;
> import java.io.IOException;
> import java.net.ServerSocket;
> import org.apache.activemq.ActiveMQSslConnectionFactory;
> public class ActiveMQClientSSLSocketParameter {
>     public static void main(String[] args) throws Exception{
>         // Dummy server
>         ServerSocket server = new ServerSocket(12345);
>         new Thread(() -> {
>             try {
>                 var client = server.accept();
>                 client.close();
>             }catch(Exception e) {
>                 e.printStackTrace();
>             }
>         }).start();
>         var factory = new 
> ActiveMQSslConnectionFactory("ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3");
>         // or socket.enabledCipherSuites=TLS_AES_256_GCM_SHA384
>         try(var connection = factory.createConnection()){
>             //NOP
>         } finally {
>             try {
>                 server.close();
>             } catch (IOException e) {
>                 e.printStackTrace();
>             }
>         }
>     }
> }
> {code}
> Fix seems to be trivial, because same kind of issue is already corrected with 
> server side (SSLServerSocket). See line 
> https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-client/src/main/java/org/apache/activemq/util/IntrospectionSupport.java#L172
> Snippet from IntrospectionSupport:
> {code}
>  public static boolean setProperty(Object target, String name, Object value) {
>         try {
>             Class<?> clazz = target.getClass();
>             if (target instanceof SSLServerSocket) {
>                 // overcome illegal access issues with internal 
> implementation class
>                 clazz = SSLServerSocket.class;
>             }
>             // ...
> {code}
> Fix for this issue would be:
> {code}
>  public static boolean setProperty(Object target, String name, Object value) {
>         try {
>             Class<?> clazz = target.getClass();
>             if (target instanceof SSLServerSocket) {
>                 // overcome illegal access issues with internal 
> implementation class
>                 clazz = SSLServerSocket.class;
>             } else if (target instanceof javax.net.ssl.SSLSocket) {
>                 // overcome illegal access issues with internal 
> implementation class
>                 clazz = javax.net.ssl.SSLSocket.class;
>             }
>            // ...
> {code}
>  
> There is also similar code 
> (https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-jms-pool/src/main/java/org/apache/activemq/jms/pool/IntrospectionSupport.java#L87),
>   which probably should be corrected the same manner.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to