I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx ()
that extends org.apache.activemq.ActiveMQSslConnectionFactory which provides
a constructor public ActiveMQSslConnectionFactoryx(String keyStore, String
keyStorePassword, String trustStore) so that you can provide the keyStore
(client.ks) /trustStore (client.ts) which you can create as instructed by
this page (http://activemq.apache.org/how-do-i-use-ssl.html). It has
private methods getTrustManagers and getKeyManagers which plug into
org.apache.activemq.ActiveMQSslConnectionFactory's setKeyAndTrustManagers()
method as soon as ActiveMQSslConnectionFactoryx's constructor is called....
So, this class encapsulates all the needed ssl/kestore functionality and I
have got this working with my test environment. This will save the user
from having to set the system properties
javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page (
http://activemq.apache.org/how-do-i-use-ssl.html).
Maybe a better thing would be to modify
org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide
the constructor, getManagers, setManagers methods as I suggested and use the
original class itself.
I would like to contribute the following code for this purpose:
==============================================================================
package org.apache.activemq;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import javax.jms.*;
import org.apache.commons.ssl.*;
/**
* @author Sudip Shrestha
*
* Class that extends ActiveMQSslConnectionFactory so that it can use
client.ks/client.ts files without having to set
* System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
* javax.net.ssl.trustStore=/path/to/client.ts.
*/
public class ActiveMQSslConnectionFactoryx extends
ActiveMQSslConnectionFactory
{
private String keyStore;
private String keyStorePassword;
private String trustStore;
public ActiveMQSslConnectionFactoryx()
{
super();
keyStore = keyStorePassword = trustStore = "";
}
public ActiveMQSslConnectionFactoryx(String keyStore, String
keyStorePassword, String trustStore)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.io.IOException,
java.security.GeneralSecurityException
{
super();
this.keyStore = keyStore;
this.keyStorePassword = keyStorePassword;
this.trustStore = trustStore;
setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new
java.security.SecureRandom() );
}
private TrustManager[] getTrustManagers() throws
java.security.NoSuchAlgorithmException, java.security.KeyStoreException,
java.io.IOException, java.security.GeneralSecurityException
{
System.out.println( "Initiating TrustManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream( trustStore ), null );
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
System.out.println( "Initiated TrustManagers" );
return tmf.getTrustManagers();
}
private KeyManager[] getKeyManagers()
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.security.GeneralSecurityException,
java.security.cert.CertificateException,
java.io.IOException, java.security.UnrecoverableKeyException
{
System.out.println( "Initiating KeyManagers" );
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream( keyStore ),
keyStorePassword.toCharArray() );
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm() );
kmf.init( ks, keyStorePassword.toCharArray());
System.out.println( "Initiated KeyManagers" );
return kmf.getKeyManagers();
}
}
Thanks,
Sudip Shrestha
Omaha, NE
==============================================================================
I think it should be provided in the next release of
On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <[EMAIL PROTECTED]>
wrote:
> I like that idea...
>
> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <[EMAIL PROTECTED]> wrote:
> > I was wondering maybe extending the
> > org.apache.activemq.ActiveMQSslConnectionFactory class and providing
> hooks
> > to set KeyManagers and TrustManagers will do the trick....
> >
> > On Wed, May 14, 2008 at 7:00 AM, Gary Tully <[EMAIL PROTECTED]>
> wrote:
> >
> >> it should respond to the javax.net.ssl.* system properties[1] but
> >> these may have too far reaching an effect.
> >>
> >> [1]
> >>
> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization
> >>
> >> 2008/5/12 sudip shrestha <[EMAIL PROTECTED]>:
> >> > Is it possible to do this with the current version of Activemq with
> >> tomcat?
> >> > Any suggestion is highly appreciated. Thanks.
> >> >
> >> > On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <[EMAIL PROTECTED]>
> >> wrote:
> >> >
> >> >> Is it possible to setup jndi with ssl connection for Activemq in
> tomcat.
> >> >> If so where do I define the client.ks/client.ts files?
> >> >>
> >> >> My jndi config in context.xml file:
> >> >> <Context antiJARLocking="true">
> >> >> <Resource
> >> >> name="jms/ConnectionFactory"
> >> >> auth="Container"
> >> >> type="org.apache.activemq.ActiveMQConnectionFactory"
> >> >> description="JMS Connection Factory"
> >> >> factory="org.apache.activemq.jndi.JNDIReferenceFactory"
> >> >> brokerURL="ssl://localhost:61617"
> >> >> brokerName="LocalActiveMQBroker"
> >> >> useEmbeddedBroker="false"/>
> >> >>
> >> >> </Context>
> >> >>
> >> >>
> >> >
> >>
> >
>
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>
> Open Source SOA
> http://open.iona.com
>
