4 Replies Latest reply on Oct 21, 2012 4:37 PM by greyfairer2

    Use Default Java Keystore for NettyConnectorFactory

    hmr_mueller
    hmr_mueller Mar 29, 2011 8:32 AM

      Hi,

       

      defining using SSL in the NettyConnectorFactory requires to set the keystore and keystore password. Using the connector factory via JNDI on a client has the problem, that the server cannot predict the path to the keystoreand it can be different on different clients. Also when the keystore is not found on the client the exception contains the keystore password in clear text in the exception message which is not very cool.

      The NettyConnector should be able to rely on the default JSSE settings which can be changed by the client using the known system properties.

      Is there already a way to do this in HornetQ 2.1.2

       

      Thanks.

      • 3312 Views
      • Tags:
        • 1. Use Default Java Keystore for NettyConnectorFactory
          ataylor
          ataylor Mar 29, 2011 9:50 AM (in response to hmr_mueller)

          not at present, but its a feature we should have, feel free to raise a jira. A patch should be quite easy to write if you want to provide a patch as well.

            • Actions
          • 2. Use Default Java Keystore for NettyConnectorFactory
            greyfairer2
            greyfairer2 May 5, 2011 7:36 AM (in response to hmr_mueller)

            A workaround is to ignore the server side configuration and set up the ConnectionFactory from the client.

             

                    HashMap<String, Object> connectionProperties = new HashMap<String, Object>();

                    connectionProperties.put(TransportConstants.HOST_PROP_NAME, "local.hornetq.acme.com");

                    connectionProperties.put(TransportConstants.PORT_PROP_NAME, 443);

             

                    connectionProperties.put(TransportConstants.SSL_ENABLED_PROP_NAME, "true");

                    connectionProperties.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "file://.../truststore.jks");

                    connectionProperties.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "changethis");

             

                    connectionProperties.put(TransportConstants.USE_SERVLET_PROP_NAME, "true");

                    connectionProperties.put(TransportConstants.SERVLET_PATH, "/messaging/HornetQServlet");

                   

                                ClientSessionFactory sf = HornetQClient.createClientSessionFactory(new TransportConfiguration(NettyConnectorFactory.class.getName(), connectionProperties));

               ConnectionFactory cf = new HornetQConnectionFactory(sf);

              • Actions
            • 3. Re: Use Default Java Keystore for NettyConnectorFactory
              ybxiang.china
              ybxiang.china Oct 16, 2012 8:50 PM (in response to greyfairer2)

              A workaround is to ignore the server side configuration and set up the ConnectionFactory from the client.

              ~~~~~~~~This workaround is HornetQ-Client specified.

              Is there a workaround for JMS client?

                • Actions
              • 4. Re: Use Default Java Keystore for NettyConnectorFactory
                greyfairer2
                greyfairer2 Oct 21, 2012 4:37 PM (in response to ybxiang.china)

                In hornetq 2.3.0.Final, the ConnectionFactory will also check system properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword. See https://github.com/hornetq/hornetq/pull/558/files. So I guess that works if you do a JNDI lookup as well (pure JMS client).

                  • Actions