Search in sources :

Example 1 with ActiveMQSslConnectionFactory

use of org.apache.activemq.ActiveMQSslConnectionFactory in project webofneeds by researchstudio-sat.

the class BrokerComponentFactory method getBrokerComponent.

private synchronized Component getBrokerComponent(URI brokerURI, MessagingType type, KeyManager keyManager, TrustManager trustManager) {
    // TODO: make this configurable for different broker implementations.
    logger.info("establishing activemq ssl connection for brokerUri {} (with specified type, keyManager, and TrustManager)", brokerURI);
    // jms.prefetchPolicy parameter is added to prevent matcher-consumer death due
    // to overflowing with messages,
    // see http://activemq.apache.org/what-is-the-prefetch-limit-for.html
    ActiveMQSslConnectionFactory activeMQConnectionFactory = new ActiveMQSslConnectionFactory(brokerURI + "?jms.prefetchPolicy.all=1&jms.useAsyncSend=true");
    activeMQConnectionFactory.setKeyAndTrustManagers(new KeyManager[] { keyManager }, new TrustManager[] { trustManager }, null);
    return getBrokerComponent(type, activeMQConnectionFactory);
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory)

Example 2 with ActiveMQSslConnectionFactory

use of org.apache.activemq.ActiveMQSslConnectionFactory in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerOpenWireNegative.

/**
 * Verify role permissions are applied properly when using OpenWire
 *
 * @throws Exception
 */
@Test
public void testJAASSecurityManagerOpenWireNegative() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Set<Role> roles = new HashSet<>();
    roles.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
    server.getConfiguration().putSecurityRoles("#", roles);
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    server.start();
    ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616");
    factory.setUserName("test-user");
    factory.setTrustStore("client-side-truststore.jks");
    factory.setTrustStorePassword("secureexample");
    factory.setKeyStore("client-side-keystore.jks");
    factory.setKeyStorePassword("secureexample");
    try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) {
        Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
        // Test queue creation permission
        try {
            session.createConsumer(session.createQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
        }
        // Test non durable create permission
        try {
            session.createConsumer(session.createTopic("test.topic"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
        }
        // Add a test queue and topic to the server
        SimpleString address = SimpleString.toSimpleString("test.queue");
        server.addAddressInfo(new AddressInfo(address, RoutingType.ANYCAST));
        server.createQueue(address, RoutingType.ANYCAST, address, null, true, false);
        SimpleString address2 = SimpleString.toSimpleString("test.topic");
        server.addAddressInfo(new AddressInfo(address2, RoutingType.MULTICAST));
        // Test queue produce permission
        try {
            MessageProducer producer = session.createProducer(session.createQueue("test.queue"));
            producer.send(session.createMessage());
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='SEND'"));
        }
        // Test queue consume permission
        try {
            session.createConsumer(session.createQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CONSUME' for queue test.queue on address test.queue"));
        }
        // Test queue browse permission
        try {
            QueueBrowser browser = session.createBrowser(session.createQueue("test.queue"));
            browser.getEnumeration();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='BROWSE' for queue test.queue on address test.queue"));
        }
        // Test queue deletion permission
        try {
            connection.destroyDestination(new ActiveMQQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='DELETE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
        }
        // Test temp queue
        try {
            session.createTemporaryQueue();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
        }
        // Test temp topic
        try {
            session.createTemporaryTopic();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_ADDRESS'"));
        }
        session.close();
    }
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ActiveMQConnection(org.apache.activemq.ActiveMQConnection) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) AddressInfo(org.apache.activemq.artemis.core.server.impl.AddressInfo) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQQueue(org.apache.activemq.command.ActiveMQQueue) MessageProducer(javax.jms.MessageProducer) QueueBrowser(javax.jms.QueueBrowser) HashSet(java.util.HashSet) Session(javax.jms.Session) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) Test(org.junit.Test)

Example 3 with ActiveMQSslConnectionFactory

use of org.apache.activemq.ActiveMQSslConnectionFactory in project ddf by codice.

the class OpenwireProducerConsumerExample method createSslConnectionFactory.

private ConnectionFactory createSslConnectionFactory() throws Exception {
    ActiveMQSslConnectionFactory jmsConnectFactory = new ActiveMQSslConnectionFactory();
    jmsConnectFactory.setKeyStore(OpenwireProducerConsumerExample.class.getResource("/serverKeystore.jks").toURI().getPath());
    jmsConnectFactory.setKeyStoreKeyPassword("changeit");
    jmsConnectFactory.setKeyStorePassword("changeit");
    jmsConnectFactory.setTrustStore(OpenwireProducerConsumerExample.class.getResource("/serverTruststore.jks").toURI().getPath());
    jmsConnectFactory.setTrustStorePassword("changeit");
    jmsConnectFactory.setBrokerURL("failover://(ssl://localhost:61616,ssl://localhost:61617)");
    jmsConnectFactory.setWatchTopicAdvisories(false);
    return jmsConnectFactory;
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory)

Example 4 with ActiveMQSslConnectionFactory

use of org.apache.activemq.ActiveMQSslConnectionFactory in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthenticationWithCertsAndOpenWire.

@Test
public void testJAASSecurityManagerAuthenticationWithCertsAndOpenWire() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    server.start();
    ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616");
    factory.setTrustStore("client-side-truststore.jks");
    factory.setTrustStorePassword("secureexample");
    factory.setKeyStore("client-side-keystore.jks");
    factory.setKeyStorePassword("secureexample");
    try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) {
        Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
        session.close();
    } catch (Throwable e) {
        e.printStackTrace();
        Assert.fail("should not throw exception");
    }
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ActiveMQConnection(org.apache.activemq.ActiveMQConnection) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) Session(javax.jms.Session) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) Test(org.junit.Test)

Example 5 with ActiveMQSslConnectionFactory

use of org.apache.activemq.ActiveMQSslConnectionFactory in project syndesis by syndesisio.

the class ActiveMQUtil method createActiveMQConnectionFactory.

@SuppressWarnings("PMD.CyclomaticComplexity")
public static ActiveMQConnectionFactory createActiveMQConnectionFactory(String brokerUrl, String username, String password, String brokerCertificate, String clientCertificate, boolean skipCertificateCheck) {
    if (brokerUrl.contains("ssl:")) {
        final ActiveMQSslConnectionFactory connectionFactory;
        if (ObjectHelper.isEmpty(username)) {
            connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl);
        } else {
            connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl);
            connectionFactory.setUserName(username);
            connectionFactory.setPassword(password);
        }
        try {
            // create client key manager
            final KeyManager[] keyManagers;
            if (ObjectHelper.isEmpty(clientCertificate)) {
                keyManagers = null;
            } else {
                keyManagers = CertificateUtil.createKeyManagers(clientCertificate, "amq-client");
            }
            // create client trust manager
            final TrustManager[] trustManagers;
            if (ObjectHelper.isEmpty(brokerCertificate)) {
                if (skipCertificateCheck) {
                    // use a trust all TrustManager
                    LOG.warn("Skipping Certificate check for Broker {}", brokerUrl);
                    trustManagers = CertificateUtil.createTrustAllTrustManagers();
                } else {
                    LOG.debug("Using default JVM Trust Manager for Broker {}", brokerUrl);
                    trustManagers = null;
                }
            } else {
                trustManagers = CertificateUtil.createTrustManagers(brokerCertificate, "amq-broker");
            }
            connectionFactory.setKeyAndTrustManagers(keyManagers, trustManagers, new SecureRandom());
            return connectionFactory;
        } catch (GeneralSecurityException | IOException e) {
            throw new IllegalArgumentException("SSL configuration error: " + e.getMessage(), e);
        }
    } else {
        // non-ssl connection
        return ObjectHelper.isEmpty(username) ? new ActiveMQConnectionFactory(brokerUrl) : new ActiveMQConnectionFactory(username, password, brokerUrl);
    }
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory) ActiveMQConnectionFactory(org.apache.activemq.ActiveMQConnectionFactory) GeneralSecurityException(java.security.GeneralSecurityException) SecureRandom(java.security.SecureRandom) IOException(java.io.IOException) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager)

Aggregations

ActiveMQSslConnectionFactory (org.apache.activemq.ActiveMQSslConnectionFactory)7 SecureRandom (java.security.SecureRandom)2 HashMap (java.util.HashMap)2 Session (javax.jms.Session)2 KeyManager (javax.net.ssl.KeyManager)2 TrustManager (javax.net.ssl.TrustManager)2 ActiveMQConnection (org.apache.activemq.ActiveMQConnection)2 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)2 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)2 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)2 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)2 ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)2 Test (org.junit.Test)2 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 HashSet (java.util.HashSet)1 MessageProducer (javax.jms.MessageProducer)1 QueueBrowser (javax.jms.QueueBrowser)1 ActiveMQConnectionFactory (org.apache.activemq.ActiveMQConnectionFactory)1 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)1