trunk/activemq-core/src/test/java/org/apache/activemq/transport/tcp/SslContextNBrokerServiceTest.java - activemq - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.activemq.transport.tcp;

 import java.net.URI;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Iterator;
 import java.util.Map;

 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;

 import junit.framework.TestCase;

 import org.apache.activemq.broker.BrokerService;
 import org.apache.activemq.broker.TransportConnector;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.support.ClassPathXmlApplicationContext;


 public class SslContextNBrokerServiceTest extends TestCase {
     private static final transient Logger LOG = LoggerFactory.getLogger(SslContextNBrokerServiceTest.class);

     private ClassPathXmlApplicationContext context;
     Map beansOfType;

     public void testConfigurationIsolation() throws Exception {

         assertTrue("dummy bean has dummy cert", verifyCredentials("dummy"));
         assertTrue("good bean has amq cert", verifyCredentials("activemq.org"));
     }

     private boolean verifyCredentials(String name) throws Exception {
         boolean result = false;
         BrokerService broker = getBroker(name);
         assertNotNull(name, broker);
         broker.start();
         try {
             result = verifySslCredentials(broker);
         } finally {
             broker.stop();
         }
         return result;
     }

     private boolean verifySslCredentials(BrokerService broker) throws Exception {
         TransportConnector connector = broker.getTransportConnectors().get(0);
         URI brokerUri = connector.getConnectUri();

         SSLContext context = SSLContext.getInstance("TLS");
         CertChainCatcher catcher = new CertChainCatcher();
         context.init(null, new TrustManager[] {catcher}, null);

         SSLSocketFactory factory = context.getSocketFactory();
         LOG.info("Connecting to broker: " + broker.getBrokerName()
                 + " on: " + brokerUri.getHost() + ":" + brokerUri.getPort());
         SSLSocket socket = (SSLSocket)factory.createSocket(brokerUri.getHost(), brokerUri.getPort());
         socket.setSoTimeout(5000);
         socket.startHandshake();
         socket.close();

         boolean matches = false;
         if (catcher.serverCerts != null) {
             for (int i = 0; i < catcher.serverCerts.length; i++) {
                 X509Certificate cert = catcher.serverCerts[i];
                 LOG.info(" " + (i + 1) + " Issuer " + cert.getIssuerDN());
             }
             if (catcher.serverCerts.length > 0) {
                 String issuer = catcher.serverCerts[0].getIssuerDN().toString();
                 if (issuer.indexOf(broker.getBrokerName()) != -1) {
                     matches = true;
                 }
             }
         }
         return matches;
     }


     private BrokerService getBroker(String name) {
         BrokerService result = null;
         Iterator iterator = beansOfType.values().iterator();
         while(iterator.hasNext()) {
             BrokerService candidate = (BrokerService)iterator.next();
             if (candidate.getBrokerName().equals(name)) {
                 result = candidate;
                 break;
             }
         }
         return result;
     }


     protected void setUp() throws Exception {
         //System.setProperty("javax.net.debug", "ssl");
         Thread.currentThread().setContextClassLoader(SslContextNBrokerServiceTest.class.getClassLoader());
         context = new ClassPathXmlApplicationContext("org/apache/activemq/transport/tcp/n-brokers-ssl.xml");
         beansOfType = context.getBeansOfType(BrokerService.class);

     }

     @Override
     protected void tearDown() throws Exception {
         context.destroy();
     }


     class CertChainCatcher implements  X509TrustManager {
         X509Certificate[] serverCerts;

         public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
         }
         public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
             serverCerts = arg0;
         }
         public X509Certificate[] getAcceptedIssuers() {
             return null;
         }
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.activemq.transport.tcp;

	import java.net.URI;
	import java.security.cert.CertificateException;
	import java.security.cert.X509Certificate;
	import java.util.Iterator;
	import java.util.Map;

	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSocket;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.X509TrustManager;

	import junit.framework.TestCase;

	import org.apache.activemq.broker.BrokerService;
	import org.apache.activemq.broker.TransportConnector;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.context.support.ClassPathXmlApplicationContext;


	public class SslContextNBrokerServiceTest extends TestCase {
	private static final transient Logger LOG = LoggerFactory.getLogger(SslContextNBrokerServiceTest.class);

	private ClassPathXmlApplicationContext context;
	Map beansOfType;

	public void testConfigurationIsolation() throws Exception {

	assertTrue("dummy bean has dummy cert", verifyCredentials("dummy"));
	assertTrue("good bean has amq cert", verifyCredentials("activemq.org"));
	}

	private boolean verifyCredentials(String name) throws Exception {
	boolean result = false;
	BrokerService broker = getBroker(name);
	assertNotNull(name, broker);
	broker.start();
	try {
	result = verifySslCredentials(broker);
	} finally {
	broker.stop();
	}
	return result;
	}

	private boolean verifySslCredentials(BrokerService broker) throws Exception {
	TransportConnector connector = broker.getTransportConnectors().get(0);
	URI brokerUri = connector.getConnectUri();

	SSLContext context = SSLContext.getInstance("TLS");
	CertChainCatcher catcher = new CertChainCatcher();
	context.init(null, new TrustManager[] {catcher}, null);

	SSLSocketFactory factory = context.getSocketFactory();
	LOG.info("Connecting to broker: " + broker.getBrokerName()
	+ " on: " + brokerUri.getHost() + ":" + brokerUri.getPort());
	SSLSocket socket = (SSLSocket)factory.createSocket(brokerUri.getHost(), brokerUri.getPort());
	socket.setSoTimeout(5000);
	socket.startHandshake();
	socket.close();

	boolean matches = false;
	if (catcher.serverCerts != null) {
	for (int i = 0; i < catcher.serverCerts.length; i++) {
	X509Certificate cert = catcher.serverCerts[i];
	LOG.info(" " + (i + 1) + " Issuer " + cert.getIssuerDN());
	}
	if (catcher.serverCerts.length > 0) {
	String issuer = catcher.serverCerts[0].getIssuerDN().toString();
	if (issuer.indexOf(broker.getBrokerName()) != -1) {
	matches = true;
	}
	}
	}
	return matches;
	}


	private BrokerService getBroker(String name) {
	BrokerService result = null;
	Iterator iterator = beansOfType.values().iterator();
	while(iterator.hasNext()) {
	BrokerService candidate = (BrokerService)iterator.next();
	if (candidate.getBrokerName().equals(name)) {
	result = candidate;
	break;
	}
	}
	return result;
	}


	protected void setUp() throws Exception {
	//System.setProperty("javax.net.debug", "ssl");
	Thread.currentThread().setContextClassLoader(SslContextNBrokerServiceTest.class.getClassLoader());
	context = new ClassPathXmlApplicationContext("org/apache/activemq/transport/tcp/n-brokers-ssl.xml");
	beansOfType = context.getBeansOfType(BrokerService.class);

	}

	@Override
	protected void tearDown() throws Exception {
	context.destroy();
	}


	class CertChainCatcher implements X509TrustManager {
	X509Certificate[] serverCerts;

	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
	}
	public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
	serverCerts = arg0;
	}
	public X509Certificate[] getAcceptedIssuers() {
	return null;
	}
	}
	}