Author: rgodfrey
Date: Thu Jan 29 20:57:38 2015
New Revision: 1655858
URL: http://svn.apache.org/r1655858
Log:
[JMS AMQP 1.0 Client] Add ability to change the SSL Protocol/Provider used to
create the SSLContext
Modified:
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
Modified:
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java?rev=1655858&r1=1655857&r2=1655858&view=diff
==============================================================================
---
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
(original)
+++
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
Thu Jan 29 20:57:38 2015
@@ -67,6 +67,8 @@ public class ConnectionFactoryImpl imple
private String _trustStorePath;
private String _trustStorePassword;
private SSLContext _sslContext;
+ private String _sslProtocol;
+ private String _sslProvider;
public ConnectionFactoryImpl(final String host,
@@ -163,7 +165,9 @@ public class ConnectionFactoryImpl imple
KeyManagerFactory.getDefaultAlgorithm(),
_trustStorePath,_trustStorePassword,
KeyStore.getDefaultType(),
-
TrustManagerFactory.getDefaultAlgorithm());
+
TrustManagerFactory.getDefaultAlgorithm(),
+ _sslProtocol,
+ _sslProvider);
if(username == null && _keyStoreCertAlias != null)
{
X509Certificate[] certs =
SSLUtil.getClientCertificates(_keyStoreCertAlias,
@@ -220,6 +224,16 @@ public class ConnectionFactoryImpl imple
_keyStorePassword = keyStorePassword;
}
+ public void setSslProtocol(final String sslProtocol)
+ {
+ _sslProtocol = sslProtocol;
+ }
+
+ public void setSslProvider(final String sslProvider)
+ {
+ _sslProvider = sslProvider;
+ }
+
public void setKeyStoreCertAlias(final String keyStoreCertAlias)
{
_keyStoreCertAlias = keyStoreCertAlias;
@@ -252,6 +266,8 @@ public class ConnectionFactoryImpl imple
public String keyStorePath;
public String keyStorePassword;
public String keyStoreCertAlias;
+ public String sslProvider;
+ public String sslProtocol;
}
@@ -388,7 +404,22 @@ public class ConnectionFactoryImpl imple
{
options.keyStoreCertAlias = value;
}
+ },
+ new OptionSetter("ssl-provider","")
+ {
+ public void setOption(final ConnectionOptions options, final
String value) throws MalformedURLException
+ {
+ options.sslProvider = value;
+ }
+ },
+ new OptionSetter("ssl-protocol","")
+ {
+ public void setOption(final ConnectionOptions options, final
String value) throws MalformedURLException
+ {
+ options.sslProtocol = value;
+ }
}
+
};
public static ConnectionFactoryImpl createFromURL(final String urlString)
throws MalformedURLException
@@ -496,6 +527,14 @@ public class ConnectionFactoryImpl imple
{
connectionFactory.setTrustStorePassword(options.trustStorePassword);
}
+ if (options.sslProvider != null)
+ {
+ connectionFactory.setSslProvider(options.sslProvider);
+ }
+ if (options.sslProtocol != null)
+ {
+ connectionFactory.setSslProtocol(options.sslProtocol);
+ }
return connectionFactory;
Modified:
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java?rev=1655858&r1=1655857&r2=1655858&view=diff
==============================================================================
---
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
(original)
+++
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
Thu Jan 29 20:57:38 2015
@@ -27,12 +27,15 @@ import java.io.InputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -48,6 +51,10 @@ public class SSLUtil
public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
public static final String SSLV3_PROTOCOL = "SSLv3";
+
+ private static final Logger LOGGER =
Logger.getLogger(SSLUtil.class.getName());
+
+
public static SSLContext buildSslContext(final String certAlias,
final String keyStorePath,
final String keyStoreType,
@@ -56,11 +63,13 @@ public class SSLUtil
final String trustStorePath,
final String trustStorePassword,
final String trustStoreType,
- final String
trustManagerFactoryAlgorithm) throws GeneralSecurityException, IOException
+ final String
trustManagerFactoryAlgorithm,
+ final String sslProtocol,
+ final String sslProvider) throws
GeneralSecurityException, IOException
{
- final SSLContext sslContext = SSLContext
- .getInstance(TRANSPORT_LAYER_SECURITY_CODE);
+
+ SSLContext sslContext = getSslContext(sslProtocol, sslProvider);
final TrustManager[] trustManagers;
final KeyManager[] keyManagers;
@@ -109,6 +118,48 @@ public class SSLUtil
return sslContext;
}
+ private static SSLContext getSslContext(final String sslProtocol, final
String sslProvider) throws NoSuchAlgorithmException
+ {
+
+ final String sslProviderName = System.getProperty("qpid.ssl.provider",
sslProvider);
+ final String sslProtocolName = System.getProperty("qpid.ssl.protocol",
sslProtocol);
+
+ SSLContext sslContext = null;
+ if(sslProviderName != null && sslProtocolName != null)
+ {
+ try
+ {
+ sslContext = SSLContext.getInstance(sslProtocolName,
sslProviderName);
+ }
+ catch(NoSuchProviderException e)
+ {
+ LOGGER.info("Unknown SSL Context Provider '"+ sslProviderName
+ "' will use the default");
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ LOGGER.info("Unknown SSL protocol '" + sslProtocolName
+ + "' when using the provider '" + sslProviderName
+ "' will use the default provider");
+ }
+ }
+ if(sslContext == null && sslProtocolName != null)
+ {
+ try
+ {
+ sslContext = SSLContext.getInstance(sslProtocolName);
+ }
+ catch(NoSuchAlgorithmException e)
+ {
+ LOGGER.info("Unknown SSL protocol '" + sslProtocolName +
+ "' will use '"+TRANSPORT_LAYER_SECURITY_CODE+"'");
+ }
+ }
+ if(sslContext == null)
+ {
+ sslContext = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY_CODE);
+ }
+ return sslContext;
+ }
+
public static X509Certificate[] getClientCertificates(final String alias,
final String keyStorePath,
final String keyStorePassword,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
