Author: rgodfrey
Date: Fri May 18 17:54:23 2012
New Revision: 1340191
URL: http://svn.apache.org/viewvc?rev=1340191&view=rev
Log:
QPID-3973 : [Java] Add support for non JKS key store types (patch supplied by
[email protected])
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
Fri May 18 17:54:23 2012
@@ -242,8 +242,9 @@ public class Broker
{
final String keystorePath =
serverConfig.getConnectorKeyStorePath();
final String keystorePassword =
serverConfig.getConnectorKeyStorePassword();
+ final String keystoreType =
serverConfig.getConnectorKeyStoreType();
final String keyManagerFactoryAlgorithm =
serverConfig.getConnectorKeyManagerFactoryAlgorithm();
- final SSLContext sslContext =
SSLContextFactory.buildServerContext(keystorePath, keystorePassword,
keyManagerFactoryAlgorithm);
+ final SSLContext sslContext =
SSLContextFactory.buildServerContext(keystorePath, keystorePassword,
keystoreType, keyManagerFactoryAlgorithm);
for(int sslPort : sslPorts)
{
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
Fri May 18 17:54:23 2012
@@ -743,7 +743,7 @@ public class ServerConfiguration extends
{
return getBooleanValue("connector.ssl.sslOnly");
}
-
+
public List getSSLPorts()
{
return getListValue("connector.ssl.port",
Collections.<Integer>singletonList(DEFAULT_SSL_PORT));
@@ -761,6 +761,11 @@ public class ServerConfiguration extends
return getStringValue("connector.ssl.keyStorePassword", fallback);
}
+ public String getConnectorKeyStoreType()
+ {
+ return getStringValue("connector.ssl.keyStoreType", "JKS");
+ }
+
public String getConnectorKeyManagerFactoryAlgorithm()
{
final String systemFallback = KeyManagerFactory.getDefaultAlgorithm();
Modified:
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
(original)
+++
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
Fri May 18 17:54:23 2012
@@ -110,9 +110,11 @@ public class AMQConnectionDelegate_8_0 i
sslContext = SSLContextFactory.buildClientContext(
settings.getTrustStorePath(),
settings.getTrustStorePassword(),
+ settings.getTrustStoreType(),
settings.getTrustManagerFactoryAlgorithm(),
settings.getKeyStorePath(),
settings.getKeyStorePassword(),
+ settings.getKeyStoreType(),
settings.getKeyManagerFactoryAlgorithm(),
settings.getCertAlias());
}
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
Fri May 18 17:54:23 2012
@@ -39,7 +39,6 @@ import java.security.KeyStore;
*/
public class SSLContextFactory
{
- public static final String JAVA_KEY_STORE_CODE = "JKS";
public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
private SSLContextFactory()
@@ -48,28 +47,32 @@ public class SSLContextFactory
}
public static SSLContext buildServerContext(final String keyStorePath,
- final String keyStorePassword, final String
keyManagerFactoryAlgorithm)
+ final String keyStorePassword, final String keyStoreType,
+ final String keyManagerFactoryAlgorithm)
throws GeneralSecurityException, IOException
{
- return buildContext(null, null, null, keyStorePath, keyStorePassword,
+ return buildContext(null, null, null, null, keyStorePath,
keyStorePassword, keyStoreType,
keyManagerFactoryAlgorithm, null);
}
public static SSLContext buildClientContext(final String trustStorePath,
- final String trustStorePassword, final String
trustManagerFactoryAlgorithm,
- final String keyStorePath, final String keyStorePassword,
+ final String trustStorePassword, final String trustStoreType,
+ final String trustManagerFactoryAlgorithm, final String
keyStorePath,
+ final String keyStorePassword, final String keyStoreType,
final String keyManagerFactoryAlgorithm, final String certAlias)
throws GeneralSecurityException, IOException
{
- return buildContext(trustStorePath, trustStorePassword,
- trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword,
+ return buildContext(trustStorePath, trustStorePassword, trustStoreType,
+ trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword,
keyStoreType,
keyManagerFactoryAlgorithm, certAlias);
}
private static SSLContext buildContext(final String trustStorePath,
- final String trustStorePassword, final String
trustManagerFactoryAlgorithm,
- final String keyStorePath, final String keyStorePassword,
- final String keyManagerFactoryAlgorithm, final String certAlias)
+ final String trustStorePassword, final String trustStoreType,
+ final String trustManagerFactoryAlgorithm,
+ final String keyStorePath, final String keyStorePassword,
+ final String keyStoreType, final String keyManagerFactoryAlgorithm,
+ final String certAlias)
throws GeneralSecurityException, IOException
{
// Initialize the SSLContext to work with our key managers.
@@ -82,7 +85,7 @@ public class SSLContextFactory
if (trustStorePath != null)
{
final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
- trustStorePassword);
+ trustStorePassword, trustStoreType);
final TrustManagerFactory tmf = TrustManagerFactory
.getInstance(trustManagerFactoryAlgorithm);
tmf.init(ts);
@@ -99,13 +102,13 @@ public class SSLContextFactory
if (certAlias != null)
{
keyManagers = new KeyManager[] { new QpidClientX509KeyManager(
- certAlias, keyStorePath, keyStorePassword,
+ certAlias, keyStorePath, keyStoreType,
keyStorePassword,
keyManagerFactoryAlgorithm) };
}
else
{
final KeyStore ks = SSLUtil.getInitializedKeyStore(
- keyStorePath, keyStorePassword);
+ keyStorePath, keyStorePassword, keyStoreType);
char[] keyStoreCharPassword = keyStorePassword == null ? null
: keyStorePassword.toCharArray();
// Set up key manager factory to use our key store
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
Fri May 18 17:54:23 2012
@@ -31,6 +31,7 @@ import static org.apache.qpid.configurat
import static
org.apache.qpid.configuration.ClientProperties.LEGACY_RECEIVE_BUFFER_SIZE_PROP_NAME;
import static
org.apache.qpid.configuration.ClientProperties.LEGACY_SEND_BUFFER_SIZE_PROP_NAME;
+import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
@@ -67,10 +68,12 @@ public class ConnectionSettings
private boolean useSSL;
private String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
private String keyStorePassword =
System.getProperty("javax.net.ssl.keyStorePassword");
+ private String keyStoreType =
System.getProperty("javax.net.ssl.keyStoreType",KeyStore.getDefaultType());
private String keyManagerFactoryAlgorithm =
QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(),
QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME,
QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get();
private String trustManagerFactoryAlgorithm =
QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(),
QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME,
QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get();
- private String trustStorePath =
System.getProperty("javax.net.ssl.trustStore");;
- private String trustStorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");;
+ private String trustStorePath =
System.getProperty("javax.net.ssl.trustStore");
+ private String trustStorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
+ private String trustStoreType =
System.getProperty("javax.net.ssl.trustStoreType",KeyStore.getDefaultType());
private String certAlias;
private boolean verifyHostname;
@@ -262,6 +265,16 @@ public class ConnectionSettings
this.keyStorePassword = keyStorePassword;
}
+ public void setKeyStoreType(String keyStoreType)
+ {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getKeyStoreType()
+ {
+ return keyStoreType;
+ }
+
public String getTrustStorePath()
{
return trustStorePath;
@@ -322,6 +335,16 @@ public class ConnectionSettings
this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
}
+ public String getTrustStoreType()
+ {
+ return trustStoreType;
+ }
+
+ public void setTrustStoreType(String trustStoreType)
+ {
+ this.trustStoreType = trustStoreType;
+ }
+
public int getReadBufferSize()
{
return readBufferSize;
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
Fri May 18 17:54:23 2012
@@ -78,9 +78,11 @@ public class SecurityLayerFactory
sslCtx = SSLContextFactory
.buildClientContext(settings.getTrustStorePath(),
settings.getTrustStorePassword(),
+ settings.getTrustStoreType(),
settings.getTrustManagerFactoryAlgorithm(),
settings.getKeyStorePath(),
settings.getKeyStorePassword(),
+ settings.getKeyStoreType(),
settings.getKeyManagerFactoryAlgorithm(),
settings.getCertAlias());
}
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
Fri May 18 17:54:23 2012
@@ -40,11 +40,11 @@ public class QpidClientX509KeyManager ex
private X509ExtendedKeyManager delegate;
private String alias;
- public QpidClientX509KeyManager(String alias, String keyStorePath,
+ public QpidClientX509KeyManager(String alias, String keyStorePath, String
keyStoreType,
String keyStorePassword, String
keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
{
this.alias = alias;
- KeyStore ks =
SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword);
+ KeyStore ks =
SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword,keyStoreType);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
kmf.init(ks, keyStorePassword.toCharArray());
this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Fri May 18 17:54:23 2012
@@ -125,9 +125,9 @@ public class SSLUtil
return id.toString();
}
- public static KeyStore getInitializedKeyStore(String storePath, String
storePassword) throws GeneralSecurityException, IOException
+ public static KeyStore getInitializedKeyStore(String storePath, String
storePassword, String keyStoreType) throws GeneralSecurityException, IOException
{
- KeyStore ks = KeyStore.getInstance("JKS");
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
InputStream in = null;
try
{
@@ -140,7 +140,7 @@ public class SSLUtil
{
in =
Thread.currentThread().getContextClassLoader().getResourceAsStream(storePath);
}
- if (in == null)
+ if (in == null && !"PKCS11".equalsIgnoreCase(keyStoreType)) //
PKCS11 will not require an explicit path
{
throw new IOException("Unable to load keystore resource: " +
storePath);
}
Modified:
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java?rev=1340191&r1=1340190&r2=1340191&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
(original)
+++
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
Fri May 18 17:54:23 2012
@@ -31,13 +31,14 @@ public class SSLContextFactoryTest exten
private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_client_keystore.jks";
private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_client_truststore.jks";
private static final String STORE_PASSWORD = "password";
+ private static final String STORE_TYPE = "JKS";
private static final String DEFAULT_KEY_MANAGER_ALGORITHM =
KeyManagerFactory.getDefaultAlgorithm();
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM =
TrustManagerFactory.getDefaultAlgorithm();
private static final String CERT_ALIAS_APP1 = "app1";
public void testBuildServerContext() throws Exception
{
- SSLContext context =
SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD,
DEFAULT_KEY_MANAGER_ALGORITHM);
+ SSLContext context =
SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD,
STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
assertNotNull("SSLContext should not be null", context);
}
@@ -45,7 +46,7 @@ public class SSLContextFactoryTest exten
{
try
{
- SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH,
"sajdklsad", DEFAULT_KEY_MANAGER_ALGORITHM);
+ SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH,
"sajdklsad", STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
fail("Exception was not thrown due to incorrect password");
}
catch (IOException e)
@@ -58,7 +59,7 @@ public class SSLContextFactoryTest exten
{
try
{
- SSLContextFactory.buildClientContext("/path/to/nothing",
STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH,
STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, null);
+ SSLContextFactory.buildClientContext("/path/to/nothing",
STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM,
CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE,
DEFAULT_KEY_MANAGER_ALGORITHM, null);
fail("Exception was not thrown due to incorrect path");
}
catch (IOException e)
@@ -69,19 +70,19 @@ public class SSLContextFactoryTest exten
public void testBuildClientContextForSSLEncryptionOnly() throws Exception
{
- SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
DEFAULT_TRUST_MANAGER_ALGORITHM, null, null, null, null);
+ SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, null, null, null, null, null);
assertNotNull("SSLContext should not be null", context);
}
public void testBuildClientContextWithForClientAuth() throws Exception
{
- SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD,
DEFAULT_KEY_MANAGER_ALGORITHM, null);
+ SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH,
STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null);
assertNotNull("SSLContext should not be null", context);
}
public void testBuildClientContextWithForClientAuthWithCertAlias() throws
Exception
{
- SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD,
DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1);
+ SSLContext context =
SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH,
STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1);
assertNotNull("SSLContext should not be null", context);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
