SSLContext is overridden with default

[lukehu99]

Hi,

We plan to use the JMS connection in TIBCO BW 5.x. In BW, we define the file JNDI and use the "com.sun.jndi.fscontext.RefFSContextFactory" as the InitialContext class to lookup the JMS connection factory. Due to the limitation of TIBCO BW, it does not allow us to useSslProtocol() to configure the sslContext manully. Is it possible to introduce some properties in the JMS connetion facory for SSL, such keystore, trustkeystore and passwords and let connection facotry configure the sslConext by itself? If so, we can configure those SSL properties in the .bindings file there.

One more thing on the method createConnection(String username, String password) of class
com.rabbitmq.jms.admin.RMQConnectionFactory. In the test with java code, I found that the sslContext will be overwriten by the default sslContext even the sslContext has been configured by the maybeEnableTLS(). The reason is the following setRabbitUri() will reset sslContext again. Is it possible to change the order of the those two methods?

    maybeEnableTLS(factory);
    setRabbitUri(logger, this, factory, this.getUri());

Best Regards,
Luke

[michaelklishin]

@lukehu99 in other words, if an SSLContext was previously set we should use that?

[lukehu99]

@michaelklishin

It is the sample code to create the JMS connection with my sslContext. But the sslContext is overwritten by the setRabbitUri(logger, this, factory, this.getUri()); in createConnection(String username, String password):

		Hashtable<String, String> env = new Hashtable<String, String>();
		env.put(Context.INITIAL_CONTEXT_FACTORY,
				"com.sun.jndi.fscontext.RefFSContextFactory");
		env.put(Context.PROVIDER_URL, JNDIloc);
		
		InitialContext jndiContext;

		jndiContext = new InitialContext(env);
		javax.jms.ConnectionFactory cf =  (javax.jms.ConnectionFactory) jndiContext.lookup("ConnectionFactory");
		
		com.rabbitmq.jms.admin.RMQConnectionFactory rmqcf = (com.rabbitmq.jms.admin.RMQConnectionFactory) cf;
		rmqcf.useSslProtocol(sslContext);
		
		javax.jms.Connection connection = cf.createConnection();

And TIBCO BW is something like xml configuration. It is not allowed to invoke the rmqcf.useSslProtocol(sslContext) directly. So I wish the JMS factory could have the SSL properties for the JNDI configuration. Or JMS factory could load the default SSLContext, SSLContext.getDefault(); ,when the factory instance is created. In that case, I could configure the SSL with system property, and that sslContext will be passed to JMS factory.

[michaelklishin]

@acogoluegnes @garyrussell @artembilan any thoughts on the comment above?

[acogoluegnes]

By browsing the code, the problem of setRabbitUri overriding the SSLContext looks real. It happens in the AMQP Java client (https://github.com/rabbitmq/rabbitmq-java-client/blob/v4.0.0/src/main/java/com/rabbitmq/client/ConnectionFactory.java#L209). Changing the order of the calls in the JMS client should do the job.

Regarding the other part, we could introduce a useDefaultSslContext flag to use SSLContext.getDefault(). The default value would be false.