Forwarding to user list...
----- Forwarded Message -----
>From: Claudio Corsi <clco...@yahoo.com>
>To: Geurt Schimmel <gschim...@schubergphilis.com>
>Sent: Wednesday, December 12, 2012 1:37 PM
>Subject: Re: SSL: could not load resource
>
>
>Oh, I completely misunderstood what you were having problems with. I had
>assumed you were talking about the broker and not the client.
>
>
>I took the failover example that you pointed me to and was able to convert it
>to reproduce the error that you are seeing.
>
>
>I looked at the code and was able to get around the issue by replacing the
>parameter passed to the setTrustStore call.
>
>
>Replace the following:
>
>
> connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
>
>
>with:
>
>
> connectionFactory.setTrustStore(new
>File("/opt/activemq/conf/client.ts").toURI().toString());
>
>
>this will resolve the issue that you are seeing.
>
>
>The factory class is using the passed file name to constructor a URL instance.
> It looks like the constructor does not know how to
>handle a simple file name.
>It then uses the current thread context class loader to find the file as a
>resource but that does not seem to work because you have not included / as
>part of your classpath.
>Even then it seems that including the classpath does not work but then I did
>not investigate further at the moment.
>
>
>This is the same issue with the failover test that is attached to the issue
>you mentioned.
>
>
>
>>________________________________
>> From: Geurt Schimmel <gschim...@schubergphilis.com>
>>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio Corsi'
>><clco...@yahoo.com>
>>Sent: Tuesday, December 11, 2012 5:35 PM
>>Subject: RE: SSL: could not load resource
>>
>>Disabling the keystore-code in the source and setting the values at runtime
>>fixes the problem, so don't think the problem is in the broker-configuration:
>>
>> <sslContext>
>> <sslContext
>> keyStore="file:${activemq.conf}/broker.ks"
>> keyStorePassword="xxxxxxxxx"
>> trustStore="file:${activemq.conf}/client.ts"
>> trustStorePassword="xxxxxxxxx"/>
>> </sslContext>
>>
>>Snippet of Producer.java:
>>
>>import javax.jms.Connection;
>>import javax.jms.Destination;
>>import javax.jms.MessageProducer;
>>import javax.jms.Session;
>>import javax.jms.TextMessage;
>>
>>import org.apache.activemq.ActiveMQSslConnectionFactory;
>>
>>public class Producer {
>> private static String user =
"guest";
>> private static String password = "password";
>>
>> private static String url = "ssl://127.0.0.1:61616";
>> private static String subject = "GUEST.FOO";
>>
>> public static void main(String[] args) throws Exception {
>> ActiveMQSslConnectionFactory connectionFactory = new
>>ActiveMQSslConnectionFactory(url);
>>
>>
>>connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
>> connectionFactory.setTrustStorePassword("xxxxxxxx");
>>
>>And after removing setTrustStore() and setTrustStorePassword(), it works by
>>setting trustStore system properties:
>>
>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts
>>-Djavax.net.ssl.trustStorePassword=xxxxxx
Producer
>>
>>For failover URIs, it's a known problem, not fixed in ActiveMQ 5.7:
>>https://issues.apache.org/jira/browse/AMQ-3785
>>
>>But my problem is with a simple SSL URI in the broker-configuration:
>><transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>
>>
>>-----Original Message-----
>>From: Claudio Corsi [mailto:clco...@yahoo.com]
>>Sent: Tuesday, December 11, 2012 6:04 PM
>>To: users@activemq.apache.org
>>Subject: Re: SSL: could not load resource
>>
>>I do not doubt that you are using ssl but are you setting up the
>>configuration using the sslContext element within the configuration file?
>>
>>This allow you to set the key and trust store files and their required
passwords.
>>
>>for instance,
>>
>><amq:broker useJmx="false" persistent="false"> <amq:sslContext>
>><amq:sslContext keyStore="server.keystore" keyStorePassword="password"
>>trustStore="client.keystore" trustStorePassword="password"/>
>></amq:sslContext> <amq:transportConnectors> <amq:transportConnector
>>uri="ssl://localhost:61616" /> </amq:transportConnectors> </amq:broker>
>>
>>You can also use the technique where you scramble the password and then pass
>>the key using an environment variable.
>>I do not know how this is done off the top my head but can look for a
>>reference.
>>
>>
>>
>>>________________________________
>>> From: Geurt Schimmel <gschim...@schubergphilis.com>
>>>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio
>>>Corsi' <clco...@yahoo.com>
>>>Sent: Tuesday, December 11, 2012 11:23 AM
>>>Subject: RE: SSL: could not load resource
>>>
>>>All brokers run SSL as the only communication-protocol and intercommunicate
>>>over SSL.
>>>
>>>-----Original Message-----
>>>From: Claudio Corsi [mailto:clco...@yahoo.com]
>>>Sent: Tuesday, December 11, 2012 5:17 PM
>>>To: users@activemq.apache.org
>>>Subject: Re: SSL: could not load resource
>>>
>>>Did you try to use the sslContext
element to set your store information withint he broker configuration file?
>>>
>>>Here is a link http://activemq.apache.org/how-do-i-use-ssl.html.
>>>
>>>
>>>
>>>>________________________________
>>>> From: Geurt Schimmel <gschim...@schubergphilis.com>
>>>>To: "users@activemq.apache.org" <users@activemq.apache.org>
>>>>Sent: Tuesday, December 11, 2012 9:54 AM
>>>>Subject: RE: SSL: could not load resource
>>>>
>>>>Created key- and truststores for a number of brokers, so not using the
>>>>packaged .ks and .ts files.
>>>>
>>>>Tried different truststores in different locations, tried a path
to a truststore that didn't exist, just to see what happens. In all cases, the
same error. Apparently, the point where the keystore is accessed is not
reached. Setting the same variables/values in JAVA_OPTS works:
>>>>
>>>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts
>>>>-Djavax.net.ssl.trustStorePassword=xxxxxxxx Producer
>>>>
>>>>-----Original Message-----
>>>>From: Christian Posta [mailto:christian.po...@gmail.com]
>>>>Sent: Tuesday, December 11, 2012 3:41 PM
>>>>To: users@activemq.apache.org
>>>>Subject: Re: SSL: could not load resource
>>>>
>>>>Is the client truststore in that location? /opt/activemq/conf/client.ts I
>>>>think there was some issues with packaging activemq 5.7
and some of the client keystores might have been missing.
>>>>
>>>>You'll have to copy from the 5.6.0 version
>>>>
>>>>
>>>>
>>>>
>>>>On Tue, Dec 11, 2012 at 7:05 AM, Geurt Schimmel <
>>>>gschim...@schubergphilis.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> My broker is running SSL only, with a 'simple' transportConnector:
>>>>> <transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>>>>
>>>>> When trying to run a java-client:
>>>>>
>>>>> Exception in thread "main" javax.jms.JMSException: Could not create
>>>>>Transport. Reason: java.io.IOException: Could not load resource:
>>>>> /opt/activemq/conf/client.ts
>>>>>
at
>>>>>
>>>>>org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSuppo
>>>>>r
>>>>>t.java:35)
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>>v
>>>>>eMQSslConnectionFactory.java:115)
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnectio
>>>>>n
>>>>>(ActiveMQConnectionFactory.java:277)
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQConnectionFactory.createConnection(Active
>>>>>M
>>>>>QConnectionFactory.java:202)
>>>>>
at Producer.main(Producer.java:32) Caused by:
>>>>> java.io.IOException: Could not load resource:
>>>>> /opt/activemq/conf/client.ts
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.getUrlOrResourceAsSt
>>>>>r
>>>>>eam(ActiveMQSslConnectionFactory.java:188)
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTrustManager(A
>>>>>c
>>>>>tiveMQSslConnectionFactory.java:126)
>>>>> at
>>>>>
>>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>>v
>>>>>eMQSslConnectionFactory.java:108)
>>>>>
... 3 more
>>>>>
>>>>> Removed the java-code that deals with the truststore and moved the
>>>>> functionality to JAVA_OPTS, but this is not what I want/expected.
>>>>> Using activemq-all-5.7-SNAPSHOT.jar.
>>>>>
>>>>> Thought this problem only occurs when using an SSL failover URI ?
>>>>>
>>>>> Thanks,
>>>>> Geurt
>>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>*Christian Posta*
>>>>http://www.christianposta.com/blog
>>>>twitter: @christianposta
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
