/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.transport.tcp;
import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import junit.framework.TestCase;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.broker.TransportConnector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.support.ClassPathXmlApplicationContext;
public class SslContextNBrokerServiceTest extends TestCase {
private static final transient Log LOG = LogFactory.getLog(SslContextNBrokerServiceTest.class);
private ClassPathXmlApplicationContext context;
Map beansOfType;
public void testConfigurationIsolation() throws Exception {
assertTrue("dummy bean has dummy cert", verifyCredentials("dummy"));
assertTrue("good bean has amq cert", verifyCredentials("activemq.org"));
}
private boolean verifyCredentials(String name) throws Exception {
boolean result = false;
BrokerService broker = getBroker(name);
assertNotNull(name, broker);
broker.start();
try {
result = verifySslCredentials(broker);
} finally {
broker.stop();
}
return result;
}
private boolean verifySslCredentials(BrokerService broker) throws Exception {
TransportConnector connector = broker.getTransportConnectors().get(0);
URI brokerUri = connector.getConnectUri();
SSLContext context = SSLContext.getInstance("TLS");
CertChainCatcher catcher = new CertChainCatcher();
context.init(null, new TrustManager[] {catcher}, null);
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket(brokerUri.getHost(), brokerUri.getPort());
socket.setSoTimeout(5000);
socket.startHandshake();
socket.close();
boolean matches = false;
if (catcher.serverCerts != null) {
for (int i = 0; i < catcher.serverCerts.length; i++) {
X509Certificate cert = catcher.serverCerts[i];
LOG.info(" " + (i + 1) + " Issuer " + cert.getIssuerDN());
}
if (catcher.serverCerts.length > 0) {
String issuer = catcher.serverCerts[0].getIssuerDN().toString();
if (issuer.indexOf(broker.getBrokerName()) != -1) {
matches = true;
}
}
}
return matches;
}
private BrokerService getBroker(String name) {
BrokerService result = null;
Iterator iterator = beansOfType.values().iterator();
while(iterator.hasNext()) {
BrokerService candidate = (BrokerService)iterator.next();
if (candidate.getBrokerName().equals(name)) {
result = candidate;
break;
}
}
return result;
}
protected void setUp() throws Exception {
//System.setProperty("javax.net.debug", "ssl");
Thread.currentThread().setContextClassLoader(SslContextNBrokerServiceTest.class.getClassLoader());
context = new ClassPathXmlApplicationContext("org/apache/activemq/transport/tcp/n-brokers-ssl.xml");
beansOfType = context.getBeansOfType(BrokerService.class);
}
@Override
protected void tearDown() throws Exception {
context.destroy();
}
class CertChainCatcher implements X509TrustManager {
X509Certificate[] serverCerts;
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
serverCerts = arg0;
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
}