[jboss-cvs] JBoss Messaging SVN: r3756 - in trunk: src/main/org/jboss/messaging/core and 11 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Feb 21 11:11:19 EST 2008
Author: jmesnil
Date: 2008-02-21 11:11:19 -0500 (Thu, 21 Feb 2008)
New Revision: 3756
Added:
trunk/src/main/org/jboss/messaging/core/remoting/ssl/
trunk/src/main/org/jboss/messaging/core/remoting/ssl/SSLSupport.java
trunk/tests/etc/messaging.keystore
trunk/tests/etc/messaging.truststore
trunk/tests/src/org/jboss/messaging/core/remoting/ssl/
trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/
trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/unit/
trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/unit/SSLSupportTest.java
trunk/tests/src/org/jboss/test/messaging/jms/ssl/
trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSL.java
trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSLTest.java
Modified:
trunk/src/etc/server/default/deploy/jbm-configuration.xml
trunk/src/main/org/jboss/messaging/core/Configuration.java
trunk/src/main/org/jboss/messaging/core/FileConfiguration.java
trunk/src/main/org/jboss/messaging/core/remoting/RemotingConfiguration.java
trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/FilterChainSupport.java
trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaConnector.java
trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaService.java
trunk/tests/src/org/jboss/messaging/core/remoting/impl/mina/integration/test/FilterChainSupportTest.java
trunk/tests/src/org/jboss/test/messaging/jms/SerializedClientSupport.java
Log:
* http://jira.jboss.org/jira/browse/JBMESSAGING-1198 - SSL support
Modified: trunk/src/etc/server/default/deploy/jbm-configuration.xml
===================================================================
--- trunk/src/etc/server/default/deploy/jbm-configuration.xml 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/etc/server/default/deploy/jbm-configuration.xml 2008-02-21 16:11:19 UTC (rev 3756)
@@ -62,6 +62,12 @@
<remoting-timeout>5</remoting-timeout>
<!-- true to disable invm communication when the client and the server are in the same JVM -->
<remoting-disable-invm>false</remoting-disable-invm>
+ <!-- if ssl is enabled, all remoting-ssl-* properties must be set -->
+ <remoting-enable-ssl>false</remoting-enable-ssl>
+ <remoting-ssl-keystore-path>messaging.keystore</remoting-ssl-keystore-path>
+ <remoting-ssl-keystore-password>secureexample</remoting-ssl-keystore-password>
+ <remoting-ssl-truststore-path>messaging.truststore</remoting-ssl-truststore-path>
+ <remoting-ssl-truststore-password>secureexample</remoting-ssl-truststore-password>
</configuration>
Modified: trunk/src/main/org/jboss/messaging/core/Configuration.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/Configuration.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/Configuration.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -89,8 +89,20 @@
protected Boolean _remotingDisableInvm = false;
+ protected Boolean _remotingEnableSSL = false;
+
+ protected String _remotingSSLKeyStorePath = null;
+
+ protected String _remotingSSLKeyStorePassword = null;
+
+ protected String _remotingSSLTrustStorePath = null;
+
+ protected String _remotingSSLTrustStorePassword = null;
+
private static final String REMOTING_DISABLE_INVM_SYSPROP_KEY = "jbm.remoting.disable.invm";
+ public static final String REMOTING_ENABLE_SSL_SYSPROP_KEY = "jbm.remoting.enable.ssl";
+
public void addPropertyChangeListener(
PropertyChangeListener listener)
{
@@ -295,6 +307,17 @@
{
configuration.setInvmDisabled(_remotingDisableInvm);
}
+ if (System.getProperty(REMOTING_ENABLE_SSL_SYSPROP_KEY) != null)
+ {
+ configuration.setSSLEnabled(Boolean.parseBoolean(System.getProperty(REMOTING_ENABLE_SSL_SYSPROP_KEY)));
+ } else
+ {
+ configuration.setSSLEnabled(_remotingEnableSSL);
+ }
+ configuration.setKeyStorePath(_remotingSSLKeyStorePath);
+ configuration.setKeyStorePassword(_remotingSSLKeyStorePassword);
+ configuration.setTrustStorePath(_remotingSSLTrustStorePath);
+ configuration.setTrustStorePassword(_remotingSSLTrustStorePassword);
return configuration;
}
Modified: trunk/src/main/org/jboss/messaging/core/FileConfiguration.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/FileConfiguration.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/FileConfiguration.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -71,6 +71,11 @@
_remotingBindAddress = getInteger(e, "remoting-bind-address", _remotingBindAddress);
_remotingTimeout = getInteger(e, "remoting-timeout", _remotingTimeout);
_remotingDisableInvm = getBoolean(e, "remoting-disable-invm", _remotingDisableInvm);
+ _remotingEnableSSL = getBoolean(e, "remoting-enable-ssl", _remotingEnableSSL);
+ _remotingSSLKeyStorePath = getString(e, "remoting-ssl-keystore-path", _remotingSSLKeyStorePath);
+ _remotingSSLKeyStorePassword = getString(e, "remoting-ssl-keystore-password", _remotingSSLKeyStorePassword);
+ _remotingSSLTrustStorePath = getString(e, "remoting-ssl-truststore-path", _remotingSSLTrustStorePath);
+ _remotingSSLTrustStorePassword = getString(e, "remoting-ssl-truststore-password", _remotingSSLTrustStorePassword);
NodeList defaultInterceptors = e.getElementsByTagName("default-interceptors-config");
Modified: trunk/src/main/org/jboss/messaging/core/remoting/RemotingConfiguration.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/remoting/RemotingConfiguration.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/remoting/RemotingConfiguration.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -25,6 +25,7 @@
public static final int DEFAULT_KEEP_ALIVE_TIMEOUT = 5; // in seconds
public static final int DEFAULT_REQRES_TIMEOUT = 5; // in seconds
public static final boolean DEFAULT_INVM_DISABLED = false;
+ public static final boolean DEFAULT_SSL_ENABLED = false;
// Attributes ----------------------------------------------------
@@ -36,6 +37,12 @@
private int keepAliveInterval = DEFAULT_KEEP_ALIVE_INTERVAL;
private int keepAliveTimeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
private boolean invmDisabled = DEFAULT_INVM_DISABLED;
+ private boolean sslEnabled = DEFAULT_SSL_ENABLED;
+ private String keyStorePath;
+ private String keyStorePassword;
+ private String trustStorePath;
+ private String trustStorePassword;
+
// Static --------------------------------------------------------
@@ -69,6 +76,11 @@
this.keepAliveInterval = other.keepAliveInterval;
this.keepAliveTimeout = other.keepAliveTimeout;
this.invmDisabled = other.invmDisabled;
+ this.sslEnabled = other.sslEnabled;
+ this.keyStorePath = other.keyStorePath;
+ this.keyStorePassword = other.keyStorePassword;
+ this.trustStorePath = other.trustStorePath;
+ this.trustStorePassword = other.trustStorePassword;
}
// Public --------------------------------------------------------
@@ -127,7 +139,57 @@
{
return invmDisabled;
}
-
+
+ public void setSSLEnabled(boolean sslEnabled)
+ {
+ this.sslEnabled = sslEnabled;
+ }
+
+ public boolean isSSLEnabled()
+ {
+ return sslEnabled;
+ }
+
+ public String getKeyStorePath()
+ {
+ return keyStorePath;
+ }
+
+ public void setKeyStorePath(String keyStorePath)
+ {
+ this.keyStorePath = keyStorePath;
+ }
+
+ public String getKeyStorePassword()
+ {
+ return keyStorePassword;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword)
+ {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public String getTrustStorePath()
+ {
+ return trustStorePath;
+ }
+
+ public void setTrustStorePath(String trustStorePath)
+ {
+ this.trustStorePath = trustStorePath;
+ }
+
+ public String getTrustStorePassword()
+ {
+ return trustStorePassword;
+ }
+
+ public void setTrustStorePassword(String trustStorePassword)
+ {
+ this.trustStorePassword = trustStorePassword;
+ }
+
public String getURI()
{
StringBuffer buff = new StringBuffer();
@@ -136,6 +198,9 @@
buff.append("&").append("keepAliveInterval=").append(keepAliveInterval);
buff.append("&").append("keepAliveTimeout=").append(keepAliveTimeout);
buff.append("&").append("invmDisabled=").append(invmDisabled);
+ buff.append("&").append("sslEnabled=").append(sslEnabled);
+ buff.append("&").append("keyStorePath=").append(keyStorePath);
+ buff.append("&").append("trustStorePath=").append(trustStorePath);
return buff.toString();
}
Modified: trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/FilterChainSupport.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/FilterChainSupport.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/FilterChainSupport.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -13,6 +13,8 @@
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
+import javax.net.ssl.SSLContext;
+
import org.apache.mina.common.DefaultIoFilterChainBuilder;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.executor.ExecutorFilter;
@@ -20,7 +22,10 @@
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.logging.MdcInjectionFilter;
import org.apache.mina.filter.reqres.RequestResponseFilter;
+import org.apache.mina.filter.ssl.SslFilter;
import org.jboss.messaging.core.remoting.KeepAliveFactory;
+import org.jboss.messaging.core.remoting.ssl.SSLSupport;
+import org.jboss.messaging.util.Logger;
/**
* @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
@@ -32,6 +37,8 @@
{
// Constants -----------------------------------------------------
+ private static final Logger log = Logger.getLogger(FilterChainSupport.class);
+
// Attributes ----------------------------------------------------
// Static --------------------------------------------------------
@@ -40,6 +47,14 @@
// Public --------------------------------------------------------
+ public static void addCodecFilter(DefaultIoFilterChainBuilder filterChain)
+ {
+ assert filterChain != null;
+
+ filterChain.addLast("codec", new ProtocolCodecFilter(
+ new PacketCodecFactory()));
+ }
+
public static void addKeepAliveFilter(DefaultIoFilterChainBuilder filterChain,
KeepAliveFactory factory, int keepAliveInterval, int keepAliveTimeout, FailureNotifier notifier)
{
@@ -59,15 +74,24 @@
keepAliveTimeout));
}
- // Package protected ---------------------------------------------
-
- static void addCodecFilter(DefaultIoFilterChainBuilder filterChain)
+ public static void addSSLFilter(
+ DefaultIoFilterChainBuilder filterChain, boolean client,
+ String keystorePath, String keystorePassword, String trustStorePath, String trustStorePassword) throws Exception
{
- assert filterChain != null;
-
- filterChain.addLast("codec", new ProtocolCodecFilter(
- new PacketCodecFactory()));
+ SSLContext context = SSLSupport.getInstance(!client, keystorePath, keystorePassword,
+ trustStorePath, trustStorePassword);
+ SslFilter filter = new SslFilter(context);
+ if (client)
+ {
+ filter.setUseClientMode(true);
+ filter.setWantClientAuth(true);
+ }
+ filterChain.addLast("ssl", filter);
+
+ log.info("added ssl filter");
}
+
+ // Package protected ---------------------------------------------
static void addMDCFilter(DefaultIoFilterChainBuilder filterChain)
{
@@ -116,9 +140,5 @@
return executorService;
}
- // Protected -----------------------------------------------------
-
- // Private -------------------------------------------------------
-
// Inner classes -------------------------------------------------
}
Modified: trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaConnector.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaConnector.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaConnector.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -12,6 +12,7 @@
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addKeepAliveFilter;
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addLoggingFilter;
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addMDCFilter;
+import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addSSLFilter;
import java.io.IOException;
import java.net.InetSocketAddress;
@@ -26,6 +27,7 @@
import org.apache.mina.common.IoService;
import org.apache.mina.common.IoServiceListener;
import org.apache.mina.common.IoSession;
+import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
import org.jboss.jms.client.api.FailureListener;
import org.jboss.messaging.core.remoting.KeepAliveFactory;
@@ -86,6 +88,18 @@
DefaultIoFilterChainBuilder filterChain = connector.getFilterChain();
addMDCFilter(filterChain);
+ if (configuration.isSSLEnabled())
+ {
+ try
+ {
+ addSSLFilter(filterChain, true, configuration.getKeyStorePath(), configuration.getKeyStorePassword(), null, null);
+ } catch (Exception e)
+ {
+ IllegalStateException ise = new IllegalStateException("Unable to create MinaConnector for " + configuration);
+ ise.initCause(e);
+ throw ise;
+ }
+ }
addCodecFilter(filterChain);
addLoggingFilter(filterChain);
blockingScheduler = addBlockingRequestResponseFilter(filterChain);
@@ -131,9 +145,32 @@
return false;
}
+ SslFilter sslFilter = (SslFilter) session.getFilterChain().get("ssl");
+ // FIXME without this hack, exceptions are thrown:
+ // "Unexpected exception from SSLEngine.closeInbound()." -> because the ssl session is not stopped
+ // "java.io.IOException: Connection reset by peer" -> on the server side
+ if (sslFilter != null)
+ {
+ try
+ {
+ sslFilter.stopSsl(session).awaitUninterruptibly();
+ Thread.sleep(500);
+ } catch (Exception e)
+ {
+ // ignore
+ }
+ }
CloseFuture closeFuture = session.close().awaitUninterruptibly();
boolean closed = closeFuture.isClosed();
-
+ try
+ {
+ Thread.sleep(1000);
+ } catch (InterruptedException e)
+ {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
connector.removeListener(ioListener);
connector.dispose();
blockingScheduler.shutdown();
Modified: trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaService.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaService.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/src/main/org/jboss/messaging/core/remoting/impl/mina/MinaService.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -12,6 +12,7 @@
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addKeepAliveFilter;
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addLoggingFilter;
import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addMDCFilter;
+import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addSSLFilter;
import java.net.InetSocketAddress;
import java.util.ArrayList;
@@ -123,6 +124,13 @@
DefaultIoFilterChainBuilder filterChain = acceptor.getFilterChain();
addMDCFilter(filterChain);
+ if (remotingConfig.isSSLEnabled())
+ {
+ addSSLFilter(filterChain, false, remotingConfig.getKeyStorePath(),
+ remotingConfig.getKeyStorePassword(), remotingConfig
+ .getTrustStorePath(), remotingConfig
+ .getTrustStorePassword());
+ }
addCodecFilter(filterChain);
addLoggingFilter(filterChain);
addKeepAliveFilter(filterChain, factory,
Added: trunk/src/main/org/jboss/messaging/core/remoting/ssl/SSLSupport.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/remoting/ssl/SSLSupport.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/remoting/ssl/SSLSupport.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -0,0 +1,184 @@
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.messaging.core.remoting.ssl;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
+ *
+ * @version <tt>$Revision$</tt>
+ *
+ */
+public class SSLSupport
+{
+ // Constants -----------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ // Static --------------------------------------------------------
+
+ // Constructors --------------------------------------------------
+
+ // Public --------------------------------------------------------
+
+ public static SSLContext createServerContext(String keystorePath,
+ String keystorePassword, String trustStorePath,
+ String trustStorePassword) throws Exception
+ {
+
+ // Initialize the SSLContext to work with our key managers.
+ SSLContext sslContext = SSLContext.getInstance("TLS");
+ KeyManager[] keyManagers = loadKeyManagers(keystorePath, keystorePassword);
+ TrustManager[] trustManagers = loadTrustManager(false, trustStorePath,
+ trustStorePassword);
+ sslContext.init(keyManagers, trustManagers, new SecureRandom());
+
+ return sslContext;
+ }
+
+ public static SSLContext createClientContext() throws Exception
+ {
+ SSLContext context = SSLContext.getInstance("TLS");
+ TrustManager[] trustManagers = loadTrustManager(true, null, null);
+ context.init(null, trustManagers, new SecureRandom());
+ return context;
+ }
+
+ public static SSLContext getInstance(boolean client, String keystorePath,
+ String keystorePassword, String trustStorePath,
+ String trustStorePassword) throws GeneralSecurityException, Exception
+ {
+ if (client)
+ {
+ return createClientContext();
+ } else
+ {
+ return createServerContext(keystorePath, keystorePassword,
+ trustStorePath, trustStorePassword);
+ }
+ }
+
+ // Package protected ---------------------------------------------
+
+ // Protected -----------------------------------------------------
+
+ // Private -------------------------------------------------------
+
+ private static TrustManager[] loadTrustManager(boolean clientMode,
+ String trustStorePath, String trustStorePassword) throws Exception
+ {
+ if (clientMode)
+ {
+ // we are in client mode and do not want to perform server cert
+ // authentication
+ // return a trust manager that trusts all certs
+ return new TrustManager[] { new X509TrustManager()
+ {
+ public void checkClientTrusted(X509Certificate[] chain,
+ String authType)
+ {
+ }
+
+ public void checkServerTrusted(X509Certificate[] chain,
+ String authType)
+ {
+ }
+
+ public X509Certificate[] getAcceptedIssuers()
+ {
+ return null;
+ }
+ } };
+ } else
+ {
+ TrustManagerFactory trustMgrFactory;
+ KeyStore trustStore = SSLSupport.loadKeystore(trustStorePath,
+ trustStorePassword);
+ trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ trustMgrFactory.init(trustStore);
+ return trustMgrFactory.getTrustManagers();
+ }
+ }
+
+ private static KeyStore loadKeystore(String keystorePath,
+ String keystorePassword) throws Exception
+ {
+ KeyStore ks = KeyStore.getInstance("JKS");
+ InputStream in = null;
+ try
+ {
+ URL keystoreURL = validateStoreURL(keystorePath);
+ ks.load(keystoreURL.openStream(), keystorePassword.toCharArray());
+ } finally
+ {
+ if (in != null)
+ {
+ try
+ {
+ in.close();
+ } catch (IOException ignored)
+ {
+ }
+ }
+ }
+ return ks;
+ }
+
+ private static KeyManager[] loadKeyManagers(String keystorePath,
+ String keystorePassword) throws Exception
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
+ .getDefaultAlgorithm());
+ KeyStore ks = loadKeystore(keystorePath, keystorePassword);
+ kmf.init(ks, keystorePassword.toCharArray());
+
+ return kmf.getKeyManagers();
+ }
+
+ private static URL validateStoreURL(String storePath) throws Exception
+ {
+ // First see if this is a URL
+ try
+ {
+ return new URL(storePath);
+ } catch (MalformedURLException e)
+ {
+ File file = new File(storePath);
+ if (file.exists() == true && file.isFile())
+ {
+ return file.toURL();
+ } else
+ {
+ URL url = Thread.currentThread().getContextClassLoader()
+ .getResource(storePath);
+ if (url != null)
+ return url;
+ }
+ }
+
+ throw new Exception("Failed to find a store at " + storePath);
+ }
+
+ // Inner classes -------------------------------------------------
+}
Added: trunk/tests/etc/messaging.keystore
===================================================================
(Binary files differ)
Property changes on: trunk/tests/etc/messaging.keystore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: trunk/tests/etc/messaging.truststore
===================================================================
(Binary files differ)
Property changes on: trunk/tests/etc/messaging.truststore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: trunk/tests/src/org/jboss/messaging/core/remoting/impl/mina/integration/test/FilterChainSupportTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/remoting/impl/mina/integration/test/FilterChainSupportTest.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/tests/src/org/jboss/messaging/core/remoting/impl/mina/integration/test/FilterChainSupportTest.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -6,15 +6,32 @@
*/
package org.jboss.messaging.core.remoting.impl.mina.integration.test;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.easymock.EasyMock.createMock;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
+import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addCodecFilter;
+import static org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport.addSSLFilter;
+import static org.jboss.messaging.test.unit.RandomUtil.randomString;
+
+import java.net.InetSocketAddress;
+import java.util.concurrent.CountDownLatch;
+
+import javax.net.ssl.SSLException;
+
import junit.framework.TestCase;
+import org.apache.mina.common.ConnectFuture;
import org.apache.mina.common.DefaultIoFilterChainBuilder;
+import org.apache.mina.common.IoHandlerAdapter;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.filter.ssl.SslFilter;
+import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
+import org.apache.mina.transport.socket.nio.NioSocketConnector;
import org.jboss.messaging.core.remoting.KeepAliveFactory;
import org.jboss.messaging.core.remoting.impl.mina.FailureNotifier;
import org.jboss.messaging.core.remoting.impl.mina.FilterChainSupport;
+import org.jboss.messaging.core.remoting.wireformat.Ping;
/**
* @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
@@ -28,12 +45,28 @@
// Attributes ----------------------------------------------------
+ private String keystorePath;
+ private String keystorePassword;
+ private String trustStorePath;
+ private String trustStorePassword;
+
// Static --------------------------------------------------------
// Constructors --------------------------------------------------
// Public --------------------------------------------------------
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+
+ keystorePath = "messaging.keystore";
+ keystorePassword = "secureexample";
+ trustStorePath = "messaging.truststore";
+ trustStorePassword = keystorePassword;
+ }
+
public void testAddKeepAliveFilterWithIncorrectParameters() throws Exception
{
int keepAliveInterval = 5; // seconds
@@ -42,21 +75,71 @@
DefaultIoFilterChainBuilder filterChain = new DefaultIoFilterChainBuilder();
KeepAliveFactory factory = createMock(KeepAliveFactory.class);
FailureNotifier notifier = createMock(FailureNotifier.class);
-
+
replay(factory, notifier);
try
{
FilterChainSupport.addKeepAliveFilter(filterChain, factory,
- keepAliveInterval, keepAliveTimeout, notifier);
+ keepAliveInterval, keepAliveTimeout, notifier);
fail("the interval must be greater than the timeout");
} catch (IllegalArgumentException e)
{
}
-
+
verify(factory, notifier);
}
+ public void testSSLFilter() throws Exception
+ {
+ InetSocketAddress address = new InetSocketAddress("localhost", 9091);
+ NioSocketAcceptor acceptor = new NioSocketAcceptor();
+ addSSLFilter(acceptor.getFilterChain(), false, keystorePath,
+ keystorePassword, trustStorePath, trustStorePassword);
+ addCodecFilter(acceptor.getFilterChain());
+ acceptor.setLocalAddress(address);
+
+ final CountDownLatch latch = new CountDownLatch(1);
+
+ acceptor.setHandler(new IoHandlerAdapter()
+ {
+ @Override
+ public void messageReceived(IoSession session, Object message)
+ throws Exception
+ {
+ latch.countDown();
+ }
+ });
+ acceptor.bind();
+
+ NioSocketConnector connector = new NioSocketConnector();
+ addSSLFilter(connector.getFilterChain(), true,
+ keystorePath, keystorePassword, null, null);
+ addCodecFilter(connector.getFilterChain());
+ connector.setHandler(new IoHandlerAdapter());
+ ConnectFuture future = connector.connect(address).awaitUninterruptibly();
+ IoSession session = future.getSession();
+ session.write(new Ping(randomString()));
+
+ boolean gotMessage = latch.await(500, MILLISECONDS);
+ assertTrue(gotMessage);
+
+ SslFilter sslFilter = ((SslFilter)session.getFilterChain().get("ssl"));
+ if (sslFilter != null)
+ {
+ try
+ {
+ sslFilter.stopSsl(session);
+ } catch (SSLException e)
+ {
+ fail(e.getMessage());
+ }
+ }
+
+ boolean sessionClosed = session.close().await(500, MILLISECONDS);
+ assertTrue(sessionClosed);
+ }
+
// Package protected ---------------------------------------------
// Protected -----------------------------------------------------
Added: trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/unit/SSLSupportTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/unit/SSLSupportTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/core/remoting/ssl/test/unit/SSLSupportTest.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.messaging.core.remoting.ssl.test.unit;
+
+import java.io.File;
+
+import junit.framework.TestCase;
+
+import org.jboss.messaging.core.remoting.ssl.SSLSupport;
+
+/**
+ * @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
+ *
+ * @version <tt>$Revision$</tt>
+ *
+ */
+public class SSLSupportTest extends TestCase
+{
+ private String keyStorePath;
+ private String keyStorePassword;
+ private String trustStorePath;
+ private String trustStorePassword;
+
+ // Constants -----------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ // Static --------------------------------------------------------
+
+ // Constructors --------------------------------------------------
+
+ // Public --------------------------------------------------------
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ keyStorePath = "messaging.keystore";
+ keyStorePassword = "secureexample";
+ trustStorePath = "messaging.truststore";
+ trustStorePassword = keyStorePassword;
+ }
+
+ public void testServerContextWithRightParameters() throws Exception
+ {
+ SSLSupport.createServerContext(keyStorePath, keyStorePassword,
+ trustStorePath, trustStorePassword);
+ }
+
+ public void testServerContextWithBadKeyStorePath() throws Exception
+ {
+ try
+ {
+ SSLSupport.createServerContext("not a keystore", keyStorePassword,
+ trustStorePath, trustStorePassword);
+ fail();
+ } catch (Exception e)
+ {
+ }
+ }
+
+ public void testServerContextWithKeyStorePathAsRelativePath() throws Exception
+ {
+ // this test is dependent on a path relative to the tests directory.
+ // it will fail if launch from somewhere else (or from an IDE)
+ File currentDir = new File(System.getProperty("user.dir"));
+ if (!currentDir.getAbsolutePath().endsWith("tests"))
+ {
+ return;
+ }
+
+ SSLSupport.createServerContext("etc/messaging.keystore",
+ keyStorePassword, trustStorePath, trustStorePassword);
+ }
+
+ public void testServerContextWithBadKeyStorePassword() throws Exception
+ {
+ try
+ {
+ SSLSupport.createServerContext(keyStorePath, "bad password",
+ trustStorePath, trustStorePassword);
+ fail();
+ } catch (Exception e)
+ {
+ }
+ }
+
+ public void testServerContextWithBadTrustStorePath() throws Exception
+ {
+ try
+ {
+ SSLSupport.createServerContext(keyStorePath, keyStorePassword,
+ "not a trust store", trustStorePassword);
+ fail();
+ } catch (Exception e)
+ {
+ }
+ }
+
+ public void testServerContextWithBadTrustStorePassword() throws Exception
+ {
+ try
+ {
+ SSLSupport.createServerContext(keyStorePath, keyStorePassword,
+ trustStorePath, "bad passord");
+ fail();
+ } catch (Exception e)
+ {
+ }
+ }
+
+ // Package protected ---------------------------------------------
+
+ // Protected -----------------------------------------------------
+
+ // Private -------------------------------------------------------
+
+ // Inner classes -------------------------------------------------
+}
Modified: trunk/tests/src/org/jboss/test/messaging/jms/SerializedClientSupport.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/SerializedClientSupport.java 2008-02-21 16:01:58 UTC (rev 3755)
+++ trunk/tests/src/org/jboss/test/messaging/jms/SerializedClientSupport.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -59,6 +59,8 @@
String commandLine = sb.toString();
+ log.trace("command line: " + commandLine);
+
Process process = Runtime.getRuntime().exec(commandLine);
log.trace("process: " + process);
Added: trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSL.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSL.java (rev 0)
+++ trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSL.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -0,0 +1,88 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.messaging.jms.ssl;
+
+import java.io.FileInputStream;
+import java.io.ObjectInputStream;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+
+
+/**
+ * This client will open a connection, receive a message and crash.
+ *
+ * @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
+ *
+ * @version <tt>$Revision$</tt>
+ */
+public class ClientOverSSL
+{
+ // Constants ------------------------------------------------------------------------------------
+
+ // Static ---------------------------------------------------------------------------------------
+
+ public static void main(String[] args) throws Exception
+ {
+ String serializedFileName = args[0];
+
+ // we don't want to mess with JNDI, read the connection factory and the queue from their
+ // serialized format, from disk
+ ObjectInputStream ois =
+ new ObjectInputStream(new FileInputStream(serializedFileName));
+ ConnectionFactory cf =(ConnectionFactory)ois.readObject();
+ Queue queue = (Queue)ois.readObject();
+
+ ois.close();
+
+ // create one connection which is used
+ Connection conn = cf.createConnection();
+ Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ MessageProducer prod = sess.createProducer(queue);
+
+ prod.send(sess.createTextMessage(ClientOverSSLTest.MESSAGE_TEXT_FROM_CLIENT));
+
+ conn.close();
+
+ System.exit(0);
+ }
+
+ // Attributes -----------------------------------------------------------------------------------
+
+ // Constructors ---------------------------------------------------------------------------------
+
+ // Command implementation -----------------------------------------------------------------------
+
+ // Public ---------------------------------------------------------------------------------------
+
+ // Package protected ----------------------------------------------------------------------------
+
+ // Protected ------------------------------------------------------------------------------------
+
+ // Private --------------------------------------------------------------------------------------
+
+ // Inner classes --------------------------------------------------------------------------------
+
+}
Added: trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSLTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSLTest.java (rev 0)
+++ trunk/tests/src/org/jboss/test/messaging/jms/ssl/ClientOverSSLTest.java 2008-02-21 16:11:19 UTC (rev 3756)
@@ -0,0 +1,169 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.messaging.jms.ssl;
+
+import java.io.File;
+import java.util.ArrayList;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+import javax.naming.InitialContext;
+
+import org.jboss.messaging.core.Configuration;
+import org.jboss.messaging.core.remoting.RemotingService;
+import org.jboss.messaging.util.Logger;
+import org.jboss.test.messaging.JBMServerTestCase;
+import org.jboss.test.messaging.jms.SerializedClientSupport;
+
+/**
+ * @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
+ *
+ * @version <tt>$Revision: 3716 $</tt>
+ *
+ */
+public class ClientOverSSLTest extends JBMServerTestCase
+{
+ // Constants -----------------------------------------------------
+
+ public static final String SERIALIZED_CF_FILE_NAME = "ClientOverSSLTest_CFandQueue.ser";
+ public static final String MESSAGE_TEXT_FROM_SERVER = "ClientOverSSLTest from server";
+ public static final String MESSAGE_TEXT_FROM_CLIENT = "ClientOverSSLTest from client";
+
+ // Static --------------------------------------------------------
+
+ private static final Logger log = Logger.getLogger(ClientOverSSLTest.class);
+
+ // Attributes ----------------------------------------------------
+
+ private File serialized;
+ private ConnectionFactory cf;
+ private Queue queue;
+
+ // Constructors --------------------------------------------------
+
+ public ClientOverSSLTest(String name)
+ {
+ super(name);
+ }
+
+ // Public --------------------------------------------------------
+
+ public void testSSL() throws Exception
+ {
+ Connection conn = null;
+
+ try
+ {
+ // spawn a JVM that creates a JMS client, which waits to receive a test
+ // message
+ Process p = SerializedClientSupport.spawnVM(ClientOverSSL.class
+ .getName(), new String[] { serialized.getAbsolutePath() });
+
+ // send the message to the queue
+ conn = cf.createConnection();
+ conn.start();
+ Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ MessageProducer producer = sess.createProducer(queue);
+ MessageConsumer consumer = sess.createConsumer(queue);
+
+ TextMessage messageFromClient = (TextMessage) consumer.receive(5000);
+ assertEquals(MESSAGE_TEXT_FROM_CLIENT, messageFromClient.getText());
+
+ log.info("waiting for the client VM to exit ...");
+ p.waitFor();
+
+ assertEquals(0, p.exitValue());
+
+ } finally
+ {
+ try
+ {
+ if (conn != null)
+ conn.close();
+ } catch (Throwable ignored)
+ {
+ log.warn("Exception ignored:" + ignored.toString(), ignored);
+ }
+ }
+ }
+
+ // Package protected ---------------------------------------------
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+
+ System.setProperty(Configuration.REMOTING_ENABLE_SSL_SYSPROP_KEY, "true");
+
+ RemotingService remotingService = servers.get(0).getMessagingServer().getRemotingService();
+ remotingService.getRemotingConfiguration().setSSLEnabled(true);
+ remotingService.stop();
+ remotingService.start();
+
+ ArrayList<String> bindings = new ArrayList<String>();
+ bindings.add("ConnectionFactoryOverSSL");
+ servers.get(0).deployConnectionFactory("ConnectionFactoryOverSSL", bindings);
+ createQueue("QueueOverSSL");
+
+ InitialContext ic = getInitialContext();
+ cf = (ConnectionFactory) ic.lookup("/ConnectionFactoryOverSSL");
+ queue = (Queue) ic.lookup("/queue/QueueOverSSL");
+
+ serialized = SerializedClientSupport.writeToFile(SERIALIZED_CF_FILE_NAME,
+ cf, queue);
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ removeAllMessages("QueueOverSSL", true);
+ servers.get(0).destroyQueue("QueueOverSSL", "/queue/QueueOverSSL");
+ servers.get(0).undeployConnectionFactory("ConnectionFactoryOverSSL");
+
+
+ if (serialized != null)
+ {
+ serialized.delete();
+ }
+
+ System.setProperty(Configuration.REMOTING_ENABLE_SSL_SYSPROP_KEY, "false");
+ RemotingService remotingService = servers.get(0).getMessagingServer().getRemotingService();
+ remotingService.getRemotingConfiguration().setSSLEnabled(false);
+ remotingService.stop();
+ remotingService.start();
+
+ super.tearDown();
+ }
+
+ // Protected -----------------------------------------------------
+
+ // Private -------------------------------------------------------
+
+ // Inner classes -------------------------------------------------
+
+}
More information about the jboss-cvs-commits
mailing list