You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2017/01/16 16:13:03 UTC
[2/2] qpid-jms git commit: QPIDJMS-254: update trust store password
config default to use the 'javax.net.ssl.trustStorePassword' property
QPIDJMS-254: update trust store password config default to use the 'javax.net.ssl.trustStorePassword' property
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/d089d865
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/d089d865
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/d089d865
Branch: refs/heads/master
Commit: d089d865e3d16624751d4c22a188fb91156ecf03
Parents: c89a24a
Author: Robert Gemmell <ro...@apache.org>
Authored: Mon Jan 16 16:05:01 2017 +0000
Committer: Robert Gemmell <ro...@apache.org>
Committed: Mon Jan 16 16:05:01 2017 +0000
----------------------------------------------------------------------
.../jms/transports/TransportSslOptions.java | 13 +++--
.../jms/integration/SslIntegrationTest.java | 19 ++++++++
.../jms/transports/TransportSslOptionsTest.java | 50 ++++++++++++++++++++
qpid-jms-docs/Configuration.md | 2 +-
4 files changed, 79 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d089d865/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
index 2240a78..129656c 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
@@ -37,6 +37,11 @@ public class TransportSslOptions extends TransportOptions {
public static final List<String> DEFAULT_DISABLED_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(new String[]{"SSLv2Hello", "SSLv3"}));
public static final int DEFAULT_SSL_PORT = 5671;
+ private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
+ private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+ private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+
private String keyStoreLocation;
private String keyStorePassword;
private String trustStoreLocation;
@@ -55,10 +60,10 @@ public class TransportSslOptions extends TransportOptions {
private SSLContext sslContextOverride;
public TransportSslOptions() {
- setKeyStoreLocation(System.getProperty("javax.net.ssl.keyStore"));
- setKeyStorePassword(System.getProperty("javax.net.ssl.keyStorePassword"));
- setTrustStoreLocation(System.getProperty("javax.net.ssl.trustStore"));
- setTrustStorePassword(System.getProperty("javax.net.ssl.keyStorePassword"));
+ setKeyStoreLocation(System.getProperty(JAVAX_NET_SSL_KEY_STORE));
+ setKeyStorePassword(System.getProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD));
+ setTrustStoreLocation(System.getProperty(JAVAX_NET_SSL_TRUST_STORE));
+ setTrustStorePassword(System.getProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD));
}
/**
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d089d865/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
index 288abfa..14c3531 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java
@@ -56,6 +56,7 @@ public class SslIntegrationTest extends QpidJmsTestCase {
private static final String CLIENT_JKS_KEYSTORE = "src/test/resources/client-jks.keystore";
private static final String CLIENT2_JKS_KEYSTORE = "src/test/resources/client2-jks.keystore";
private static final String PASSWORD = "password";
+ private static final String WRONG_PASSWORD = "wrong-password";
private static final String CLIENT_KEY_ALIAS = "client";
private static final String CLIENT_DN = "O=Client,CN=client";
@@ -383,6 +384,24 @@ public class SslIntegrationTest extends QpidJmsTestCase {
// Expected
}
+ // Set properties with wrong key store password and expect connection to fail
+ setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, WRONG_PASSWORD, CLIENT_JKS_TRUSTSTORE, PASSWORD);
+ try {
+ doConfigureStoresWithSslSystemPropertiesTestImpl(null);
+ fail("Connection should have failed due to wrong keystore password");
+ } catch (JMSException jmse) {
+ // Expected
+ }
+
+ // Set properties with wrong trust store password and expect connection to fail
+ setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, PASSWORD, CLIENT_JKS_TRUSTSTORE, WRONG_PASSWORD);
+ try {
+ doConfigureStoresWithSslSystemPropertiesTestImpl(null);
+ fail("Connection should have failed due to wrong truststore password");
+ } catch (JMSException jmse) {
+ // Expected
+ }
+
// Set properties and expect connection as Client2
setSslSystemPropertiesForCurrentTest(CLIENT2_JKS_KEYSTORE, PASSWORD, CLIENT_JKS_TRUSTSTORE, PASSWORD);
doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT2_DN);
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d089d865/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
index eafaa3b..821ecf7 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
@@ -18,6 +18,7 @@ package org.apache.qpid.jms.transports;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNull;
import javax.net.ssl.SSLContext;
@@ -57,6 +58,11 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
private static final SSLContext SSL_CONTEXT = Mockito.mock(SSLContext.class);
+ private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
+ private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+ private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+
@Test
public void testCreate() {
TransportSslOptions options = new TransportSslOptions();
@@ -164,4 +170,48 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
return options;
}
+
+ @Test
+ public void testSslSystemPropertiesInfluenceDefaults() {
+ String keystore = "keystore";
+ String keystorePass = "keystorePass";
+ String truststore = "truststore";
+ String truststorePass = "truststorePass";
+
+ setSslSystemPropertiesForCurrentTest(keystore, keystorePass, truststore, truststorePass);
+
+ TransportSslOptions options1 = new TransportSslOptions();
+
+ assertEquals(keystore, options1.getKeyStoreLocation());
+ assertEquals(keystorePass, options1.getKeyStorePassword());
+ assertEquals(truststore, options1.getTrustStoreLocation());
+ assertEquals(truststorePass, options1.getTrustStorePassword());
+
+ keystore +="2";
+ keystorePass +="2";
+ truststore +="2";
+ truststorePass +="2";
+
+ setSslSystemPropertiesForCurrentTest(keystore, keystorePass, truststore, truststorePass);
+
+ TransportSslOptions options2 = new TransportSslOptions();
+
+ assertEquals(keystore, options2.getKeyStoreLocation());
+ assertEquals(keystorePass, options2.getKeyStorePassword());
+ assertEquals(truststore, options2.getTrustStoreLocation());
+ assertEquals(truststorePass, options2.getTrustStorePassword());
+
+ assertNotEquals(options1.getKeyStoreLocation(), options2.getKeyStoreLocation());
+ assertNotEquals(options1.getKeyStorePassword(), options2.getKeyStorePassword());
+ assertNotEquals(options1.getTrustStoreLocation(), options2.getTrustStoreLocation());
+ assertNotEquals(options1.getTrustStorePassword(), options2.getTrustStorePassword());
+ }
+
+ private void setSslSystemPropertiesForCurrentTest(String keystore, String keystorePassword, String truststore, String truststorePassword) {
+ setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE, keystore);
+ setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, keystorePassword);
+ setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE, truststore);
+ setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d089d865/qpid-jms-docs/Configuration.md
----------------------------------------------------------------------
diff --git a/qpid-jms-docs/Configuration.md b/qpid-jms-docs/Configuration.md
index 66f9f6e..7fe8c48 100644
--- a/qpid-jms-docs/Configuration.md
+++ b/qpid-jms-docs/Configuration.md
@@ -168,7 +168,7 @@ The complete set of SSL Transport options is listed below:
+ **transport.keyStoreLocation** default is to read from the system property "javax.net.ssl.keyStore"
+ **transport.keyStorePassword** default is to read from the system property "javax.net.ssl.keyStorePassword"
+ **transport.trustStoreLocation** default is to read from the system property "javax.net.ssl.trustStore"
-+ **transport.trustStorePassword** default is to read from the system property "javax.net.ssl.keyStorePassword"
++ **transport.trustStorePassword** default is to read from the system property "javax.net.ssl.trustStorePassword"
+ **transport.storeType** The type of trust store being used. Default is "JKS".
+ **transport.contextProtocol** The protocol argument used when getting an SSLContext. Default is "TLS".
+ **transport.enabledCipherSuites** The cipher suites to enable, comma separated. No default, meaning the context default ciphers are used. Any disabled ciphers are removed from this.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org