You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ta...@apache.org on 2017/10/12 19:45:01 UTC
qpid-jms git commit: QPIDJMS-339 optionally read the key and trust
store types from env
Repository: qpid-jms
Updated Branches:
refs/heads/master f6c95d448 -> 475ff58fe
QPIDJMS-339 optionally read the key and trust store types from env
Use the standard java system properties to attempt to read key and trust
store types from.
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/475ff58f
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/475ff58f
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/475ff58f
Branch: refs/heads/master
Commit: 475ff58fed092ae96ce106b93f947553835a1dc1
Parents: f6c95d4
Author: Timothy Bish <ta...@gmail.com>
Authored: Thu Oct 12 15:41:56 2017 -0400
Committer: Timothy Bish <ta...@gmail.com>
Committed: Thu Oct 12 15:41:56 2017 -0400
----------------------------------------------------------------------
.../jms/transports/TransportSslOptions.java | 8 +++-
.../jms/integration/SslIntegrationTest.java | 48 ++++++++++++++++++--
2 files changed, 49 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/475ff58f/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
index 0eac9e3..0fec49a 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
@@ -38,16 +38,18 @@ public class TransportSslOptions extends TransportOptions {
public static final int DEFAULT_SSL_PORT = 5671;
private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
+ private static final String JAVAX_NET_SSL_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String JAVAX_NET_SSL_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
private String keyStoreLocation;
private String keyStorePassword;
private String trustStoreLocation;
private String trustStorePassword;
- private String keyStoreType = DEFAULT_STORE_TYPE;
- private String trustStoreType = DEFAULT_STORE_TYPE;
+ private String keyStoreType;
+ private String trustStoreType;
private String[] enabledCipherSuites;
private String[] disabledCipherSuites;
private String[] enabledProtocols;
@@ -62,8 +64,10 @@ public class TransportSslOptions extends TransportOptions {
public TransportSslOptions() {
setKeyStoreLocation(System.getProperty(JAVAX_NET_SSL_KEY_STORE));
+ setKeyStoreType(System.getProperty(JAVAX_NET_SSL_KEY_STORE_TYPE, DEFAULT_STORE_TYPE));
setKeyStorePassword(System.getProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD));
setTrustStoreLocation(System.getProperty(JAVAX_NET_SSL_TRUST_STORE));
+ setTrustStoreType(System.getProperty(JAVAX_NET_SSL_TRUST_STORE_TYPE, DEFAULT_STORE_TYPE));
setTrustStorePassword(System.getProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD));
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/475ff58f/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
index 14c3531..9e25779 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
@@ -49,12 +49,17 @@ import org.junit.Test;
public class SslIntegrationTest extends QpidJmsTestCase {
private static final String BROKER_JKS_KEYSTORE = "src/test/resources/broker-jks.keystore";
+ private static final String BROKER_PKCS12_KEYSTORE = "src/test/resources/broker-pkcs12.keystore";
private static final String BROKER_JKS_TRUSTSTORE = "src/test/resources/broker-jks.truststore";
+ private static final String BROKER_PKCS12_TRUSTSTORE = "src/test/resources/broker-pkcs12.truststore";
private static final String CLIENT_MULTI_KEYSTORE = "src/test/resources/client-multiple-keys-jks.keystore";
private static final String CLIENT_JKS_TRUSTSTORE = "src/test/resources/client-jks.truststore";
+ private static final String CLIENT_PKCS12_TRUSTSTORE = "src/test/resources/client-pkcs12.truststore";
private static final String OTHER_CA_TRUSTSTORE = "src/test/resources/other-ca-jks.truststore";
private static final String CLIENT_JKS_KEYSTORE = "src/test/resources/client-jks.keystore";
+ private static final String CLIENT_PKCS12_KEYSTORE = "src/test/resources/client-pkcs12.keystore";
private static final String CLIENT2_JKS_KEYSTORE = "src/test/resources/client2-jks.keystore";
+ private static final String CUSTOM_STORE_TYPE_PKCS12 = "pkcs12";
private static final String PASSWORD = "password";
private static final String WRONG_PASSWORD = "wrong-password";
@@ -67,8 +72,10 @@ public class SslIntegrationTest extends QpidJmsTestCase {
private static final String ALIAS_CA_CERT = "ca";
private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
+ private static final String JAVAX_NET_SSL_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String JAVAX_NET_SSL_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
private final IntegrationTestFixture testFixture = new IntegrationTestFixture();
@@ -407,6 +414,13 @@ public class SslIntegrationTest extends QpidJmsTestCase {
doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT2_DN);
}
+ @Test(timeout = 20000)
+ public void testConfigurePkcs12StoresWithSslSystemProperties() throws Exception {
+ // Set properties and expect connection as Client1
+ setSslSystemPropertiesForCurrentTest(CLIENT_PKCS12_KEYSTORE, CUSTOM_STORE_TYPE_PKCS12, PASSWORD, CLIENT_PKCS12_TRUSTSTORE, CUSTOM_STORE_TYPE_PKCS12, PASSWORD);
+ doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT_DN, true);
+ }
+
private void setSslSystemPropertiesForCurrentTest(String keystore, String keystorePassword, String truststore, String truststorePassword) {
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE, keystore);
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, keystorePassword);
@@ -414,13 +428,37 @@ public class SslIntegrationTest extends QpidJmsTestCase {
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword);
}
+ private void setSslSystemPropertiesForCurrentTest(String keystore, String keystoreType, String keystorePassword, String truststore, String truststoreType, String truststorePassword) {
+ setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE, keystore);
+ setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_TYPE, keystoreType);
+ setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, keystorePassword);
+ setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE, truststore);
+ setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_TYPE, truststoreType);
+ setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword);
+ }
+
private void doConfigureStoresWithSslSystemPropertiesTestImpl(String expectedDN) throws Exception {
+ doConfigureStoresWithSslSystemPropertiesTestImpl(expectedDN, false);
+ }
+
+ private void doConfigureStoresWithSslSystemPropertiesTestImpl(String expectedDN, boolean usePkcs12Store) throws Exception {
TransportSslOptions serverSslOptions = new TransportSslOptions();
- serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
- serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
- serverSslOptions.setKeyStorePassword(PASSWORD);
- serverSslOptions.setTrustStorePassword(PASSWORD);
- serverSslOptions.setVerifyHost(false);
+
+ if (!usePkcs12Store) {
+ serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
+ serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
+ serverSslOptions.setKeyStorePassword(PASSWORD);
+ serverSslOptions.setTrustStorePassword(PASSWORD);
+ serverSslOptions.setVerifyHost(false);
+ } else {
+ serverSslOptions.setKeyStoreLocation(BROKER_PKCS12_KEYSTORE);
+ serverSslOptions.setTrustStoreLocation(BROKER_PKCS12_TRUSTSTORE);
+ serverSslOptions.setKeyStoreType(CUSTOM_STORE_TYPE_PKCS12);
+ serverSslOptions.setTrustStoreType(CUSTOM_STORE_TYPE_PKCS12);
+ serverSslOptions.setKeyStorePassword(PASSWORD);
+ serverSslOptions.setTrustStorePassword(PASSWORD);
+ serverSslOptions.setVerifyHost(false);
+ }
SSLContext serverSslContext = TransportSupport.createSslContext(serverSslOptions);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org