Details
Description
Client connection creation fails when setting socket parameters.
Exception was thrown, when I tried to set enabledProtocols parameter using url:
ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3
Exception is also thrown, when using tcpNoDelay parameter. It is thrown probably with most of the parameters related to sockets.
Here is the exception thrown:
java.lang.reflect.InaccessibleObjectException: Unable to make public void sun.security.ssl.SSLSocketImpl.setEnabledProtocols(java.lang.String[]) accessible: module java.base does not "exports sun.security.ssl" to unnamed module @48f2bd5b 13:22:43.976 [main] ERROR org.apache.activemq.util.IntrospectionSupport - Could not set property enabledProtocols on SSLSocket[hostname=127.0.0.1, port=12345, Session(...)] at java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:391) ~[?:?] at java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:367) ~[?:?] at java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:315) ~[?:?] at java.lang.reflect.Method.checkCanSetAccessible(Method.java:203) ~[?:?] at java.lang.reflect.Method.setAccessible(Method.java:197) ~[?:?] at org.apache.activemq.util.IntrospectionSupport.setProperty(IntrospectionSupport.java:184) [test/:6.0.1] at org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:155) [test/:6.0.1] at org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:140) [test/:6.0.1] at org.apache.activemq.transport.tcp.TcpTransport.initialiseSocket(TcpTransport.java:449) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.tcp.SslTransport.initialiseSocket(SslTransport.java:137) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:542) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.tcp.TcpTransport.doStart(TcpTransport.java:488) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.AbstractInactivityMonitor.start(AbstractInactivityMonitor.java:172) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.InactivityMonitor.start(InactivityMonitor.java:52) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:72) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:399) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:349) [activemq-client-6.0.1.jar:6.0.1] at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:245) [activemq-client-6.0.1.jar:6.0.1] at test.ActiveMQClientSSLSocketParameter.main(ActiveMQClientSSLSocketParameter.java:25) [test/:?]
Here is example to reproduce issue:
package test; import java.io.IOException; import java.net.ServerSocket; import org.apache.activemq.ActiveMQSslConnectionFactory; public class ActiveMQClientSSLSocketParameter { public static void main(String[] args) throws Exception{ // Dummy server ServerSocket server = new ServerSocket(12345); new Thread(() -> { try { var client = server.accept(); client.close(); }catch(Exception e) { e.printStackTrace(); } }).start(); var factory = new ActiveMQSslConnectionFactory("ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3"); // or socket.enabledCipherSuites=TLS_AES_256_GCM_SHA384 try(var connection = factory.createConnection()){ //NOP } finally { try { server.close(); } catch (IOException e) { e.printStackTrace(); } } } }
Fix seems to be trivial, because same kind of issue is already corrected with server side (SSLServerSocket). See line https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-client/src/main/java/org/apache/activemq/util/IntrospectionSupport.java#L172
Snippet from IntrospectionSupport:
public static boolean setProperty(Object target, String name, Object value) { try { Class<?> clazz = target.getClass(); if (target instanceof SSLServerSocket) { // overcome illegal access issues with internal implementation class clazz = SSLServerSocket.class; } // ...
Fix for this issue would be:
public static boolean setProperty(Object target, String name, Object value) { try { Class<?> clazz = target.getClass(); if (target instanceof SSLServerSocket) { // overcome illegal access issues with internal implementation class clazz = SSLServerSocket.class; } else if (target instanceof javax.net.ssl.SSLSocket) { // overcome illegal access issues with internal implementation class clazz = javax.net.ssl.SSLSocket.class; } // ...
There is also similar code (https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-jms-pool/src/main/java/org/apache/activemq/jms/pool/IntrospectionSupport.java#L87), which probably should be corrected the same manner.
Attachments
Issue Links
- is related to
-
AMQ-9478 Add unit test for modernized IntrospectionSupport
- Open