James 3502, add ssl support #307
Conversation
…on.SSLConfiguration
…ord for key password as well
|
|
||
| import org.apache.commons.configuration2.Configuration; | ||
|
|
||
| import com.google.common.base.Preconditions; | ||
| import com.google.common.base.Strings; | ||
|
|
||
| import static org.apache.james.backends.rabbitmq.RabbitMQConfiguration.SSLConfiguration.*; | ||
| import static org.apache.james.backends.rabbitmq.RabbitMQConfiguration.SSLConfiguration.SSLValidationStrategy.*; |
There was a problem hiding this comment.
Please avoid wildcards, this will likely not pass the checkstyle.
|
|
||
| static class Builder { | ||
|
|
||
| interface RequireSSLStrategyTrustStore { |
There was a problem hiding this comment.
Use @FunctionalInterface annotation where relevant.
| } | ||
|
|
||
| public enum HostNameVerifier { | ||
| DEFAULT, |
There was a problem hiding this comment.
DEFAUT does not describe a behaviour. Can we find terms to express what this does?
There was a problem hiding this comment.
what do you think of SUBJECT_ALTERNATIVE_NAME_VERIFIER ?
| @@ -54,18 +69,85 @@ private ConnectionFactory from(RabbitMQConfiguration rabbitMQConfiguration) { | |||
| connectionFactory.setUsername(rabbitMQConfiguration.getManagementCredentials().getUser()); | |||
| connectionFactory.setPassword(String.valueOf(rabbitMQConfiguration.getManagementCredentials().getPassword())); | |||
|
|
|||
| if (configuration.useSsl()) setupSslConfiguration(connectionFactory); | |||
There was a problem hiding this comment.
You miss a {} block after this if, the code style will not like it ;-)
|
|
||
| | ssl.keystore.password | ||
| | Configure the keystore password. If configured then "ssl.keystore" must also be configured, | ||
| Optional string, defaults to empty string |
There was a problem hiding this comment.
Is there some cases when it should be specified?
There was a problem hiding this comment.
client certificate authentication?
There was a problem hiding this comment.
Sorry, I missread. That's ok.
|
|
||
| | ssl.keystore | ||
| | Points to the keystore(PKCS12) used for verifying rabbitmq connection. If configured then "ssl.keystore.password" must also be configured, | ||
| Optional string, defaults to empty string |
There was a problem hiding this comment.
Is there some cases when it should be specified?
There was a problem hiding this comment.
client certificate authentication?
There was a problem hiding this comment.
Sorry, I missread. That's ok.
|
|
||
| | ssl.hostname.verifier | ||
| | Configure host name verification. Possible options are default and accept_any_hostname | ||
| Optional string, defaults to default |
|
|
||
| | ssl.validation.strategy | ||
| | Configure the validation strategy used for rabbitmq connections. Possible values are default, ignore and override. | ||
| Optional string, defaults to default |
| <groupId>org.apache.httpcomponents</groupId> | ||
| <artifactId>httpcore</artifactId> | ||
| <version>4.4.5</version> | ||
| </dependency> |
There was a problem hiding this comment.
Can you quickly explain why we need these dependencies? At first glance it seems unrelated to AMQP...
There was a problem hiding this comment.
httpcore, has useful class SSLContextBuilder
httpclient, is needed for configuring mangement api client for org.apache.http.conn.ssl.DefaultHostnameVerifier
|
Would other contributors like to have a look at this work? It is 🍏 . |
| ManagementCredentials managementCredentials = ManagementCredentials.from(configuration); | ||
| return builder() | ||
| .amqpUri(amqpUri) | ||
| .managementUri(managementUri) | ||
| .managementCredentials(managementCredentials) | ||
| .useSsl(useSsl) | ||
| .sslConfiguration(sslTrustConfiguration(configuration)) | ||
| .sslConfiguration(sslTrustConfiguration(configuration)) |
backends-common/rabbitmq/pom.xml
Outdated
| <dependency> | ||
| <groupId>org.apache.httpcomponents</groupId> | ||
| <artifactId>httpclient</artifactId> | ||
| <version>4.5.13</version> |
There was a problem hiding this comment.
We already have that artifact with the same version declared in the root pom file, so you can omit the version here
backends-common/rabbitmq/pom.xml
Outdated
| <dependency> | ||
| <groupId>org.apache.httpcomponents</groupId> | ||
| <artifactId>httpcore</artifactId> | ||
| <version>4.4.5</version> |
There was a problem hiding this comment.
I can see we have an httpcore artifact declared in james-server-jmap module as well, in a different version (4.4.14). Would be good to try centralizing the use of the artifact in the root pom and bump it here for rabbitmq maybe?
|
Merged |
https://issues.apache.org/jira/browse/JAMES-3502?filter=-2