[AMQ-5789] Add support for keystore type (other than jks)
diff --git a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
index fe9d52f..2097f91 100644
--- a/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
+++ b/activemq-client/src/main/java/org/apache/activemq/ActiveMQSslConnectionFactory.java
@@ -62,8 +62,10 @@
protected KeyManager[] keyManager;
protected TrustManager[] trustManager;
protected SecureRandom secureRandom;
+ protected String trustStoreType = KeyStore.getDefaultType();
protected String trustStore;
protected String trustStorePassword;
+ protected String keyStoreType = KeyStore.getDefaultType();
protected String keyStore;
protected String keyStorePassword;
@@ -124,7 +126,7 @@
protected TrustManager[] createTrustManager() throws Exception {
TrustManager[] trustStoreManagers = null;
- KeyStore trustedCertStore = KeyStore.getInstance("jks");
+ KeyStore trustedCertStore = KeyStore.getInstance(getTrustStoreType());
if (trustStore != null) {
InputStream tsStream = getInputStream(trustStore);
@@ -140,7 +142,7 @@
protected KeyManager[] createKeyManager() throws Exception {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- KeyStore ks = KeyStore.getInstance("jks");
+ KeyStore ks = KeyStore.getInstance(getKeyStoreType());
KeyManager[] keystoreManagers = null;
if (keyStore != null) {
byte[] sslCert = loadClientCredential(keyStore);
@@ -204,6 +206,14 @@
return ins;
}
+ public String getTrustStoreType() {
+ return trustStoreType;
+ }
+
+ public void setTrustStoreType(String type) {
+ trustStoreType = type;
+ }
+
public String getTrustStore() {
return trustStore;
}
@@ -235,6 +245,15 @@
this.trustStorePassword = trustStorePassword;
}
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ public void setKeyStoreType(String type) {
+ keyStoreType = type;
+ }
+
+
public String getKeyStore() {
return keyStore;
}
diff --git a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
index aa6b1c3..cde7cb5 100644
--- a/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
+++ b/activemq-client/src/test/java/org/apache/activemq/ActiveMQSslConnectionFactoryTest.java
@@ -26,6 +26,7 @@
public class ActiveMQSslConnectionFactoryTest {
final String TRUST_STORE_FILE_NAME = "client.keystore";
+ final String TRUST_STORE_PKCS12_FILE_NAME = "client-pkcs12.keystore";
final String TRUST_STORE_DIRECTORY_NAME = "src/test/resources/ssl/";
final String TRUST_STORE_RESOURCE_PREFIX = "ssl/";
final String TRUST_STORE_PASSWORD = "password";
@@ -92,9 +93,34 @@
executeTest(FAILOVER_SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_FILE_NAME + ".dummy");
}
+ @Test(expected = ConnectException.class)
+ public void validPkcs12TrustStoreFileTest() throws Throwable {
+ executeTest(SSL_TRANSPORT, TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+ }
+
+ @Test(expected = ConnectException.class)
+ public void validPkcs12TrustStoreURLTest() throws Throwable {
+ executeTest(SSL_TRANSPORT, new File(TRUST_STORE_DIRECTORY_NAME + TRUST_STORE_PKCS12_FILE_NAME).toURI().toString(), "pkcs12");
+ }
+
+ @Test(expected = ConnectException.class)
+ public void validPkcs12TrustStoreResourceTest() throws Throwable {
+ executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "pkcs12");
+ }
+
+ @Test(expected = IOException.class) // Invalid keystore format
+ public void invalidTrustStoreTypeTest() throws Throwable {
+ executeTest(SSL_TRANSPORT, TRUST_STORE_RESOURCE_PREFIX + TRUST_STORE_PKCS12_FILE_NAME, "jks");
+ }
+
protected void executeTest(String transport, String name) throws Throwable {
+ executeTest(transport, name, null);
+ }
+
+ protected void executeTest(String transport, String name, String type) throws Throwable {
try {
ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory(transport);
+ activeMQSslConnectionFactory.setTrustStoreType(type != null ? type : activeMQSslConnectionFactory.getTrustStoreType());
activeMQSslConnectionFactory.setTrustStore(name);
activeMQSslConnectionFactory.setTrustStorePassword(TRUST_STORE_PASSWORD);
diff --git a/activemq-client/src/test/resources/ssl/client-pkcs12.keystore b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
new file mode 100644
index 0000000..bf99cb5
--- /dev/null
+++ b/activemq-client/src/test/resources/ssl/client-pkcs12.keystore
Binary files differ