pool2 = Executors.newScheduledThreadPool(ActiveMQDefaultConfiguration.getDefaultScheduledThreadPoolMaxSize(), ActiveMQThreadFactory.defaultThreadFactory()); pool3 = Executors.newSingleThreadExecutor(ActiveMQThreadFactory.defaultThreadFactory()); NettyAcceptor acceptor = new NettyAcceptor("netty", null, params, handler, listener, pool2, pool3, new HashMap<String, ProtocolManager>()); acceptor.start(); Assert.assertTrue(acceptor.isStarted()); acceptor.stop(); Assert.assertFalse(acceptor.isStarted()); ActiveMQTestBase.checkFreePort(TransportConstants.DEFAULT_PORT); acceptor.start(); Assert.assertTrue(acceptor.isStarted()); acceptor.stop(); Assert.assertFalse(acceptor.isStarted()); ActiveMQTestBase.checkFreePort(TransportConstants.DEFAULT_PORT);
ProtocolDecoder(boolean http, boolean httpEnabled) { this.http = http; this.httpEnabled = httpEnabled; this.handshakeTimeout = ConfigurationHelper.getIntProperty(TransportConstants.HANDSHAKE_TIMEOUT, TransportConstants.DEFAULT_HANDSHAKE_TIMEOUT, nettyAcceptor.getConfiguration()); }
return; ConnectionCreator channelHandler = nettyAcceptor.createConnectionCreator(); ChannelPipeline pipeline = ctx.pipeline(); protocolManagerToUse.addChannelHandlers(pipeline);
public synchronized SslHandler getSslHandler(ByteBufAllocator alloc) throws Exception { SSLEngine engine; if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) { engine = loadOpenSslEngine(alloc); } else { engine = loadJdkSslEngine();
@Override public Acceptor createAcceptor(final String name, final ClusterConnection connection, final Map<String, Object> configuration, final BufferHandler handler, final ServerConnectionLifeCycleListener listener, final Executor threadPool, final ScheduledExecutorService scheduledThreadPool, final Map<String, ProtocolManager> protocolMap) { Executor failureExecutor = new OrderedExecutor(threadPool); return new NettyAcceptor(name, connection, configuration, handler, listener, scheduledThreadPool, failureExecutor, protocolMap); } }
acceptor.setKeyStorePath("other-server-side-keystore." + suffix); acceptor.reload();
@Override public void initChannel(Channel channel) throws Exception { ChannelPipeline pipeline = channel.pipeline(); if (sslEnabled) { pipeline.addLast("ssl", getSslHandler(channel.alloc())); pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler()); } pipeline.addLast(protocolHandler.getProtocolDecoder()); } };
this.protocolsString = getProtocols(protocolMap);
@Override public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception { if (msg instanceof FullHttpRequest) { FullHttpRequest request = (FullHttpRequest) msg; HttpHeaders headers = request.headers(); String upgrade = headers.get("upgrade"); if (upgrade != null && upgrade.equalsIgnoreCase("websocket")) { ctx.pipeline().addLast("websocket-handler", new WebSocketServerHandler(websocketSubprotocolIds, ConfigurationHelper.getIntProperty(TransportConstants.STOMP_MAX_FRAME_PAYLOAD_LENGTH, TransportConstants.DEFAULT_STOMP_MAX_FRAME_PAYLOAD_LENGTH, nettyAcceptor.getConfiguration()))); ctx.pipeline().addLast(new ProtocolDecoder(false, false)); ctx.pipeline().remove(this); ctx.pipeline().remove("http-handler"); ctx.fireChannelRead(msg); } else if (upgrade != null && upgrade.equalsIgnoreCase(NettyConnector.ACTIVEMQ_REMOTING)) { // HORNETQ-1391 // Send the response and close the connection if necessary. ctx.writeAndFlush(new DefaultFullHttpResponse(HTTP_1_1, FORBIDDEN)).addListener(ChannelFutureListener.CLOSE); } } else { super.channelRead(ctx, msg); } }
private void switchToHttp(ChannelHandlerContext ctx) { ChannelPipeline p = ctx.pipeline(); p.addLast("http-decoder", new HttpRequestDecoder()); p.addLast("http-aggregator", new HttpObjectAggregator(Integer.MAX_VALUE)); p.addLast("http-encoder", new HttpResponseEncoder()); //create it lazily if and when we need it if (httpKeepAliveRunnable == null) { long httpServerScanPeriod = ConfigurationHelper.getLongProperty(TransportConstants.HTTP_SERVER_SCAN_PERIOD_PROP_NAME, TransportConstants.DEFAULT_HTTP_SERVER_SCAN_PERIOD, nettyAcceptor.getConfiguration()); httpKeepAliveRunnable = new HttpKeepAliveRunnable(); Future<?> future = scheduledThreadPool.scheduleAtFixedRate(httpKeepAliveRunnable, httpServerScanPeriod, httpServerScanPeriod, TimeUnit.MILLISECONDS); httpKeepAliveRunnable.setFuture(future); } long httpResponseTime = ConfigurationHelper.getLongProperty(TransportConstants.HTTP_RESPONSE_TIME_PROP_NAME, TransportConstants.DEFAULT_HTTP_RESPONSE_TIME, nettyAcceptor.getConfiguration()); HttpAcceptorHandler httpHandler = new HttpAcceptorHandler(httpKeepAliveRunnable, httpResponseTime, ctx.channel()); ctx.pipeline().addLast("http-handler", httpHandler); p.addLast(new ProtocolDecoder(false, true)); p.remove(this); } }
@Test public void testProviderConfig() { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor(getNettyAcceptorName()); assertNotNull(acceptor); String sslProviderInUse = (String) acceptor.getConfiguration().get(TransportConstants.SSL_PROVIDER); assertEquals(sslProvider, sslProviderInUse); assertTrue((Boolean) acceptor.getConfiguration().get(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME)); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrueByURI() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set StringBuilder uri = new StringBuilder("tcp://" + tc.getParams().get(TransportConstants.HOST_PROP_NAME).toString() + ":" + tc.getParams().get(TransportConstants.PORT_PROP_NAME).toString()); uri.append("?").append(TransportConstants.SSL_ENABLED_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.TRUST_ALL_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeType); uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE); uri.append("&").append(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(uri.toString())); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrueByURI() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set StringBuilder uri = new StringBuilder("tcp://" + tc.getParams().get(TransportConstants.HOST_PROP_NAME).toString() + ":" + tc.getParams().get(TransportConstants.PORT_PROP_NAME).toString()); uri.append("?").append(TransportConstants.SSL_ENABLED_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.SSL_PROVIDER).append("=").append(TransportConstants.OPENSSL_PROVIDER); uri.append("&").append(TransportConstants.TRUST_ALL_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeType); uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE); uri.append("&").append(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(uri.toString())); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrueByURI() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set StringBuilder uri = new StringBuilder("tcp://" + tc.getParams().get(TransportConstants.HOST_PROP_NAME).toString() + ":" + tc.getParams().get(TransportConstants.PORT_PROP_NAME).toString()); uri.append("?").append(TransportConstants.SSL_ENABLED_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.TRUST_ALL_PROP_NAME).append("=true"); uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append(storeType); uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE); uri.append("&").append(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(uri.toString())); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testProviderConfig() { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor(getNettyAcceptorName()); assertNotNull(acceptor); String sslProviderInUse = (String) acceptor.getConfiguration().get(TransportConstants.SSL_PROVIDER); assertEquals(sslProvider, sslProviderInUse); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrue() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER); tc.getParams().put(TransportConstants.TRUST_ALL_PROP_NAME, true); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrue() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUST_ALL_PROP_NAME, true); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testTwoWaySSLVerifyClientTrustAllTrue() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); //Set trust all so this should work even with no trust store set tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUST_ALL_PROP_NAME, true); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = createSessionFactory(locator); sf.close(); }
@Test public void testTwoWaySSLVerifyClientHostNegative() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.VERIFY_HOST_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); try { ClientSessionFactory sf = createSessionFactory(locator); fail("Creating a session here should fail due to a certificate with a CN that doesn't match the host name."); } catch (Exception e) { // ignore } }
@Test public void testTwoWaySSLVerifyClientHostNegative() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.VERIFY_HOST_PROP_NAME, true); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER); tc.getParams().put(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); try { ClientSessionFactory sf = createSessionFactory(locator); fail("Creating a session here should fail due to a certificate with a CN that doesn't match the host name."); } catch (ActiveMQNotConnectedException se) { // ignore } }