As for building from trunk.... I'm getting this error when running: qpid-run: No such file or directory
I checked out from SVN, ran ant and built everything under the JAVA folder, and set the env variables... I noticed there is no qpid-run in the bin folder? What am I missing? Joe _____________________________________ From: Robbie Gemmell [[email protected]] Sent: Sunday, November 13, 2011 4:28 PM To: [email protected] Subject: Re: SSL connection problems from rabbitMQ client I have no idea how to pass properties to Android applications. If you run it as a standard Java Application through Eclipse then you can set the properties using the JVM arguments section of the run options, or set environment variables using the environment section. qpid-server uses qpid-run, which certainly does use JAVA_OPTS, or else my broker just magically knew what I wanted earlier when I tried this before emailing the instructions:) Robbie On 13 November 2011 20:07, Joe Porto <[email protected]> wrote: > Hmm > > Still no luck... How do you pass those variables to an android application? > I'm running through eclipse... Also, qpid doesn't seem to make use of the > JAVA_OPTS variable? I've changed that, but don't see any SSL debug output > (I'm running qpid by the qpid-server command.. ) > Joe > ________________________________________ > From: Robbie Gemmell [[email protected]] > Sent: Sunday, November 13, 2011 1:38 PM > To: [email protected] > Subject: Re: SSL connection problems from rabbitMQ client > > Hi Joe, > > For the broker side I edited the etc/config.xml file as follows: > 1. Enable SSL by setting connector.ssl.enabled to true. > 2. Give the keystore path via connector.ssl.keyStorePath > 3. Give the keystore password via connector.ssl.keyStorePassword (I > admitedly forgot to tell you that its 'password' for those keystore > files, but it complains about that if its wrong). > > Giving the following (replacing /path/to as appropriate): > ... > <connector> > <ssl> > <port>5671</port> > <enabled>true</enabled> > <sslOnly>false</sslOnly> > > <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath> > <keyStorePassword>password</keyStorePassword> > </ssl> > ...etc > > For the client side I used two examples based on those at > http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a > truststore and a second which does: > > RabbitExample.java > ============== > import java.io.*; > import java.security.*; > import javax.net.ssl.*; > > import com.rabbitmq.client.*; > > public class RabbitExample > { > public static void main(String[] args) throws Exception > { > ConnectionFactory factory = new ConnectionFactory(); > factory.setHost("localhost"); > factory.setPort(5671); > factory.useSslProtocol("TLS"); //Using just > factory.useSslProtocol(); works equally well here. > > Connection conn = factory.newConnection(); > Channel channel = conn.createChannel(); > > channel.queueDeclare("rabbitmq-java-test", false, true, true, null); > channel.basicPublish("", "rabbitmq-java-test", null, "Hello, > World".getBytes()); > > GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false); > if(chResponse == null) { > System.out.println("No message retrieved"); > } else { > byte[] body = chResponse.getBody(); > System.out.println("Recieved: " + new String(body)); > } > > channel.close(); > conn.close(); > } > } > > > ExpandedRabbitExample.java > ===================== > import java.io.*; > import java.security.*; > import javax.net.ssl.*; > > import com.rabbitmq.client.*; > > public class ExpandedRabbitExample > { > private static final String TRUSTSTORE = > "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks"; > private static final String TRUSTSTORE_PASSWORD = "password"; > > public static void main(String[] args) throws Exception > { > KeyStore tks = KeyStore.getInstance("JKS"); > tks.load(new FileInputStream(TRUSTSTORE), > TRUSTSTORE_PASSWORD.toCharArray()); > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > tmf.init(tks); > > SSLContext c = SSLContext.getInstance("TLS"); > c.init(null, tmf.getTrustManagers(), null); > > ConnectionFactory factory = new ConnectionFactory(); > factory.setHost("localhost"); > factory.setPort(5671); > factory.useSslProtocol(c); > > Connection conn = factory.newConnection(); > Channel channel = conn.createChannel(); > > channel.queueDeclare("rabbitmq-java-test", false, true, true, null); > channel.basicPublish("", "rabbitmq-java-test", null, "Hello, > World".getBytes()); > > GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false); > if(chResponse == null) { > System.out.println("No message retrieved"); > } else { > byte[] body = chResponse.getBody(); > System.out.println("Recieved: " + new String(body)); > } > > channel.close(); > conn.close(); > } > } > > > If you cant get the above working, it would be good if you turned on > SSL debug logging to get more information by setting the > 'javax.net.debug' system property to 'ssl' for both the client and > broker (for which you can export "-Djavax.net.debug=ssl" into the > JAVA_OPTS environment variable before startup to pass the value), > which will cause them to emit SSL logging to stdout. > > Robbie > > On 13 November 2011 00:52, Joe Porto <[email protected]> wrote: >> Hmm I tried this again (this time with the trunk version of qpid) with the >> same problem (socket times out)… I put the broker_keystore path in the >> config file…. Did you? Can you list the steps you did to make this work? >> And the code you're using on the client? >> >> >> Joe >> ________________________________________ >> From: Robbie Gemmell [[email protected]] >> Sent: Friday, November 11, 2011 6:03 PM >> To: [email protected] >> Subject: Re: SSL connection problems from rabbitMQ client >> >> On 11 November 2011 22:13, Joe Porto <[email protected]> wrote: >>> I'm assuming you imported those files into your keystore…. When I do that, >>> I'm getting the following error: >>> >> >> Which files? The test ones I mentioned from our repo? Those already >> are keystore files, with our test certificates/keys/cacerts imported >> as necessary, so you dont need to do anything to them to use them for >> testing. >> >> My comments about importing were directed at the guide you linked to, >> which says nothing about Java keystores because it seems to be for >> configuring an HTTPD installation and therefore the files created by >> it certainly wont work as-is. >> >>> Certificate not imported, alias <RootCA> already exists >>> >>> I've tried running: keytool -delete -alias RootCA >>> >>> But, I get an exception: keystore file does not exist….. I've been messing >>> around with trying to tell it which keystore, but I don't know which >>> keystore it's complaining about? >>> >>> Keystore –list returns an error saying keystore file does not exist… (and >>> the path to follow doesn't exist…) >>> >> >> You dont appear to be telling it any keystore file location ( >> -keystore <store>) in the above commands, so I imagine it is just >> looking in the default location as a result? >> >> This isnt a process we have documented since there are a wealth of >> different options to choose from, everyones needs are slightly >> different, and the various component parts of [self signed] SSL >> certificates and Java with SSL are documented to death elsewhere >> already...but perhaps we need to. >> >>> Joe >>> >>> From: Robbie Gemmell >>> <[email protected]<mailto:[email protected]>> >>> Date: Thu, 10 Nov 2011 18:10:53 -0500 >>> To: Joe Porto <[email protected]<mailto:[email protected]>> >>> Cc: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Subject: Re: SSL connection problems from rabbitMQ client >>> >>> Are you just using the files created from that guide directly? If so >>> that could be the problem, since you need to import the certificate / >>> key into a truststore / keystore file before using them, e.g. using >>> the keytool command bundled with the JDK. >>> >>> Robbie >>> >>> On 10 November 2011 22:21, Joe Porto >>> <[email protected]<mailto:[email protected]>> wrote: >>> Ah I read your response too quickly! I enabled the use SSL setting to true >>> in the config.xml…and I used the keystore and truststore that I created >>> myself following this website: >>> http://www.akadia.com/services/ssh_test_certificate.html >>> I'll give the sample ones a shot… >>> >>> Joe >>> >>> From: Robbie Gemmell >>> <[email protected]<mailto:[email protected]>> >>> >>> Date: Thu, 10 Nov 2011 16:48:32 -0500 >>> To: Joe Porto <[email protected]<mailto:[email protected]>> >>> Cc: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Subject: Re: SSL connection problems from rabbitMQ client >>> >>> Erm, so was I ? :) >>> Robbie >>> On 10 November 2011 21:26, Joe Porto >>> <[email protected]<mailto:[email protected]>> wrote: >>> >>> I was using a Qpid Broker… >>> Joe >>> From: Robbie Gemmell >>> <[email protected]<mailto:[email protected]>> >>> Date: Thu, 10 Nov 2011 16:20:54 -0500 >>> To: Joe Porto <[email protected]<mailto:[email protected]>> >>> Cc: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Subject: Re: SSL connection problems from rabbitMQ client >>> Hi Joe, >>> I just tried out connecting the RabbitMQ client using SSL to the >>> latest trunk revision of the Java broker, and it seemed to work ok >>> (well, it did make me notice that when we changed IO layers for the >>> broker and some protocols for the client recently that we missed a >>> limitation of SSLSocket that mean ConnectionClose currently generates >>> a nice stacktrace...but other than that, it works). Deliberately >>> making the client connect to the brokers 'plain' port failed as >>> expected, as did setting the client not to use SSL and connecting it >>> to the brokers SSL port. As well as the simpler 'no verification' >>> example you were using, I used an exapanded example based on those at >>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently >>> support validating client certificates so I removed those bits). >>> Could you share how you are configuring the broker, and creating your >>> certificates? I used the broker keystore and client truststore we use >>> in our tests, which are located at >>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks >>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks >>> in a checkout of our trunk >>> (http://svn.apache.org/repos/asf/qpid/trunk/) >>> Regards, >>> Robbie >>> On 9 November 2011 20:45, Joe Porto >>> <[email protected]<mailto:[email protected]>> wrote: >>> I don't know… only have been playing with the qpid broker…. >>> From: Robbie Gemmell >>> <[email protected]<mailto:[email protected]>> >>> Date: Wed, 9 Nov 2011 15:44:04 -0500 >>> To: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Cc: Joe Porto <[email protected]<mailto:[email protected]>> >>> Subject: Re: SSL connection problems from rabbitMQ client >>> Interesting. This isnt a combination that I have tried before, but I >>> dont know any obvious reason it wouldnt work. I will try to take a >>> look at it, but it isnt likely to be for a few days at best. The >>> default example broker config was changed to use port 5671 because >>> that is the assigned port for AMQP + SSL, I dont know where the number >>> previously [not] used in the config came from. >>> Out of interest, do you know if the client SSL example works ok when >>> using the RabbitMQ broker? >>> Robbie >>> On 8 November 2011 20:55, Joe Porto >>> <[email protected]<mailto:[email protected]>> wrote: >>> Hi Robbie, >>> Thanks for the quick feedback. I installed the .15 version and enabled the >>> configuration to use SSL (interesting they changed the port to 5671). It >>> still fails from the client side at the same point (when it's trying to send >>> the header) , but this time it doesn't throw an error in the server log. >>> Thoughts? >>> Joe >>> From: Robbie Gemmell >>> <[email protected]<mailto:[email protected]>> >>> Reply-To: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Date: Tue, 8 Nov 2011 15:16:04 -0500 >>> To: "[email protected]<mailto:[email protected]>" >>> <[email protected]<mailto:[email protected]>> >>> Subject: Re: SSL connection problems from rabbitMQ client >>> Put simply, SSL support in the broker wasnt functional until after >>> 0.12 was finalised. It was fixed as part of the development stream for >>> 0.14, which branched from trunk a few days ago for release in around a >>> month. >>> You will need to use a non-release version if you want to make it work >>> in the mean time. You can get a nightly release build of the current >>> trunk broker at the following URL if you want to at least try it out: >>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/ >>> Robbie >>> On 8 November 2011 19:42, Joe Porto >>> <[email protected]<mailto:[email protected]>> wrote: >>> I am running the .12 release of a java qpid broker. I am trying to access >>> it via a rabbitmq java client. When not using SSL, this works well and I am >>> able to send and receive a msg on the client. When I enable SSL and try to >>> connect to the SSL port on the broker, I get a SocketTimeOutException on the >>> client side. Tracing through the rabbitMQ code – it looks like this occurs >>> when the client tries sending just the AMQP header. On the qpid broker, >>> this error is thrown in the log: >>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - >>> Exception thrown and no ProtocolEngine to handle it >>> java.lang.NullPointerException >>> at >>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337) >>> at >>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) >>> at >>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) >>> at >>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) >>> at >>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) >>> at >>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) >>> at >>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) >>> at >>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) >>> at >>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) >>> at java.lang.Thread.run(Thread.java:680) >>> --------------------------- >>> My sample client code looks like this: (the client hangs on >>> factory.newConnection();, and eventually the socket times out) >>> ConnectionFactory factory = new ConnectionFactory(); >>> factory.setHost("10.1.21.21"); >>> factory.setPort(8672); >>> factory.setVirtualHost("10.1.21.21"); >>> factory.useSslProtocol("TLS"); >>> Connection conn = factory.newConnection(); >>> Channel channel = conn.createChannel(); >>> … >>> --------------------- >>> Any help would be greatly appreciated! >>> -Joe >>> --------------------------------------------------------------------- >>> Apache Qpid - AMQP Messaging Implementation >>> Project: http://qpid.apache.org >>> Use/Interact: mailto:[email protected] >>> >>> >>> >>> >>> >>> >>> >> >> --------------------------------------------------------------------- >> Apache Qpid - AMQP Messaging Implementation >> Project: http://qpid.apache.org >> Use/Interact: mailto:[email protected] >> >> >> --------------------------------------------------------------------- >> Apache Qpid - AMQP Messaging Implementation >> Project: http://qpid.apache.org >> Use/Interact: mailto:[email protected] >> >> > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected] --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
