Author: ritchiem
Date: Wed Feb 14 07:40:47 2007
New Revision: 507584
URL: http://svn.apache.org/viewvc?view=rev&rev=507584
Log:
Applied QPID-6 SSL Options patch from Kevin Smith
Added:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
(with props)
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
(with props)
Removed:
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/BogusSSLContextFactory.java
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/BogusTrustManagerFactory.java
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLServerSocketFactory.java
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLSocketFactory.java
Modified:
incubator/qpid/trunk/qpid/java/broker/etc/config.xml
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Main.java
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionFactory.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/failover/FailoverHandler.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/protocol/AMQProtocolHandler.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/SocketTransportConnection.java
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java
incubator/qpid/trunk/qpid/java/cluster/src/main/java/org/apache/qpid/server/cluster/Main.java
Modified: incubator/qpid/trunk/qpid/java/broker/etc/config.xml
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/etc/config.xml?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/etc/config.xml (original)
+++ incubator/qpid/trunk/qpid/java/broker/etc/config.xml Wed Feb 14 07:40:47
2007
@@ -24,8 +24,13 @@
<work>${QPID_WORK}</work>
<conf>${prefix}/etc</conf>
<connector>
- <ssl>false</ssl>
- <nonssl>true</nonssl>
+ <!-- Uncomment out this block and edit the keystorePath and
keystorePassword
+ to enable SSL support
+ <ssl>
+ <enabled>true</enabled>
+ <keystorePath>/path/to/keystore.ks</keystorePath>
+ <keystorePassword>keystorepass</keystorePassword>
+ </ssl>-->
<qpidnio>true</qpidnio>
<transport>nio</transport>
<port>5672</port>
Modified:
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Main.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Main.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Main.java
(original)
+++
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/Main.java
Wed Feb 14 07:40:47 2007
@@ -327,7 +327,7 @@
sconfig.setThreadModel(ReadWriteThreadModel.getInstance());
}
- if (connectorConfig.enableNonSSL)
+ if (!connectorConfig.enableSSL)
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
InetSocketAddress bindAddress;
@@ -343,10 +343,9 @@
_logger.info("Qpid.AMQP listening on non-SSL address " +
bindAddress);
}
- if (connectorConfig.enableSSL)
+ else
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
- handler.setUseSSL(true);
try
{
acceptor.bind(new
InetSocketAddress(connectorConfig.sslPort),
Modified:
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
(original)
+++
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
Wed Feb 14 07:40:47 2007
@@ -20,15 +20,8 @@
*/
package org.apache.qpid.server.protocol;
-import org.apache.qpid.AMQException;
-import org.apache.qpid.codec.AMQCodecFactory;
-import org.apache.qpid.framing.*;
-import org.apache.qpid.server.exchange.ExchangeRegistry;
-import org.apache.qpid.server.queue.QueueRegistry;
-import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.registry.IApplicationRegistry;
-import org.apache.qpid.server.transport.ConnectorConfiguration;
-import org.apache.qpid.ssl.BogusSSLContextFactory;
+import java.io.IOException;
+
import org.apache.log4j.Logger;
import org.apache.mina.common.ByteBuffer;
import org.apache.mina.common.IdleStatus;
@@ -37,8 +30,19 @@
import org.apache.mina.filter.SSLFilter;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.util.SessionUtil;
-
-import java.io.IOException;
+import org.apache.qpid.AMQException;
+import org.apache.qpid.codec.AMQCodecFactory;
+import org.apache.qpid.framing.AMQDataBlock;
+import org.apache.qpid.framing.AMQProtocolHeaderException;
+import org.apache.qpid.framing.AMQShortString;
+import org.apache.qpid.framing.ConnectionCloseBody;
+import org.apache.qpid.framing.HeartbeatBody;
+import org.apache.qpid.framing.ProtocolInitiation;
+import org.apache.qpid.framing.ProtocolVersionList;
+import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.registry.IApplicationRegistry;
+import org.apache.qpid.server.transport.ConnectorConfiguration;
+import org.apache.qpid.ssl.SSLContextFactory;
/**
@@ -56,17 +60,14 @@
private final IApplicationRegistry _applicationRegistry;
- private boolean _useSSL;
-
public AMQPFastProtocolHandler(Integer applicationRegistryInstance)
{
- this(ApplicationRegistry.getInstance(applicationRegistryInstance));
+ this(ApplicationRegistry.getInstance(applicationRegistryInstance));
}
public AMQPFastProtocolHandler(IApplicationRegistry applicationRegistry)
{
_applicationRegistry = applicationRegistry;
-
_logger.debug("AMQPFastProtocolHandler created");
}
@@ -89,16 +90,30 @@
getConfiguredObject(ConnectorConfiguration.class);
if (connectorConfig.enableExecutorPool)
{
- if (_useSSL)
+ if (connectorConfig.enableSSL)
{
+ String keystorePath = connectorConfig.keystorePath;
+ String keystorePassword = connectorConfig.keystorePassword;
+ String certType = connectorConfig.certType;
+ SSLContextFactory sslContextFactory = new
SSLContextFactory(keystorePath, keystorePassword, certType);
protocolSession.getFilterChain().addAfter("AsynchronousReadFilter", "sslFilter",
- new
SSLFilter(BogusSSLContextFactory.getInstance(true)));
+ new
SSLFilter(sslContextFactory.buildServerContext()));
}
protocolSession.getFilterChain().addBefore("AsynchronousWriteFilter",
"protocolFilter", pcf);
}
else
{
- protocolSession.getFilterChain().addLast("protocolFilter", pcf);
+ protocolSession.getFilterChain().addLast("protocolFilter", pcf);
+ if (connectorConfig.enableSSL)
+ {
+ String keystorePath = connectorConfig.keystorePath;
+ String keystorePassword = connectorConfig.keystorePassword;
+ String certType = connectorConfig.certType;
+ SSLContextFactory sslContextFactory = new
SSLContextFactory(keystorePath, keystorePassword, certType);
+ protocolSession.getFilterChain().addBefore("protocolFilter",
"sslFilter",
+ new
SSLFilter(sslContextFactory.buildServerContext()));
+ }
+
}
}
@@ -215,15 +230,5 @@
{
_logger.debug("Message sent: " + object);
}
- }
-
- public boolean isUseSSL()
- {
- return _useSSL;
- }
-
- public void setUseSSL(boolean useSSL)
- {
- _useSSL = useSSL;
}
}
Modified:
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
(original)
+++
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
Wed Feb 14 07:40:47 2007
@@ -70,13 +70,21 @@
defaultValue = "false")
public boolean enableDirectBuffers;
- @Configured(path = "connector.ssl",
+ @Configured(path = "connector.ssl.enabled",
defaultValue = "false")
public boolean enableSSL;
-
- @Configured(path = "connector.nonssl",
- defaultValue = "true")
- public boolean enableNonSSL;
+
+ @Configured(path = "connector.ssl.keystorePath",
+ defaultValue = "none")
+ public String keystorePath;
+
+ @Configured(path = "connector.ssl.keystorePassword",
+ defaultValue = "none")
+ public String keystorePassword;
+
+ @Configured(path = "connector.ssl.certType",
+ defaultValue = "SunX509")
+ public String certType;
public IoAcceptor createAcceptor()
{
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
Wed Feb 14 07:40:47 2007
@@ -35,6 +35,8 @@
private String _transport;
private HashMap<String, String> _options;
+
+ private SSLConfiguration _sslConfiguration;
public AMQBrokerDetails()
{
@@ -174,15 +176,11 @@
}
}
- public AMQBrokerDetails(String host, int port, boolean useSSL)
+ public AMQBrokerDetails(String host, int port, SSLConfiguration
sslConfiguration)
{
_host = host;
_port = port;
-
- if (useSSL)
- {
- setOption(OPTIONS_SSL, "true");
- }
+ _sslConfiguration = sslConfiguration;
}
public String getHost()
@@ -247,6 +245,16 @@
{
setOption(OPTIONS_CONNECT_TIMEOUT, Long.toString(timeout));
}
+
+ public SSLConfiguration getSSLConfiguration()
+ {
+ return _sslConfiguration;
+ }
+
+ public void setSSLConfiguration(SSLConfiguration sslConfig)
+ {
+ _sslConfiguration = sslConfig;
+ }
public String toString()
{
@@ -280,8 +288,7 @@
return _host.equalsIgnoreCase(bd.getHost()) &&
(_port == bd.getPort()) &&
_transport.equalsIgnoreCase(bd.getTransport()) &&
- (useSSL() == bd.useSSL());
-
+ compareSSLConfigurations(bd.getSSLConfiguration());
//todo do we need to compare all the options as well?
}
@@ -313,26 +320,24 @@
return optionsURL.toString();
}
-
- public boolean useSSL()
- {
- // To be friendly to users we should be case insensitive.
- // or simply force users to conform to OPTIONS_SSL
- // todo make case insensitive by trying ssl Ssl sSl ssL SSl SsL sSL SSL
-
- if (_options.containsKey(OPTIONS_SSL))
- {
- return _options.get(OPTIONS_SSL).equalsIgnoreCase("true");
- }
-
- return USE_SSL_DEFAULT;
- }
-
- public void useSSL(boolean ssl)
- {
- setOption(OPTIONS_SSL, Boolean.toString(ssl));
+
+ // Do we need to do a more in-depth comparison?
+ private boolean compareSSLConfigurations(SSLConfiguration other)
+ {
+ boolean retval = false;
+ if (_sslConfiguration == null &&
+ other == null)
+ {
+ retval = true;
+ }
+ else if (_sslConfiguration != null &&
+ other != null)
+ {
+ retval = true;
+ }
+
+ return retval;
}
-
public static String checkTransport(String broker)
{
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
Wed Feb 14 07:40:47 2007
@@ -141,6 +141,11 @@
* The connection meta data
*/
private QpidConnectionMetaData _connectionMetaData;
+
+ /**
+ * Configuration info for SSL
+ */
+ private SSLConfiguration _sslConfiguration;
/**
* @param broker brokerdetails
@@ -157,17 +162,43 @@
this(new AMQConnectionURL(ConnectionURL.AMQ_PROTOCOL + "://" +
username + ":" + password + "@" +
(clientName == null ? "" : clientName) + "/"
+
- virtualHost + "?brokerlist='" +
AMQBrokerDetails.checkTransport(broker) + "'"));
+ virtualHost + "?brokerlist='" +
AMQBrokerDetails.checkTransport(broker) + "'"), null);
}
+
+ /**
+ * @param broker brokerdetails
+ * @param username username
+ * @param password password
+ * @param clientName clientid
+ * @param virtualHost virtualhost
+ * @throws AMQException
+ * @throws URLSyntaxException
+ */
+ public AMQConnection(String broker, String username, String password,
+ String clientName, String virtualHost,
SSLConfiguration sslConfig) throws AMQException, URLSyntaxException
+ {
+ this(new AMQConnectionURL(ConnectionURL.AMQ_PROTOCOL + "://" +
+ username + ":" + password + "@" +
+ (clientName == null ? "" : clientName) + "/"
+
+ virtualHost + "?brokerlist='" +
AMQBrokerDetails.checkTransport(broker) + "'"), sslConfig);
+ }
+
public AMQConnection(String host, int port, String username, String
password,
String clientName, String virtualHost) throws
AMQException, URLSyntaxException
{
- this(host, port, false, username, password, clientName, virtualHost);
+ this(host, port, false, username, password, clientName, virtualHost,
null);
}
+
+ public AMQConnection(String host, int port, String username, String
password,
+ String clientName, String virtualHost, SSLConfiguration sslConfig)
throws AMQException, URLSyntaxException
+ {
+ this(host, port, false, username, password, clientName, virtualHost,
sslConfig);
+ }
+
public AMQConnection(String host, int port, boolean useSSL, String
username, String password,
- String clientName, String virtualHost) throws
AMQException, URLSyntaxException
+ String clientName, String virtualHost,
SSLConfiguration sslConfig) throws AMQException, URLSyntaxException
{
this(new AMQConnectionURL(useSSL ?
ConnectionURL.AMQ_PROTOCOL + "://" +
@@ -180,18 +211,24 @@
(clientName == null ? "" : clientName) +
virtualHost + "?brokerlist='tcp://" + host + ":" + port + "'"
+ "," + ConnectionURL.OPTIONS_SSL + "='false'"
- ));
+ ), sslConfig);
}
public AMQConnection(String connection) throws AMQException,
URLSyntaxException
{
- this(new AMQConnectionURL(connection));
+ this(new AMQConnectionURL(connection), null);
}
+
+ public AMQConnection(String connection, SSLConfiguration sslConfig) throws
AMQException, URLSyntaxException
+ {
+ this(new AMQConnectionURL(connection), sslConfig);
+ }
+
- public AMQConnection(ConnectionURL connectionURL) throws AMQException
+ public AMQConnection(ConnectionURL connectionURL, SSLConfiguration
sslConfig) throws AMQException
{
_logger.info("Connection:" + connectionURL);
-
+ _sslConfiguration = sslConfig;
if (connectionURL == null)
{
throw new IllegalArgumentException("Connection must be specified");
@@ -319,9 +356,9 @@
}
}
- public boolean attemptReconnection(String host, int port, boolean useSSL)
+ public boolean attemptReconnection(String host, int port)
{
- BrokerDetails bd = new AMQBrokerDetails(host, port, useSSL);
+ BrokerDetails bd = new AMQBrokerDetails(host, port, _sslConfiguration);
_failoverPolicy.setBroker(bd);
@@ -1017,5 +1054,9 @@
AMQConnectionFactory.class.getName(),
null); // factory location
}
-
+
+ public SSLConfiguration getSSLConfiguration()
+ {
+ return _sslConfiguration;
+ }
}
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionFactory.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionFactory.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionFactory.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionFactory.java
Wed Feb 14 07:40:47 2007
@@ -42,7 +42,7 @@
private String _virtualPath;
private ConnectionURL _connectionDetails;
-
+ private SSLConfiguration _sslConfig;
public AMQConnectionFactory()
{
@@ -113,6 +113,22 @@
}
_defaultPassword = password;
}
+
+ /**
+ * Getter for SSLConfiguration
+ * @return SSLConfiguration if set, otherwise null
+ */
+ public final SSLConfiguration getSSLConfiguration() {
+ return _sslConfig;
+ }
+
+ /**
+ * Setter for SSLConfiguration
+ * @param sslConfig config to store
+ */
+ public final void setSSLConfiguration(SSLConfiguration sslConfig) {
+ _sslConfig = sslConfig;
+ }
/**
* @return The _defaultPassword.
@@ -229,7 +245,7 @@
{
_connectionDetails.setClientName(getUniqueClientID());
}
- return new AMQConnection(_connectionDetails);
+ return new AMQConnection(_connectionDetails, _sslConfig);
}
else
{
@@ -260,7 +276,7 @@
{
_connectionDetails.setClientName(getUniqueClientID());
}
- return new AMQConnection(_connectionDetails);
+ return new AMQConnection(_connectionDetails, _sslConfig);
}
else
{
Added:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java?view=auto&rev=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
(added)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
Wed Feb 14 07:40:47 2007
@@ -0,0 +1,61 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.client;
+
+public class SSLConfiguration {
+
+ private String _keystorePath;
+
+ private String _keystorePassword;
+
+ private String _certType = "SunX509";
+
+ public void setKeystorePath(String path)
+ {
+ _keystorePath = path;
+ }
+
+ public String getKeystorePath()
+ {
+ return _keystorePath;
+ }
+
+ public void setKeystorePassword(String password)
+ {
+ _keystorePassword = password;
+ }
+
+ public String getKeystorePassword()
+ {
+ return _keystorePassword;
+ }
+
+ public void setCertType(String type)
+ {
+ _certType = type;
+ }
+
+ public String getCertType()
+ {
+ return _certType;
+ }
+}
Propchange:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/SSLConfiguration.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/failover/FailoverHandler.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/failover/FailoverHandler.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/failover/FailoverHandler.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/failover/FailoverHandler.java
Wed Feb 14 07:40:47 2007
@@ -115,7 +115,7 @@
// if _host has value then we are performing a redirect.
if (_host != null)
{
- failoverSucceeded =
_amqProtocolHandler.getConnection().attemptReconnection(_host, _port,
_amqProtocolHandler.isUseSSL());
+ failoverSucceeded =
_amqProtocolHandler.getConnection().attemptReconnection(_host, _port);
}
else
{
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/protocol/AMQProtocolHandler.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/protocol/AMQProtocolHandler.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/protocol/AMQProtocolHandler.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/protocol/AMQProtocolHandler.java
Wed Feb 14 07:40:47 2007
@@ -20,35 +20,44 @@
*/
package org.apache.qpid.client.protocol;
+import java.util.Iterator;
+import java.util.concurrent.CopyOnWriteArraySet;
+import java.util.concurrent.CountDownLatch;
+
import org.apache.log4j.Logger;
import org.apache.mina.common.IdleStatus;
import org.apache.mina.common.IoHandlerAdapter;
import org.apache.mina.common.IoSession;
-import org.apache.mina.common.IoServiceConfig;
import org.apache.mina.filter.SSLFilter;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.qpid.AMQConnectionClosedException;
import org.apache.qpid.AMQDisconnectedException;
import org.apache.qpid.AMQException;
import org.apache.qpid.AMQTimeoutException;
-import org.apache.qpid.pool.ReadWriteThreadModel;
-import org.apache.qpid.protocol.AMQMethodEvent;
import org.apache.qpid.client.AMQConnection;
import org.apache.qpid.client.AMQSession;
+import org.apache.qpid.client.SSLConfiguration;
import org.apache.qpid.client.failover.FailoverHandler;
import org.apache.qpid.client.failover.FailoverState;
import org.apache.qpid.client.state.AMQState;
import org.apache.qpid.client.state.AMQStateManager;
import org.apache.qpid.client.state.listener.SpecificMethodFrameListener;
import org.apache.qpid.codec.AMQCodecFactory;
-import org.apache.qpid.framing.*;
+import org.apache.qpid.framing.AMQBody;
+import org.apache.qpid.framing.AMQDataBlock;
+import org.apache.qpid.framing.AMQFrame;
+import org.apache.qpid.framing.AMQMethodBody;
+import org.apache.qpid.framing.AMQShortString;
+import org.apache.qpid.framing.ConnectionCloseBody;
+import org.apache.qpid.framing.ConnectionCloseOkBody;
+import org.apache.qpid.framing.ContentBody;
+import org.apache.qpid.framing.ContentHeaderBody;
+import org.apache.qpid.framing.HeartbeatBody;
+import org.apache.qpid.pool.ReadWriteThreadModel;
import org.apache.qpid.protocol.AMQConstant;
+import org.apache.qpid.protocol.AMQMethodEvent;
import org.apache.qpid.protocol.AMQMethodListener;
-import org.apache.qpid.ssl.BogusSSLContextFactory;
-
-import java.util.Iterator;
-import java.util.concurrent.CopyOnWriteArraySet;
-import java.util.concurrent.CountDownLatch;
+import org.apache.qpid.ssl.SSLContextFactory;
public class AMQProtocolHandler extends IoHandlerAdapter
@@ -62,12 +71,6 @@
private AMQConnection _connection;
/**
- * Used only when determining whether to add the SSL filter or not. This
should be made more
- * generic in future since we will potentially have many transport layer
options
- */
- private boolean _useSSL;
-
- /**
* Our wrapper for a protocol session that provides access to session
values
* in a typesafe manner.
*/
@@ -99,16 +102,6 @@
_connection = con;
}
- public boolean isUseSSL()
- {
- return _useSSL;
- }
-
- public void setUseSSL(boolean useSSL)
- {
- _useSSL = useSSL;
- }
-
public void sessionCreated(IoSession session) throws Exception
{
_logger.debug("Protocol session created for session " +
System.identityHashCode(session));
@@ -125,10 +118,11 @@
session.getFilterChain().addLast("protocolFilter", pcf);
}
// we only add the SSL filter where we have an SSL connection
- if (_useSSL)
+ if (_connection.getSSLConfiguration() != null)
{
- //FIXME: Bogus context cannot be used in production.
- SSLFilter sslFilter = new
SSLFilter(BogusSSLContextFactory.getInstance(false));
+ SSLConfiguration sslConfig = _connection.getSSLConfiguration();
+ SSLContextFactory sslFactory = new
SSLContextFactory(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(),
sslConfig.getCertType());
+ SSLFilter sslFilter = new
SSLFilter(sslFactory.buildClientContext());
sslFilter.setUseClientMode(true);
session.getFilterChain().addBefore("protocolFilter", "ssl",
sslFilter);
}
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/SocketTransportConnection.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/SocketTransportConnection.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/SocketTransportConnection.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/SocketTransportConnection.java
Wed Feb 14 07:40:47 2007
@@ -81,7 +81,6 @@
scfg.setReceiveBufferSize(Integer.getInteger("amqj.receiveBufferSize",
DEFAULT_BUFFER_SIZE));
_logger.info("recv-buffer-size = " + scfg.getReceiveBufferSize());
final InetSocketAddress address = new
InetSocketAddress(brokerDetail.getHost(), brokerDetail.getPort());
- protocolHandler.setUseSSL(brokerDetail.useSSL());
_logger.info("Attempting connection to " + address);
ConnectFuture future = ioConnector.connect(address, protocolHandler);
Modified:
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java
(original)
+++
incubator/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java
Wed Feb 14 07:40:47 2007
@@ -20,6 +20,8 @@
*/
package org.apache.qpid.jms;
+import org.apache.qpid.client.SSLConfiguration;
+
public interface BrokerDetails
{
@@ -28,7 +30,6 @@
* @see ConnectionURL
*/
public static final String OPTIONS_RETRY = "retries";
- public static final String OPTIONS_SSL = ConnectionURL.OPTIONS_SSL;
public static final String OPTIONS_CONNECT_TIMEOUT = "connecttimeout";
public static final int DEFAULT_PORT = 5672;
@@ -55,10 +56,6 @@
void setTransport(String transport);
- boolean useSSL();
-
- void useSSL(boolean ssl);
-
String getOption(String key);
void setOption(String key, String value);
@@ -66,6 +63,10 @@
long getTimeout();
void setTimeout(long timeout);
+
+ SSLConfiguration getSSLConfiguration();
+
+ void setSSLConfiguration(SSLConfiguration sslConfiguration);
String toString();
Modified:
incubator/qpid/trunk/qpid/java/cluster/src/main/java/org/apache/qpid/server/cluster/Main.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/cluster/src/main/java/org/apache/qpid/server/cluster/Main.java?view=diff&rev=507584&r1=507583&r2=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/cluster/src/main/java/org/apache/qpid/server/cluster/Main.java
(original)
+++
incubator/qpid/trunk/qpid/java/cluster/src/main/java/org/apache/qpid/server/cluster/Main.java
Wed Feb 14 07:40:47 2007
@@ -44,9 +44,8 @@
import java.net.InetSocketAddress;
/**
- * TODO: This is a cut-and-paste from the original broker Main class. Would be
preferrable
- * to make that class more reuseable to avoid all this duplication.
- *
+ * TODO: This is a cut-and-paste from the original broker Main class. Would be
preferrable to make that class more
+ * reuseable to avoid all this duplication.
*/
public class Main extends org.apache.qpid.server.Main
{
@@ -88,18 +87,16 @@
String host = InetAddress.getLocalHost().getHostName();
ClusteredProtocolHandler handler = new
ClusteredProtocolHandler(new InetSocketAddress(host, port));
- if (connectorConfig.enableNonSSL)
+ if (!connectorConfig.enableSSL)
{
acceptor.bind(new InetSocketAddress(port), handler, sconfig);
_logger.info("Qpid.AMQP listening on non-SSL port " + port);
handler.connect(commandLine.getOptionValue("j"));
}
-
- if (connectorConfig.enableSSL)
+ else
{
ClusteredProtocolHandler sslHandler = new
ClusteredProtocolHandler(handler);
- sslHandler.setUseSSL(true);
- acceptor.bind(new InetSocketAddress(connectorConfig.sslPort),
handler, sconfig);
+ acceptor.bind(new InetSocketAddress(connectorConfig.sslPort),
sslHandler, sconfig);
_logger.info("Qpid.AMQP listening on SSL port " +
connectorConfig.sslPort);
}
}
Added:
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java?view=auto&rev=507584
==============================================================================
---
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
(added)
+++
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
Wed Feb 14 07:40:47 2007
@@ -0,0 +1,157 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+/**
+ * Factory used to create SSLContexts. SSL needs to be configured
+ * before this will work.
+ *
+ */
+public class SSLContextFactory {
+
+ /**
+ * Path to the Java keystore file
+ */
+ private String _keystorePath;
+
+ /**
+ * Password for the keystore
+ */
+ private String _keystorePassword;
+
+ /**
+ * Cert type to use
+ */
+ private String _certType;
+
+ /**
+ * Create a factory instance
+ * @param keystorePath path to the Java keystore file
+ * @param keystorePassword password for the Java keystore
+ * @param certType certificate type
+ */
+ public SSLContextFactory(String keystorePath, String keystorePassword,
+ String certType)
+ {
+ _keystorePath = keystorePath;
+ _keystorePassword = keystorePassword;
+ if (_keystorePassword.equals("none"))
+ {
+ _keystorePassword = null;
+ }
+ _certType = certType;
+ if (keystorePath == null) {
+ throw new IllegalArgumentException("Keystore path must
be specified");
+ }
+ if (certType == null) {
+ throw new IllegalArgumentException("Cert type must be
specified");
+ }
+ }
+
+ /**
+ * Builds a SSLContext appropriate for use with a server
+ * @return SSLContext
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public SSLContext buildServerContext() throws GeneralSecurityException,
IOException
+ {
+ // Create keystore
+ KeyStore ks = getInitializedKeyStore();
+
+ // Set up key manager factory to use our key store
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(_certType);
+ kmf.init(ks, _keystorePassword.toCharArray());
+
+ // Initialize the SSLContext to work with our key managers.
+ SSLContext sslContext = SSLContext.getInstance("TLS");
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(_certType);
+ tmf.init(ks);
+ sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+
+ return sslContext;
+ }
+
+ /**
+ * Creates a SSLContext factory appropriate for use with a client
+ * @return SSLContext
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public SSLContext buildClientContext() throws GeneralSecurityException,
IOException
+ {
+ KeyStore ks = getInitializedKeyStore();
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(_certType);
+ tmf.init(ks);
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, tmf.getTrustManagers(), null);
+ return context;
+ }
+
+ private KeyStore getInitializedKeyStore() throws
GeneralSecurityException, IOException
+ {
+ KeyStore ks = KeyStore.getInstance("JKS");
+ InputStream in = null;
+ try
+ {
+ File f = new File(_keystorePath);
+ if (f.exists())
+ {
+ in = new FileInputStream(f);
+ }
+ else
+ {
+ in =
Thread.currentThread().getContextClassLoader().getResourceAsStream(_keystorePath);
+ }
+ if (in == null)
+ {
+ throw new IOException("Unable to load keystore resource: " +
_keystorePath);
+ }
+ ks.load(in, _keystorePassword.toCharArray());
+ }
+ finally
+ {
+ if (in != null)
+ {
+ //noinspection EmptyCatchBlock
+ try
+ {
+ in.close();
+ }
+ catch (IOException ignored)
+ {
+ }
+ }
+ }
+ return ks;
+ }
+}
Propchange:
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
incubator/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
