Package org.apache.activemq.artemis.core.remoting.impl.ssl

Class SSLSupport

java.lang.Object
org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport
public class SSLSupport extends Object
Please note, this class supports PKCS#11 keystores, but there are no specific tests in the ActiveMQ Artemis test-suite to validate/verify this works because this requires a functioning PKCS#11 provider which is not available by default (see java.security.Security#getProviders()). The main thing to keep in mind is that PKCS#11 keystores will either use null, and empty string, or NONE for their keystore path.

  • Field Details

  • Constructor Details

    • SSLSupport

      public SSLSupport()

    • SSLSupport

      public SSLSupport(SSLContextConfig config)

  • Method Details

    • getKeystoreProvider

      public String getKeystoreProvider()

    • setKeystoreProvider

      public SSLSupport setKeystoreProvider(String keystoreProvider)

    • getKeystoreType

      public String getKeystoreType()

    • setKeystoreType

      public SSLSupport setKeystoreType(String keystoreType)

    • getKeystorePath

      public String getKeystorePath()

    • setKeystorePath

      public SSLSupport setKeystorePath(String keystorePath)

    • getKeystorePassword

      public String getKeystorePassword()

    • setKeystorePassword

      public SSLSupport setKeystorePassword(String keystorePassword)

    • getKeystoreAlias

      public String getKeystoreAlias()

    • setKeystoreAlias

      public SSLSupport setKeystoreAlias(String keystoreAlias)

    • getTruststoreProvider

      public String getTruststoreProvider()

    • setTruststoreProvider

      public SSLSupport setTruststoreProvider(String truststoreProvider)

    • getTruststoreType

      public String getTruststoreType()

    • setTruststoreType

      public SSLSupport setTruststoreType(String truststoreType)

    • getTruststorePath

      public String getTruststorePath()

    • setTruststorePath

      public SSLSupport setTruststorePath(String truststorePath)

    • getTruststorePassword

      public String getTruststorePassword()

    • setTruststorePassword

      public SSLSupport setTruststorePassword(String truststorePassword)

    • getCrlPath

      public String getCrlPath()

    • setCrlPath

      public SSLSupport setCrlPath(String crlPath)

    • getSslProvider

      public String getSslProvider()

    • setSslProvider

      public SSLSupport setSslProvider(String sslProvider)

    • isTrustAll

      public boolean isTrustAll()

    • setTrustAll

      public SSLSupport setTrustAll(boolean trustAll)

    • getTrustManagerFactoryPlugin

      public String getTrustManagerFactoryPlugin()

    • setTrustManagerFactoryPlugin

      public SSLSupport setTrustManagerFactoryPlugin(String trustManagerFactoryPlugin)

    • createContext

      public SSLContext createContext() throws Exception
      Throws:
      Exception

    • createNettyContext

      public io.netty.handler.ssl.SslContext createNettyContext() throws Exception
      Throws:
      Exception

    • createNettyClientContext

      public io.netty.handler.ssl.SslContext createNettyClientContext() throws Exception
      Throws:
      Exception

    • parseCommaSeparatedListIntoArray

      public static String[] parseCommaSeparatedListIntoArray(String suites)

    • parseArrayIntoCommandSeparatedList

      public static String parseArrayIntoCommandSeparatedList(String[] suites)

    • loadKeystore

      public static KeyStore loadKeystore(String keystoreProvider, String keystoreType, String keystorePath, String keystorePassword) throws Exception
      Throws:
      Exception

    • checkPemProviderLoaded

      public static void checkPemProviderLoaded(String keystoreType)
      This method calls out to a separate class in order to avoid a hard dependency on the provider's implementation. This allows folks who don't use PEM to avoid using the corresponding dependency.

    • getValidProviderAndType

      public static Pair<String,String> getValidProviderAndType(String storeProvider, String storeType)
      The changes ARTEMIS-3155 introduced an incompatibility with old clients using the keyStoreProvider and trustStoreProvider URL properties. These old clients use these properties to set the *type* of store (e.g. PKCS12, PKCS11, JKS, JCEKS, etc.), but new clients use these to set the *provider* (as the name implies). This method checks to see if the provider property matches what is expected from old clients and if so returns they proper provider and type properties to use with the new client implementation.
      Returns:
      a Pair<String, String> representing the provider and type to use (in that order)