public static ConnectionFactory createSslConnectionFactory(final String url, final int timeoutMillis, final String jmsProvider, final String keystore, final String keystorePassword, final String truststore, final String truststorePassword) throws JMSException { switch (jmsProvider) { case ACTIVEMQ_PROVIDER: { final ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(url); try { factory.setKeyStore(keystore); } catch (Exception e) { throw new JMSException("Problem Setting the KeyStore: " + e.getMessage()); } factory.setKeyStorePassword(keystorePassword); try { factory.setTrustStore(truststore); } catch (Exception e) { throw new JMSException("Problem Setting the TrustStore: " + e.getMessage()); } factory.setTrustStorePassword(truststorePassword); factory.setSendTimeout(timeoutMillis); return factory; } default: throw new IllegalArgumentException("Unknown JMS Provider: " + jmsProvider); } }
/** * Overriding to make special considerations for SSL connections. If we are * not using SSL, the superclass's method is called. If we are using SSL, an * SslConnectionFactory is used and it is given the needed key and trust * managers. * * @author sepandm@gmail.com */ @Override protected Transport createTransport() throws JMSException { SslContext existing = SslContext.getCurrentSslContext(); try { if (keyStore != null || trustStore != null) { keyManager = createKeyManager(); trustManager = createTrustManager(); } if (keyManager != null || trustManager != null) { SslContext.setCurrentSslContext(new SslContext(keyManager, trustManager, secureRandom)); } return super.createTransport(); } catch (Exception e) { throw JMSExceptionSupport.create("Could not create Transport. Reason: " + e, e); } finally { SslContext.setCurrentSslContext(existing); } }
protected KeyManager[] createKeyManager() throws Exception { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(getKeyStoreType()); KeyManager[] keystoreManagers = null; if (keyStore != null) { byte[] sslCert = loadClientCredential(keyStore); if (sslCert != null && sslCert.length > 0) { try(ByteArrayInputStream bin = new ByteArrayInputStream(sslCert)) { ks.load(bin, keyStorePassword.toCharArray()); kmf.init(ks, keyStoreKeyPassword !=null ? keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray()); keystoreManagers = kmf.getKeyManagers(); } } } return keystoreManagers; }
@Test public void testJAASSecurityManagerAuthenticationWithCertsAndOpenWire() throws Exception { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin"); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Map<String, Object> params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); server.start(); ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616"); factory.setTrustStore("client-side-truststore.jks"); factory.setTrustStorePassword("secureexample"); factory.setKeyStore("client-side-keystore.jks"); factory.setKeyStorePassword("secureexample"); try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) { Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); session.close(); } catch (Throwable e) { e.printStackTrace(); Assert.fail("should not throw exception"); } }
protected ConnectionFactory createSecureConnectionFactory() { ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(brokerUrl); factory.setKeyAndTrustManagers(keyStore.createKeyManagers(), trustStore.createTrustManagers(), new SecureRandom()); factory.setUserName(username); factory.setPassword(password); return factory; } }
private ConnectionFactory createSslConnectionFactory() throws Exception { ActiveMQSslConnectionFactory jmsConnectFactory = new ActiveMQSslConnectionFactory(); jmsConnectFactory.setKeyStore( OpenwireProducerConsumerExample.class.getResource("/serverKeystore.jks").toURI().getPath()); jmsConnectFactory.setKeyStoreKeyPassword("changeit"); jmsConnectFactory.setKeyStorePassword("changeit"); jmsConnectFactory.setTrustStore( OpenwireProducerConsumerExample.class .getResource("/serverTruststore.jks") .toURI() .getPath()); jmsConnectFactory.setTrustStorePassword("changeit"); jmsConnectFactory.setBrokerURL("failover://(ssl://localhost:61616,ssl://localhost:61617)"); jmsConnectFactory.setWatchTopicAdvisories(false); return jmsConnectFactory; }
private synchronized Component getBrokerComponent(URI brokerURI, MessagingType type, KeyManager keyManager, TrustManager trustManager) { //TODO: make this configurable for different broker implementations. logger.info("establishing activemq ssl connection for brokerUri {} (with specified type, keyManager, and TrustManager)", brokerURI); // jms.prefetchPolicy parameter is added to prevent matcher-consumer death due to overflowing with messages, // see http://activemq.apache.org/what-is-the-prefetch-limit-for.html ActiveMQSslConnectionFactory activeMQConnectionFactory = new ActiveMQSslConnectionFactory(brokerURI + "?jms.prefetchPolicy.all=50"); activeMQConnectionFactory.setKeyAndTrustManagers(new KeyManager[]{keyManager}, new TrustManager[]{trustManager}, null); return getBrokerComponent(type, activeMQConnectionFactory); }
try ActiveMQSslConnectionFactory instance_ = new ActiveMQSslConnectionFactory(); instance_.setBrokerURL(formatServerURL(this.connectURI)); instance_.setUserName(this.username); instance_.setPassword(this.password); instance_.setKeyAndTrustManagers(SSLHelper.getKeyManagers(keyStore, this.keyStorepassword), SSLHelper .getTrustManagers(trustStore, trustPassword), new java.security.SecureRandom()); try instance_.setPrefetchPolicy(a); RedeliveryPolicy r = new RedeliveryPolicy(); ProMap redirectParams = temp.getMap(connection_params_redirectPolicy); else BeanAccembleHelper.injectProperties(r, redirectParams); instance_.setRedeliveryPolicy(r); }else{ Map temp = (Map)factoryparams; instance_.setPrefetchPolicy(a); RedeliveryPolicy r = new RedeliveryPolicy(); ProMap redirectParams = (ProMap)temp.get(connection_params_redirectPolicy); else BeanAccembleHelper.injectProperties(r, redirectParams); instance_.setRedeliveryPolicy(r);
/** * Factory method to create a new connection factory from the given * environment */ @Override protected ActiveMQConnectionFactory createConnectionFactory(Hashtable environment) throws URISyntaxException { ActiveMQConnectionFactory answer = needsXA(environment) ? new ActiveMQXASslConnectionFactory() : new ActiveMQSslConnectionFactory(); Properties properties = new Properties(); properties.putAll(environment); answer.setProperties(properties); return answer; } }
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certificates, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certificates, String authType) { } } }; try { String connectionString = "ssl://ipaddress:port" ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionString); factory.setKeyAndTrustManagers(null, trustAllCerts, new SecureRandom()); Connection connection = factory.createConnection(user,password); connection.start(); } catch (Exception e) { }
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(brokerUri + "?jms.prefetchPolicy.all=10?"); connectionFactory.setAlwaysSyncSend(false); connectionFactory.setUseAsyncSend(true); connectionFactory.setDispatchAsync(true); connectionFactory.setKeyAndTrustManagers(new KeyManager[]{keyManager}, new TrustManager[]{trustManager}, null); } else { log.warn("key or trust manager was null, therefore do not set them in connection factory");
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url); try { connectionFactory.setTrustStore(CLIENT_TS_FILE); connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made"); connectionFactory.setKeyStore(CLIENT_KS_FILE); connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made"); } catch (Exception e) { throw new MotorException( "JMS Connection Failed (Trust store or key store weren't found) : ", e); }
protected KeyManager[] createKeyManager() throws Exception { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("jks"); KeyManager[] keystoreManagers = null; byte[] sslCert = loadClientCredential(keyStore); if (sslCert != null && sslCert.length > 0) { ByteArrayInputStream bin = new ByteArrayInputStream(sslCert); ks.load(bin, keyStorePassword.toCharArray()); kmf.init(ks, keyStorePassword.toCharArray()); keystoreManagers = kmf.getKeyManagers(); } return keystoreManagers; }
server.start(); ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616"); factory.setUserName("test-user"); factory.setTrustStore("client-side-truststore.jks"); factory.setTrustStorePassword("secureexample"); factory.setKeyStore("client-side-keystore.jks"); factory.setKeyStorePassword("secureexample"); try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) { Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
protected ConnectionFactory createSecureConnectionFactory() { ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(brokerUrl); factory.setKeyAndTrustManagers(keyStore.createKeyManagers(), trustStore.createTrustManagers(), new SecureRandom()); factory.setUserName(username); factory.setPassword(password); return factory; } }
if (brokerUrl.contains("ssl:")) { if (ObjectHelper.isEmpty(username)) { connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl); connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl); connectionFactory.setUserName(username); connectionFactory.setPassword(password); ((ActiveMQSslConnectionFactory)connectionFactory).setKeyAndTrustManagers(keyManagers, trustManagers, new SecureRandom());
public ActiveMQEventTransportImpl() throws JMSException { this(new ActiveMQSslConnectionFactory()); }
protected ConnectionFactory createSecureConnectionFactory() { ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(brokerUrl); factory.setKeyAndTrustManagers(keyStore.createKeyManagers(), trustStore.createTrustManagers(), new SecureRandom()); factory.setUserName(username); factory.setPassword(password); return factory; } }
public static ConnectionFactory createSslConnectionFactory(final String url, final int timeoutMillis, final String jmsProvider, final String keystore, final String keystorePassword, final String truststore, final String truststorePassword) throws JMSException { switch (jmsProvider) { case ACTIVEMQ_PROVIDER: { final ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(url); try { factory.setKeyStore(keystore); } catch (Exception e) { throw new JMSException("Problem Setting the KeyStore: " + e.getMessage()); } factory.setKeyStorePassword(keystorePassword); try { factory.setTrustStore(truststore); } catch (Exception e) { throw new JMSException("Problem Setting the TrustStore: " + e.getMessage()); } factory.setTrustStorePassword(truststorePassword); factory.setSendTimeout(timeoutMillis); return factory; } default: throw new IllegalArgumentException("Unknown JMS Provider: " + jmsProvider); } }
if (brokerUrl.contains("ssl:")) { if (ObjectHelper.isEmpty(username)) { connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl); connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl); connectionFactory.setUserName(username); connectionFactory.setPassword(password); ((ActiveMQSslConnectionFactory)connectionFactory).setKeyAndTrustManagers(keyManagers, trustManagers, new SecureRandom());