have created JIRA for this: https://issues.apache.org/activemq/browse/AMQ-1754. Thanks, Sudip
On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <[EMAIL PROTECTED]> wrote: > I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx () > that extends org.apache.activemq.ActiveMQSslConnectionFactory which provides > a constructor public ActiveMQSslConnectionFactoryx(String keyStore, String > keyStorePassword, String trustStore) so that you can provide the keyStore > (client.ks) /trustStore (client.ts) which you can create as instructed by > this page (http://activemq.apache.org/how-do-i-use-ssl.html). It has > private methods getTrustManagers and getKeyManagers which plug into > org.apache.activemq.ActiveMQSslConnectionFactory's setKeyAndTrustManagers() > method as soon as ActiveMQSslConnectionFactoryx's constructor is called.... > So, this class encapsulates all the needed ssl/kestore functionality and I > have got this working with my test environment. This will save the user > from having to set the system properties > javax.net.ssl.keyStore=/path/to/client.ks, > javax.net.ssl.keyStorePassword=password, > javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page ( > http://activemq.apache.org/how-do-i-use-ssl.html). > > Maybe a better thing would be to modify > org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide > the constructor, getManagers, setManagers methods as I suggested and use the > original class itself. > > I would like to contribute the following code for this purpose: > > ============================================================================== > package org.apache.activemq; > > import java.io.*; > import java.security.*; > import javax.net.ssl.*; > import javax.jms.*; > import org.apache.commons.ssl.*; > > /** > * @author Sudip Shrestha > * > * Class that extends ActiveMQSslConnectionFactory so that it can use > client.ks/client.ts files without having to set > * System Properties: javax.net.ssl.keyStore=/path/to/client.ks, > javax.net.ssl.keyStorePassword=password, > * javax.net.ssl.trustStore=/path/to/client.ts. > */ > public class ActiveMQSslConnectionFactoryx extends > ActiveMQSslConnectionFactory > { > private String keyStore; > private String keyStorePassword; > private String trustStore; > public ActiveMQSslConnectionFactoryx() > { > super(); > keyStore = keyStorePassword = trustStore = ""; > } > > public ActiveMQSslConnectionFactoryx(String keyStore, String > keyStorePassword, String trustStore) > throws java.security.NoSuchAlgorithmException, > java.security.KeyStoreException, > java.io.IOException, > java.security.GeneralSecurityException > { > super(); > this.keyStore = keyStore; > this.keyStorePassword = keyStorePassword; > this.trustStore = trustStore; > setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new > java.security.SecureRandom() ); > } > > > private TrustManager[] getTrustManagers() throws > java.security.NoSuchAlgorithmException, java.security.KeyStoreException, > java.io.IOException, java.security.GeneralSecurityException > { > System.out.println( "Initiating TrustManagers" ); > > KeyStore ks = KeyStore.getInstance("JKS"); > ks.load(new FileInputStream( trustStore ), null ); > TrustManagerFactory tmf = > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > tmf.init(ks); > > System.out.println( "Initiated TrustManagers" ); > > return tmf.getTrustManagers(); > } > > > private KeyManager[] getKeyManagers() > throws java.security.NoSuchAlgorithmException, > java.security.KeyStoreException, java.security.GeneralSecurityException, > java.security.cert.CertificateException, > java.io.IOException, java.security.UnrecoverableKeyException > { > System.out.println( "Initiating KeyManagers" ); > > KeyStore ks = KeyStore.getInstance("JKS"); > ks.load(new FileInputStream( keyStore ), > keyStorePassword.toCharArray() ); > KeyManagerFactory kmf = KeyManagerFactory.getInstance( > KeyManagerFactory.getDefaultAlgorithm() ); > kmf.init( ks, keyStorePassword.toCharArray()); > > System.out.println( "Initiated KeyManagers" ); > > return kmf.getKeyManagers(); > > } > } > > Thanks, > Sudip Shrestha > Omaha, NE > > ============================================================================== > > > > I think it should be provided in the next release of > > > On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <[EMAIL PROTECTED]> > wrote: > >> I like that idea... >> >> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <[EMAIL PROTECTED]> wrote: >> > I was wondering maybe extending the >> > org.apache.activemq.ActiveMQSslConnectionFactory class and providing >> hooks >> > to set KeyManagers and TrustManagers will do the trick.... >> > >> > On Wed, May 14, 2008 at 7:00 AM, Gary Tully <[EMAIL PROTECTED]> >> wrote: >> > >> >> it should respond to the javax.net.ssl.* system properties[1] but >> >> these may have too far reaching an effect. >> >> >> >> [1] >> >> >> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization >> >> >> >> 2008/5/12 sudip shrestha <[EMAIL PROTECTED]>: >> >> > Is it possible to do this with the current version of Activemq with >> >> tomcat? >> >> > Any suggestion is highly appreciated. Thanks. >> >> > >> >> > On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <[EMAIL PROTECTED]> >> >> wrote: >> >> > >> >> >> Is it possible to setup jndi with ssl connection for Activemq in >> tomcat. >> >> >> If so where do I define the client.ks/client.ts files? >> >> >> >> >> >> My jndi config in context.xml file: >> >> >> <Context antiJARLocking="true"> >> >> >> <Resource >> >> >> name="jms/ConnectionFactory" >> >> >> auth="Container" >> >> >> type="org.apache.activemq.ActiveMQConnectionFactory" >> >> >> description="JMS Connection Factory" >> >> >> factory="org.apache.activemq.jndi.JNDIReferenceFactory" >> >> >> brokerURL="ssl://localhost:61617" >> >> >> brokerName="LocalActiveMQBroker" >> >> >> useEmbeddedBroker="false"/> >> >> >> >> >> >> </Context> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> >> -- >> Regards, >> Hiram >> >> Blog: http://hiramchirino.com >> >> Open Source SOA >> http://open.iona.com >> > >
