You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2011/08/18 16:42:47 UTC
svn commit: r1159250 [1/2] - in /qpid/trunk/qpid/java: broker/etc/
broker/src/main/java/org/apache/qpid/server/configuration/
broker/src/main/java/org/apache/qpid/server/protocol/
broker/src/test/java/org/apache/qpid/server/configuration/ client/src/ma...
Author: robbie
Date: Thu Aug 18 14:42:46 2011
New Revision: 1159250
URL: http://svn.apache.org/viewvc?rev=1159250&view=rev
Log:
QPID-3429: ensure that SSL is enabled correctly in MinaNetworkHandler. Refactor SSLContextFactory to be a factory, and present a useful interface for both client and server side use. Added keystore for the Java broker, renamed existing client trust/key stores for clarity. Fix SSL port configuration. Added new SSL tests, and ensure these are *always* run in the Java 0-10 profiles.
Committing work by myself and Keith Wall.
Added:
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.crt
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.req
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks
- copied, changed from r1159248, qpid/trunk/qpid/java/test-profiles/test_resources/ssl/keystore.jks
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
- copied, changed from r1159248, qpid/trunk/qpid/java/test-profiles/test_resources/ssl/certstore.jks
Removed:
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/certstore.jks
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/keystore.jks
Modified:
qpid/trunk/qpid/java/broker/etc/config.xml
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java
qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java
qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
qpid/trunk/qpid/java/test-profiles/JavaExcludes
qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes
qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes
qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile
qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile
qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile
qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile
qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile
Modified: qpid/trunk/qpid/java/broker/etc/config.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/etc/config.xml?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/etc/config.xml (original)
+++ qpid/trunk/qpid/java/broker/etc/config.xml Thu Aug 18 14:42:46 2011
@@ -33,12 +33,12 @@
To disasble Non-SSL port set sslOnly to true -->
<ssl>
<enabled>false</enabled>
+ <port>5671</port>
<sslOnly>false</sslOnly>
<keystorePath>/path/to/keystore.ks</keystorePath>
<keystorePassword>keystorepass</keystorePassword>
</ssl>
<port>5672</port>
- <sslport>8672</sslport>
<socketReceiveBuffer>262144</socketReceiveBuffer>
<socketSendBuffer>262144</socketSendBuffer>
</connector>
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java Thu Aug 18 14:42:46 2011
@@ -60,7 +60,7 @@ public class ServerConfiguration extends
public static final int DEFAULT_FRAME_SIZE = 65536;
public static final int DEFAULT_PORT = 5672;
- public static final int DEFAULT_SSL_PORT = 8672;
+ public static final int DEFAULT_SSL_PORT = 5671;
public static final long DEFAULT_HOUSEKEEPING_PERIOD = 30000L;
public static final int DEFAULT_JMXPORT = 8999;
@@ -688,12 +688,12 @@ public class ServerConfiguration extends
public String getKeystorePath()
{
- return getStringValue("connector.ssl.keystorePath", "none");
+ return getStringValue("connector.ssl.keystorePath");
}
public String getKeystorePassword()
{
- return getStringValue("connector.ssl.keystorePassword", "none");
+ return getStringValue("connector.ssl.keystorePassword");
}
public String getCertType()
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java Thu Aug 18 14:42:46 2011
@@ -20,7 +20,6 @@
*/
package org.apache.qpid.server.protocol;
-import java.util.EnumSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
@@ -32,23 +31,12 @@ import org.apache.qpid.transport.network
public class MultiVersionProtocolEngineFactory implements ProtocolEngineFactory
{
- private static final Set<AmqpProtocolVersion> ALL_VERSIONS = EnumSet.allOf(AmqpProtocolVersion.class);
private static final AtomicLong ID_GENERATOR = new AtomicLong(0);
private final IApplicationRegistry _appRegistry;
private final String _fqdn;
private final Set<AmqpProtocolVersion> _supported;
- public MultiVersionProtocolEngineFactory()
- {
- this("localhost", ALL_VERSIONS);
- }
-
- public MultiVersionProtocolEngineFactory(String fqdn)
- {
- this(fqdn, ALL_VERSIONS);
- }
-
public MultiVersionProtocolEngineFactory(String fqdn, Set<AmqpProtocolVersion> supportedVersions)
{
_appRegistry = ApplicationRegistry.getInstance();
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java Thu Aug 18 14:42:46 2011
@@ -511,7 +511,7 @@ public class ServerConfigurationTest ext
{
// Check default
_serverConfig.initialise();
- assertEquals("none", _serverConfig.getKeystorePath());
+ assertNull(_serverConfig.getKeystorePath());
// Check value we set
_config.setProperty("connector.ssl.keystorePath", "a");
@@ -524,7 +524,7 @@ public class ServerConfigurationTest ext
{
// Check default
_serverConfig.initialise();
- assertEquals("none", _serverConfig.getKeystorePassword());
+ assertNull(_serverConfig.getKeystorePassword());
// Check value we set
_config.setProperty("connector.ssl.keystorePassword", "a");
Modified: qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java (original)
+++ qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java Thu Aug 18 14:42:46 2011
@@ -23,6 +23,7 @@ package org.apache.qpid.client;
import java.io.IOException;
import java.net.ConnectException;
import java.nio.channels.UnresolvedAddressException;
+import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.EnumSet;
@@ -31,6 +32,7 @@ import java.util.Set;
import javax.jms.JMSException;
import javax.jms.XASession;
+import javax.net.ssl.SSLContext;
import org.apache.qpid.AMQException;
import org.apache.qpid.client.failover.FailoverException;
@@ -99,14 +101,21 @@ public class AMQConnectionDelegate_8_0 i
settings.setProtocol(brokerDetail.getTransport());
SSLConfiguration sslConfig = _conn.getSSLConfiguration();
- SSLContextFactory sslFactory = null;
+ SSLContext sslContext = null;
if (sslConfig != null)
{
- sslFactory = new SSLContextFactory(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType());
+ try
+ {
+ sslContext = SSLContextFactory.buildClientContext(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType(),null,null,null,null);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new AMQException("Unable to create SSLContext: " + e.getMessage(), e);
+ }
}
OutgoingNetworkTransport transport = Transport.getOutgoingTransportInstance(getProtocolVersion());
- NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslFactory);
+ NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslContext);
_conn._protocolHandler.setNetworkConnection(network);
_conn._protocolHandler.getProtocolSession().init();
// this blocks until the connection has been set up or when an error
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java Thu Aug 18 14:42:46 2011
@@ -20,18 +20,17 @@
*/
package org.apache.qpid.ssl;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
/**
@@ -39,157 +38,92 @@ import org.apache.qpid.transport.network
* before this will work.
*
*/
-public class SSLContextFactory {
-
- /**
- * Path to the Java keystore file
- */
- private String _keyStorePath;
-
- /**
- * Password for the keystore
- */
- private String _keyStorePassword;
-
- /**
- * Cert type to use in keystore
- */
- private String _keyStoreCertType;
-
- /**
- * Path to the Java truststore file
- */
- private String _trustStorePath;
-
- /**
- * Password for the truststore
- */
- private String _trustStorePassword;
-
- /**
- * Cert type to use in truststore
- */
- private String _trustStoreCertType;
-
- private KeyManager customKeyManager;
-
- public SSLContextFactory(String trustStorePath, String trustStorePassword,
- String trustStoreCertType)
+public class SSLContextFactory
+{
+ public static final String JAVA_KEY_STORE_CODE = "JKS";
+ public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
+ public static final String KEY_STORE_CERTIFICATE_TYPE = "SunX509";
+
+ private SSLContextFactory()
{
- this(trustStorePath,trustStorePassword,trustStoreCertType,
- trustStorePath,trustStorePassword,trustStoreCertType);
+ //no instances
}
- /**
- * Create a factory instance
- * @param keystorePath path to the Java keystore file
- * @param keystorePassword password for the Java keystore
- * @param certType certificate type
- */
- public SSLContextFactory(String trustStorePath, String trustStorePassword, String trustStoreCertType,
- String keyStorePath, String keyStorePassword, String keyStoreCertType)
- {
-
- _trustStorePath = trustStorePath;
- _trustStorePassword = trustStorePassword;
-
- if (_trustStorePassword != null && _trustStorePassword.equals("none"))
- {
- _trustStorePassword = null;
- }
- _trustStoreCertType = trustStoreCertType;
-
- _keyStorePath = keyStorePath;
- _keyStorePassword = keyStorePassword;
-
- if (_keyStorePassword != null && _keyStorePassword.equals("none"))
- {
- _keyStorePassword = null;
- }
- _keyStoreCertType = keyStoreCertType;
-
- if (_trustStorePath == null) {
- throw new IllegalArgumentException("A TrustStore path or KeyStore path must be specified");
- }
- if (_trustStoreCertType == null) {
- throw new IllegalArgumentException("Cert type must be specified");
- }
- }
-
- public SSLContextFactory(String trustStorePath, String trustStorePassword, String trustStoreCertType,
- KeyManager customKeyManager)
+ public static SSLContext buildServerContext(final String keyStorePath,
+ final String keyStorePassword, final String keyStoreCertType)
+ throws GeneralSecurityException, IOException
{
+ return buildContext(null, null, null, keyStorePath, keyStorePassword,
+ keyStoreCertType, null);
+ }
- _trustStorePath = trustStorePath;
- _trustStorePassword = trustStorePassword;
-
- if (_trustStorePassword != null && _trustStorePassword.equals("none"))
- {
- _trustStorePassword = null;
- }
- _trustStoreCertType = trustStoreCertType;
-
- if (_trustStorePath == null) {
- throw new IllegalArgumentException("A TrustStore path or KeyStore path must be specified");
- }
- if (_trustStoreCertType == null) {
- throw new IllegalArgumentException("Cert type must be specified");
- }
-
- this.customKeyManager = customKeyManager;
+ public static SSLContext buildClientContext(final String trustStorePath,
+ final String trustStorePassword, final String trustStoreCertType,
+ final String keyStorePath, final String keyStorePassword,
+ final String keyStoreCertType, final String certAlias)
+ throws GeneralSecurityException, IOException
+ {
+ return buildContext(trustStorePath, trustStorePassword,
+ trustStoreCertType, keyStorePath, keyStorePassword,
+ keyStoreCertType, certAlias);
}
-
-
- /**
- * Builds a SSLContext appropriate for use with a server
- * @return SSLContext
- * @throws GeneralSecurityException
- * @throws IOException
- */
-
- public SSLContext buildServerContext() throws GeneralSecurityException, IOException
- {
- KeyStore ts = SSLUtil.getInitializedKeyStore(_trustStorePath,_trustStorePassword);
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(_trustStoreCertType);
- tmf.init(ts);
-
+
+ private static SSLContext buildContext(final String trustStorePath,
+ final String trustStorePassword, final String trustStoreCertType,
+ final String keyStorePath, final String keyStorePassword,
+ final String keyStoreCertType, final String certAlias)
+ throws GeneralSecurityException, IOException
+ {
// Initialize the SSLContext to work with our key managers.
- SSLContext sslContext = SSLContext.getInstance("TLS");
-
- if (customKeyManager != null)
+ final SSLContext sslContext = SSLContext
+ .getInstance(TRANSPORT_LAYER_SECURITY_CODE);
+
+ final TrustManager[] trustManagers;
+ final KeyManager[] keyManagers;
+
+ if (trustStorePath != null)
{
- sslContext.init(new KeyManager[]{customKeyManager},
- tmf.getTrustManagers(), null);
-
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
+ trustStorePassword);
+ final TrustManagerFactory tmf = TrustManagerFactory
+ .getInstance(trustStoreCertType);
+ tmf.init(ts);
+
+ trustManagers = tmf.getTrustManagers();
}
else
{
- // Create keystore
- KeyStore ks = SSLUtil.getInitializedKeyStore(_keyStorePath,_keyStorePassword);
- // Set up key manager factory to use our key store
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyStoreCertType);
- kmf.init(ks, _keyStorePassword.toCharArray());
+ trustManagers = null;
+ }
- sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ if (keyStorePath != null)
+ {
+ if (certAlias != null)
+ {
+ keyManagers = new KeyManager[] { new QpidClientX509KeyManager(
+ certAlias, keyStorePath, keyStorePassword,
+ keyStoreCertType) };
+ }
+ else
+ {
+ final KeyStore ks = SSLUtil.getInitializedKeyStore(
+ keyStorePath, keyStorePassword);
+
+ char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray();
+ // Set up key manager factory to use our key store
+ final KeyManagerFactory kmf = KeyManagerFactory
+ .getInstance(keyStoreCertType);
+ kmf.init(ks, keyStoreCharPassword);
+ keyManagers = kmf.getKeyManagers();
+ }
}
-
- return sslContext;
- }
-
- /**
- * Creates a SSLContext factory appropriate for use with a client
- * @return SSLContext
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public SSLContext buildClientContext() throws GeneralSecurityException, IOException
- {
- KeyStore ks = SSLUtil.getInitializedKeyStore(_trustStorePath,_trustStorePassword);
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(_trustStoreCertType);
- tmf.init(ks);
- SSLContext context = SSLContext.getInstance("TLS");
- context.init(null, tmf.getTrustManagers(), null);
- return context;
- }
-
+ else
+ {
+ keyManagers = null;
+ }
+
+ sslContext.init(keyManagers, trustManagers, null);
+
+ return sslContext;
+ }
}
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java Thu Aug 18 14:42:46 2011
@@ -20,11 +20,12 @@
*/
package org.apache.qpid.transport.network;
+import javax.net.ssl.SSLContext;
+
import org.apache.qpid.protocol.ProtocolEngineFactory;
-import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.NetworkTransportConfiguration;
public interface IncomingNetworkTransport extends NetworkTransport
{
- public void accept(NetworkTransportConfiguration config, ProtocolEngineFactory factory, SSLContextFactory sslFactory);
+ public void accept(NetworkTransportConfiguration config, ProtocolEngineFactory factory, SSLContext sslContext);
}
\ No newline at end of file
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java Thu Aug 18 14:42:46 2011
@@ -22,11 +22,12 @@ package org.apache.qpid.transport.networ
import java.nio.ByteBuffer;
-import org.apache.qpid.ssl.SSLContextFactory;
+import javax.net.ssl.SSLContext;
+
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.Receiver;
public interface OutgoingNetworkTransport extends NetworkTransport
{
- public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory);
+ public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContext sslContext);
}
\ No newline at end of file
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java Thu Aug 18 14:42:46 2011
@@ -27,7 +27,8 @@ import java.net.Socket;
import java.net.SocketException;
import java.nio.ByteBuffer;
-import org.apache.qpid.ssl.SSLContextFactory;
+import javax.net.ssl.SSLContext;
+
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.Receiver;
import org.apache.qpid.transport.TransportException;
@@ -51,7 +52,7 @@ public class IoNetworkTransport implemen
private IoNetworkConnection _connection;
private long _timeout = 60000;
- public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory)
+ public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContext sslContext)
{
int sendBufferSize = settings.getWriteBufferSize();
int receiveBufferSize = settings.getReadBufferSize();
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java Thu Aug 18 14:42:46 2011
@@ -21,6 +21,8 @@
package org.apache.qpid.transport.network.mina;
+import javax.net.ssl.SSLContext;
+
import org.apache.mina.common.ByteBuffer;
import org.apache.mina.common.IdleStatus;
import org.apache.mina.common.IoHandlerAdapter;
@@ -30,7 +32,6 @@ import org.apache.mina.filter.SSLFilter;
import org.apache.mina.util.SessionUtil;
import org.apache.qpid.protocol.ProtocolEngine;
import org.apache.qpid.protocol.ProtocolEngineFactory;
-import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.network.NetworkConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,7 +41,7 @@ public class MinaNetworkHandler extends
private static final Logger LOGGER = LoggerFactory.getLogger(MinaNetworkHandler.class);
private ProtocolEngineFactory _factory;
- private SSLContextFactory _sslFactory = null;
+ private SSLContext _sslContext = null;
static
{
@@ -52,15 +53,15 @@ public class MinaNetworkHandler extends
ByteBuffer.setAllocator(new SimpleByteBufferAllocator());
}
- public MinaNetworkHandler(SSLContextFactory sslFactory, ProtocolEngineFactory factory)
+ public MinaNetworkHandler(SSLContext sslContext, ProtocolEngineFactory factory)
{
- _sslFactory = sslFactory;
+ _sslContext = sslContext;
_factory = factory;
}
- public MinaNetworkHandler(SSLContextFactory sslFactory)
+ public MinaNetworkHandler(SSLContext sslContext)
{
- this(sslFactory, null);
+ this(sslContext, null);
}
public void messageReceived(IoSession session, Object message)
@@ -100,10 +101,10 @@ public class MinaNetworkHandler extends
SessionUtil.initialize(ioSession);
- if (_sslFactory != null)
+ if (_sslContext != null)
{
- ioSession.getFilterChain().addBefore("protocolFilter", "sslFilter",
- new SSLFilter(_sslFactory.buildServerContext()));
+ ioSession.getFilterChain().addFirst("sslFilter",
+ new SSLFilter(_sslContext));
}
if (_factory != null)
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java Thu Aug 18 14:42:46 2011
@@ -26,6 +26,8 @@ import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
+import javax.net.ssl.SSLContext;
+
import org.apache.mina.common.ConnectFuture;
import org.apache.mina.common.ExecutorThreadModel;
import org.apache.mina.common.IoConnector;
@@ -62,7 +64,7 @@ public class MinaNetworkTransport implem
private InetSocketAddress _address;
public NetworkConnection connect(ConnectionSettings settings,
- Receiver<java.nio.ByteBuffer> delegate, SSLContextFactory sslFactory)
+ Receiver<java.nio.ByteBuffer> delegate, SSLContext sslContext)
{
int transport = getTransport(settings.getProtocol());
@@ -77,7 +79,7 @@ public class MinaNetworkTransport implem
return new SocketConnector(1, new QpidThreadExecutor()); // non-blocking connector
}
});
- _connection = stc.connect(delegate, settings, sslFactory);
+ _connection = stc.connect(delegate, settings, sslContext);
break;
case UNKNOWN:
default:
@@ -115,7 +117,7 @@ public class MinaNetworkTransport implem
}
public void accept(final NetworkTransportConfiguration config, final ProtocolEngineFactory factory,
- final SSLContextFactory sslFactory)
+ final SSLContext sslContext)
{
int processors = config.getConnectorProcessors();
@@ -146,7 +148,7 @@ public class MinaNetworkTransport implem
try
{
- _acceptor.bind(_address, new MinaNetworkHandler(sslFactory, factory));
+ _acceptor.bind(_address, new MinaNetworkHandler(sslContext, factory));
}
catch (IOException e)
{
@@ -168,7 +170,7 @@ public class MinaNetworkTransport implem
_ioConnectorFactory = socketConnectorFactory;
}
- public NetworkConnection connect(Receiver<java.nio.ByteBuffer> receiver, ConnectionSettings settings, SSLContextFactory sslFactory)
+ public NetworkConnection connect(Receiver<java.nio.ByteBuffer> receiver, ConnectionSettings settings, SSLContext sslContext)
{
final IoConnector ioConnector = _ioConnectorFactory.newConnector();
final SocketAddress address;
@@ -203,7 +205,7 @@ public class MinaNetworkTransport implem
((SocketConnector) ioConnector).setWorkerTimeout(0);
}
- ConnectFuture future = ioConnector.connect(address, new MinaNetworkHandler(sslFactory), ioConnector.getDefaultConfig());
+ ConnectFuture future = ioConnector.connect(address, new MinaNetworkHandler(sslContext), ioConnector.getDefaultConfig());
future.join();
if (!future.isConnected())
{
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java Thu Aug 18 14:42:46 2011
@@ -25,6 +25,7 @@ import java.nio.ByteBuffer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.Connection;
import org.apache.qpid.transport.ConnectionListener;
import org.apache.qpid.transport.ConnectionSettings;
@@ -114,7 +115,14 @@ public class SecurityLayer
SSLContext sslCtx;
try
{
- sslCtx = SSLUtil.createSSLContext(settings);
+ sslCtx = SSLContextFactory
+ .buildClientContext(settings.getTrustStorePath(),
+ settings.getTrustStorePassword(),
+ settings.getTrustStoreCertType(),
+ settings.getKeyStorePath(),
+ settings.getKeyStorePassword(),
+ settings.getKeyStoreCertType(),
+ settings.getCertAlias());
}
catch (Exception e)
{
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java Thu Aug 18 14:42:46 2011
@@ -20,7 +20,9 @@
*/
package org.apache.qpid.transport.network.security.ssl;
+import java.io.IOException;
import java.net.Socket;
+import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
@@ -40,7 +42,7 @@ public class QpidClientX509KeyManager ex
String alias;
public QpidClientX509KeyManager(String alias, String keyStorePath,
- String keyStorePassword,String keyStoreCertType) throws Exception
+ String keyStorePassword,String keyStoreCertType) throws GeneralSecurityException, IOException
{
this.alias = alias;
KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword);
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java Thu Aug 18 14:42:46 2011
@@ -125,38 +125,6 @@ public class SSLUtil
return id.toString();
}
- public static SSLContext createSSLContext(ConnectionSettings settings) throws Exception
- {
- SSLContextFactory sslContextFactory;
-
- if (settings.getCertAlias() == null)
- {
- sslContextFactory =
- new SSLContextFactory(settings.getTrustStorePath(),
- settings.getTrustStorePassword(),
- settings.getTrustStoreCertType(),
- settings.getKeyStorePath(),
- settings.getKeyStorePassword(),
- settings.getKeyStoreCertType());
-
- } else
- {
- sslContextFactory =
- new SSLContextFactory(settings.getTrustStorePath(),
- settings.getTrustStorePassword(),
- settings.getTrustStoreCertType(),
- new QpidClientX509KeyManager(settings.getCertAlias(),
- settings.getKeyStorePath(),
- settings.getKeyStorePassword(),
- settings.getKeyStoreCertType()));
-
- log.debug("Using custom key manager");
- }
-
- return sslContextFactory.buildServerContext();
-
- }
-
public static KeyStore getInitializedKeyStore(String storePath, String storePassword) throws GeneralSecurityException, IOException
{
KeyStore ks = KeyStore.getInstance("JKS");
@@ -176,7 +144,10 @@ public class SSLUtil
{
throw new IOException("Unable to load keystore resource: " + storePath);
}
- ks.load(in, storePassword.toCharArray());
+
+ char[] storeCharPassword = storePassword == null ? null : storePassword.toCharArray();
+
+ ks.load(in, storeCharPassword);
}
finally
{
Added: qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java?rev=1159250&view=auto
==============================================================================
--- qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java (added)
+++ qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java Thu Aug 18 14:42:46 2011
@@ -0,0 +1,84 @@
+/* Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.ssl;
+
+import java.io.IOException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class SSLContextFactoryTest extends QpidTestCase
+{
+ private static final String BROKER_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_broker_keystore.jks";
+ private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks";
+ private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks";
+ private static final String STORE_PASSWORD = "password";
+ private static final String CERT_TYPE = "SunX509";
+ private static final String CERT_ALIAS_APP1 = "app1";
+
+ public void testBuildServerContext() throws Exception
+ {
+ SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE);
+ assertNotNull("SSLContext should not be null", context);
+ }
+
+ public void testBuildServerContextWithIncorrectPassword() throws Exception
+ {
+ try
+ {
+ SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", CERT_TYPE);
+ fail("Exception was not thrown due to incorrect password");
+ }
+ catch (IOException e)
+ {
+ //expected
+ }
+ }
+
+ public void testTrustStoreDoesNotExist() throws Exception
+ {
+ try
+ {
+ SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null);
+ fail("Exception was not thrown due to incorrect path");
+ }
+ catch (IOException e)
+ {
+ //expected
+ }
+ }
+
+ public void testBuildClientContextForSSLEncryptionOnly() throws Exception
+ {
+ SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null, null, null, null);
+ assertNotNull("SSLContext should not be null", context);
+ }
+
+ public void testBuildClientContextWithForClientAuth() throws Exception
+ {
+ SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null);
+ assertNotNull("SSLContext should not be null", context);
+ }
+
+ public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception
+ {
+ SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CERT_ALIAS_APP1);
+ assertNotNull("SSLContext should not be null", context);
+ }
+}
Modified: qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java (original)
+++ qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java Thu Aug 18 14:42:46 2011
@@ -37,7 +37,10 @@ import org.apache.mina.util.AvailablePor
public class QpidTestCase extends TestCase
{
- protected static final Logger _logger = Logger.getLogger(QpidTestCase.class);
+ public static final String QPID_HOME = System.getProperty("QPID_HOME");
+ public static final String TEST_RESOURCES_DIR = QPID_HOME + "/../test-profiles/test_resources/";
+
+ private static final Logger _logger = Logger.getLogger(QpidTestCase.class);
private final Map<String, String> _propertiesSetForTest = new HashMap<String, String>();
@@ -144,9 +147,9 @@ public class QpidTestCase extends TestCa
* completes.
*
* @param property The property to set
- * @param value the value to set it to.
+ * @param value the value to set it to, if null, the property will be cleared
*/
- protected void setTestSystemProperty(String property, String value)
+ protected void setTestSystemProperty(final String property, final String value)
{
if (!_propertiesSetForTest.containsKey(property))
{
@@ -154,7 +157,14 @@ public class QpidTestCase extends TestCa
_propertiesSetForTest.put(property, System.getProperty(property));
}
- System.setProperty(property, value);
+ if (value == null)
+ {
+ System.clearProperty(property);
+ }
+ else
+ {
+ System.setProperty(property, value);
+ }
}
/**
@@ -162,6 +172,7 @@ public class QpidTestCase extends TestCa
*/
protected void revertTestSystemProperties()
{
+ _logger.debug("reverting " + _propertiesSetForTest.size() + " test properties");
for (String key : _propertiesSetForTest.keySet())
{
String value = _propertiesSetForTest.get(key);
Modified: qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java (original)
+++ qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java Thu Aug 18 14:42:46 2011
@@ -23,9 +23,10 @@ package org.apache.qpid.transport.networ
import java.nio.ByteBuffer;
+import javax.net.ssl.SSLContext;
+
import org.apache.qpid.framing.ProtocolVersion;
import org.apache.qpid.protocol.ProtocolEngineFactory;
-import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.NetworkTransportConfiguration;
@@ -129,7 +130,7 @@ public class TransportTest extends QpidT
}
public NetworkConnection connect(ConnectionSettings settings,
- Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory)
+ Receiver<ByteBuffer> delegate, SSLContext sslContext)
{
throw new UnsupportedOperationException();
}
@@ -149,7 +150,7 @@ public class TransportTest extends QpidT
}
public void accept(NetworkTransportConfiguration config,
- ProtocolEngineFactory factory, SSLContextFactory sslFactory)
+ ProtocolEngineFactory factory, SSLContext sslContext)
{
throw new UnsupportedOperationException();
}
Modified: qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java (original)
+++ qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java Thu Aug 18 14:42:46 2011
@@ -80,7 +80,7 @@ public class IoAcceptor<E> extends Threa
try
{
Socket sock = socket.accept();
- IoTransport<E> transport = new IoTransport<E>(sock, binding,false);
+ IoTransport<E> transport = new IoTransport<E>(sock, binding);
}
catch (IOException e)
{
Modified: qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java (original)
+++ qpid/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java Thu Aug 18 14:42:46 2011
@@ -68,18 +68,10 @@ public final class IoTransport<E>
private IoReceiver receiver;
private long timeout = 60000;
- IoTransport(Socket socket, Binding<E,ByteBuffer> binding, boolean ssl)
+ IoTransport(Socket socket, Binding<E,ByteBuffer> binding)
{
this.socket = socket;
-
- if (ssl)
- {
- setupSSLTransport(socket, binding);
- }
- else
- {
- setupTransport(socket, binding);
- }
+ setupTransport(socket, binding);
}
private void setupTransport(Socket socket, Binding<E, ByteBuffer> binding)
@@ -96,41 +88,6 @@ public final class IoTransport<E>
ios.registerCloseListener(this.receiver);
}
- private void setupSSLTransport(Socket socket, Binding<E, ByteBuffer> binding)
- {
- SSLEngine engine = null;
- SSLContext sslCtx;
- try
- {
- sslCtx = createSSLContext();
- }
- catch (Exception e)
- {
- throw new TransportException("Error creating SSL Context", e);
- }
-
- try
- {
- engine = sslCtx.createSSLEngine();
- engine.setUseClientMode(true);
- }
- catch(Exception e)
- {
- throw new TransportException("Error creating SSL Engine", e);
- }
- IoSender ios = new IoSender(socket, 2*writeBufferSize, timeout);
- ios.initiate();
- final SSLStatus sslStatus = new SSLStatus();
- this.sender = new SSLSender(engine,ios, sslStatus);
- this.endpoint = binding.endpoint(sender);
- this.receiver = new IoReceiver(socket, new SSLReceiver(engine,binding.receiver(endpoint),sslStatus),
- 2*readBufferSize, timeout);
- this.receiver.initiate();
- ios.registerCloseListener(this.receiver);
-
- log.info("SSL Sender and Receiver initiated");
- }
-
public Sender<ByteBuffer> getSender()
{
return sender;
@@ -146,22 +103,4 @@ public final class IoTransport<E>
return socket;
}
- private SSLContext createSSLContext() throws Exception
- {
- String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
- String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
- String trustStoreCertType = System.getProperty("qpid.ssl.trustStoreCertType","SunX509");
-
- String keyStorePath = System.getProperty("javax.net.ssl.keyStore",trustStorePath);
- String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword",trustStorePassword);
- String keyStoreCertType = System.getProperty("qpid.ssl.keyStoreCertType","SunX509");
-
- SSLContextFactory sslContextFactory = new SSLContextFactory(trustStorePath,trustStorePassword,
- trustStoreCertType,keyStorePath,
- keyStorePassword,keyStoreCertType);
-
- return sslContextFactory.buildServerContext();
-
- }
-
}
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml Thu Aug 18 14:42:46 2011
@@ -20,11 +20,20 @@
-
-->
<broker>
+ <connector>
+ <ssl>
+ <port>15671</port>
+ <enabled>false</enabled>
+ <sslOnly>false</sslOnly>
+ <keystorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/java_broker_keystore.jks</keystorePath>
+ <keystorePassword>password</keystorePassword>
+ </ssl>
+ </connector>
<management>
<enabled>false</enabled>
<ssl>
<enabled>false</enabled>
- <keyStorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/keystore.jks</keyStorePath>
+ <keyStorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
<keyStorePassword>password</keyStorePassword>
</ssl>
</management>
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java Thu Aug 18 14:42:46 2011
@@ -31,62 +31,72 @@ import org.apache.qpid.test.utils.QpidBr
import org.apache.qpid.transport.Connection;
public class SSLTest extends QpidBrokerTestCase
-{
-
+{
+ private static final String KEYSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks";
+ private static final String KEYSTORE_PASSWORD = "password";
+ private static final String TRUSTSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks";
+ private static final String TRUSTSTORE_PASSWORD = "password";
+ private static final String CERT_ALIAS_APP1 = "app1";
+ private static final String CERT_ALIAS_APP2 = "app2";
+
@Override
protected void setUp() throws Exception
{
- System.setProperty("javax.net.debug", "ssl");
+ if(isJavaBroker())
+ {
+ setTestClientSystemProperty("profile.use_ssl", "true");
+ setConfigurationProperty("connector.ssl.enabled", "true");
+ setConfigurationProperty("connector.ssl.sslOnly", "true");
+ }
+
+ // set the ssl system properties
+ setSystemProperty("javax.net.ssl.keyStore", KEYSTORE);
+ setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
+ setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
+ setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
+ setSystemProperty("javax.net.debug", "ssl");
super.setUp();
}
- @Override
- protected void tearDown() throws Exception
- {
- System.setProperty("javax.net.debug", "");
- super.tearDown();
- }
-
- public void testCreateSSLContextFromConnectionURLParams()
+ public void testCreateSSLConnectionUsingConnectionURLParams() throws Exception
{
if (Boolean.getBoolean("profile.use_ssl"))
- {
+ {
+ // Clear the ssl system properties
+ setSystemProperty("javax.net.ssl.keyStore", null);
+ setSystemProperty("javax.net.ssl.keyStorePassword", null);
+ setSystemProperty("javax.net.ssl.trustStore", null);
+ setSystemProperty("javax.net.ssl.trustStorePassword", null);
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
"?ssl='true'&ssl_verify_hostname='true'" +
"&key_store='%s'&key_store_password='%s'" +
"&trust_store='%s'&trust_store_password='%s'" +
"'";
- String keyStore = System.getProperty("javax.net.ssl.keyStore");
- String keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword");
- String trustStore = System.getProperty("javax.net.ssl.trustStore");
- String trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword");
-
- url = String.format(url,System.getProperty("test.port.ssl"),
- keyStore,keyStorePass,trustStore,trustStorePass);
-
- // temporarily set the trust/key store jvm args to something else
- // to ensure we only read from the connection URL param.
- System.setProperty("javax.net.ssl.trustStore","fessgsdgd");
- System.setProperty("javax.net.ssl.trustStorePassword","fessgsdgd");
- System.setProperty("javax.net.ssl.keyStore","fessgsdgd");
- System.setProperty("javax.net.ssl.keyStorePassword","fessgsdgd");
- try
- {
- AMQConnection con = new AMQConnection(url);
- Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
- }
- catch (Exception e)
- {
- fail("SSL Connection should be successful");
- }
- finally
- {
- System.setProperty("javax.net.ssl.trustStore",trustStore);
- System.setProperty("javax.net.ssl.trustStorePassword",trustStorePass);
- System.setProperty("javax.net.ssl.keyStore",keyStore);
- System.setProperty("javax.net.ssl.keyStorePassword",keyStorePass);
- }
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT,
+ KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD);
+
+ AMQConnection con = new AMQConnection(url);
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
+ }
+
+ public void testCreateSSLConnectionUsingSystemProperties() throws Exception
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s?ssl='true''";
+
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
+
+ AMQConnection con = new AMQConnection(url);
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
}
}
@@ -95,8 +105,8 @@ public class SSLTest extends QpidBrokerT
if (Boolean.getBoolean("profile.use_ssl"))
{
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
- System.getProperty("test.port.ssl") +
- "?ssl='true'&ssl_cert_alias='app1''";
+ QpidBrokerTestCase.DEFAULT_SSL_PORT +
+ "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP1 + "''";
AMQTestConnection_0_10 con = new AMQTestConnection_0_10(url);
Connection transportCon = con.getConnection();
@@ -105,8 +115,8 @@ public class SSLTest extends QpidBrokerT
con.close();
url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
- System.getProperty("test.port.ssl") +
- "?ssl='true'&ssl_cert_alias='app2''";
+ QpidBrokerTestCase.DEFAULT_SSL_PORT +
+ "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP2 + "''";
con = new AMQTestConnection_0_10(url);
transportCon = con.getConnection();
@@ -116,12 +126,12 @@ public class SSLTest extends QpidBrokerT
}
}
- public void testVerifyHostName()
+ public void testVerifyHostNameWithIncorrectHostname()
{
if (Boolean.getBoolean("profile.use_ssl"))
{
String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" +
- System.getProperty("test.port.ssl") +
+ QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
try
@@ -140,42 +150,53 @@ public class SSLTest extends QpidBrokerT
}
}
- public void testVerifyLocalHost()
+ public void testVerifyLocalHost() throws Exception
{
if (Boolean.getBoolean("profile.use_ssl"))
{
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
- System.getProperty("test.port.ssl") +
+ QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
-
- try
- {
- AMQConnection con = new AMQConnection(url);
- }
- catch (Exception e)
- {
- fail("Hostname verification should succeed");
- }
- }
+
+ AMQConnection con = new AMQConnection(url);
+ assertNotNull("connection should have been created", con);
+ }
}
- public void testVerifyLocalHostLocalDomain()
+ public void testVerifyLocalHostLocalDomain() throws Exception
{
if (Boolean.getBoolean("profile.use_ssl"))
{
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" +
- System.getProperty("test.port.ssl") +
+ QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
+
+ AMQConnection con = new AMQConnection(url);
+ assertNotNull("connection should have been created", con);
+ }
+ }
+
+ public void testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly() throws Exception
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+ // Clear the ssl system properties
+ setSystemProperty("javax.net.ssl.keyStore", null);
+ setSystemProperty("javax.net.ssl.keyStorePassword", null);
+ setSystemProperty("javax.net.ssl.trustStore", null);
+ setSystemProperty("javax.net.ssl.trustStorePassword", null);
- try
- {
- AMQConnection con = new AMQConnection(url);
- }
- catch (Exception e)
- {
- fail("Hostname verification should succeed");
- }
-
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+ "?ssl='true'&ssl_verify_hostname='true'" +
+ "&trust_store='%s'&trust_store_password='%s'" +
+ "'";
+
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT, TRUSTSTORE,TRUSTSTORE_PASSWORD);
+
+ AMQConnection con = new AMQConnection(url);
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
}
}
}
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java Thu Aug 18 14:42:46 2011
@@ -519,7 +519,7 @@ public class BrokerLoggingTest extends A
setConfigurationProperty("connector.ssl.keyStorePath", getConfigurationStringProperty("management.ssl.keyStorePath"));
setConfigurationProperty("connector.ssl.keyStorePassword", getConfigurationStringProperty("management.ssl.keyStorePassword"));
- Integer sslPort = Integer.parseInt(getConfigurationStringProperty("connector.sslport"));
+ Integer sslPort = Integer.parseInt(getConfigurationStringProperty("connector.ssl.port"));
startBroker();
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java Thu Aug 18 14:42:46 2011
@@ -50,9 +50,9 @@ import org.slf4j.LoggerFactory;
public class AMQConnectionTest extends QpidBrokerTestCase
{
- private static AMQConnection _connection;
- private static AMQTopic _topic;
- private static AMQQueue _queue;
+ protected static AMQConnection _connection;
+ protected static AMQTopic _topic;
+ protected static AMQQueue _queue;
private static QueueSession _queueSession;
private static TopicSession _topicSession;
protected static final Logger _logger = LoggerFactory.getLogger(AMQConnectionTest.class);
@@ -60,15 +60,14 @@ public class AMQConnectionTest extends Q
protected void setUp() throws Exception
{
super.setUp();
- _connection = (AMQConnection) getConnection("guest", "guest");
+ createConnection();
_topic = new AMQTopic(_connection.getDefaultTopicExchangeName(), new AMQShortString("mytopic"));
_queue = new AMQQueue(_connection.getDefaultQueueExchangeName(), new AMQShortString("myqueue"));
}
-
- protected void tearDown() throws Exception
+
+ protected void createConnection() throws Exception
{
- _connection.close();
- super.tearDown();
+ _connection = (AMQConnection) getConnection("guest", "guest");
}
/**
@@ -207,61 +206,50 @@ public class AMQConnectionTest extends Q
public void testPrefetchSystemProperty() throws Exception
{
- String oldPrefetch = System.getProperty(ClientProperties.MAX_PREFETCH_PROP_NAME);
- try
- {
- _connection.close();
- System.setProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, new Integer(2).toString());
- _connection = (AMQConnection) getConnection();
- _connection.start();
- // Create two consumers on different sessions
- Session consSessA = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
- MessageConsumer consumerA = consSessA.createConsumer(_queue);
-
- Session producerSession = _connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- MessageProducer producer = producerSession.createProducer(_queue);
+ _connection.close();
+ setTestClientSystemProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, new Integer(2).toString());
+
+ createConnection();
+ _connection.start();
+ // Create two consumers on different sessions
+ Session consSessA = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
+ MessageConsumer consumerA = consSessA.createConsumer(_queue);
- // Send 3 messages
- for (int i = 0; i < 3; i++)
- {
- producer.send(producerSession.createTextMessage("test"));
- }
-
- MessageConsumer consumerB = null;
- // 0-8, 0-9, 0-9-1 prefetch is per session, not consumer.
- if (!isBroker010())
- {
- Session consSessB = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
- consumerB = consSessB.createConsumer(_queue);
- }
- else
- {
- consumerB = consSessA.createConsumer(_queue);
- }
+ Session producerSession = _connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ MessageProducer producer = producerSession.createProducer(_queue);
- Message msg;
- // Check that consumer A has 2 messages
- for (int i = 0; i < 2; i++)
- {
- msg = consumerA.receive(1500);
- assertNotNull("Consumer A should receive 2 messages",msg);
- }
-
- msg = consumerA.receive(1500);
- assertNull("Consumer A should not have received a 3rd message",msg);
-
- // Check that consumer B has the last message
- msg = consumerB.receive(1500);
- assertNotNull("Consumer B should have received the message",msg);
+ // Send 3 messages
+ for (int i = 0; i < 3; i++)
+ {
+ producer.send(producerSession.createTextMessage("test"));
}
- finally
+
+ MessageConsumer consumerB = null;
+ // 0-8, 0-9, 0-9-1 prefetch is per session, not consumer.
+ if (!isBroker010())
{
- if (oldPrefetch == null)
- {
- oldPrefetch = ClientProperties.MAX_PREFETCH_DEFAULT;
- }
- System.setProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, oldPrefetch);
+ Session consSessB = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
+ consumerB = consSessB.createConsumer(_queue);
+ }
+ else
+ {
+ consumerB = consSessA.createConsumer(_queue);
+ }
+
+ Message msg;
+ // Check that consumer A has 2 messages
+ for (int i = 0; i < 2; i++)
+ {
+ msg = consumerA.receive(1500);
+ assertNotNull("Consumer A should receive 2 messages",msg);
}
+
+ msg = consumerA.receive(1500);
+ assertNull("Consumer A should not have received a 3rd message",msg);
+
+ // Check that consumer B has the last message
+ msg = consumerB.receive(1500);
+ assertNotNull("Consumer B should have received the message",msg);
}
public void testGetChannelID() throws Exception
@@ -311,7 +299,7 @@ public class AMQConnectionTest extends Q
_connection.close();
stopBroker(port);
- System.setProperty("qpid.heartbeat", "1");
+ setSystemProperty("qpid.heartbeat", "1");
// in case this broker gets stuck, atleast the rest of the tests will not fail.
port = port + 200;
@@ -381,9 +369,7 @@ public class AMQConnectionTest extends Q
throw e;
}
finally
- {
- System.setProperty("qpid.heartbeat", "");
-
+ {
if (process != null)
{
process.destroy();
@@ -395,9 +381,4 @@ public class AMQConnectionTest extends Q
cleanBroker();
}
}
-
- public static junit.framework.Test suite()
- {
- return new junit.framework.TestSuite(AMQConnectionTest.class);
- }
}
Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java?rev=1159250&view=auto
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java (added)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java Thu Aug 18 14:42:46 2011
@@ -0,0 +1,57 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.test.unit.client;
+
+import org.apache.qpid.client.AMQConnection;
+import org.apache.qpid.client.AMQConnectionURL;
+
+public class AMQSSLConnectionTest extends AMQConnectionTest
+{
+ private static final String KEYSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks";
+ private static final String KEYSTORE_PASSWORD = "password";
+ private static final String TRUSTSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks";
+ private static final String TRUSTSTORE_PASSWORD = "password";
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ setTestClientSystemProperty("profile.use_ssl", "true");
+ setConfigurationProperty("connector.ssl.enabled", "true");
+ setConfigurationProperty("connector.ssl.sslOnly", "true");
+ super.setUp();
+ }
+
+ protected void createConnection() throws Exception
+ {
+
+ final String sslPrototypeUrl = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+ "?ssl='true'&ssl_verify_hostname='false'" +
+ "&key_store='%s'&key_store_password='%s'" +
+ "&trust_store='%s'&trust_store_password='%s'" +
+ "'";
+
+ final String url = String.format(sslPrototypeUrl,System.getProperty("test.port.ssl"),
+ KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD);
+
+ _connection = (AMQConnection) getConnection(new AMQConnectionURL(url));
+ }
+}
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java Thu Aug 18 14:42:46 2011
@@ -57,6 +57,7 @@ import org.apache.log4j.Logger;
import org.apache.qpid.AMQException;
import org.apache.qpid.client.AMQConnectionFactory;
import org.apache.qpid.client.AMQQueue;
+import org.apache.qpid.client.SSLConfiguration;
import org.apache.qpid.exchange.ExchangeDefaults;
import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ConnectionURL;
@@ -83,7 +84,7 @@ public class QpidBrokerTestCase extends
INTERNAL /** Test case starts an embedded broker within this JVM */,
SPAWNED /** Test case spawns a new broker as a separate process */
}
- protected final String QpidHome = System.getProperty("QPID_HOME");
+ protected final static String QpidHome = System.getProperty("QPID_HOME");
protected File _configFile = new File(System.getProperty("broker.config"));
protected static final Logger _logger = Logger.getLogger(QpidBrokerTestCase.class);
@@ -139,7 +140,7 @@ public class QpidBrokerTestCase extends
public static final int DEFAULT_PORT = Integer.getInteger("test.port", ServerConfiguration.DEFAULT_PORT);
public static final int FAILING_PORT = Integer.parseInt(System.getProperty("test.port.alt"));
public static final int DEFAULT_MANAGEMENT_PORT = Integer.getInteger("test.mport", ServerConfiguration.DEFAULT_JMXPORT);
- public static final int DEFAULT_SSL_PORT = Integer.getInteger("test.sslport", ServerConfiguration.DEFAULT_SSL_PORT);
+ public static final int DEFAULT_SSL_PORT = Integer.getInteger("test.port.ssl", ServerConfiguration.DEFAULT_SSL_PORT);
protected String _brokerLanguage = System.getProperty(BROKER_LANGUAGE, JAVA);
protected BrokerType _brokerType = BrokerType.valueOf(System.getProperty(BROKER_TYPE, "").toUpperCase());
@@ -258,6 +259,10 @@ public class QpidBrokerTestCase extends
_logger.error("exception stopping broker", e);
}
+ // reset properties used in the test
+ revertSystemProperties();
+ revertLoggingLevels();
+
if(_brokerCleanBetweenTests)
{
try
@@ -440,10 +445,11 @@ public class QpidBrokerTestCase extends
protected String getBrokerCommand(int port) throws MalformedURLException
{
- final String protocolExcludesList = _brokerProtocolExcludes.replace("@PORT", "" + port);
+ final int sslPort = port-1;
+ final String protocolExcludesList = getProtocolExcludesList(port, sslPort);
return _brokerCommand
.replace("@PORT", "" + port)
- .replace("@SSL_PORT", "" + (port - 1))
+ .replace("@SSL_PORT", "" + sslPort)
.replace("@MPORT", "" + getManagementPort(port))
.replace("@CONFIG_FILE", _configFile.toString())
.replace("@EXCLUDES", protocolExcludesList);
@@ -476,7 +482,7 @@ public class QpidBrokerTestCase extends
options.setConfigFile(_configFile.getAbsolutePath());
options.addPort(port);
- addExcludedPorts(port, options);
+ addExcludedPorts(port, DEFAULT_SSL_PORT, options);
options.setJmxPort(getManagementPort(port));
@@ -597,9 +603,9 @@ public class QpidBrokerTestCase extends
}
}
- private void addExcludedPorts(int port, BrokerOptions options)
+ private void addExcludedPorts(int port, int sslPort, BrokerOptions options)
{
- final String protocolExcludesList = _brokerProtocolExcludes.replace("@PORT", "" + port);
+ final String protocolExcludesList = getProtocolExcludesList(port, sslPort);
if (protocolExcludesList.equals(""))
{
@@ -621,6 +627,13 @@ public class QpidBrokerTestCase extends
}
}
+ protected String getProtocolExcludesList(int port, int sslPort)
+ {
+ final String protocolExcludesList =
+ _brokerProtocolExcludes.replace("@PORT", "" + port).replace("@SSL_PORT", "" + sslPort);
+ return protocolExcludesList;
+ }
+
private boolean existingInternalBroker()
{
for(BrokerHolder holder : _brokers.values())
@@ -1049,7 +1062,7 @@ public class QpidBrokerTestCase extends
{
return (AMQConnectionFactory) getInitialContext().lookup(factoryName);
}
-
+
public Connection getConnection() throws JMSException, NamingException
{
return getConnection("guest", "guest");
@@ -1117,19 +1130,10 @@ public class QpidBrokerTestCase extends
protected void tearDown() throws java.lang.Exception
{
- try
- {
- // close all the connections used by this test.
- for (Connection c : _connections)
- {
- c.close();
- }
- }
- finally
+ // close all the connections used by this test.
+ for (Connection c : _connections)
{
- // Ensure any problems with close does not interfer with property resets
- revertSystemProperties();
- revertLoggingLevels();
+ c.close();
}
}
Modified: qpid/trunk/qpid/java/test-profiles/JavaExcludes
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/JavaExcludes?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/JavaExcludes (original)
+++ qpid/trunk/qpid/java/test-profiles/JavaExcludes Thu Aug 18 14:42:46 2011
@@ -88,3 +88,6 @@ org.apache.qpid.server.configuration.Ser
org.apache.qpid.test.unit.client.connection.ConnectionTest#testClientIDVerification
org.apache.qpid.jms.xa.XAResourceTest#*
+
+//The Java broker doesnt support client auth
+org.apache.qpid.client.ssl.SSLTest#testMultipleCertsInSingleStore
Modified: qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes (original)
+++ qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes Thu Aug 18 14:42:46 2011
@@ -40,3 +40,8 @@ org.apache.qpid.client.MessageListenerTe
org.apache.qpid.test.unit.client.connection.ConnectionTest#testUnsupportedSASLMechanism
org.apache.qpid.test.unit.message.JMSPropertiesTest#testQpidExtensionProperties
+
+//The 0-8/0-9/0-9-1 client configuration for SSL does not work the same as the 0-10 client
+//so these tests fail due to the client failing to use SSL
+org.apache.qpid.client.ssl.SSLTest#*
+org.apache.qpid.test.unit.client.AMQSSLConnectionTest#*
Modified: qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes (original)
+++ qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes Thu Aug 18 14:42:46 2011
@@ -18,3 +18,7 @@
//
#org.apache.qpid.test.client.failover.FailoverTest#*
+
+//This test does not supply a client keystore, therefore it cant login to the C++ broker
+//in this test profile as it demands client certificate authentication
+org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly
Modified: qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile (original)
+++ qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile Thu Aug 18 14:42:46 2011
@@ -23,7 +23,7 @@ broker.modules=--load-module ${broker.mo
profile.use_ssl=true
broker.ready= Listening for SSL connections
-javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/keystore.jks
+javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/java_client_keystore.jks
javax.net.ssl.keyStorePassword=password
-javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/certstore.jks
+javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/java_client_truststore.jks
javax.net.ssl.trustStorePassword=password
Modified: qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile (original)
+++ qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile Thu Aug 18 14:42:46 2011
@@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir
broker.ready=BRK-1004
broker.stopped=Exception
broker.config=${project.root}/build/etc/config-systests-derby.xml
-broker.protocol.excludes=--exclude-0-10 @PORT
+broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT
messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore
profile.excludes=JavaPersistentExcludes JavaPre010Excludes
broker.clean.between.tests=true
Modified: qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile (original)
+++ qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile Thu Aug 18 14:42:46 2011
@@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir
broker.ready=BRK-1004
broker.stopped=Exception
broker.config=${project.root}/build/etc/config-systests-derby.xml
-broker.protocol.excludes=--exclude-0-10 @PORT
+broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT
messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore
profile.excludes=JavaPersistentExcludes JavaPre010Excludes
broker.clean.between.tests=true
Modified: qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile (original)
+++ qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile Thu Aug 18 14:42:46 2011
@@ -23,7 +23,7 @@ broker.command=${project.root}/build/bin
broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work
broker.ready=BRK-1004
broker.stopped=Exception
-broker.protocol.excludes=--exclude-0-10 @PORT
+broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT
#
# Do not enable. Allow client to attempt 0-10 and negotiate downwards
#
Modified: qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile?rev=1159250&r1=1159249&r2=1159250&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile (original)
+++ qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile Thu Aug 18 14:42:46 2011
@@ -24,7 +24,7 @@ broker.command=${project.root}/build/bin
broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work
broker.ready=BRK-1004
broker.stopped=Exception
-broker.protocol.excludes=--exclude-0-10 @PORT
+broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT
#
# Do not enable. Allow client to attempt 0-10 and negotiate downwards
#
Added: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.crt
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.crt?rev=1159250&view=auto
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.crt (added)
+++ qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.crt Thu Aug 18 14:42:46 2011
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVzCCAcCgAwIBAgIFAJVWeugwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
+Um9vdENBMB4XDTExMDgxNzEzNTQ1NFoXDTExMTExNzEzNTQ1NFowejEQMA4GA1UE
+BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j
+YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCj
+VSo/qOCDsPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI
+6JlmD2nnjp8Em7+/xa6u4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4
+FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5xKW4maARxwIDAQABoyIwIDAJBgNVHRME
+AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAFsexncH
+xxTjk9YMoPpjjU0t/UgzjBLEruIIQQ/EtcZIOEqNCDwpzfgY/x7GVCy8VjLISgzK
+xJsNv75F/vP8a4eaeTRJmrvVcWUZJu6r/A8WNwJVYUvXhy2+jbfdp/UMlRg+ODw7
+GMU9ILQW4LGJnTtJKrlVrcQqzw6IZRduEE65
+-----END CERTIFICATE-----
Added: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.req
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.req?rev=1159250&view=auto
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.req (added)
+++ qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker.req Thu Aug 18 14:42:46 2011
@@ -0,0 +1,10 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE
+BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV
+bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjVSo/qOCD
+sPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI6JlmD2nnjp8Em7+/xa6u
+4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5
+xKW4maARxwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAjXXfPRv7xQYY3R8lZ78/0gbXZ35Lq/1h
+6sxShXfqXxFXE8oP4uGLTlsnSvfsHQL60ihKP3V+nv/zIxNudAsrM57x70owUWyp/bm0XXD89X0T
+zEBP9OQexDTwC2r/8gvYMi++022LMTluEPw29bCsp6usuKh61eLmekprpNlhs5M=
+-----END NEW CERTIFICATE REQUEST-----
Added: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks?rev=1159250&view=auto
==============================================================================
Files qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks (added) and qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks Thu Aug 18 14:42:46 2011 differ
Copied: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks (from r1159248, qpid/trunk/qpid/java/test-profiles/test_resources/ssl/keystore.jks)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks?p2=qpid/trunk/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks&p1=qpid/trunk/qpid/java/test-profiles/test_resources/ssl/keystore.jks&r1=1159248&r2=1159250&rev=1159250&view=diff
==============================================================================
Binary files - no diff available.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org