[AMQ-5789] Add support for keystore type (other than jks)

commit: e85441f39336bd726f7822fbe7b3bb50f7322c77 [log] [tgz]
author: Hadrian Zbarcea <hadrian@apache.org> Tue Jun 02 22:01:35 2015 -0400
committer: Hadrian Zbarcea <hadrian@apache.org> Tue Jun 02 22:12:08 2015 -0400
tree: 49d0d3045cd9c8ac2692aeecb731bfa43bc1ea0b
parent: e94fc230b6caff091f1829b4e0cb360fca62cfbf [diff]
diff --git a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
index fe9d52f..2097f91 100644
--- a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
+++ b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java

@@ -62,8 +62,10 @@
     protected KeyManager[] keyManager;
     protected TrustManager[] trustManager;
     protected SecureRandom secureRandom;
+    protected String trustStoreType = KeyStore.getDefaultType();
     protected String trustStore;
     protected String trustStorePassword;
+    protected String keyStoreType = KeyStore.getDefaultType();
     protected String keyStore;
     protected String keyStorePassword;
 
@@ -124,7 +126,7 @@
 
     protected TrustManager[] createTrustManager() throws Exception {
         TrustManager[] trustStoreManagers = null;
-        KeyStore trustedCertStore = KeyStore.getInstance("jks");
+        KeyStore trustedCertStore = KeyStore.getInstance(getTrustStoreType());
 
         if (trustStore != null) {
             InputStream tsStream = getInputStream(trustStore);
@@ -140,7 +142,7 @@
 
     protected KeyManager[] createKeyManager() throws Exception {
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-        KeyStore ks = KeyStore.getInstance("jks");
+        KeyStore ks = KeyStore.getInstance(getKeyStoreType());
         KeyManager[] keystoreManagers = null;
         if (keyStore != null) {
             byte[] sslCert = loadClientCredential(keyStore);
@@ -204,6 +206,14 @@
         return ins;
     }
 
+    public String getTrustStoreType() {
+        return trustStoreType;
+    }
+
+    public void setTrustStoreType(String type) {
+        trustStoreType = type;
+    }
+
     public String getTrustStore() {
         return trustStore;
     }
@@ -235,6 +245,15 @@
         this.trustStorePassword = trustStorePassword;
     }
 
+    public String getKeyStoreType() {
+        return keyStoreType;
+    }
+
+    public void setKeyStoreType(String type) {
+        keyStoreType = type;
+    }
+
+
     public String getKeyStore() {
         return keyStore;
     }

diff --git a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
index aa6b1c3..cde7cb5 100644
--- a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
+++ b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java

@@ -26,6 +26,7 @@
 public class ActiveMQSslConnectionFactoryTest {
 
     final String TRUST_STORE_FILE_NAME = "client.keystore";
+    final String TRUST_STORE_PKCS12_FILE_NAME = "client-pkcs12.keystore";
     final String TRUST_STORE_DIRECTORY_NAME = "src/test/resources/ssl/";
     final String TRUST_STORE_RESOURCE_PREFIX = "ssl/";
     final String TRUST_STORE_PASSWORD = "password";
@@ -92,9 +93,34 @@
         executeTest(FAILOVER_SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_FILE_NAME + ".dummy");
     }
 
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreFileTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+    }
+
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreURLTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, new File(TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME).toURI().toString(), "pkcs12");
+    }
+
+    @Test(expected = ConnectException.class)
+    public void validPkcs12TrustStoreResourceTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+    }
+
+    @Test(expected = IOException.class)	// Invalid keystore format
+    public void invalidTrustStoreTypeTest() throws Throwable {
+        executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "jks");
+    }
+
     protected void executeTest(String transport, String name) throws Throwable {
+    	executeTest(transport, name, null);    	
+    }
+
+    protected void executeTest(String transport, String name, String type) throws Throwable {
         try {
             ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory(transport);
+            activeMQSslConnectionFactory.setTrustStoreType(type != null ? type : activeMQSslConnectionFactory.getTrustStoreType());
             activeMQSslConnectionFactory.setTrustStore(name);
             activeMQSslConnectionFactory.setTrustStorePassword(TRUST_STORE_PASSWORD);
 

diff --git a/activemq-client/src/test/resources/ssl/client-pkcs12.keystore b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
new file mode 100644
index 0000000..bf99cb5
--- /dev/null
+++ b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
Binary files differ
commit	e85441f39336bd726f7822fbe7b3bb50f7322c77	[log] [tgz]
author	Hadrian Zbarcea <hadrian@apache.org>	Tue Jun 02 22:01:35 2015 -0400
committer	Hadrian Zbarcea <hadrian@apache.org>	Tue Jun 02 22:12:08 2015 -0400
tree	49d0d3045cd9c8ac2692aeecb731bfa43bc1ea0b
parent	e94fc230b6caff091f1829b4e0cb360fca62cfbf [diff]