activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [1/2] activemq-artemis git commit: ARTEMIS-1926 refactor SSLSupport
Date Mon, 18 Jun 2018 20:15:24 GMT
Repository: activemq-artemis
Updated Branches:
  refs/heads/master 16b2bcba6 -> 34062838e


ARTEMIS-1926 refactor SSLSupport


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/57ed5b05
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/57ed5b05
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/57ed5b05

Branch: refs/heads/master
Commit: 57ed5b0530d4b5d74909deb81121f473718b352e
Parents: 16b2bcb
Author: Justin Bertram <jbertram@apache.org>
Authored: Tue Jun 12 15:27:48 2018 -0500
Committer: Clebert Suconic <clebertsuconic@apache.org>
Committed: Mon Jun 18 16:15:13 2018 -0400

----------------------------------------------------------------------
 .../remoting/impl/netty/NettyConnector.java     |  52 ++++--
 .../core/remoting/impl/ssl/SSLSupport.java      | 183 +++++++++++--------
 .../core/remoting/impl/netty/NettyAcceptor.java |  20 +-
 .../management/ConnectorServerFactory.java      |   9 +-
 .../cli/test/WebServerComponentTest.java        |  16 +-
 .../jms/example/MqttCrlEnabledExample.java      |   7 +-
 .../mqtt/imported/MQTTSecurityCRLTest.java      |   7 +-
 .../ssl/CoreClientOverOneWaySSLTest.java        |  15 +-
 .../NettyConnectorWithHTTPUpgradeTest.java      |   5 +-
 .../core/remoting/impl/ssl/SSLSupportTest.java  | 102 +++++++++--
 10 files changed, 295 insertions(+), 121 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
index b32da92..284d0b9 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
@@ -533,7 +533,7 @@ public class NettyConnector extends AbstractConnector {
                if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
                   engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath,
realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
                } else {
-                  engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath,
realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
+                  engine = loadJdkSslEngine(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword,
realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
                }
 
                engine.setUseClientMode(true);
@@ -607,18 +607,26 @@ public class NettyConnector extends AbstractConnector {
       ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION,
host, port);
    }
 
-   private SSLEngine loadJdkSslEngine(boolean useDefaultSslContext,
-                                      String realKeyStoreProvider,
-                                      String realKeyStorePath,
-                                      String realKeyStorePassword,
-                                      String realTrustStoreProvider,
-                                      String realTrustStorePath,
-                                      String realTrustStorePassword) throws Exception {
+   private SSLEngine loadJdkSslEngine(String keystoreProvider,
+                                      String keystorePath,
+                                      String keystorePassword,
+                                      String truststoreProvider,
+                                      String truststorePath,
+                                      String truststorePassword) throws Exception {
       SSLContext context;
       if (useDefaultSslContext) {
          context = SSLContext.getDefault();
       } else {
-         context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword,
realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
+         context = new SSLSupport()
+            .setKeystoreProvider(keystoreProvider)
+            .setKeystorePath(keystorePath)
+            .setKeystorePassword(keystorePassword)
+            .setTruststoreProvider(truststoreProvider)
+            .setTruststorePath(truststorePath)
+            .setTruststorePassword(truststorePassword)
+            .setTrustAll(trustAll)
+            .setCrlPath(crlPath)
+            .createContext();
       }
       Subject subject = null;
       if (kerb5Config != null) {
@@ -642,14 +650,24 @@ public class NettyConnector extends AbstractConnector {
    }
 
    private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
-                                       String realKeyStoreProvider,
-                                       String realKeyStorePath,
-                                       String realKeyStorePassword,
-                                       String realTrustStoreProvider,
-                                       String realTrustStorePath,
-                                       String realTrustStorePassword) throws Exception {
-
-      SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath,
realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword,
sslProvider, trustAll);
+                                       String keystoreProvider,
+                                       String keystorePath,
+                                       String keystorePassword,
+                                       String truststoreProvider,
+                                       String truststorePath,
+                                       String truststorePassword) throws Exception {
+
+
+      SslContext context = new SSLSupport()
+         .setKeystoreProvider(keystoreProvider)
+         .setKeystorePath(keystorePath)
+         .setKeystorePassword(keystorePassword)
+         .setTruststoreProvider(truststoreProvider)
+         .setTruststorePath(truststorePath)
+         .setTruststorePassword(truststorePassword)
+         .setSslProvider(sslProvider)
+         .setTrustAll(trustAll)
+         .createNettyClientContext();
 
       Subject subject = null;
       if (kerb5Config != null) {

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
index 905e19e..89994c2 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java
@@ -44,6 +44,7 @@ import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
 import org.apache.activemq.artemis.utils.ClassloadingUtil;
 
 /**
@@ -53,80 +54,117 @@ import org.apache.activemq.artemis.utils.ClassloadingUtil;
  * null keystore path.
  */
 public class SSLSupport {
-   // Public --------------------------------------------------------
+   private String keystoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
+   private String keystorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
+   private String keystorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
+   private String truststoreProvider = TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER;
+   private String truststorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
+   private String truststorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
+   private String crlPath = TransportConstants.DEFAULT_CRL_PATH;
+   private String sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
+   private boolean trustAll = TransportConstants.DEFAULT_TRUST_ALL;
+
+   public String getKeystoreProvider() {
+      return keystoreProvider;
+   }
+
+   public SSLSupport setKeystoreProvider(String keystoreProvider) {
+      this.keystoreProvider = keystoreProvider;
+      return this;
+   }
+
+   public String getKeystorePath() {
+      return keystorePath;
+   }
+
+   public SSLSupport setKeystorePath(String keystorePath) {
+      this.keystorePath = keystorePath;
+      return this;
+   }
+
+   public String getKeystorePassword() {
+      return keystorePassword;
+   }
+
+   public SSLSupport setKeystorePassword(String keystorePassword) {
+      this.keystorePassword = keystorePassword;
+      return this;
+   }
+
+   public String getTruststoreProvider() {
+      return truststoreProvider;
+   }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword) throws Exception
{
+   public SSLSupport setTruststoreProvider(String truststoreProvider) {
+      this.truststoreProvider = truststoreProvider;
+      return this;
+   }
 
-      return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider,
trustStorePath, trustStorePassword, false, null);
+   public String getTruststorePath() {
+      return truststorePath;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final String crlPath) throws Exception {
+   public SSLSupport setTruststorePath(String truststorePath) {
+      this.truststorePath = truststorePath;
+      return this;
+   }
 
-      return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider,
trustStorePath, trustStorePassword, false, crlPath);
+   public String getTruststorePassword() {
+      return truststorePassword;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final boolean trustAll) throws Exception {
-      return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider,
trustStorePath, trustStorePassword, trustAll, null);
+   public SSLSupport setTruststorePassword(String truststorePassword) {
+      this.truststorePassword = truststorePassword;
+      return this;
    }
 
-   public static SSLContext createContext(final String keystoreProvider,
-                                          final String keystorePath,
-                                          final String keystorePassword,
-                                          final String trustStoreProvider,
-                                          final String trustStorePath,
-                                          final String trustStorePassword,
-                                          final boolean trustAll,
-                                          final String crlPath) throws Exception {
+   public String getCrlPath() {
+      return crlPath;
+   }
+
+   public SSLSupport setCrlPath(String crlPath) {
+      this.crlPath = crlPath;
+      return this;
+   }
+
+   public String getSslProvider() {
+      return sslProvider;
+   }
+
+   public SSLSupport setSslProvider(String sslProvider) {
+      this.sslProvider = sslProvider;
+      return this;
+   }
+
+   public boolean isTrustAll() {
+      return trustAll;
+   }
+
+   public SSLSupport setTrustAll(boolean trustAll) {
+      this.trustAll = trustAll;
+      return this;
+   }
+
+   public SSLContext createContext() throws Exception {
       SSLContext context = SSLContext.getInstance("TLS");
-      KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath,
keystorePassword);
-      TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath,
trustStorePassword, trustAll, crlPath);
+      KeyManager[] keyManagers = loadKeyManagers();
+      TrustManager[] trustManagers = loadTrustManagers();
       context.init(keyManagers, trustManagers, new SecureRandom());
       return context;
    }
 
-   public static SslContext createNettyContext(final String keystoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword,
-                                               final String trustStoreProvider,
-                                               final String trustStorePath,
-                                               final String trustStorePassword,
-                                               final String sslProvider) throws Exception
{
-
+   public SslContext createNettyContext() throws Exception {
       KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
       KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
-      return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider,
trustStorePath, trustStorePassword, false, null)).build();
+      return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(loadTrustManagerFactory()).build();
    }
 
-   public static SslContext createNettyClientContext(final String keystoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword,
-                                               final String trustStoreProvider,
-                                               final String trustStorePath,
-                                               final String trustStorePassword,
-                                               final String sslProvider,
-                                               final boolean trustAll  ) throws Exception
{
+   public SslContext createNettyClientContext() throws Exception {
       KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
       KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray());
-      return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider,
trustStorePath, trustStorePassword, trustAll, null)).build();
+      return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(loadTrustManagerFactory()).build();
    }
 
 
@@ -151,19 +189,15 @@ public class SSLSupport {
    }
 
    // Private -------------------------------------------------------
-   private static TrustManagerFactory loadTrustManagerFactory(final String trustStoreProvider,
-                                                              final String trustStorePath,
-                                                              final String trustStorePassword,
-                                                              final boolean trustAll,
-                                                              final String crlPath) throws
Exception {
+   private TrustManagerFactory loadTrustManagerFactory() throws Exception {
       if (trustAll) {
          //This is useful for testing but not should be used outside of that purpose
          return InsecureTrustManagerFactory.INSTANCE;
-      } else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase())))
{
+      } else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase())))
{
          return null;
       } else {
          TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-         KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath,
trustStorePassword);
+         KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath,
truststorePassword);
          boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
 
          boolean initialized = false;
@@ -171,7 +205,7 @@ public class SSLSupport {
             PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new
X509CertSelector());
             if (crlPath != null) {
                pkixParams.setRevocationEnabled(true);
-               Collection<? extends CRL> crlList = loadCRL(crlPath);
+               Collection<? extends CRL> crlList = loadCRL();
                if (crlList != null) {
                   pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
                }
@@ -187,25 +221,19 @@ public class SSLSupport {
       }
    }
 
-   private static TrustManager[] loadTrustManager(final String trustStoreProvider,
-                                                  final String trustStorePath,
-                                                  final String trustStorePassword,
-                                                  final boolean trustAll,
-                                                  final String crlPath) throws Exception
{
-      TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider,
trustStorePath, trustStorePassword, trustAll, crlPath);
+   private TrustManager[] loadTrustManagers() throws Exception {
+      TrustManagerFactory trustManagerFactory = loadTrustManagerFactory();
       if (trustManagerFactory == null) {
          return null;
       }
       return trustManagerFactory.getTrustManagers();
    }
 
-   private static Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{
+   private Collection<? extends CRL> loadCRL() throws Exception {
       if (crlPath == null) {
          return null;
       }
-
-      URL resource = SSLSupport.validateStoreURL(crlPath);
-
+      URL resource = validateStoreURL(crlPath);
       try (InputStream is = resource.openStream()) {
          return CertificateFactory.getInstance("X.509").generateCRLs(is);
       }
@@ -233,25 +261,20 @@ public class SSLSupport {
       return ks;
    }
 
-   private static KeyManager[] loadKeyManagers(final String keyStoreProvider,
-                                               final String keystorePath,
-                                               final String keystorePassword) throws Exception
{
-
-      KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword);
+   private KeyManager[] loadKeyManagers() throws Exception {
+      KeyManagerFactory factory = loadKeyManagerFactory();
       if (factory == null) {
          return null;
       }
       return factory.getKeyManagers();
    }
 
-   private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider,
-                                                          final String keystorePath,
-                                                          final String keystorePassword)
throws Exception {
-      if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase())))
{
+   private KeyManagerFactory loadKeyManagerFactory() throws Exception {
+      if (keystorePath == null && (keystoreProvider == null || !"PKCS11".equals(keystoreProvider.toUpperCase())))
{
          return null;
       } else {
          KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-         KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword);
+         KeyStore ks = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword);
          kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray());
          return kmf;
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
index ed1a941..fb46ff4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
@@ -542,7 +542,15 @@ public class NettyAcceptor extends AbstractAcceptor {
       try {
          if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
             throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME
+ "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null
" + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has
been specified.");
-         context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword,
trustStoreProvider, trustStorePath, trustStorePassword, crlPath);
+         context = new SSLSupport()
+            .setKeystoreProvider(keyStoreProvider)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(trustStoreProvider)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .setCrlPath(crlPath)
+            .createContext();
       } catch (Exception e) {
          IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor
for " + host + ":" + port);
          ise.initCause(e);
@@ -573,7 +581,15 @@ public class NettyAcceptor extends AbstractAcceptor {
       try {
          if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider))
             throw new IllegalArgumentException("If \"" + TransportConstants.SSL_ENABLED_PROP_NAME
+ "\" is true then \"" + TransportConstants.KEYSTORE_PATH_PROP_NAME + "\" must be non-null
" + "unless an alternative \"" + TransportConstants.KEYSTORE_PROVIDER_PROP_NAME + "\" has
been specified.");
-         context = SSLSupport.createNettyContext(keyStoreProvider, keyStorePath, keyStorePassword,
trustStoreProvider, trustStorePath, trustStorePassword, sslProvider);
+         context = new SSLSupport()
+            .setKeystoreProvider(keyStoreProvider)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(trustStoreProvider)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .setSslProvider(sslProvider)
+            .createNettyContext();
       } catch (Exception e) {
          IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor
for " + host + ":" + port);
          ise.initCause(e);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
index 2c66acb..4ae7e3e 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ConnectorServerFactory.java
@@ -232,7 +232,14 @@ public class ConnectorServerFactory {
 
    //todo fix
    private void setupSsl() throws Exception {
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, keyStorePath, keyStorePassword,
trustStoreProvider, trustStorePath, trustStorePassword);
+      SSLContext context = new SSLSupport()
+         .setKeystoreProvider(keyStoreProvider)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(trustStoreProvider)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
       SSLServerSocketFactory sssf = context.getServerSocketFactory();
       RMIServerSocketFactory rssf = new ArtemisSslRMIServerSocketFactory(sssf, this.isClientAuth(),
rmiServerHost);
       RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
----------------------------------------------------------------------
diff --git a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
index 1f1a946..fb6461e 100644
--- a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
+++ b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
@@ -177,9 +177,13 @@ public class WebServerComponentTest extends Assert {
       webServerComponent.start();
       final int port = webServerComponent.getPort();
       // Make the connection attempt.
-      String keyStoreProvider = "JKS";
 
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath,
webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.keyStorePath, webServerDTO.getKeyStorePassword());
+      SSLContext context = new SSLSupport()
+         .setKeystorePath(webServerDTO.keyStorePath)
+         .setKeystorePassword(webServerDTO.getKeyStorePassword())
+         .setTruststorePath(webServerDTO.keyStorePath)
+         .setTruststorePassword(webServerDTO.getKeyStorePassword())
+         .createContext();
 
       SSLEngine engine = context.createSSLEngine();
       engine.setUseClientMode(true);
@@ -233,9 +237,13 @@ public class WebServerComponentTest extends Assert {
       webServerComponent.start();
       final int port = webServerComponent.getPort();
       // Make the connection attempt.
-      String keyStoreProvider = "JKS";
 
-      SSLContext context = SSLSupport.createContext(keyStoreProvider, webServerDTO.keyStorePath,
webServerDTO.getKeyStorePassword(), keyStoreProvider, webServerDTO.trustStorePath, webServerDTO.getTrustStorePassword());
+      SSLContext context = new SSLSupport()
+         .setKeystorePath(webServerDTO.keyStorePath)
+         .setKeystorePassword(webServerDTO.getKeyStorePassword())
+         .setTruststorePath(webServerDTO.trustStorePath)
+         .setTruststorePassword(webServerDTO.getTrustStorePassword())
+         .createContext();
 
       SSLEngine engine = context.createSSLEngine();
       engine.setUseClientMode(true);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
----------------------------------------------------------------------
diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
index a4ddf6a..46e0ad1 100644
--- a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
+++ b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java
@@ -72,7 +72,12 @@ public class MqttCrlEnabledExample {
       mqtt.setConnectAttemptsMax(0);
       mqtt.setReconnectAttemptsMax(0);
       mqtt.setHost(host);
-      mqtt.setSslContext(SSLSupport.createContext("JKS", keystorePath, keystorePass, "JKS",
truststorePath, truststorePass));
+      mqtt.setSslContext(new SSLSupport()
+                            .setKeystorePath(keystorePath)
+                            .setKeystorePassword(keystorePass)
+                            .setTruststorePath(truststorePath)
+                            .setTruststorePassword(truststorePass)
+                            .createContext());
       mqtt.setCleanSession(true);
 
       BlockingConnection connection = mqtt.blockingConnection();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
index 4f88661..dd45f5c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
@@ -235,7 +235,12 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase {
       mqtt.setConnectAttemptsMax(1);
       mqtt.setReconnectAttemptsMax(0);
       mqtt.setHost(host);
-      SSLContext sslContext = SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER,
keystorePath, keystorePass, TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER, truststorePath,
truststorePass);
+      SSLContext sslContext = new SSLSupport()
+         .setKeystorePath(keystorePath)
+         .setKeystorePassword(keystorePass)
+         .setTruststorePath(truststorePath)
+         .setTruststorePassword(truststorePass)
+         .createContext();
       mqtt.setSslContext(sslContext);
 
       BlockingConnection connection = mqtt.blockingConnection();

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
index b9b9bc8..2bc3212 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@@ -239,7 +239,11 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
       tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
       tc.getParams().put(TransportConstants.USE_DEFAULT_SSL_CONTEXT_PROP_NAME, true);
 
-      SSLContext.setDefault(SSLSupport.createContext(TransportConstants.DEFAULT_KEYSTORE_PROVIDER,
TransportConstants.DEFAULT_KEYSTORE_PATH, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, storeType,
CLIENT_SIDE_TRUSTSTORE, PASSWORD));
+      SSLContext.setDefault(new SSLSupport()
+                               .setTruststoreProvider(storeType)
+                               .setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
+                               .setTruststorePassword(PASSWORD)
+                               .createContext());
 
       ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
       ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
@@ -662,7 +666,14 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
    }
 
    public String[] getEnabledCipherSuites() throws Exception {
-      SSLContext context = SSLSupport.createContext(storeType, SERVER_SIDE_KEYSTORE, PASSWORD,
storeType, CLIENT_SIDE_TRUSTSTORE, PASSWORD);
+      SSLContext context = new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(SERVER_SIDE_KEYSTORE)
+         .setKeystorePassword(PASSWORD)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(CLIENT_SIDE_TRUSTSTORE)
+         .setTruststorePassword(PASSWORD)
+         .createContext();
       SSLEngine engine = context.createSSLEngine();
       return engine.getEnabledCipherSuites();
    }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
index b93dc44..96ecb56 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java
@@ -210,7 +210,10 @@ public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase
{
       ServerBootstrap b = new ServerBootstrap();
       final SSLContext context;
       if (useSSL) {
-         context = SSLSupport.createContext("JKS", SERVER_SIDE_KEYSTORE, PASSWORD, null,
null, null);
+         context = new SSLSupport()
+            .setKeystorePath(SERVER_SIDE_KEYSTORE)
+            .setKeystorePassword(PASSWORD)
+            .createContext();
       } else {
          context = null;
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/57ed5b05/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
index 3cb6e6d..256be64 100644
--- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
+++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java
@@ -73,32 +73,60 @@ public class SSLSupportTest extends ActiveMQTestBase {
 
    @Test
    public void testContextWithRightParameters() throws Exception {
-      SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath,
trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    // This is valid as it will create key and trust managers with system defaults
    @Test
    public void testContextWithNullParameters() throws Exception {
-      SSLSupport.createContext(null, null, null, null, null, null);
+      new SSLSupport().createContext();
    }
 
    @Test
    public void testContextWithKeyStorePathAsURL() throws Exception {
       URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
-      SSLSupport.createContext(storeType, url.toString(), keyStorePassword, storeType, trustStorePath,
trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(url.toString())
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithKeyStorePathAsFile() throws Exception {
       URL url = Thread.currentThread().getContextClassLoader().getResource(keyStorePath);
       File file = new File(url.toURI());
-      SSLSupport.createContext(storeType, file.getAbsolutePath(), keyStorePassword, storeType,
trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(file.getAbsolutePath())
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithBadKeyStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, "not a keystore", keyStorePassword, storeType,
trustStorePath, trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath("not a keystore")
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -107,7 +135,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithNullKeyStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, null, keyStorePassword, storeType, trustStorePath,
trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(null)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
       } catch (Exception e) {
          Assert.fail();
       }
@@ -122,13 +157,27 @@ public class SSLSupportTest extends ActiveMQTestBase {
          return;
       }
 
-      SSLSupport.createContext(storeType, "src/test/resources/" + keyStorePath, keyStorePassword,
storeType, trustStorePath, trustStorePassword);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath("src/test/resources/" + keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword(trustStorePassword)
+         .createContext();
    }
 
    @Test
    public void testContextWithBadKeyStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, "bad password", storeType, trustStorePath,
trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword("bad password")
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -137,7 +186,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithNullKeyStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, null, storeType, trustStorePath,
trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(null)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
          assertFalse(e instanceof NullPointerException);
@@ -147,7 +203,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithBadTrustStorePath() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, "not
a trust store", trustStorePassword);
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath("not a trust store")
+            .setTruststorePassword(trustStorePassword)
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -156,7 +219,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    @Test
    public void testContextWithBadTrustStorePassword() throws Exception {
       try {
-         SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath,
"bad passord");
+         new SSLSupport()
+            .setKeystoreProvider(storeType)
+            .setKeystorePath(keyStorePath)
+            .setKeystorePassword(keyStorePassword)
+            .setTruststoreProvider(storeType)
+            .setTruststorePath(trustStorePath)
+            .setTruststorePassword("bad passord")
+            .createContext();
          Assert.fail();
       } catch (Exception e) {
       }
@@ -166,6 +236,14 @@ public class SSLSupportTest extends ActiveMQTestBase {
    public void testContextWithTrustAll() throws Exception {
       //This is using a bad password but should not fail because the trust store should be
ignored with
       //the trustAll flag set to true
-      SSLSupport.createContext(storeType, keyStorePath, keyStorePassword, storeType, trustStorePath,
"bad passord", true);
+      new SSLSupport()
+         .setKeystoreProvider(storeType)
+         .setKeystorePath(keyStorePath)
+         .setKeystorePassword(keyStorePassword)
+         .setTruststoreProvider(storeType)
+         .setTruststorePath(trustStorePath)
+         .setTruststorePassword("bad passord")
+         .setTrustAll(true)
+         .createContext();
    }
 }


Mime
View raw message