You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ra...@apache.org on 2010/03/19 23:53:19 UTC
svn commit: r925469 - in /qpid/trunk/qpid/java:
common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
systests/src/main/java/org/apache/qpid/client/ssl/
systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
Author: rajith
Date: Fri Mar 19 22:53:19 2010
New Revision: 925469
URL: http://svn.apache.org/viewvc?rev=925469&view=rev
Log:
Added test cases for QPID-2444 and QPID-2446
Modified SSLUtil to handle the case where distinguished name only contains the CN component.
Added:
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=925469&r1=925468&r2=925469&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java Fri Mar 19 22:53:19 2010
@@ -28,7 +28,8 @@ public class SSLUtil
if (dn.contains("CN="))
{
- hostname = dn.substring(3, dn.indexOf(","));
+ hostname = dn.substring(3,
+ dn.indexOf(",") == -1? dn.length(): dn.indexOf(","));
}
if (log.isDebugEnabled())
@@ -38,7 +39,8 @@ public class SSLUtil
log.debug("Host Name obtained from DN : " + hostname);
}
- if (hostname != null && !hostname.equalsIgnoreCase(hostnameExpected))
+ if (hostname != null && !(hostname.equalsIgnoreCase(hostnameExpected) ||
+ hostname.equalsIgnoreCase(hostnameExpected + ".localdomain")))
{
throw new TransportException("SSL hostname verification failed." +
" Expected : " + hostnameExpected +
Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java?rev=925469&view=auto
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java (added)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java Fri Mar 19 22:53:19 2010
@@ -0,0 +1,110 @@
+package org.apache.qpid.client.ssl;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
+import javax.jms.Session;
+
+import org.apache.qpid.client.AMQConnection;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class SSLTest extends QpidTestCase
+{
+ public void testCreateSSLContextFromConnectionURLParams()
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+ "?ssl='true'&ssl_verify_hostname='true'" +
+ "&key_store='%s'&keystore_password='%s'" +
+ "&trust_store='%s'&trust_store_password='%s'" +
+ "'";
+ url = String.format(url,System.getProperty("test.port.ssl"),
+ System.getProperty("javax.net.ssl.keyStore"),
+ System.getProperty("javax.net.ssl.keyStorePassword"),
+ System.getProperty("javax.net.ssl.trustStore"),
+ System.getProperty("javax.net.ssl.trustStorePassword"));
+
+ // temporarily set the trust store jvm arg to something else
+ // to ensure we only read from the connection URL param.
+ String tmp = System.getProperty("javax.net.ssl.trustStore");
+ System.setProperty("javax.net.ssl.trustStore","fessgsdgd");
+ try
+ {
+ AMQConnection con = new AMQConnection(url);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ }
+ catch (Exception e)
+ {
+ fail("SSL Connection should be successful");
+ }
+ finally
+ {
+ System.setProperty("javax.net.ssl.trustStore",tmp);
+ }
+ }
+ }
+
+ public void testVerifyHostName()
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" +
+ System.getProperty("test.port.ssl") +
+ "?ssl='true'&ssl_verify_hostname='true''";
+
+ try
+ {
+ AMQConnection con = new AMQConnection(url);
+ fail("Hostname verification failed. No exception was thrown");
+ }
+ catch (Exception e)
+ {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ e.printStackTrace(new PrintStream(bout));
+ String strace = bout.toString();
+ assertTrue("Correct exception not thrown",strace.contains("SSL hostname verification failed"));
+ }
+
+ }
+ }
+
+ public void testVerifyLocalHost()
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
+ System.getProperty("test.port.ssl") +
+ "?ssl='true'&ssl_verify_hostname='true''";
+
+ try
+ {
+ AMQConnection con = new AMQConnection(url);
+ }
+ catch (Exception e)
+ {
+ fail("Hostname verification should succeed");
+ }
+ }
+ }
+
+ public void testVerifyLocalHostLocalDomain()
+ {
+ if (Boolean.getBoolean("profile.use_ssl"))
+ {
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" +
+ System.getProperty("test.port.ssl") +
+ "?ssl='true'&ssl_verify_hostname='true''";
+
+ try
+ {
+ AMQConnection con = new AMQConnection(url);
+ }
+ catch (Exception e)
+ {
+ fail("Hostname verification should succeed");
+ }
+
+ }
+ }
+}
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org