Done... Also, looks like we need to look into the ActiveMQInitialContextFactory class, so that we can retrieve ActiveMQSslConnectionFactory via JNDI....
On Wed, May 28, 2008 at 5:57 PM, Rob Davies <[EMAIL PROTECTED]> wrote: > Sudip, > > could you add the Apache 2.0 licence to the ActiveMQSslConnectionFactoryx > and re-attach it - ticking the ASF granted licence? > Will probably incorporate your enhancement into the > ActiveMQSslConnectionFactory class though > > > cheers, > > Rob > > http://open.iona.com/products/enterprise-activemq > http://rajdavies.blogspot.com/ > > > > On 28 May 2008, at 21:25, sudip shrestha wrote: > > have created JIRA for this: >> https://issues.apache.org/activemq/browse/AMQ-1754. >> Thanks, >> Sudip >> >> On Wed, May 28, 2008 at 2:54 PM, sudip shrestha <[EMAIL PROTECTED]> wrote: >> >> I have created a class org.apache.activemq.ActiveMQSslConnectionFactoryx >>> () >>> that extends org.apache.activemq.ActiveMQSslConnectionFactory which >>> provides >>> a constructor public ActiveMQSslConnectionFactoryx(String keyStore, >>> String >>> keyStorePassword, String trustStore) so that you can provide the keyStore >>> (client.ks) /trustStore (client.ts) which you can create as instructed by >>> this page (http://activemq.apache.org/how-do-i-use-ssl.html). It has >>> private methods getTrustManagers and getKeyManagers which plug into >>> org.apache.activemq.ActiveMQSslConnectionFactory's >>> setKeyAndTrustManagers() >>> method as soon as ActiveMQSslConnectionFactoryx's constructor is >>> called.... >>> So, this class encapsulates all the needed ssl/kestore functionality and >>> I >>> have got this working with my test environment. This will save the user >>> from having to set the system properties >>> javax.net.ssl.keyStore=/path/to/client.ks, >>> javax.net.ssl.keyStorePassword=password, >>> javax.net.ssl.trustStore=/path/to/client.ts as suggested in the page ( >>> http://activemq.apache.org/how-do-i-use-ssl.html). >>> >>> Maybe a better thing would be to modify >>> org.apache.activemq.ActiveMQSslConnectionFactory class itself and provide >>> the constructor, getManagers, setManagers methods as I suggested and use >>> the >>> original class itself. >>> >>> I would like to contribute the following code for this purpose: >>> >>> >>> ============================================================================== >>> package org.apache.activemq; >>> >>> import java.io.*; >>> import java.security.*; >>> import javax.net.ssl.*; >>> import javax.jms.*; >>> import org.apache.commons.ssl.*; >>> >>> /** >>> * @author Sudip Shrestha >>> * >>> * Class that extends ActiveMQSslConnectionFactory so that it can use >>> client.ks/client.ts files without having to set >>> * System Properties: javax.net.ssl.keyStore=/path/to/client.ks, >>> javax.net.ssl.keyStorePassword=password, >>> * javax.net.ssl.trustStore=/path/to/client.ts. >>> */ >>> public class ActiveMQSslConnectionFactoryx extends >>> ActiveMQSslConnectionFactory >>> { >>> private String keyStore; >>> private String keyStorePassword; >>> private String trustStore; >>> public ActiveMQSslConnectionFactoryx() >>> { >>> super(); >>> keyStore = keyStorePassword = trustStore = ""; >>> } >>> >>> public ActiveMQSslConnectionFactoryx(String keyStore, String >>> keyStorePassword, String trustStore) >>> throws java.security.NoSuchAlgorithmException, >>> java.security.KeyStoreException, >>> java.io.IOException, >>> java.security.GeneralSecurityException >>> { >>> super(); >>> this.keyStore = keyStore; >>> this.keyStorePassword = keyStorePassword; >>> this.trustStore = trustStore; >>> setKeyAndTrustManagers( getKeyManagers( ),getTrustManagers( ),new >>> java.security.SecureRandom() ); >>> } >>> >>> >>> private TrustManager[] getTrustManagers() throws >>> java.security.NoSuchAlgorithmException, java.security.KeyStoreException, >>> java.io.IOException, java.security.GeneralSecurityException >>> { >>> System.out.println( "Initiating TrustManagers" ); >>> >>> KeyStore ks = KeyStore.getInstance("JKS"); >>> ks.load(new FileInputStream( trustStore ), null ); >>> TrustManagerFactory tmf = >>> >>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); >>> tmf.init(ks); >>> >>> System.out.println( "Initiated TrustManagers" ); >>> >>> return tmf.getTrustManagers(); >>> } >>> >>> >>> private KeyManager[] getKeyManagers() >>> throws java.security.NoSuchAlgorithmException, >>> java.security.KeyStoreException, java.security.GeneralSecurityException, >>> java.security.cert.CertificateException, >>> java.io.IOException, java.security.UnrecoverableKeyException >>> { >>> System.out.println( "Initiating KeyManagers" ); >>> >>> KeyStore ks = KeyStore.getInstance("JKS"); >>> ks.load(new FileInputStream( keyStore ), >>> keyStorePassword.toCharArray() ); >>> KeyManagerFactory kmf = KeyManagerFactory.getInstance( >>> KeyManagerFactory.getDefaultAlgorithm() ); >>> kmf.init( ks, keyStorePassword.toCharArray()); >>> >>> System.out.println( "Initiated KeyManagers" ); >>> >>> return kmf.getKeyManagers(); >>> >>> } >>> } >>> >>> Thanks, >>> Sudip Shrestha >>> Omaha, NE >>> >>> >>> ============================================================================== >>> >>> >>> >>> I think it should be provided in the next release of >>> >>> >>> On Thu, May 15, 2008 at 10:38 AM, Hiram Chirino <[EMAIL PROTECTED]> >>> wrote: >>> >>> I like that idea... >>>> >>>> On Wed, May 14, 2008 at 3:33 PM, sudip shrestha <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>>> I was wondering maybe extending the >>>>> org.apache.activemq.ActiveMQSslConnectionFactory class and providing >>>>> >>>> hooks >>>> >>>>> to set KeyManagers and TrustManagers will do the trick.... >>>>> >>>>> On Wed, May 14, 2008 at 7:00 AM, Gary Tully <[EMAIL PROTECTED]> >>>>> >>>> wrote: >>>> >>>>> >>>>> it should respond to the javax.net.ssl.* system properties[1] but >>>>>> these may have too far reaching an effect. >>>>>> >>>>>> [1] >>>>>> >>>>>> >>>> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Customization >>>> >>>>> >>>>>> 2008/5/12 sudip shrestha <[EMAIL PROTECTED]>: >>>>>> >>>>>>> Is it possible to do this with the current version of Activemq with >>>>>>> >>>>>> tomcat? >>>>>> >>>>>>> Any suggestion is highly appreciated. Thanks. >>>>>>> >>>>>>> On Thu, May 8, 2008 at 10:21 AM, sudip shrestha <[EMAIL PROTECTED]> >>>>>>> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> Is it possible to setup jndi with ssl connection for Activemq in >>>>>>>> >>>>>>> tomcat. >>>> >>>>> If so where do I define the client.ks/client.ts files? >>>>>>>> >>>>>>>> My jndi config in context.xml file: >>>>>>>> <Context antiJARLocking="true"> >>>>>>>> <Resource >>>>>>>> name="jms/ConnectionFactory" >>>>>>>> auth="Container" >>>>>>>> type="org.apache.activemq.ActiveMQConnectionFactory" >>>>>>>> description="JMS Connection Factory" >>>>>>>> factory="org.apache.activemq.jndi.JNDIReferenceFactory" >>>>>>>> brokerURL="ssl://localhost:61617" >>>>>>>> brokerName="LocalActiveMQBroker" >>>>>>>> useEmbeddedBroker="false"/> >>>>>>>> >>>>>>>> </Context> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Hiram >>>> >>>> Blog: http://hiramchirino.com >>>> >>>> Open Source SOA >>>> http://open.iona.com >>>> >>>> >>> >>> > > > >
