From 68fc6e8829379ec50263605a672b8bce04eb1d1f Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Tue, 12 Jun 2018 15:27:48 -0500 Subject: [PATCH] ARTEMIS-1926 refactor SSLSupport --- .../remoting/impl/netty/NettyConnector.java | 52 +++-- .../core/remoting/impl/ssl/SSLSupport.java | 183 ++++++++++-------- .../remoting/impl/netty/NettyAcceptor.java | 20 +- .../management/ConnectorServerFactory.java | 9 +- .../cli/test/WebServerComponentTest.java | 16 +- .../jms/example/MqttCrlEnabledExample.java | 7 +- .../mqtt/imported/MQTTSecurityCRLTest.java | 7 +- .../ssl/CoreClientOverOneWaySSLTest.java | 15 +- .../NettyConnectorWithHTTPUpgradeTest.java | 5 +- .../remoting/impl/ssl/SSLSupportTest.java | 102 ++++++++-- 10 files changed, 295 insertions(+), 121 deletions(-) diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java index b32da929115..284d0b90531 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java @@ -533,7 +533,7 @@ public void initChannel(Channel channel) throws Exception { if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) { engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword); } else { - engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword); + engine = loadJdkSslEngine(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword); } engine.setUseClientMode(true); @@ -607,18 +607,26 @@ public void initChannel(Channel channel) throws Exception { ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION, host, port); } - private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext, - String realKeyStoreProvider, - String realKeyStorePath, - String realKeyStorePassword, - String realTrustStoreProvider, - String realTrustStorePath, - String realTrustStorePassword) throws Exception { + private SSLEngine loadJdkSslEngine(String keystoreProvider, + String keystorePath, + String keystorePassword, + String truststoreProvider, + String truststorePath, + String truststorePassword) throws Exception { SSLContext context; if (useDefaultSslContext) { context = SSLContext.getDefault(); } else { - context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath); + context = new SSLSupport() + .setKeystoreProvider(keystoreProvider) + .setKeystorePath(keystorePath) + .setKeystorePassword(keystorePassword) + .setTruststoreProvider(truststoreProvider) + .setTruststorePath(truststorePath) + .setTruststorePassword(truststorePassword) + .setTrustAll(trustAll) + .setCrlPath(crlPath) + .createContext(); } Subject subject = null; if (kerb5Config != null) { @@ -642,14 +650,24 @@ public SSLEngine run() { } private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, - String realKeyStoreProvider, - String realKeyStorePath, - String realKeyStorePassword, - String realTrustStoreProvider, - String realTrustStorePath, - String realTrustStorePassword) throws Exception { - - SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll); + String keystoreProvider, + String keystorePath, + String keystorePassword, + String truststoreProvider, + String truststorePath, + String truststorePassword) throws Exception { + + + SslContext context = new SSLSupport() + .setKeystoreProvider(keystoreProvider) + .setKeystorePath(keystorePath) + .setKeystorePassword(keystorePassword) + .setTruststoreProvider(truststoreProvider) + .setTruststorePath(truststorePath) + .setTruststorePassword(truststorePassword) + .setSslProvider(sslProvider) + .setTrustAll(trustAll) + .createNettyClientContext(); Subject subject = null; if (kerb5Config != null) { diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java index 905e19e9330..89994c29ddc 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java @@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; import org.apache.activemq.artemis.utils.ClassloadingUtil; /** @@ -53,80 +54,117 @@ * null keystore path. */ public class SSLSupport { - // Public -------------------------------------------------------- + private String keystoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER; + private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH; + private String keystorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD; + private String truststoreProvider = TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER; + private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH; + private String truststorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD; + private String crlPath = TransportConstants.DEFAULT_CRL_PATH; + private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER; + private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL; + + public String getKeystoreProvider() { + return keystoreProvider; + } + + public SSLSupport setKeystoreProvider(String keystoreProvider) { + this.keystoreProvider = keystoreProvider; + return this; + } + + public String getKeystorePath() { + return keystorePath; + } + + public SSLSupport setKeystorePath(String keystorePath) { + this.keystorePath = keystorePath; + return this; + } + + public String getKeystorePassword() { + return keystorePassword; + } + + public SSLSupport setKeystorePassword(String keystorePassword) { + this.keystorePassword = keystorePassword; + return this; + } + + public String getTruststoreProvider() { + return truststoreProvider; + } - public static SSLContext createContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword) throws Exception { + public SSLSupport setTruststoreProvider(String truststoreProvider) { + this.truststoreProvider = truststoreProvider; + return this; + } - return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, null); + public String getTruststorePath() { + return truststorePath; } - public static SSLContext createContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final String crlPath) throws Exception { + public SSLSupport setTruststorePath(String truststorePath) { + this.truststorePath = truststorePath; + return this; + } - return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath); + public String getTruststorePassword() { + return truststorePassword; } - public static SSLContext createContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final boolean trustAll) throws Exception { - return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null); + public SSLSupport setTruststorePassword(String truststorePassword) { + this.truststorePassword = truststorePassword; + return this; } - public static SSLContext createContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final boolean trustAll, - final String crlPath) throws Exception { + public String getCrlPath() { + return crlPath; + } + + public SSLSupport setCrlPath(String crlPath) { + this.crlPath = crlPath; + return this; + } + + public String getSslProvider() { + return sslProvider; + } + + public SSLSupport setSslProvider(String sslProvider) { + this.sslProvider = sslProvider; + return this; + } + + public boolean isTrustAll() { + return trustAll; + } + + public SSLSupport setTrustAll(boolean trustAll) { + this.trustAll = trustAll; + return this; + } + + public SSLContext createContext() throws Exception { SSLContext context = SSLContext.getInstance("TLS"); - KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath, keystorePassword); - TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath); + KeyManager[] keyManagers = loadKeyManagers(); + TrustManager[] trustManagers = loadTrustManagers(); context.init(keyManagers, trustManagers, new SecureRandom()); return context; } - public static SslContext createNettyContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final String sslProvider) throws Exception { - + public SslContext createNettyContext() throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); - return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build(); + return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build(); } - public static SslContext createNettyClientContext(final String keystoreProvider, - final String keystorePath, - final String keystorePassword, - final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final String sslProvider, - final boolean trustAll ) throws Exception { + public SslContext createNettyClientContext() throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray()); - return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build(); + return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build(); } @@ -151,19 +189,15 @@ public static String parseArrayIntoCommandSeparatedList(String[] suites) { } // Private ------------------------------------------------------- - private static TrustManagerFactory loadTrustManagerFactory(final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final boolean trustAll, - final String crlPath) throws Exception { + private TrustManagerFactory loadTrustManagerFactory() throws Exception { if (trustAll) { //This is useful for testing but not should be used outside of that purpose return InsecureTrustManagerFactory.INSTANCE; - } else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase()))) { + } else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) { return null; } else { TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword); + KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword); boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable")); boolean initialized = false; @@ -171,7 +205,7 @@ private static TrustManagerFactory loadTrustManagerFactory(final String trustSto PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); if (crlPath != null) { pkixParams.setRevocationEnabled(true); - Collection crlList = loadCRL(crlPath); + Collection crlList = loadCRL(); if (crlList != null) { pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList))); } @@ -187,25 +221,19 @@ private static TrustManagerFactory loadTrustManagerFactory(final String trustSto } } - private static TrustManager[] loadTrustManager(final String trustStoreProvider, - final String trustStorePath, - final String trustStorePassword, - final boolean trustAll, - final String crlPath) throws Exception { - TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath); + private TrustManager[] loadTrustManagers() throws Exception { + TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(); if (trustManagerFactory == null) { return null; } return trustManagerFactory.getTrustManagers(); } - private static Collection loadCRL(String crlPath) throws Exception { + private Collection loadCRL() throws Exception { if (crlPath == null) { return null; } - - URL resource = SSLSupport.validateStoreURL(crlPath); - + URL resource = validateStoreURL(crlPath); try (InputStream is = resource.openStream()) { return CertificateFactory.getInstance("X.509").generateCRLs(is); } @@ -233,25 +261,20 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } - private static KeyManager[] loadKeyManagers(final String keyStoreProvider, - final String keystorePath, - final String keystorePassword) throws Exception { - - KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword); + private KeyManager[] loadKeyManagers() throws Exception { + KeyManagerFactory factory = loadKeyManagerFactory(); if (factory == null) { return null; } return factory.getKeyManagers(); } - private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider, - final String keystorePath, - final String keystorePassword) throws Exception { - if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase()))) { + private KeyManagerFactory loadKeyManagerFactory() throws Exception { + if (keystorePath == null && (keystoreProvider == null || !"PKCS11".equals(keystoreProvider.toUpperCase()))) { return null; } else { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword); + KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray()); return kmf; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java index ed1a9412d23..fb46ff44015 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java @@ -542,7 +542,15 @@ private SSLEngine loadJdkSslEngine() throws Exception { try { if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider)) throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified."); - context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, crlPath); + context = new SSLSupport() + .setKeystoreProvider(keyStoreProvider) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(trustStoreProvider) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .setCrlPath(crlPath) + .createContext(); } catch (Exception e) { IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port); ise.initCause(e); @@ -573,7 +581,15 @@ private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc) throws Exception { try { if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider)) throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME + "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null " + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has been specified."); - context = SSLSupport.createNettyContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword, sslProvider); + context = new SSLSupport() + .setKeystoreProvider(keyStoreProvider) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(trustStoreProvider) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .setSslProvider(sslProvider) + .createNettyContext(); } catch (Exception e) { IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port); ise.initCause(e); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java index 2c66acbb95a..4ae7e3eabd8 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java @@ -232,7 +232,14 @@ protected void doUnregister(ObjectName objectName) { //todo fix private void setupSsl() throws Exception { - SSLContext context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword, trustStoreProvider, trustStorePath, trustStorePassword); + SSLContext context = new SSLSupport() + .setKeystoreProvider(keyStoreProvider) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(trustStoreProvider) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); SSLServerSocketFactory sssf = context.getServerSocketFactory(); RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, this.isClientAuth(), rmiServerHost); RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory(); diff --git a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java index 1f1a946ea5d..fb6461e2cf9 100644 --- a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java +++ b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java @@ -177,9 +177,13 @@ public void simpleSecureServer() throws Exception { webServerComponent.start(); final int port = webServerComponent.getPort(); // Make the connection attempt. - String keyStoreProvider = "JKS"; - SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword()); + SSLContext context = new SSLSupport() + .setKeystorePath(webServerDTO.keyStorePath) + .setKeystorePassword(webServerDTO.getKeyStorePassword()) + .setTruststorePath(webServerDTO.keyStorePath) + .setTruststorePassword(webServerDTO.getKeyStorePassword()) + .createContext(); SSLEngine engine = context.createSSLEngine(); engine.setUseClientMode(true); @@ -233,9 +237,13 @@ public void simpleSecureServerWithClientAuth() throws Exception { webServerComponent.start(); final int port = webServerComponent.getPort(); // Make the connection attempt. - String keyStoreProvider = "JKS"; - SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.trustStorePath, webServerDTO.getTrustStorePassword()); + SSLContext context = new SSLSupport() + .setKeystorePath(webServerDTO.keyStorePath) + .setKeystorePassword(webServerDTO.getKeyStorePassword()) + .setTruststorePath(webServerDTO.trustStorePath) + .setTruststorePassword(webServerDTO.getTrustStorePassword()) + .createContext(); SSLEngine engine = context.createSSLEngine(); engine.setUseClientMode(true); diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java index a4ddf6a6dcb..46e0ad15054 100644 --- a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java +++ b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java @@ -72,7 +72,12 @@ private static BlockingConnection retrieveMQTTConnection(String host, String tru mqtt.setConnectAttemptsMax(0); mqtt.setReconnectAttemptsMax(0); mqtt.setHost(host); - mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, keystorePass, "JKS", truststorePath, truststorePass)); + mqtt.setSslContext(new SSLSupport() + .setKeystorePath(keystorePath) + .setKeystorePassword(keystorePass) + .setTruststorePath(truststorePath) + .setTruststorePassword(truststorePass) + .createContext()); mqtt.setCleanSession(true); BlockingConnection connection = mqtt.blockingConnection(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java index 4f88661ad5e..dd45f5c0c15 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java @@ -235,7 +235,12 @@ private BlockingConnection retrieveMQTTConnection(String host, String truststore mqtt.setConnectAttemptsMax(1); mqtt.setReconnectAttemptsMax(0); mqtt.setHost(host); - SSLContext sslContext = SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, truststorePath, truststorePass); + SSLContext sslContext = new SSLSupport() + .setKeystorePath(keystorePath) + .setKeystorePassword(keystorePass) + .setTruststorePath(truststorePath) + .setTruststorePassword(truststorePass) + .createContext(); mqtt.setSslContext(sslContext); BlockingConnection connection = mqtt.blockingConnection(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java index b9b9bc8131c..2bc321224cb 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java @@ -239,7 +239,11 @@ public void testOneWaySSLUsingDefaultSslContext() throws Exception { tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true); - SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER, TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD)); + SSLContext.setDefault(new SSLSupport() + .setTruststoreProvider(storeType) + .setTruststorePath(CLIENT_SIDE_TRUSTSTORE) + .setTruststorePassword(PASSWORD) + .createContext()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); @@ -662,7 +666,14 @@ public String getSuitableCipherSuite() throws Exception { } public String[] getEnabledCipherSuites() throws Exception { - SSLContext context = SSLSupport.createContext(storeType, SERVER_SIDE_KEYSTORE, PASSWORD, storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD); + SSLContext context = new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(SERVER_SIDE_KEYSTORE) + .setKeystorePassword(PASSWORD) + .setTruststoreProvider(storeType) + .setTruststorePath(CLIENT_SIDE_TRUSTSTORE) + .setTruststorePassword(PASSWORD) + .createContext(); SSLEngine engine = context.createSSLEngine(); return engine.getEnabledCipherSuites(); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java index b93dc44f918..96ecb56a90c 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java @@ -210,7 +210,10 @@ private void startWebServer(int port) throws Exception { ServerBootstrap b = new ServerBootstrap(); final SSLContext context; if (useSSL) { - context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, PASSWORD, null, null, null); + context = new SSLSupport() + .setKeystorePath(SERVER_SIDE_KEYSTORE) + .setKeystorePassword(PASSWORD) + .createContext(); } else { context = null; } diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java index 3cb6e6d433a..256be6462d5 100644 --- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java +++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java @@ -73,32 +73,60 @@ public void setUp() throws Exception { @Test public void testContextWithRightParameters() throws Exception { - SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); } // This is valid as it will create key and trust managers with system defaults @Test public void testContextWithNullParameters() throws Exception { - SSLSupport.createContext(null, null, null, null, null, null); + new SSLSupport().createContext(); } @Test public void testContextWithKeyStorePathAsURL() throws Exception { URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath); - SSLSupport.createContext(storeType, url.toString(), keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(url.toString()) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); } @Test public void testContextWithKeyStorePathAsFile() throws Exception { URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath); File file = new File(url.toURI()); - SSLSupport.createContext(storeType, file.getAbsolutePath(), keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(file.getAbsolutePath()) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); } @Test public void testContextWithBadKeyStorePath() throws Exception { try { - SSLSupport.createContext(storeType, "not a keystore", keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath("not a keystore") + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); Assert.fail(); } catch (Exception e) { } @@ -107,7 +135,14 @@ public void testContextWithBadKeyStorePath() throws Exception { @Test public void testContextWithNullKeyStorePath() throws Exception { try { - SSLSupport.createContext(storeType, null, keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(null) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); } catch (Exception e) { Assert.fail(); } @@ -122,13 +157,27 @@ public void testContextWithKeyStorePathAsRelativePath() throws Exception { return; } - SSLSupport.createContext(storeType, "src/test/resources/" + keyStorePath, keyStorePassword, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath("src/test/resources/" + keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); } @Test public void testContextWithBadKeyStorePassword() throws Exception { try { - SSLSupport.createContext(storeType, keyStorePath, "bad password", storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword("bad password") + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); Assert.fail(); } catch (Exception e) { } @@ -137,7 +186,14 @@ public void testContextWithBadKeyStorePassword() throws Exception { @Test public void testContextWithNullKeyStorePassword() throws Exception { try { - SSLSupport.createContext(storeType, keyStorePath, null, storeType, trustStorePath, trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword(null) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword(trustStorePassword) + .createContext(); Assert.fail(); } catch (Exception e) { assertFalse(e instanceof NullPointerException); @@ -147,7 +203,14 @@ public void testContextWithNullKeyStorePassword() throws Exception { @Test public void testContextWithBadTrustStorePath() throws Exception { try { - SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, "not a trust store", trustStorePassword); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath("not a trust store") + .setTruststorePassword(trustStorePassword) + .createContext(); Assert.fail(); } catch (Exception e) { } @@ -156,7 +219,14 @@ public void testContextWithBadTrustStorePath() throws Exception { @Test public void testContextWithBadTrustStorePassword() throws Exception { try { - SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord"); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword("bad passord") + .createContext(); Assert.fail(); } catch (Exception e) { } @@ -166,6 +236,14 @@ public void testContextWithBadTrustStorePassword() throws Exception { public void testContextWithTrustAll() throws Exception { //This is using a bad password but should not fail because the trust store should be ignored with //the trustAll flag set to true - SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath, "bad passord", true); + new SSLSupport() + .setKeystoreProvider(storeType) + .setKeystorePath(keyStorePath) + .setKeystorePassword(keyStorePassword) + .setTruststoreProvider(storeType) + .setTruststorePath(trustStorePath) + .setTruststorePassword("bad passord") + .setTrustAll(true) + .createContext(); } }