From an embedded broker I must access a remote broker with two way mutual
trust, creating a network of brokers.
In old times I just added a SSLContext and the network connector picked it up:
<sslContext>
<sslContext
keyStore="file:${activemq.base}/conf/my_ks.jks"
keyStorePassword="***"
trustStore="file:${activemq.base}/conf/my_ts.jks"
trustStorePassword="***"/>
</sslContext>
<networkConnectors>
<networkConnector uri="static://(ssl://hostxy:60617)"
name="5519atob"
duplex="true"
conduitSubscriptions="true"
decreaseNetworkConsumerPriority="false">
</networkConnector>
</networkConnectors>
Today I want to do the same with pure Java in Spring Boot 2.
Setup of the broker via bean works fine without TLS.
But adding a bean for the TLS parameters and referring to it in the network
connector URI with ?sslContextParameters=#sslHH does not work, this seems not
being supported by camel-jms. CiA lists some components, but not camel-jms
Spring Boot docs do not mention parameters related to activemq and TLS.
So what is the right way to set the TLS parameters, ideally externalized via
application.properties ?
Peter
----------------------------------------------
Route:
from("vm://turntable:ddbqueue").routeId("ddbqueue")
....
Broker config:
@Configuration
public class AMQConfig
{
@Bean(name = "amq")
public BrokerService broker()
{
BrokerService broker = new BrokerService();
broker.setBrokerName("turntable");
NetworkConnector connector = null;
// does not work: connector =
broker.addNetworkConnector("static://"+"ssl://0.0.0.0:60617?sslContextParameters=#sslHH");
connector =
broker.addNetworkConnector("static://"+"tcp://0.0.0.0:60616"); // works
broker.addConnector("tcp://0.0.0.0:61616");
broker.start();
return broker;
}
@Configuration
public class BlobAppConfig
{
@Bean(name = "CredsForBlob")
public StorageCredentials creds() throws StorageException
{
try {
StorageCredentials creds = new
StorageCredentialsAccountAndKey("shared1",
"jG/zyK97vKeHlSH49mQD1X1j17zWOMfIE2epjchQ74+TYRjctwqlE30MvIDqaY1CwRc6yxPmDgsRAee8myDOTA==");
return creds;
} catch (Exception ex) {
throw ex;
}
}
Other file with ssl config bean:
@Bean(name = "sslHH")
public SSLContextParameters sslhh()
{
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("my_ks.jks");
ksp.setPassword("****");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("****");
kmp.setKeyStore(ksp);
KeyStoreParameters tsp = new KeyStoreParameters();
tsp.setResource("my_ts.jks");
tsp.setPassword("****");
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextParameters sslhh = new SSLContextParameters();
sslhh.setKeyManagers(kmp);
sslhh.setTrustManagers(tmp);
return sslhh;
}
}
Knorr-Bremse Systeme für Schienenfahrzeuge GmbH
Sitz: München
Geschäftsführer: Dr. Jürgen Wilder (Vorsitzender), Mark Cleobury, Dr. Nicolas
Lange, Dr. Peter Radina, Harald Schneider
Registergericht München, HR B 91 181
This transmission is intended solely for the addressee and contains
confidential information.
If you are not the intended recipient, please immediately inform the sender and
delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone
unless agreed otherwise. To the extent permitted by law we shall in no way be
liable for any damages, whatever their nature, arising out of transmission
failures, viruses, external influence, delays and the like.
