You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/11/10 11:19:42 UTC
svn commit: r1769087 - in /qpid/java/trunk/doc:
java-broker/src/docbkx/management/managing/ jms-client-0-8/src/docbkx/
Author: kwall
Date: Thu Nov 10 11:19:42 2016
New Revision: 1769087
URL: http://svn.apache.org/viewvc?rev=1769087&view=rev
Log:
QPID-7466: [Java Docs] Incorporate comments from Lorenz Quack <lq...@apache.org>
Modified:
qpid/java/trunk/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml
qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Appendix-Exceptions.xml
qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Message-Encryption.xml
Modified: qpid/java/trunk/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml?rev=1769087&r1=1769086&r2=1769087&view=diff
==============================================================================
--- qpid/java/trunk/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml (original)
+++ qpid/java/trunk/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml Thu Nov 10 11:19:42 2016
@@ -76,6 +76,11 @@
<para><emphasis>Name the truststore</emphasis>. Used to identify the
truststore.</para>
</listitem>
+ <listitem>
+ <para><emphasis>Exposed as Message Source</emphasis>. If enabled, the Broker
+ will distribute certificates contained within the trustore to clients.
+ Used by the end to end message encryption feature.</para>
+ </listitem>
</itemizedlist>
</para>
<para>The following attributes apply to <emphasis>File Trust Stores</emphasis> only.</para>
@@ -110,11 +115,6 @@
certificate exactly matching a certificate contained within the Truststore
database.</para>
</listitem>
- <listitem>
- <para><emphasis>Exposed as Message Source</emphasis>. If enabled, the Broker
- will distribute certificates contained within the trustore to clients.
- Used by the end to end message encryption feature.</para>
- </listitem>
</itemizedlist>
</para>
<para>The following attributes apply to <emphasis>Non Java Trust Stores</emphasis>
Modified: qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Appendix-Exceptions.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Appendix-Exceptions.xml?rev=1769087&r1=1769086&r2=1769087&view=diff
==============================================================================
--- qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Appendix-Exceptions.xml (original)
+++ qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Appendix-Exceptions.xml Thu Nov 10 11:19:42 2016
@@ -103,6 +103,15 @@
group) has not been permissioned within the Broker's <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="${qpidJavaBrokerBook}Java-Broker-Security-ACLs.html">Access Control List
(ACL)</link>.</para></entry>
</row>
+ <row xml:id="JMS-Client-0-8-Appendix-Exceptions-CertificateException">
+ <entry>CertificateException</entry>
+ <entry>Unable to find certificate for recipient '<recipient>'</entry>
+ <entry>
+ <para>When using end to end message encryption, this exception indicates the the message recipent's
+ principal cannot be found in the truststore. See <xref linkend="JMS-Client-Message-Encryption"/>
+ </para>
+ </entry>
+ </row>
</tbody>
</tgroup>
</table>
Modified: qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Message-Encryption.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Message-Encryption.xml?rev=1769087&r1=1769086&r2=1769087&view=diff
==============================================================================
--- qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Message-Encryption.xml (original)
+++ qpid/java/trunk/doc/jms-client-0-8/src/docbkx/JMS-Client-Message-Encryption.xml Thu Nov 10 11:19:42 2016
@@ -272,7 +272,8 @@ java.naming.factory.initial = org.apache
# connection factories. This is where end-to-end encryption is configured on the client.
# connectionfactory.[jndiname] = [ConnectionURL]
connectionfactory.producerConnectionFactory = amqp://<username>:<password>@?brokerlist='tcp://localhost:5672?encryption_remote_trust_store='$certificates%255c/clientcerts''
-connectionfactory.consumerConnectionFactory = amqp://<username>:<password>@?brokerlist='tcp://localhost:5672?encryption_key_store='path/to/client_1.jks'&encryption_key_store_password='<keystore_password>''
+connectionfactory.consumer1ConnectionFactory = amqp://<username>:<password>@?brokerlist='tcp://localhost:5672?encryption_key_store='path/to/client_1.jks'&encryption_key_store_password='<keystore_password>''
+connectionfactory.consumer2ConnectionFactory = amqp://<username>:<password>@?brokerlist='tcp://localhost:5672?encryption_key_store='path/to/client_2.jks'&encryption_key_store_password='<keystore_password>''
# Rest of JNDI configuration. For example
# destination.[jniName] = [Address Format]
@@ -288,7 +289,11 @@ queue.myTestQueue = testQueue
<literal>x-qpid-encrypt</literal>
and
<literal>x-qpid-encrypt-recipients</literal>
- message properties.
+ message properties. Note that the order of the relative distinguished name (RDN) entries within the
+ recipent's distinguished name (DNs) is significant. If the order does not match that recorded in
+ truststore, a
+ <link linkend="JMS-Client-0-8-Appendix-Exceptions-CertificateException">CertificateException</link>
+ will be encountered.
</para>
<para>
On the receiving side, there is nothing to do. The application code does not have to add decryption code as this is handled transparently by the Qpid client library.
@@ -310,7 +315,6 @@ public class EncryptionExample {
{
Connection connection = createConnection("producerConnectionFactory");
try {
- connection.start();
Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
Destination destination = createDesination("myTestQueue");
@@ -332,7 +336,7 @@ public class EncryptionExample {
private void runReceiverExample() throws Exception
{
- Connection connection = createConnection("consumerConnectionFactory");
+ Connection connection = createConnection("consumer1ConnectionFactory");
try {
connection.start();
Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org