Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLContext is overridden with default #12

Closed
lukehu99 opened this issue Dec 13, 2016 · 5 comments
Closed

SSLContext is overridden with default #12

lukehu99 opened this issue Dec 13, 2016 · 5 comments
Assignees
@acogoluegnes
Labels
bug effort-tiny usability
Milestone
1.6.0

Comments

@lukehu99
Copy link

Hi,

We plan to use the JMS connection in TIBCO BW 5.x. In BW, we define the file JNDI and use the "com.sun.jndi.fscontext.RefFSContextFactory" as the InitialContext class to lookup the JMS connection factory. Due to the limitation of TIBCO BW, it does not allow us to useSslProtocol() to configure the sslContext manully. Is it possible to introduce some properties in the JMS connetion facory for SSL, such keystore, trustkeystore and passwords and let connection facotry configure the sslConext by itself? If so, we can configure those SSL properties in the .bindings file there.

One more thing on the method createConnection(String username, String password) of class
com.rabbitmq.jms.admin.RMQConnectionFactory. In the test with java code, I found that the sslContext will be overwriten by the default sslContext even the sslContext has been configured by the maybeEnableTLS(). The reason is the following setRabbitUri() will reset sslContext again. Is it possible to change the order of the those two methods?

    maybeEnableTLS(factory);
    setRabbitUri(logger, this, factory, this.getUri());

Best Regards,
Luke
@michaelklishin
Copy link
Member

@lukehu99 in other words, if an SSLContext was previously set we should use that?

@michaelklishin michaelklishin changed the title request some SSL configuration for the connection facotry SSLContext can be overridden with default Dec 13, 2016
@lukehu99
Copy link
Author

lukehu99 commented Dec 13, 2016
edited by michaelklishin

@michaelklishin

It is the sample code to create the JMS connection with my sslContext. But the sslContext is overwritten by the setRabbitUri(logger, this, factory, this.getUri()); in createConnection(String username, String password):

		Hashtable<String, String> env = new Hashtable<String, String>();
		env.put(Context.INITIAL_CONTEXT_FACTORY,
				"com.sun.jndi.fscontext.RefFSContextFactory");
		env.put(Context.PROVIDER_URL, JNDIloc);
		
		InitialContext jndiContext;

		jndiContext = new InitialContext(env);
		javax.jms.ConnectionFactory cf =  (javax.jms.ConnectionFactory) jndiContext.lookup("ConnectionFactory");
		
		com.rabbitmq.jms.admin.RMQConnectionFactory rmqcf = (com.rabbitmq.jms.admin.RMQConnectionFactory) cf;
		rmqcf.useSslProtocol(sslContext);
		
		javax.jms.Connection connection = cf.createConnection();

And TIBCO BW is something like xml configuration. It is not allowed to invoke the rmqcf.useSslProtocol(sslContext) directly. So I wish the JMS factory could have the SSL properties for the JNDI configuration. Or JMS factory could load the default SSLContext, SSLContext.getDefault(); ,when the factory instance is created. In that case, I could configure the SSL with system property, and that sslContext will be passed to JMS factory.

@michaelklishin
Copy link
Member

@acogoluegnes @garyrussell @artembilan any thoughts on the comment above?

@acogoluegnes
Copy link
Contributor

By browsing the code, the problem of setRabbitUri overriding the SSLContext looks real. It happens in the AMQP Java client (https://github.com/rabbitmq/rabbitmq-java-client/blob/v4.0.0/src/main/java/com/rabbitmq/client/ConnectionFactory.java#L209). Changing the order of the calls in the JMS client should do the job.

Regarding the other part, we could introduce a useDefaultSslContext flag to use SSLContext.getDefault(). The default value would be false.

@acogoluegnes acogoluegnes added this to the 1.6.0 milestone Dec 13, 2016
@acogoluegnes acogoluegnes changed the title SSLContext can be overridden with default SSLContext is overridden with default Dec 30, 2016
acogoluegnes added a commit that referenced this issue Jan 2, 2017
@acogoluegnes
Don't override SSLContext when explicitly set up
dfaaf43 
Fixes #12
This was referenced Jan 2, 2017
Closed
Merged
acogoluegnes referenced this issue Jan 2, 2017
@michaelklishin
More TLS-related configuration methods on RMQConnectionFactory
3a04371 
Nearly brings it to parity with c.r.c.ConnectionFactory.

Fixes #1.

[#128309631]
@acogoluegnes
Copy link
Contributor

@lukehu99 Just a heads up: we released 1.6.0.RC1 of the JMS client yesterday, with fixes for this issue https://groups.google.com/forum/#!topic/rabbitmq-users/WB_lLwFoiFc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acogoluegnes acogoluegnes

Labels
bug effort-tiny usability
Projects
None yet
Milestone
1.6.0
Development

No branches or pull requests
3 participants
@michaelklishin @acogoluegnes @lukehu99