ProtonServerOptions createServerOptions() { ProtonServerOptions options = new ProtonServerOptions(); options.setHeartbeat(60000); // // close idle connections after two minutes of inactivity options.setReceiveBufferSize(16 * 1024); // 16kb options.setSendBufferSize(16 * 1024); // 16kb options.setLogActivity(honoConfig.isNetworkDebugLoggingEnabled()); return options; }
private void addTlsKeyCertOptions(final ProtonServerOptions serverOptions) { KeyCertOptions keyCertOptions = honoConfig.getKeyCertOptions(); if (keyCertOptions != null) { serverOptions.setSsl(true).setKeyCertOptions(keyCertOptions); } }
/** * Invoked during start up to create options for the proton server instances. * <ul> * <li>The <em>heartbeat</em> interval is set to 10 seconds, i.e. the server will close the * connection to the client if it does not receive any frames for 20 seconds.</li> * <li>The maximum frame size is set to 16kb.</li> * </ul> * <p> * Subclasses may override this method to set custom options. * * @return The options. */ protected ProtonServerOptions createInsecureServerOptions() { final ProtonServerOptions options = new ProtonServerOptions(); options.setHeartbeat(10000); // close idle connections after 20 seconds of inactivity options.setMaxFrameSize(16 * 1024); // 16kb options.setLogActivity(getConfig().isNetworkDebugLoggingEnabled()); return options; }
private void addTlsTrustOptions(final ProtonServerOptions serverOptions) { if (serverOptions.isSsl() && serverOptions.getTrustOptions() == null) { TrustOptions trustOptions = honoConfig.getTrustOptions(); if (trustOptions != null) { serverOptions.setTrustOptions(trustOptions).setClientAuth(ClientAuth.REQUEST); LOG.info("enabling TLS for client authentication"); } } }
@Test(timeout = 20000) public void testConnectWithSslToServerWhileUsingTrustAll(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to succeed due to trusting all certs AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); bridgeOptions.setTrustAll(true); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to succeed context.assertTrue(res.succeeded(), "expected start to suceed due to trusting all certs"); async.complete(); }); async.awaitSuccess(); }
/** * Create an options instance for the ProtonServer * based on AMQP-Kafka bridge internal configuration * * @return ProtonServer options instance */ private ProtonServerOptions createServerOptions(){ ProtonServerOptions options = new ProtonServerOptions(); options.setHost(this.bridgeConfigProperties.getEndpointConfigProperties().getHost()); options.setPort(this.bridgeConfigProperties.getEndpointConfigProperties().getPort()); if (this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir() != null && this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir().length() > 0) { String certDir = this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir(); log.info("Enabling SSL configuration for AMQP with TLS certificates from {}", certDir); options.setSsl(true) .setPemTrustOptions(new PemTrustOptions() .addCertPath(new File(certDir, "ca.crt").getAbsolutePath())) .setPemKeyCertOptions(new PemKeyCertOptions() .addCertPath(new File(certDir, "tls.crt").getAbsolutePath()) .addKeyPath(new File(certDir, "tls.key").getAbsolutePath())); } return options; }
private Future<Void> bindSecureServer() { if (isSecurePortEnabled()) { final ProtonServerOptions options = new ProtonServerOptions() .setHost(getConfig().getBindAddress()) .setPort(determineSecurePort()) .setMaxFrameSize(getConfig().getMaxFrameSize()); addTlsKeyCertOptions(options); addTlsTrustOptions(options); final Future<Void> result = Future.future(); secureServer = createServer(secureServer, options); secureServer.connectHandler(this::onConnectRequest).listen(ar -> { if (ar.succeeded()) { LOG.info("secure AMQP server listening on {}:{}", getConfig().getBindAddress(), getActualPort()); result.complete(); } else { LOG.error("cannot bind to secure port", ar.cause()); result.fail(ar.cause()); } }); return result; } else { return Future.succeededFuture(); } }
@Override public void start() { ProtonServerOptions options = new ProtonServerOptions(); if(useTls) { options.setSsl(true); String path; if((path = config.get("jksKeyStorePath")) != null) { jksOptions.setPath(path); jksOptions.setPassword(config.get("keyStorePassword")); options.setKeyStoreOptions(jksOptions); } else if((path = config.get("pfxKeyStorePath")) != null) { final PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPath(path); pfxOptions.setPassword(config.get("keyStorePassword")); options.setPfxKeyCertOptions(pfxOptions); } else if((path = config.get("pemCertificatePath")) != null) { final PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions(); pemKeyCertOptions.setCertPath(path); pemKeyCertOptions.setKeyPath(config.get("pemKeyPath")); options.setPemKeyCertOptions(pemKeyCertOptions); } else {
Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); serverOptions.setClientAuth(ClientAuth.REQUIRED); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); serverOptions.setPfxTrustOptions(pfxOptions);
@Test(timeout = 20000) public void testConnectWithSslToNonSslServerFails(TestContext context) throws Exception { Async async = context.async(); // Create a server that doesn't use ssl ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(false); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to fail AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(pfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to fail due to remote peer not doing SSL context.assertFalse(res.succeeded(), "expected start to fail due to server not using secure transport"); async.complete(); }); async.awaitSuccess(); }
public ProtonServerImpl(Vertx vertx) { this.vertx = vertx; this.server = this.vertx.createNetServer(); this.options = new ProtonServerOptions(); }
public MockServer(Vertx vertx, Handler<ProtonConnection> connectionHandler, ProtonServerOptions protonServerOptions) throws ExecutionException, InterruptedException { if(protonServerOptions == null) { protonServerOptions = new ProtonServerOptions(); } protonServerOptions.setReuseAddress(reuseAddress); server = ProtonServer.create(vertx, protonServerOptions); server.connectHandler(connectionHandler); FutureHandler<ProtonServer, AsyncResult<ProtonServer>> handler = FutureHandler.asyncResult(); server.listen(bindPort, handler); handler.get(); }
static void fromJson(Iterable<java.util.Map.Entry<String, Object>> json, ProtonServerOptions obj) { for (java.util.Map.Entry<String, Object> member : json) { switch (member.getKey()) { case "heartbeat": if (member.getValue() instanceof Number) { obj.setHeartbeat(((Number)member.getValue()).intValue()); } break; case "maxFrameSize": if (member.getValue() instanceof Number) { obj.setMaxFrameSize(((Number)member.getValue()).intValue()); } break; } } }
@Test(timeout = 20000) public void testConnectWithSslToServerWithUntrustedKeyFails(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to fail due to not trusting the server AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions pfxOptions = new PfxOptions().setPath(OTHER_CA_TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(pfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to fail due to remote peer not being trusted context.assertFalse(res.succeeded(), "expected start to fail due to untrusted server"); async.complete(); }); async.awaitSuccess(); }
private Future<Void> bindInsecureServer() { if (isInsecurePortEnabled()) { final ProtonServerOptions options = new ProtonServerOptions() .setHost(getConfig().getInsecurePortBindAddress()) .setPort(determineInsecurePort()) .setMaxFrameSize(getConfig().getMaxFrameSize()); final Future<Void> result = Future.future(); insecureServer = createServer(insecureServer, options); insecureServer.connectHandler(this::onConnectRequest).listen(ar -> { if (ar.succeeded()) { LOG.info("insecure AMQP server listening on [{}:{}]", getConfig().getInsecurePortBindAddress(), getActualInsecurePort()); result.complete(); } else { result.fail(ar.cause()); } }); return result; } else { return Future.succeededFuture(); } }
@Test(timeout = 20000) public void testConnectWithSslSucceeds(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Start the bridge and verify is succeeds AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions clientPfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(clientPfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to succeed context.assertTrue(res.succeeded(), "expected start to suceed"); async.complete(); }); async.awaitSuccess(); }
/** * Invoked during start up to create options for the proton server instance binding to the insecure port. * <p> * Subclasses may override this method to set custom options. * * @return The options. */ protected ProtonServerOptions createInsecureServerOptions() { final ProtonServerOptions options = new ProtonServerOptions(); options.setHeartbeat(60000); // // close idle connections after two minutes of inactivity options.setReceiveBufferSize(16 * 1024); // 16kb options.setSendBufferSize(16 * 1024); // 16kb options.setLogActivity(getConfig().isNetworkDebugLoggingEnabled()); return options; }
ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(WRONG_HOST_KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions);