From f5be0c6b64c333b880e801ca090850eec320371b Mon Sep 17 00:00:00 2001 From: Timothy Bish Date: Thu, 11 Apr 2024 09:17:54 -0400 Subject: [PATCH] ARTEMIS-4720 Add an example of AMQP federation over SSL Adds an example that shows how to configure broker connections for AMQP federation over an SSL connection. --- .../amqp-federation-over-ssl/pom.xml | 158 ++++++++++++++++++ .../amqp-federation-over-ssl/readme.md | 19 +++ .../jms/example/BrokerFederationExample.java | 86 ++++++++++ .../resources/activemq/server0/broker.xml | 123 ++++++++++++++ .../activemq/server0/server-ca-truststore.p12 | Bin 0 -> 1270 bytes .../activemq/server0/server-keystore.p12 | Bin 0 -> 5000 bytes .../resources/activemq/server1/broker.xml | 106 ++++++++++++ .../activemq/server1/server-ca-truststore.p12 | Bin 0 -> 1270 bytes .../activemq/server1/server-keystore.p12 | Bin 0 -> 5000 bytes .../store-generation.txt | 62 +++++++ examples/features/broker-connection/pom.xml | 2 + scripts/run-examples.sh | 2 + 12 files changed, 558 insertions(+) create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/pom.xml create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/readme.md create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerFederationExample.java create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/broker.xml create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/server-ca-truststore.p12 create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/server-keystore.p12 create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/broker.xml create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/server-ca-truststore.p12 create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/server-keystore.p12 create mode 100644 examples/features/broker-connection/amqp-federation-over-ssl/store-generation.txt diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/pom.xml b/examples/features/broker-connection/amqp-federation-over-ssl/pom.xml new file mode 100644 index 00000000..28dd50d7 --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/pom.xml @@ -0,0 +1,158 @@ + + + + + 4.0.0 + + + org.apache.activemq.examples.broker-connection + broker-connections + 2.34.0-SNAPSHOT + + + amqp-federation-over-ssl + jar + amqp-federation-over-ssl + + + ${project.basedir}/../../../.. + + + + + org.apache.qpid + qpid-jms-client + + + + + + + org.apache.activemq + artemis-maven-plugin + + + create0 + + create + + + ${noServer} + ${basedir}/target/server0 + true + ${basedir}/target/classes/activemq/server0 + + -Djava.net.preferIPv4Stack=true + + + + create1 + + create + + + ${noServer} + ${basedir}/target/server1 + true + ${basedir}/target/classes/activemq/server1 + + -Djava.net.preferIPv4Stack=true + + + + + start1 + + cli + + + ${noServer} + true + ${basedir}/target/server1 + tcp://localhost:5770?sslEnabled=true&trustStorePath=activemq/server1/server-ca-truststore.p12&trustStorePassword=securepass&trustStoreType=PKCS12 + + run + + server1 + + + + start0 + + cli + + + true + ${noServer} + ${basedir}/target/server0 + tcp://localhost:5660?sslEnabled=true&trustStorePath=activemq/server0/server-ca-truststore.p12&trustStorePassword=securepass&trustStoreType=PKCS12 + + run + + server0 + + + + runClient + + runClient + + + + org.apache.activemq.artemis.jms.example.BrokerFederationExample + + + + stop0 + + stop + + + ${noServer} + ${basedir}/target/server0 + + + + stop1 + + stop + + + ${noServer} + ${basedir}/target/server1 + + + + + + org.apache.activemq.examples.broker-connection + amqp-federation-over-ssl + ${project.version} + + + + + org.apache.maven.plugins + maven-clean-plugin + + + + diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/readme.md b/examples/features/broker-connection/amqp-federation-over-ssl/readme.md new file mode 100644 index 00000000..c3ec7f72 --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/readme.md @@ -0,0 +1,19 @@ +# AMQP Broker Connection demonstrating Federation over SSL connections + +To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to create and start the broker manually. + +This example demonstrates how you can federate messages sent to an Address on a remote server back to the local server and also instruct the remote server to federate messages sent to a Queue on the local server back to itself over a single AMQP connection. The connection is made using a connector and acceptor with SSL configured. + +The broker accepting the connection needs an acceptor on the remote to connect to which is configured as follows + + tcp://localhost:5770?sslEnabled=true;keyStorePath=server-keystore.p12;keyStorePassword=securepass;keyStoreType=PKCS12 + +While the connecting broker needs to configure its broker connection URI to enable SSL and provide a trust store that include the broker certificate or certificate of the signing authority indicating the remote certificate can be trusted. + + + + ... + + + +The keystore and trustores used in the example were generated with store-generation.txt \ No newline at end of file diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerFederationExample.java b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerFederationExample.java new file mode 100644 index 00000000..0ed3dd28 --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerFederationExample.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.jms.example; + +import javax.jms.Connection; +import javax.jms.ConnectionFactory; +import javax.jms.MessageConsumer; +import javax.jms.MessageProducer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.TextMessage; +import javax.jms.Topic; + +import org.apache.qpid.jms.JmsConnectionFactory; + +/** + * This example is demonstrating how messages are federated between two brokers with the + * federation configuration located on only one broker (server0) and only a single outbound + * connection is configured from server0 to server1 over an SSL connection. + */ +public class BrokerFederationExample { + + public static void main(final String[] args) throws Exception { + + final ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory( + "amqps://localhost:5660" + + "?transport.trustStoreLocation=src/main/resources/activemq/server0/server-ca-truststore.p12" + + "&transport.trustStoreType=PKCS12&" + + "transport.trustStorePassword=securepass"); + final ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory( + "amqps://localhost:5770" + + "?transport.trustStoreLocation=src/main/resources/activemq/server1/server-ca-truststore.p12" + + "&transport.trustStoreType=PKCS12" + + "&transport.trustStorePassword=securepass"); + + final Connection connectionOnServer0 = connectionFactoryServer0.createConnection(); + final Connection connectionOnServer1 = connectionFactoryServer1.createConnection(); + + connectionOnServer0.start(); + connectionOnServer1.start(); + + final Session sessionOnServer0 = connectionOnServer0.createSession(Session.AUTO_ACKNOWLEDGE); + final Session sessionOnServer1 = connectionOnServer1.createSession(Session.AUTO_ACKNOWLEDGE); + + final Topic ordersTopic = sessionOnServer0.createTopic("orders"); + final Queue trackingQueue = sessionOnServer1.createQueue("tracking"); + + // Federation from server1 back to server0 on the orders address + final MessageProducer ordersProducerOn1 = sessionOnServer1.createProducer(ordersTopic); + final MessageConsumer ordersConsumerOn0 = sessionOnServer0.createConsumer(ordersTopic); + + final TextMessage orderMessageSent = sessionOnServer1.createTextMessage("new-order"); + + ordersProducerOn1.send(orderMessageSent); + + final TextMessage orderMessageReceived = (TextMessage) ordersConsumerOn0.receive(5_000); + + System.out.println("Consumer on server 0 received order message from producer on server 1 " + orderMessageReceived.getText()); + + // Federation from server0 to server1 on the tracking queue + final MessageProducer trackingProducerOn0 = sessionOnServer0.createProducer(trackingQueue); + final MessageConsumer trackingConsumerOn1 = sessionOnServer1.createConsumer(trackingQueue); + + final TextMessage trackingMessageSent = sessionOnServer0.createTextMessage("new-tracking-data"); + + trackingProducerOn0.send(trackingMessageSent); + + final TextMessage trackingMessageReceived = (TextMessage) trackingConsumerOn1.receive(5_000); + + System.out.println("Consumer on server 1 received tracking data from producer on server 0 " + trackingMessageReceived.getText()); + } +} diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/broker.xml b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/broker.xml new file mode 100644 index 00000000..ee4b1b18 --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/broker.xml @@ -0,0 +1,123 @@ + + + + + + + + 0.0.0.0 + + false + + NIO + + + true + + 120000 + + 60000 + + HALT + + 44000 + + + + tcp://0.0.0.0:5660?sslEnabled=true;keyStoreType=PKCS12;keyStorePath=server-keystore.p12;keyStorePassword=securepass + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + DLQ + ExpiryQueue + 0 + + -1 + 10 + PAGE + true + true + + + + DLQ + ExpiryQueue + 0 + + -1 + 10 + PAGE + true + true + + + + +
+ + +
+
+ + + +
+ + + + diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/server-ca-truststore.p12 b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server0/server-ca-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..82bffbb104863997f359959fa05883310cead8e3 GIT binary patch literal 1270 zcmV&LNQU`I8pL?;M0b#tH%gClCSwATSID2r7n1hW8Bu2?YQ! z9R>+thDZTr0|Wso1Q2MJguqK#Kn_+n@!c!`@t=T#1Mqql9GECx#;9BE79^6A4m4y{ zgc32|3c*06x?)p^PpqL@##B~)=~1p8L|7R2`xm%fF}&F%%)|iRAlz3w${ijxa;R<4 z*MgfQj{a=yPi-qP!?IEe-<*Od7dCkIQ1jJo<_t0Oyz|CL>>F&M0H!1_{|EIzL+uL_ zpa7!<>=OFMQb;j8D_hGl#k>E9P(2)A(2=YEG)XE2uGLvfdwRg{CmPa?e-*vqj!1YV z{U*3iN7ix7QbP`5Q`sudm0>hNRCY#)qBU%}C@WtX{95ayL83k`bNRS@n4;tp3}-AG zO^4;Dnn7%?@g{CYka|ZI%$n(D_>xn3T*lhGAl*~@q;Zlx;3T`Dx-5Jvw2{=kQk(2Q z%&4D7fRq|c<~YW}fgi6~b0XI?gDpK|fT&5+?!JF)-1$|hv|)P$=I*h0k5FY&7C?51 zJR8W5>b0=&(~??5m)Rt0xF-15Y*j~Kl6^;{@@IQI@UQi4{*u+rHt^G0uA81r3R z{5JX|+EBuUn`H576~8NW(NmsgKgL^yxS7fB8u?sO6Ur7egW4luh&Ys4t$7_wcIM)r z4)Kp+CB8Z=Z#g~Q)(}qI7X^d{)k%fv0rfttssqpBHoBYoiL@MR*0-bMTM(7@%TuY~ z4@>g~b$KwGOOb7)@`bbA1eFcXr^b7aw^g50M3A@-?lPU&5dakd9mA;&->)7$SU}R(yLGWR1yyvCbB%v z1@?UmHDoL4Aag7xts!~VWvWq3k**4BPzyMTKOBIO5{jx8rY=`}eA^(jNMkSgxBowF zM5_myrIL=je~QUD2ox*hX$=ww5?t5GP8G)OL`sG#aU%7e(vNzGr@;NuC@?5!Un^Df zKD1hpmQ13`Jry&i2z~jArvNPdffEi+Nr9f6k~Xh>Rir%DHHrfRihKH2p;c_O?2*5h z+(s}>FflL<1_@w>NC9O71OfpC00ba88tLqAlo^J%w%;E)L}R!3q1fED!e3{Ni!jP% gL&U!X6eUr6XHy2%r6hNnt@~ zRsV}Z%LN6YW&VXf{f#7a?Eg_guz)CeL1?0XK_QscKMFJ)m@bU}-xdO62N5M<3@|K& z)LF&D0x?|73qNv2GX$fcFhfy*v@i%d=6`QQ0iyw6ROn!nFj=4_DhS91f*xI$)7ib7 z#G}$=2$7cgS^x?HjZxS2cSrU=*kIS1vP94W6Pxj(lbPOmB@zE}XI+rSIMOS5FDIYc zpgkAybZS-XqZq(K9RIuIwOdk0)|^gBU?{o@8EwPqfP9=!yok_>iRc{#0nI65;pA4s zR@_?U-Da@oSt2p-<_$RoQ(J$8eO9vdyVxr-vHqZ&5Ol-cz7E%_w;ouE@P`SvEdj+@ zujdjkxB_xdda-{==BJpD%^JS8%&iEpiba?aWD;MH`{s_-j3!q5k8Y>pJJ){twL}t` z2{6Ca7SeN|Cp~G_PkSBzO>mY(?$OonjlSM;dcZdZG_%3|pG^3GdsshfRpgk6Pe{s4 zfnAFM=GD_md{k7VGD!Pgk(HYH-d*_Z#Zw7;a&e>oePUB{+dF5!OPWvdx?7|f8*hrR zOfJhMnD;wPw{E@(=Z4%OJFR|i4_)u51ZLX5U9ROh)(!>2MvCY;nL{~;9($@Y1q%Hi)IpzFR@;WF=Pd)Pdb?JZ#(Xo>{eJ^RF6q;)^rCUg{+zjQYDc z*KFMOL?brsB(0W|+$O z+X_J%(mfjW`iJrh?^RmB?TN$9kbbVwsBNaU?mH!;W@PI;C5%#FPEP1{Qe|)T_j9#^ z!7f*5(!-38XV+(2wP&2YsCM>eah@@=z9mW4`M8M`BfUG|fTcK`v7sWUQmmwxO@&U; zl2W;W^K`4wj2E?n>UBZFk6#+NMR?_*&KRF!%@!YY<9>?U)E6sw9-Kyy`*n`^tNG& z^vLP8<99MnSsBz@n^$2zeIm#bF8;X1xh~q;}f3n~5LObyVBl*`NHx9RFEei$f zt9t14HB`x?AvfI`6K4kJ;%JubcUeBss=KUy)~`xvKIrEJ@sJ_41;i37(2mcZM;>VL zsSTRf;7`$QOwvjjjJsx|s5i02De^if7%#POt22+yJZ4IpkqJfcBr;p*m%}Tfc*2;t zJ1CwqwRq9Z9&u~EXx&;+vXJ)j%^!agAX%%2pD!~QY-JT{lON#=e8Qaku|k8|4fHU$nvv_+4e(U;dF*U|SrkHA|`IHs;WCqyC-^S$PsCA#$;veuNpj&qS=or9cq z73jV)^w9L36#*Z-yAba3XenOagdaEsQVBP)tuZZTXisYGZKm$*me9`l)h$z|yPikRC4%jLSFrJj9ikyoc!F2F z;i9l-|JWs%2#!k)0k{Gz0WJWK|6~~5za%l72t=S^>u5;}=Yw?8PAv{mAkEW795x)>&Fo z8GA44t+N=tQs=-R$Qb39lR1YLQ!qR;P21DAIK-bjeHeWW{eJNP8Lkmr_!+UU8}2jbbgPcL%LmxP>tn)pen3X7F$Wz1yHF)_NM@K%W$ ztCw(qg)mB3{We7FKHME?ZQL2%8>;b~i)+v zyHW+SoPsU!6VPt#01cHk`v;G$K| z&dlY^Y%@n*VzsGYh%Zl)U(o~;993M&b0Oo<^!`sOzT~P^>U1nNMWepbItJ&o46Xv< z1ljq3FwSkS*M9%^L(lz4=klmYG3Ik@JZL}x*VL(T&+J99b&RMMZR76i_q8R3jZ5$A z9?5bwcqPg#pM)o_?~HkQdjp5w>LGR*vEL(HbxWLbmv1_4JNrLe^Lu`Ka>I&&Kouy- z8Rh2u#SSJ~*i2R#M(g%-8zv}%AKtJ~d`I}EEHU*Jt0Mut`}WI}s^8+C)ZO_3-3q3A zQuWEC52B3i%4uuQY>ZlH+xXFruUk>L4$k7V$Y*OR|03_ z+njpcL36qVV})zI#S4QbZde=VAwzw~Ld!Q1iZnV-W5@UCS8Uhc`Kc$yC_-m46jrQ_ z#X2tH?D8tvQujq@w6LZw%3{gG)**o5YzuW|ojPS<8M_9F;PY|C?g?n|sn)!MR4v)O zV>akhC4@xztn#W%%#D3S-c%&N z*Z<|mJ2AZ=j#UY%>b0*baj@$HKp=BFtVzTW~;O+ zDTpxrQl@*yV9LKf*&}c~Es5|>n8VCy@6wN6jg@{Js;U&l6Y4IykqYDW)dGET!2w<~ znH$yw9(tg>wbF&YRMyFH_jwNdbAinuS&1doyExrWVvI<+V`vin|h4;O7K0 zRe6>@*V-ZOh)x@}j$zY$uy-Yfrt!NeL6Tzu0ecJ+l8F2ZoV8vE+uT+&K|a+!s|N~j zvIAEb(9FFBw$svr6Sa+P-G(>*5UUN9&)t@vLUEJv9kSqU-`cmoQ%i4gk|8L) z2(!mz+|zcAGL;35l{sZbWZyPT4{cFOL`wPm%20o=6=zBZjz3|keJ{E&`_eEC z4@$igu;16;a)p?0>F4M&m$IwY?lNM2$sCi8LPtJ6Z#?QQI-i2YR1h+*^OdO`^~V3u zMMbm!vrB|yxi=L0(`=j*eHy;Y$Z0Z_QMP}2C6lSvI-!tkoTQscY`fpW%ZB9V12aSY z_ae&X5U&B)bb;=4#@4n<;-H0G+*c%7=^J{jy52u1A4EQWuZjy@TP6IPuyO=P%LH}-%Yx&x~*uf;+Xkd8BQljkb84? z<3m54t-ROn3pYNc>fCkXOfrzRZ;4_RmF#!frK`szbs+L2Ek#Z^<5ljm2#r#j3r^fn z=?Af#HrM$1K(^xm*P-a0&*Sp*5>K)flFrrSg^^_O6e?{F( z&v>EQaf8_(h`H&>0hSY^v0B)FcGG^6!OUZy4G^a{0dDuJAkYw1-p zP^WA63u423E1Laz%xrhTIa*(TJjF@MQkFpKKr( z%p2jY!(U|I;`1tvOe|+TnolFU*UY!5q9-3BaIsk9SfdE1OPgL1ZDZlrEffLd#H@KQ zMbO0Qgs-l`1-_4VWOJO8cm2kCKaMI3A(pDpL6YmQ{H%`&%}$*s8Rhhfz-983Kq9`m z9u6S2o(bb3{KXM1F$G`JF_|O9FhG^QjVwn$tIKOoPMzpzNU{nltIlToAD27|`yegJ z%e?GnLuJ)lRK?wxUbrx>9T?>1Ru70v>Z4js@@p4PC1Cy2uGEv8LtJOGEuLv&F*T2La{}o~;jG5GPv~ zLyu_&dL}Xi-pL(YU8mdVqm3RNL%$Pg%1w`*V6bt_rRxwr3%5DH4+jwZqtm8w@JEoY z+Pg!}odtRlhv38AXd`9GU5uLTjSaX<=QibueB+cJ_6s3OEYVOdg4*_d=eSAOp*6P$ zPd$bC?L=6G^7>`_PqSQ7+}joZi67`{5c^@B9A}YCKB6bKs62L+F&EuDG-%ksA~^;{ zb7c5}c`4tVE&BqPGeeLKI=WGs*uuAfz%0^(yY3^a-B3ss&TbkunwYF428?IM_Q=FR zfG)r7uo8yEJ|Z!rB4^%6VHq`sFSap@+Xo`+mpe{?7jS6o9Q&WU*|te3Jd5qHC=$&8 zno+p$#eA`;v?=8Enpi9N3Q=Ab=gr^DA&5e^3Vr8)T8KClZar@v{E z#`ZyoszPY@<-$+6JO}MQjrc=ybvgpmSNSw*BR5<@P7VSA!>&}Q+oCeo(wZvWS^Y3v z;_fOQGl8$=MkYyXVVr9kfKudW-fKLMO~=pti>u{?^j#+gwfdqni_%YEHDA2avDxfo z_mNo546I3LgLh@0x~fp(vQ%;Rdmn=qro1!(lm6yfJhBeDHkLzJ#)^Lg#a|ruELe3cvv_}7Ilq{D6+<#UTRzQ|{bf2Q1+=&hF+~~>w zGXFvw8r|o`eCo)|-oUEyW8WHLL%f-a6CB%o@GcHaNZ+W?K$~Mh)lF;K;1Z_)r{fjG zVAU!vxNbyH2;ubyrZV)pyB6S0}3QJEirmL0vf8FPw!LRv6=S%E!{Q%(JL( z)QQ)Tk*{L{b+-PbMEg7m`n(1+_cDuen;P^I74D{P;V5nyptK#FD_6t{%N(||%XFoe z9Ie}nv&^liJNlkqr^aunhT)WHF?^+WN{|}KSm0!8Y@R^N!I7^6z93nfmxZ7^;1mGO z50T?-3oKs0vPE|7-;!Clz?5Kc7|uW6DHI?Y07MJ&cqKa!O{|Ch48D&)m4Q}PY==uA oeIsyC%;PJedo~CnG9t;=!U|O>$>{@O3m;e9( literal 0 HcmV?d00001 diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/broker.xml b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/broker.xml new file mode 100644 index 00000000..7a251cc5 --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/broker.xml @@ -0,0 +1,106 @@ + + + + + + + + 0.0.0.0 + + false + + NIO + + + true + + 120000 + + 60000 + + HALT + + 44000 + + + + tcp://0.0.0.0:5770?sslEnabled=true;keyStoreType=PKCS12;keyStorePath=server-keystore.p12;keyStorePassword=securepass + + + + + + + + + + + + + + + + + + + + + DLQ + ExpiryQueue + 0 + + -1 + 10 + PAGE + true + true + + + + DLQ + ExpiryQueue + 0 + + -1 + 10 + PAGE + true + true + + + + +
+ + +
+
+ + + +
+ + + + diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/server-ca-truststore.p12 b/examples/features/broker-connection/amqp-federation-over-ssl/src/main/resources/activemq/server1/server-ca-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..82bffbb104863997f359959fa05883310cead8e3 GIT binary patch literal 1270 zcmV&LNQU`I8pL?;M0b#tH%gClCSwATSID2r7n1hW8Bu2?YQ! z9R>+thDZTr0|Wso1Q2MJguqK#Kn_+n@!c!`@t=T#1Mqql9GECx#;9BE79^6A4m4y{ zgc32|3c*06x?)p^PpqL@##B~)=~1p8L|7R2`xm%fF}&F%%)|iRAlz3w${ijxa;R<4 z*MgfQj{a=yPi-qP!?IEe-<*Od7dCkIQ1jJo<_t0Oyz|CL>>F&M0H!1_{|EIzL+uL_ zpa7!<>=OFMQb;j8D_hGl#k>E9P(2)A(2=YEG)XE2uGLvfdwRg{CmPa?e-*vqj!1YV z{U*3iN7ix7QbP`5Q`sudm0>hNRCY#)qBU%}C@WtX{95ayL83k`bNRS@n4;tp3}-AG zO^4;Dnn7%?@g{CYka|ZI%$n(D_>xn3T*lhGAl*~@q;Zlx;3T`Dx-5Jvw2{=kQk(2Q z%&4D7fRq|c<~YW}fgi6~b0XI?gDpK|fT&5+?!JF)-1$|hv|)P$=I*h0k5FY&7C?51 zJR8W5>b0=&(~??5m)Rt0xF-15Y*j~Kl6^;{@@IQI@UQi4{*u+rHt^G0uA81r3R z{5JX|+EBuUn`H576~8NW(NmsgKgL^yxS7fB8u?sO6Ur7egW4luh&Ys4t$7_wcIM)r z4)Kp+CB8Z=Z#g~Q)(}qI7X^d{)k%fv0rfttssqpBHoBYoiL@MR*0-bMTM(7@%TuY~ z4@>g~b$KwGOOb7)@`bbA1eFcXr^b7aw^g50M3A@-?lPU&5dakd9mA;&->)7$SU}R(yLGWR1yyvCbB%v z1@?UmHDoL4Aag7xts!~VWvWq3k**4BPzyMTKOBIO5{jx8rY=`}eA^(jNMkSgxBowF zM5_myrIL=je~QUD2ox*hX$=ww5?t5GP8G)OL`sG#aU%7e(vNzGr@;NuC@?5!Un^Df zKD1hpmQ13`Jry&i2z~jArvNPdffEi+Nr9f6k~Xh>Rir%DHHrfRihKH2p;c_O?2*5h z+(s}>FflL<1_@w>NC9O71OfpC00ba88tLqAlo^J%w%;E)L}R!3q1fED!e3{Ni!jP% gL&U!X6eUr6XHy2%r6hNnt@~ zRsV}Z%LN6YW&VXf{f#7a?Eg_guz)CeL1?0XK_QscKMFJ)m@bU}-xdO62N5M<3@|K& z)LF&D0x?|73qNv2GX$fcFhfy*v@i%d=6`QQ0iyw6ROn!nFj=4_DhS91f*xI$)7ib7 z#G}$=2$7cgS^x?HjZxS2cSrU=*kIS1vP94W6Pxj(lbPOmB@zE}XI+rSIMOS5FDIYc zpgkAybZS-XqZq(K9RIuIwOdk0)|^gBU?{o@8EwPqfP9=!yok_>iRc{#0nI65;pA4s zR@_?U-Da@oSt2p-<_$RoQ(J$8eO9vdyVxr-vHqZ&5Ol-cz7E%_w;ouE@P`SvEdj+@ zujdjkxB_xdda-{==BJpD%^JS8%&iEpiba?aWD;MH`{s_-j3!q5k8Y>pJJ){twL}t` z2{6Ca7SeN|Cp~G_PkSBzO>mY(?$OonjlSM;dcZdZG_%3|pG^3GdsshfRpgk6Pe{s4 zfnAFM=GD_md{k7VGD!Pgk(HYH-d*_Z#Zw7;a&e>oePUB{+dF5!OPWvdx?7|f8*hrR zOfJhMnD;wPw{E@(=Z4%OJFR|i4_)u51ZLX5U9ROh)(!>2MvCY;nL{~;9($@Y1q%Hi)IpzFR@;WF=Pd)Pdb?JZ#(Xo>{eJ^RF6q;)^rCUg{+zjQYDc z*KFMOL?brsB(0W|+$O z+X_J%(mfjW`iJrh?^RmB?TN$9kbbVwsBNaU?mH!;W@PI;C5%#FPEP1{Qe|)T_j9#^ z!7f*5(!-38XV+(2wP&2YsCM>eah@@=z9mW4`M8M`BfUG|fTcK`v7sWUQmmwxO@&U; zl2W;W^K`4wj2E?n>UBZFk6#+NMR?_*&KRF!%@!YY<9>?U)E6sw9-Kyy`*n`^tNG& z^vLP8<99MnSsBz@n^$2zeIm#bF8;X1xh~q;}f3n~5LObyVBl*`NHx9RFEei$f zt9t14HB`x?AvfI`6K4kJ;%JubcUeBss=KUy)~`xvKIrEJ@sJ_41;i37(2mcZM;>VL zsSTRf;7`$QOwvjjjJsx|s5i02De^if7%#POt22+yJZ4IpkqJfcBr;p*m%}Tfc*2;t zJ1CwqwRq9Z9&u~EXx&;+vXJ)j%^!agAX%%2pD!~QY-JT{lON#=e8Qaku|k8|4fHU$nvv_+4e(U;dF*U|SrkHA|`IHs;WCqyC-^S$PsCA#$;veuNpj&qS=or9cq z73jV)^w9L36#*Z-yAba3XenOagdaEsQVBP)tuZZTXisYGZKm$*me9`l)h$z|yPikRC4%jLSFrJj9ikyoc!F2F z;i9l-|JWs%2#!k)0k{Gz0WJWK|6~~5za%l72t=S^>u5;}=Yw?8PAv{mAkEW795x)>&Fo z8GA44t+N=tQs=-R$Qb39lR1YLQ!qR;P21DAIK-bjeHeWW{eJNP8Lkmr_!+UU8}2jbbgPcL%LmxP>tn)pen3X7F$Wz1yHF)_NM@K%W$ ztCw(qg)mB3{We7FKHME?ZQL2%8>;b~i)+v zyHW+SoPsU!6VPt#01cHk`v;G$K| z&dlY^Y%@n*VzsGYh%Zl)U(o~;993M&b0Oo<^!`sOzT~P^>U1nNMWepbItJ&o46Xv< z1ljq3FwSkS*M9%^L(lz4=klmYG3Ik@JZL}x*VL(T&+J99b&RMMZR76i_q8R3jZ5$A z9?5bwcqPg#pM)o_?~HkQdjp5w>LGR*vEL(HbxWLbmv1_4JNrLe^Lu`Ka>I&&Kouy- z8Rh2u#SSJ~*i2R#M(g%-8zv}%AKtJ~d`I}EEHU*Jt0Mut`}WI}s^8+C)ZO_3-3q3A zQuWEC52B3i%4uuQY>ZlH+xXFruUk>L4$k7V$Y*OR|03_ z+njpcL36qVV})zI#S4QbZde=VAwzw~Ld!Q1iZnV-W5@UCS8Uhc`Kc$yC_-m46jrQ_ z#X2tH?D8tvQujq@w6LZw%3{gG)**o5YzuW|ojPS<8M_9F;PY|C?g?n|sn)!MR4v)O zV>akhC4@xztn#W%%#D3S-c%&N z*Z<|mJ2AZ=j#UY%>b0*baj@$HKp=BFtVzTW~;O+ zDTpxrQl@*yV9LKf*&}c~Es5|>n8VCy@6wN6jg@{Js;U&l6Y4IykqYDW)dGET!2w<~ znH$yw9(tg>wbF&YRMyFH_jwNdbAinuS&1doyExrWVvI<+V`vin|h4;O7K0 zRe6>@*V-ZOh)x@}j$zY$uy-Yfrt!NeL6Tzu0ecJ+l8F2ZoV8vE+uT+&K|a+!s|N~j zvIAEb(9FFBw$svr6Sa+P-G(>*5UUN9&)t@vLUEJv9kSqU-`cmoQ%i4gk|8L) z2(!mz+|zcAGL;35l{sZbWZyPT4{cFOL`wPm%20o=6=zBZjz3|keJ{E&`_eEC z4@$igu;16;a)p?0>F4M&m$IwY?lNM2$sCi8LPtJ6Z#?QQI-i2YR1h+*^OdO`^~V3u zMMbm!vrB|yxi=L0(`=j*eHy;Y$Z0Z_QMP}2C6lSvI-!tkoTQscY`fpW%ZB9V12aSY z_ae&X5U&B)bb;=4#@4n<;-H0G+*c%7=^J{jy52u1A4EQWuZjy@TP6IPuyO=P%LH}-%Yx&x~*uf;+Xkd8BQljkb84? z<3m54t-ROn3pYNc>fCkXOfrzRZ;4_RmF#!frK`szbs+L2Ek#Z^<5ljm2#r#j3r^fn z=?Af#HrM$1K(^xm*P-a0&*Sp*5>K)flFrrSg^^_O6e?{F( z&v>EQaf8_(h`H&>0hSY^v0B)FcGG^6!OUZy4G^a{0dDuJAkYw1-p zP^WA63u423E1Laz%xrhTIa*(TJjF@MQkFpKKr( z%p2jY!(U|I;`1tvOe|+TnolFU*UY!5q9-3BaIsk9SfdE1OPgL1ZDZlrEffLd#H@KQ zMbO0Qgs-l`1-_4VWOJO8cm2kCKaMI3A(pDpL6YmQ{H%`&%}$*s8Rhhfz-983Kq9`m z9u6S2o(bb3{KXM1F$G`JF_|O9FhG^QjVwn$tIKOoPMzpzNU{nltIlToAD27|`yegJ z%e?GnLuJ)lRK?wxUbrx>9T?>1Ru70v>Z4js@@p4PC1Cy2uGEv8LtJOGEuLv&F*T2La{}o~;jG5GPv~ zLyu_&dL}Xi-pL(YU8mdVqm3RNL%$Pg%1w`*V6bt_rRxwr3%5DH4+jwZqtm8w@JEoY z+Pg!}odtRlhv38AXd`9GU5uLTjSaX<=QibueB+cJ_6s3OEYVOdg4*_d=eSAOp*6P$ zPd$bC?L=6G^7>`_PqSQ7+}joZi67`{5c^@B9A}YCKB6bKs62L+F&EuDG-%ksA~^;{ zb7c5}c`4tVE&BqPGeeLKI=WGs*uuAfz%0^(yY3^a-B3ss&TbkunwYF428?IM_Q=FR zfG)r7uo8yEJ|Z!rB4^%6VHq`sFSap@+Xo`+mpe{?7jS6o9Q&WU*|te3Jd5qHC=$&8 zno+p$#eA`;v?=8Enpi9N3Q=Ab=gr^DA&5e^3Vr8)T8KClZar@v{E z#`ZyoszPY@<-$+6JO}MQjrc=ybvgpmSNSw*BR5<@P7VSA!>&}Q+oCeo(wZvWS^Y3v z;_fOQGl8$=MkYyXVVr9kfKudW-fKLMO~=pti>u{?^j#+gwfdqni_%YEHDA2avDxfo z_mNo546I3LgLh@0x~fp(vQ%;Rdmn=qro1!(lm6yfJhBeDHkLzJ#)^Lg#a|ruELe3cvv_}7Ilq{D6+<#UTRzQ|{bf2Q1+=&hF+~~>w zGXFvw8r|o`eCo)|-oUEyW8WHLL%f-a6CB%o@GcHaNZ+W?K$~Mh)lF;K;1Z_)r{fjG zVAU!vxNbyH2;ubyrZV)pyB6S0}3QJEirmL0vf8FPw!LRv6=S%E!{Q%(JL( z)QQ)Tk*{L{b+-PbMEg7m`n(1+_cDuen;P^I74D{P;V5nyptK#FD_6t{%N(||%XFoe z9Ie}nv&^liJNlkqr^aunhT)WHF?^+WN{|}KSm0!8Y@R^N!I7^6z93nfmxZ7^;1mGO z50T?-3oKs0vPE|7-;!Clz?5Kc7|uW6DHI?Y07MJ&cqKa!O{|Ch48D&)m4Q}PY==uA oeIsyC%;PJedo~CnG9t;=!U|O>$>{@O3m;e9( literal 0 HcmV?d00001 diff --git a/examples/features/broker-connection/amqp-federation-over-ssl/store-generation.txt b/examples/features/broker-connection/amqp-federation-over-ssl/store-generation.txt new file mode 100644 index 00000000..5d513bea --- /dev/null +++ b/examples/features/broker-connection/amqp-federation-over-ssl/store-generation.txt @@ -0,0 +1,62 @@ +!/bin/bash +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +# The various SSL stores and certificates were created with the following commands: +# This can be run as a script by sourcing the file, e.g ". store-generation.txt" +# Requires use of JDK 8+ keytool command. +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 +LOCAL_SERVER_NAMES="dns:localhost,dns:localhost.localdomain,dns:artemis.localtest.me,ip:127.0.0.1" + +# Clean up existing files +# -------------------------------------------------------------------------------------------------------------- +rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem *.pemcfg + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# -------------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt + +# Create trust store with the server CA cert: +# -------------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt + +# Create a key pair for the server, and sign it with the CA: +# -------------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES" + +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES" + +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt + +# Copy the stores into place +# -------------------------------------------------------------------------------------------------------------- +cp server-ca-truststore.p12 src/main/resources/activemq/server0/ +cp server-keystore.p12 src/main/resources/activemq/server0/ + +cp server-ca-truststore.p12 src/main/resources/activemq/server1/ +cp server-keystore.p12 src/main/resources/activemq/server1/ + +# Clean up tmp files +# -------------------------------------------------------------------------------------------------------------- +rm -f *.crt *.csr *.p12 \ No newline at end of file diff --git a/examples/features/broker-connection/pom.xml b/examples/features/broker-connection/pom.xml index 5beb6279..09c2d86e 100644 --- a/examples/features/broker-connection/pom.xml +++ b/examples/features/broker-connection/pom.xml @@ -52,6 +52,7 @@ under the License. amqp-receiving-messages amqp-sending-overssl amqp-federation + amqp-federation-over-ssl amqp-federation-multicast-hub-spoke amqp-federation-multicast-ring amqp-federation-multicast-fanout @@ -69,6 +70,7 @@ under the License. amqp-receiving-messages amqp-sending-overssl amqp-federation + amqp-federation-over-ssl amqp-federation-multicast-hub-spoke amqp-federation-multicast-ring amqp-federation-multicast-fanout diff --git a/scripts/run-examples.sh b/scripts/run-examples.sh index 7b84221d..eba389d2 100755 --- a/scripts/run-examples.sh +++ b/scripts/run-examples.sh @@ -175,9 +175,11 @@ cd amqp-sending-messages; mvn verify; cd .. cd amqp-sending-overssl; mvn verify; cd .. cd disaster-recovery; mvn verify; cd .. cd amqp-federation; mvn verify; cd .. +cd amqp-federation-over-ssl; mvn verify; cd .. cd amqp-federation-multicast-hub-spoke; mvn verify; cd .. cd amqp-federation-multicast-fanout; mvn verify; cd .. cd amqp-federation-multicast-ring; mvn verify; cd .. cd amqp-federation-queue-dual-federation; mvn verify; cd .. cd amqp-federation-queue-priority; mvn verify; cd .. +cd amqp-federation-queue-multiple-brokers; mvn verify; cd ..