Repository: activemq Updated Branches: refs/heads/master 8bb3a7727 -> 54c56a057
AMQ-7037 - add sslContext attribute to networkConnector, allow broker or jvm defaults to be overridden Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/54c56a05 Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/54c56a05 Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/54c56a05 Branch: refs/heads/master Commit: 54c56a057334d0e3d51a1f329429a23f11d11cd8 Parents: 8bb3a77 Author: gtully <[email protected]> Authored: Mon Aug 20 16:40:26 2018 +0100 Committer: gtully <[email protected]> Committed: Mon Aug 20 16:40:26 2018 +0100 ---------------------------------------------------------------------- .../network/DiscoveryNetworkConnector.java | 6 +- .../network/NetworkBridgeConfiguration.java | 9 ++ .../usecases/NetworkAsyncStartSslTest.java | 101 +++++++++++++++++++ 3 files changed, 115 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/54c56a05/activemq-broker/src/main/java/org/apache/activemq/network/DiscoveryNetworkConnector.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/network/DiscoveryNetworkConnector.java b/activemq-broker/src/main/java/org/apache/activemq/network/DiscoveryNetworkConnector.java index 3850da5..a2c457c 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/network/DiscoveryNetworkConnector.java +++ b/activemq-broker/src/main/java/org/apache/activemq/network/DiscoveryNetworkConnector.java @@ -123,7 +123,11 @@ public class DiscoveryNetworkConnector extends NetworkConnector implements Disco Transport localTransport; try { // Allows the transport to access the broker's ssl configuration. - SslContext.setCurrentSslContext(getBrokerService().getSslContext()); + if (getSslContext() != null) { + SslContext.setCurrentSslContext(getSslContext()); + } else { + SslContext.setCurrentSslContext(getBrokerService().getSslContext()); + } try { remoteTransport = TransportFactory.connect(connectUri); } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/activemq/blob/54c56a05/activemq-broker/src/main/java/org/apache/activemq/network/NetworkBridgeConfiguration.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/network/NetworkBridgeConfiguration.java b/activemq-broker/src/main/java/org/apache/activemq/network/NetworkBridgeConfiguration.java index 1adff09..a564f57 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/network/NetworkBridgeConfiguration.java +++ b/activemq-broker/src/main/java/org/apache/activemq/network/NetworkBridgeConfiguration.java @@ -20,6 +20,7 @@ import java.util.List; import java.util.concurrent.CopyOnWriteArrayList; import org.apache.activemq.advisory.AdvisorySupport; +import org.apache.activemq.broker.SslContext; import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ConsumerInfo; @@ -81,6 +82,7 @@ public class NetworkBridgeConfiguration { * Bridge factory implementation - by default backed by static factory, which is default implementation and will rely change. */ private BridgeFactory bridgeFactory = NetworkBridgeFactory.INSTANCE; + private SslContext sslContext; /** * @return the conduitSubscriptions @@ -567,4 +569,11 @@ public class NetworkBridgeConfiguration { this.useVirtualDestSubs = useVirtualDestSubs; } + public void setSslContext(SslContext sslContext) { + this.sslContext = sslContext; + } + + public SslContext getSslContext() { + return sslContext; + } } http://git-wip-us.apache.org/repos/asf/activemq/blob/54c56a05/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/NetworkAsyncStartSslTest.java ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/NetworkAsyncStartSslTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/NetworkAsyncStartSslTest.java new file mode 100644 index 0000000..0544d50 --- /dev/null +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/NetworkAsyncStartSslTest.java @@ -0,0 +1,101 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.usecases; + +import org.apache.activemq.JmsMultipleBrokersTestSupport; +import org.apache.activemq.broker.BrokerService; +import org.apache.activemq.network.DiscoveryNetworkConnector; +import org.apache.activemq.network.NetworkConnector; +import org.apache.activemq.spring.SpringSslContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.net.URI; + +public class NetworkAsyncStartSslTest extends JmsMultipleBrokersTestSupport { + private static final Logger LOG = LoggerFactory.getLogger(NetworkAsyncStartSslTest.class); + + private String brokerBDomain = "localhost:61617"; + private String brokerCDomain = "localhost:61618"; + int bridgeCount=0; + + public static final String KEYSTORE_TYPE = "jks"; + public static final String PASSWORD = "password"; + public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore"; + public static final String TRUST_KEYSTORE = "src/test/resources/client.keystore"; + + public void testSslPerConnectorConfig() throws Exception { + String transport = "ssl"; + String brokerBUri = transport + "://" + brokerBDomain; + String brokerCUri = transport + "://" + brokerCDomain; + + SpringSslContext brokerSslContext = new SpringSslContext(); + brokerSslContext.setKeyStore(SERVER_KEYSTORE); + brokerSslContext.setKeyStorePassword(PASSWORD); + brokerSslContext.setKeyStoreType(KEYSTORE_TYPE); + brokerSslContext.setTrustStore(TRUST_KEYSTORE); + brokerSslContext.setTrustStorePassword(PASSWORD); + brokerSslContext.afterPropertiesSet(); + + BrokerService brokerC = brokers.get("BrokerC").broker; + brokerC.setSslContext(brokerSslContext); + brokerC.addConnector(brokerCUri); + brokerC.start(); + + BrokerService brokerB = brokers.get("BrokerB").broker; + brokerB.setSslContext(brokerSslContext); + brokerB.addConnector(brokerBUri); + brokerB.start(); + + BrokerService brokerA = brokers.get("BrokerA").broker; + brokerA.setNetworkConnectorStartAsync(true); + NetworkConnector networkConnector = bridgeBroker(brokerA, brokerBUri); + networkConnector.setSslContext(brokerSslContext); + LOG.info("Added bridge to: " + brokerBUri); + + // no ssl context, will fail + bridgeBroker(brokerA, brokerCUri); + LOG.info("Added bridge to: " + brokerCUri); + + LOG.info("starting A.."); + brokerA.start(); + + // wait for A to get bridge to B + waitForBridgeFormation(brokerA, 1, 0); + + assertTrue("one worked", hasBridge("BrokerA", "BrokerB")); + assertFalse("one failed", hasBridge("BrokerA", "BrokerC")); + } + + private NetworkConnector bridgeBroker(BrokerService localBroker, String remoteURI) throws Exception { + String uri = "static:(" + remoteURI + ")"; + NetworkConnector connector = new DiscoveryNetworkConnector(new URI(uri)); + connector.setName("bridge-" + bridgeCount++); + localBroker.addNetworkConnector(connector); + return connector; + } + + @Override + public void setUp() throws Exception { + super.setAutoFail(true); + super.setUp(); + // initially with no tcp transport connector + createBroker(new URI("broker:()BrokerA?persistent=false&useJmx=false")); + createBroker(new URI("broker:()BrokerB?persistent=false&useJmx=false")); + createBroker(new URI("broker:()BrokerC?persistent=false&useJmx=false")); + } +}
