Re: jndi with ssl

Wed, 28 May 2008 15:09:11 -0700 

Great thx Sudip!!

On 28 May 2008, at 21:25, sudip shrestha wrote:


have created JIRA for this:
https://issues.apache.org/activemq/browse/AMQ-1754.
Thanks,
Sudip
On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <[EMAIL PROTECTED]> wrote:
I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx () that extends org.apache.activemq.ActiveMQSslConnectionFactory which provides a constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) so that you can provide the keyStore (client.ks) /trustStore (client.ts) which you can create as instructed by 
this page (http://activemq.apache.org/how-do-i-use-ssl.html).  It has
private methods getTrustManagers and getKeyManagers which plug into
org.apache.activemq.ActiveMQSslConnectionFactory's setKeyAndTrustManagers() method as soon as ActiveMQSslConnectionFactoryx's constructor is called.... So, this class encapsulates all the needed ssl/kestore functionality and I have got this working with my test environment. This will save the user 
from having to set the system properties
javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page ( 
http://activemq.apache.org/how-do-i-use-ssl.html).

Maybe a better thing would be to modify
org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide the constructor, getManagers, setManagers methods as I suggested and use the 
original class itself.

I would like to contribute the following code for this purpose:
= = = = = = = = = ===================================================================== 
package org.apache.activemq;

import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import javax.jms.*;
import org.apache.commons.ssl.*;

/**
* @author Sudip Shrestha
*
* Class that extends ActiveMQSslConnectionFactory so that it can use
client.ks/client.ts files without having to set
* System Properties: javax.net.ssl.keyStore=/path/to/client.ks,
javax.net.ssl.keyStorePassword=password,
* javax.net.ssl.trustStore=/path/to/client.ts.
*/
public class ActiveMQSslConnectionFactoryx extends
ActiveMQSslConnectionFactory
{
   private String keyStore;
   private String keyStorePassword;
   private String trustStore;
   public ActiveMQSslConnectionFactoryx()
   {
       super();
       keyStore = keyStorePassword = trustStore = "";
   }

   public ActiveMQSslConnectionFactoryx(String keyStore, String
keyStorePassword, String trustStore)
       throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
                  java.io.IOException,
java.security.GeneralSecurityException
       {
               super();
       this.keyStore = keyStore;
       this.keyStorePassword = keyStorePassword;
       this.trustStore = trustStore;
setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new 
java.security.SecureRandom() );
       }


   private TrustManager[] getTrustManagers() throws
java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.io.IOException, java.security.GeneralSecurityException 
       {
       System.out.println( "Initiating TrustManagers" );

       KeyStore ks = KeyStore.getInstance("JKS");
               ks.load(new FileInputStream( trustStore ), null );
       TrustManagerFactory tmf =
TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
       tmf.init(ks);

       System.out.println( "Initiated TrustManagers" );

       return tmf.getTrustManagers();
       }


   private KeyManager[] getKeyManagers()
               throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.security.GeneralSecurityException, java.security.cert.CertificateException, 
java.io.IOException, java.security.UnrecoverableKeyException
       {
       System.out.println( "Initiating KeyManagers" );

       KeyStore ks = KeyStore.getInstance("JKS");
       ks.load(new FileInputStream( keyStore ),
keyStorePassword.toCharArray() );
       KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm() );
       kmf.init( ks, keyStorePassword.toCharArray());

       System.out.println( "Initiated KeyManagers" );

       return kmf.getKeyManagers();

       }
}

Thanks,
Sudip Shrestha
Omaha, NE
= = = = = = = = = ===================================================================== 



I think it should be provided in the next release of
On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <[EMAIL PROTECTED] > 
wrote:


I like that idea...
On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <[EMAIL PROTECTED]> wrote: 
I was wondering maybe extending the
org.apache.activemq.ActiveMQSslConnectionFactory class and providing 
hooks

to set KeyManagers and TrustManagers will do the trick....

On Wed, May 14, 2008 at 7:00 AM, Gary Tully <[EMAIL PROTECTED]>

wrote:



it should respond to the javax.net.ssl.* system properties[1] but
these may have too far reaching an effect.

[1]


http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization


2008/5/12 sudip shrestha <[EMAIL PROTECTED]>:
Is it possible to do this with the current version of Activemq with 
tomcat?

Any suggestion is highly appreciated. Thanks.
On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <[EMAIL PROTECTED]> 
wrote:



Is it possible to setup jndi with ssl connection for Activemq in

tomcat.

If so where do I define the client.ks/client.ts files?

My jndi config in context.xml file:
<Context antiJARLocking="true">
 <Resource
       name="jms/ConnectionFactory"
       auth="Container"
       type="org.apache.activemq.ActiveMQConnectionFactory"
       description="JMS Connection Factory"
       factory="org.apache.activemq.jndi.JNDIReferenceFactory"
       brokerURL="ssl://localhost:61617"
       brokerName="LocalActiveMQBroker"
       useEmbeddedBroker="false"/>

</Context>












--
Regards,
Hiram

Blog: http://hiramchirino.com

Open Source SOA
http://open.iona.com

Reply via email to