Add JvmSslContextBrokerPlugin to set JVM default SSLContext from broker configuration

Author: jeanouii

activemq-unit-tests/src/test/java/org/apache/activemq/plugin/JvmSslContextBrokerPlugin.java

@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.plugin;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.activemq.broker.BrokerPluginSupport;
+import org.apache.activemq.broker.SslContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A broker plugin that reads the broker's {@code <sslContext>} configuration of {@code activemq.xml} file
+ * and sets it as the JVM default {@link SSLContext}.
+ *
+ * <p>This is useful as a workaround for older ActiveMQ versions (pre 6.3.x) where {@code ManagementContext} does
+ * not support an {@code sslContext} property (See issue https://issues.apache.org/jira/browse/AMQ-9857)
+ *
+ * By setting the JVM default SSLContext, any component that uses {@code SSLContext.getDefault()}
+ * (for instanceJMX configured via JVM flags with {@code -Dcom.sun.management.jmxremote.ssl=true}) will use the broker's
+ * keyStore and trustStore.</p>
+ */
+public class JvmSslContextBrokerPlugin extends BrokerPluginSupport {
+
+    private static final Logger LOG = LoggerFactory.getLogger(JvmSslContextBrokerPlugin.class);
+
+    @Override
+    public void start() throws Exception {
+        super.start();
+
+        final SslContext brokerSslContext = getBrokerService().getSslContext();
+        if (brokerSslContext != null) {
+            final SSLContext ctx = brokerSslContext.getSSLContext();
+            SSLContext.setDefault(ctx); // will override default JVM SSL Context
+            LOG.info("JVM default SSLContext set from broker's sslContext (protocol: {})", ctx.getProtocol());
+
+        } else {
+            LOG.debug("No sslContext configured on broker — JVM default SSLContext unchanged");
+        }
+    }
+}