You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2018/03/17 20:07:40 UTC
qpid-broker-j git commit: QPID-8016: [Broker-J] Correct
FileKeyStore's selection of certificate by alias
Repository: qpid-broker-j
Updated Branches:
refs/heads/7.0.x ce05c23a5 -> 6d26e38ab
QPID-8016: [Broker-J] Correct FileKeyStore's selection of certificate by alias
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/6d26e38a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/6d26e38a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/6d26e38a
Branch: refs/heads/7.0.x
Commit: 6d26e38ab349e9fb6aad3afc959f143a97037369
Parents: ce05c23
Author: Keith Wall <kw...@apache.org>
Authored: Fri Mar 16 20:02:07 2018 +0000
Committer: Keith Wall <kw...@apache.org>
Committed: Sat Mar 17 20:06:57 2018 +0000
----------------------------------------------------------------------
.../qpid/server/security/FileKeyStoreImpl.java | 6 +-
.../security/ssl/QpidClientX509KeyManager.java | 125 -------------------
.../security/ssl/QpidServerX509KeyManager.java | 98 +++++++++++++++
3 files changed, 101 insertions(+), 128 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/6d26e38a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
index 4c5ed1f..62c3102 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
@@ -53,7 +53,7 @@ import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
-import org.apache.qpid.server.transport.network.security.ssl.QpidClientX509KeyManager;
+import org.apache.qpid.server.transport.network.security.ssl.QpidServerX509KeyManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
@ManagedObject( category = false )
@@ -236,8 +236,8 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
if (_certificateAlias != null)
{
return new KeyManager[] {
- new QpidClientX509KeyManager( _certificateAlias, url, _keyStoreType, getPassword(),
- _keyManagerFactoryAlgorithm)
+ new QpidServerX509KeyManager(_certificateAlias, url, _keyStoreType, getPassword(),
+ _keyManagerFactoryAlgorithm)
};
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/6d26e38a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidClientX509KeyManager.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidClientX509KeyManager.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidClientX509KeyManager.java
deleted file mode 100644
index 130e23c..0000000
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidClientX509KeyManager.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.server.transport.network.security.ssl;
-
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.X509ExtendedKeyManager;
-import java.io.IOException;
-import java.net.Socket;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class QpidClientX509KeyManager extends X509ExtendedKeyManager
-{
- private static final Logger LOGGER = LoggerFactory.getLogger(QpidClientX509KeyManager.class);
-
- private X509ExtendedKeyManager delegate;
- private String alias;
-
- public QpidClientX509KeyManager(String alias, String keyStorePath, String keyStoreType,
- String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
- {
- this.alias = alias;
- KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword,keyStoreType);
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
- kmf.init(ks, keyStorePassword.toCharArray());
- this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
- }
-
- public QpidClientX509KeyManager(String alias, URL keyStoreUrl, String keyStoreType,
- String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
- {
- this.alias = alias;
- KeyStore ks = SSLUtil.getInitializedKeyStore(keyStoreUrl,keyStorePassword,keyStoreType);
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
- kmf.init(ks, keyStorePassword.toCharArray());
- this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
- }
-
- public QpidClientX509KeyManager(String alias, KeyStore ks,
- String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
- {
- this.alias = alias;
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
- kmf.init(ks, keyStorePassword.toCharArray());
- this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
- }
-
-
- @Override
- public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
- {
- LOGGER.debug("chooseClientAlias:Returning alias {}", alias);
- return alias;
- }
-
- @Override
- public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
- {
- return delegate.chooseServerAlias(keyType, issuers, socket);
- }
-
- @Override
- public X509Certificate[] getCertificateChain(String alias)
- {
- return delegate.getCertificateChain(alias);
- }
-
- @Override
- public String[] getClientAliases(String keyType, Principal[] issuers)
- {
- LOGGER.debug("getClientAliases:Returning alias {}", alias);
- return new String[]{alias};
- }
-
- @Override
- public PrivateKey getPrivateKey(String alias)
- {
- return delegate.getPrivateKey(alias);
- }
-
- @Override
- public String[] getServerAliases(String keyType, Principal[] issuers)
- {
- return delegate.getServerAliases(keyType, issuers);
- }
-
- @Override
- public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
- {
- LOGGER.debug("chooseEngineClientAlias:Returning alias {}", alias);
- return alias;
- }
-
- @Override
- public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
- {
- return delegate.chooseEngineServerAlias(keyType, issuers, engine);
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/6d26e38a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidServerX509KeyManager.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidServerX509KeyManager.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidServerX509KeyManager.java
new file mode 100644
index 0000000..c75d781
--- /dev/null
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidServerX509KeyManager.java
@@ -0,0 +1,98 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.transport.network.security.ssl;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+import java.io.IOException;
+import java.net.Socket;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+
+public class QpidServerX509KeyManager extends X509ExtendedKeyManager
+{
+ private final X509ExtendedKeyManager _delegate;
+ private final String _alias;
+
+ public QpidServerX509KeyManager(String alias, URL keyStoreUrl, String keyStoreType,
+ String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
+ {
+ _alias = alias;
+ KeyStore ks = SSLUtil.getInitializedKeyStore(keyStoreUrl,keyStorePassword,keyStoreType);
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
+ kmf.init(ks, keyStorePassword.toCharArray());
+ _delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
+ }
+
+ @Override
+ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
+ {
+ return _delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ @Override
+ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
+ {
+ return _alias != null ? _alias : _delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(String alias)
+ {
+ return _delegate.getCertificateChain(alias);
+ }
+
+ @Override
+ public String[] getClientAliases(String keyType, Principal[] issuers)
+ {
+ return _delegate.getClientAliases(keyType, issuers);
+ }
+
+ @Override
+ public PrivateKey getPrivateKey(String alias)
+ {
+ return _delegate.getPrivateKey(alias);
+ }
+
+ @Override
+ public String[] getServerAliases(String keyType, Principal[] issuers)
+ {
+ return _alias != null ? new String[] {_alias } : _delegate.getServerAliases(keyType, issuers);
+ }
+
+ @Override
+ public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
+ {
+ return _delegate.chooseEngineClientAlias(keyType, issuers, engine);
+ }
+
+ @Override
+ public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
+ {
+ return _alias != null ? _alias : _delegate.chooseEngineServerAlias(keyType, issuers, engine);
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org