You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ta...@apache.org on 2015/01/26 22:02:43 UTC
[2/2] qpid-jms git commit: Add some additional testing and fixes
around verify host behavior.
Add some additional testing and fixes around verify host behavior.
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/12decc45
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/12decc45
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/12decc45
Branch: refs/heads/master
Commit: 12decc4537c93f4850ab05b7a9023425dabc6ec3
Parents: d2087a4
Author: Timothy Bish <ta...@gmail.com>
Authored: Mon Jan 26 16:02:35 2015 -0500
Committer: Timothy Bish <ta...@gmail.com>
Committed: Mon Jan 26 16:02:35 2015 -0500
----------------------------------------------------------------------
.../apache/qpid/jms/transports/Transport.java | 6 ++
.../qpid/jms/transports/TransportOptions.java | 2 +-
.../qpid/jms/transports/TransportSupport.java | 34 ++++++-
.../jms/transports/netty/NettySslTransport.java | 2 +-
.../jms/transports/netty/NettyTcpTransport.java | 7 +-
.../jms/transports/netty/NettyEchoServer.java | 2 +-
.../transports/netty/NettySslTransportTest.java | 94 ++++++++++++++-----
.../transports/netty/NettyTcpTransportTest.java | 6 +-
.../src/test/resources/example-jks.keystore | Bin 0 -> 2266 bytes
.../src/test/resources/example-jks.truststore | Bin 0 -> 2266 bytes
10 files changed, 119 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java
index 1ed52cc..6a723b7 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java
@@ -19,6 +19,7 @@ package org.apache.qpid.jms.transports;
import io.netty.buffer.ByteBuf;
import java.io.IOException;
+import java.net.URI;
/**
* Base class for all QpidJMS Transport instances.
@@ -78,4 +79,9 @@ public interface Transport {
*/
TransportOptions getTransportOptions();
+ /**
+ * @returns the URI of the remote peer that this Transport connects to.
+ */
+ URI getRemoteLocation();
+
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java
index a0e9789..4ed10fa 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportOptions.java
@@ -30,7 +30,7 @@ public class TransportOptions {
public static final int DEFAULT_SO_TIMEOUT = -1;
public static final int DEFAULT_CONNECT_TIMEOUT = 60000;
- public static final TransportOptions DEFAULT_OPTIONS = new TransportOptions();
+ public static final TransportOptions INSTANCE = new TransportOptions();
private int sendBufferSize = DEFAULT_SEND_BUFFER_SIZE;
private int receiveBufferSize = DEFAULT_RECEIVE_BUFFER_SIZE;
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
index ae68f9f..1413f21 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
@@ -21,6 +21,7 @@ import io.netty.handler.ssl.SslHandler;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
+import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
@@ -56,8 +57,8 @@ public class TransportSupport {
*
* @throws Exception if an error occurs while creating the SslHandler instance.
*/
- public static SslHandler createSslHandler(TransportSslOptions options) throws Exception {
- return new SslHandler(createSslEngine(createSslContext(options), options));
+ public static SslHandler createSslHandler(URI remote, TransportSslOptions options) throws Exception {
+ return new SslHandler(createSslEngine(remote, createSslContext(options), options));
}
/**
@@ -118,6 +119,35 @@ public class TransportSupport {
return engine;
}
+ /**
+ * Create a new SSLEngine instance in client mode from the given SSLContext and
+ * TransportSslOptions instances.
+ *
+ * @param remote
+ * the URI of the remote peer that will be used to initialize the engine.
+ * @param context
+ * the SSLContext to use when creating the engine.
+ * @param options
+ * the TransportSslOptions to use to configure the new SSLEngine.
+ *
+ * @return a new SSLEngine instance in client mode.
+ *
+ * @throws Exception if an error occurs while creating the new SSLEngine.
+ */
+ public static SSLEngine createSslEngine(URI remote, SSLContext context, TransportSslOptions options) throws Exception {
+ SSLEngine engine = context.createSSLEngine(remote.getHost(), remote.getPort());
+ engine.setEnabledProtocols(options.getEnabledProtocols());
+ engine.setUseClientMode(true);
+
+ if (options.isVerifyHost()) {
+ SSLParameters sslParameters = engine.getSSLParameters();
+ sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+ engine.setSSLParameters(sslParameters);
+ }
+
+ return engine;
+ }
+
private static TrustManager[] loadTrustManagers(TransportSslOptions options) throws Exception {
if (options.getTrustStoreLocation() == null) {
return null;
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettySslTransport.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettySslTransport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettySslTransport.java
index 43d3797..bf24caa 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettySslTransport.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettySslTransport.java
@@ -66,7 +66,7 @@ public class NettySslTransport extends NettyTcpTransport {
@Override
protected void configureChannel(Channel channel) throws Exception {
- channel.pipeline().addLast(TransportSupport.createSslHandler(getSslOptions()));
+ channel.pipeline().addLast(TransportSupport.createSslHandler(getRemoteLocation(), getSslOptions()));
super.configureChannel(channel);
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java
index 5c98f14..89355d6 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java
@@ -187,12 +187,17 @@ public class NettyTcpTransport implements Transport {
@Override
public TransportOptions getTransportOptions() {
if (options == null) {
- options = TransportOptions.DEFAULT_OPTIONS;
+ options = TransportOptions.INSTANCE;
}
return options;
}
+ @Override
+ public URI getRemoteLocation() {
+ return remote;
+ }
+
//----- Internal implementation details, can be overridden as needed --//
protected void configureNetty(Bootstrap bootstrap, TransportOptions options) {
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java
index 2144d03..3ee7f0b 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java
@@ -64,7 +64,7 @@ public class NettyEchoServer implements AutoCloseable {
private final AtomicBoolean started = new AtomicBoolean();
public NettyEchoServer() {
- this.options = TransportOptions.DEFAULT_OPTIONS;
+ this.options = TransportOptions.INSTANCE;
}
public NettyEchoServer(TransportOptions options) {
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java
index d1ecf2f..bd390cf 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java
@@ -38,10 +38,8 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
private static final Logger LOG = LoggerFactory.getLogger(NettySslTransportTest.class);
public static final String PASSWORD = "password";
- public static final String SERVER_KEYSTORE = "src/test/resources/broker-jks.keystore";
- public static final String SERVER_TRUSTSTORE = "src/test/resources/broker-jks.truststore";
- public static final String CLIENT_KEYSTORE = "src/test/resources/client-jks.keystore";
- public static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore";
+ public static final String SERVER_KEYSTORE = "src/test/resources/example-jks.keystore";
+ public static final String CLIENT_TRUSTSTORE = "src/test/resources/exanple-jks.truststore";
public static final String KEYSTORE_TYPE = "jks";
@Test(timeout = 60 * 1000)
@@ -52,7 +50,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
int port = server.getServerPort();
URI serverLocation = new URI("tcp://localhost:" + port);
- Transport transport = createTransport(serverLocation, testListener, createClientOptionsTrustNone());
+ Transport transport = createTransport(serverLocation, testListener, createClientOptionsWithoutTrustStore(false));
try {
transport.connect();
fail("Should not have connected to the server");
@@ -76,7 +74,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
int port = server.getServerPort();
URI serverLocation = new URI("tcp://localhost:" + port);
- Transport transport = createTransport(serverLocation, testListener, createClientOptionsTrustAll());
+ Transport transport = createTransport(serverLocation, testListener, createClientOptionsWithoutTrustStore(true));
try {
transport.connect();
LOG.info("Connection established to untrusted test server.");
@@ -92,6 +90,60 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
assertTrue(exceptions.isEmpty());
}
+ @Test(timeout = 60 * 1000)
+ public void testConnectToServerVerifyHost() throws Exception {
+ try (NettyEchoServer server = new NettyEchoServer(createServerOptions())) {
+ server.start();
+
+ int port = server.getServerPort();
+ URI serverLocation = new URI("tcp://localhost:" + port);
+
+ TransportSslOptions options = createClientOptions();
+ options.setVerifyHost(true);
+
+ Transport transport = createTransport(serverLocation, testListener, createClientOptionsIsVerify(true));
+ try {
+ transport.connect();
+ fail("Should not have connected to the server");
+ } catch (Exception e) {
+ LOG.info("Connection failed to test server as expected.");
+ }
+
+ assertFalse(transport.isConnected());
+
+ transport.close();
+ }
+
+ assertTrue(exceptions.isEmpty());
+ }
+
+ @Test(timeout = 60 * 1000)
+ public void testConnectToServerNoVerifyHost() throws Exception {
+ try (NettyEchoServer server = new NettyEchoServer(createServerOptions())) {
+ server.start();
+
+ int port = server.getServerPort();
+ URI serverLocation = new URI("tcp://localhost:" + port);
+
+ TransportSslOptions options = createClientOptions();
+ options.setVerifyHost(true);
+
+ Transport transport = createTransport(serverLocation, testListener, createClientOptionsIsVerify(false));
+ try {
+ transport.connect();
+ LOG.info("Connection established to test server.");
+ } catch (Exception e) {
+ fail("Should have connected to the server");
+ }
+
+ assertTrue(transport.isConnected());
+
+ transport.close();
+ }
+
+ assertTrue(exceptions.isEmpty());
+ }
+
@Override
protected Transport createTransport(URI serverLocation, TransportListener listener, TransportOptions options) {
return new NettySslTransport(listener, serverLocation, options);
@@ -99,13 +151,18 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
@Override
protected TransportSslOptions createClientOptions() {
+ return createClientOptionsIsVerify(false);
+ }
+
+ protected TransportSslOptions createClientOptionsIsVerify(boolean verifyHost) {
TransportSslOptions options = TransportSslOptions.INSTANCE.clone();
- options.setKeyStoreLocation(CLIENT_KEYSTORE);
- options.setTrustStoreLocation(CLIENT_TRUSTSTORE);
- options.setStoreType(KEYSTORE_TYPE);
+ options.setKeyStoreLocation(SERVER_KEYSTORE);
options.setKeyStorePassword(PASSWORD);
+ options.setTrustStoreLocation(CLIENT_TRUSTSTORE);
options.setTrustStorePassword(PASSWORD);
+ options.setStoreType(KEYSTORE_TYPE);
+ options.setVerifyHost(verifyHost);
return options;
}
@@ -115,32 +172,19 @@ public class NettySslTransportTest extends NettyTcpTransportTest {
TransportSslOptions options = TransportSslOptions.INSTANCE.clone();
options.setKeyStoreLocation(SERVER_KEYSTORE);
- options.setTrustStoreLocation(SERVER_TRUSTSTORE);
- options.setStoreType(KEYSTORE_TYPE);
options.setKeyStorePassword(PASSWORD);
+ options.setTrustStoreLocation(CLIENT_TRUSTSTORE);
options.setTrustStorePassword(PASSWORD);
-
- return options;
- }
-
- protected TransportSslOptions createClientOptionsTrustNone() {
- TransportSslOptions options = TransportSslOptions.INSTANCE.clone();
-
- options.setKeyStoreLocation(CLIENT_KEYSTORE);
- options.setKeyStorePassword(PASSWORD);
options.setStoreType(KEYSTORE_TYPE);
- options.setTrustAll(false);
return options;
}
- protected TransportSslOptions createClientOptionsTrustAll() {
+ protected TransportSslOptions createClientOptionsWithoutTrustStore(boolean trustAll) {
TransportSslOptions options = TransportSslOptions.INSTANCE.clone();
- options.setKeyStoreLocation(CLIENT_KEYSTORE);
- options.setKeyStorePassword(PASSWORD);
options.setStoreType(KEYSTORE_TYPE);
- options.setTrustAll(true);
+ options.setTrustAll(trustAll);
return options;
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java
index 833f966..7407993 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java
@@ -332,11 +332,11 @@ public class NettyTcpTransportTest extends QpidJmsTestCase {
}
protected TransportOptions createClientOptions() {
- return TransportOptions.DEFAULT_OPTIONS.clone();
+ return TransportOptions.INSTANCE.clone();
}
protected TransportOptions createServerOptions() {
- return TransportOptions.DEFAULT_OPTIONS.clone();
+ return TransportOptions.INSTANCE.clone();
}
private class NettyTransportListener implements TransportListener {
@@ -356,7 +356,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase {
@Override
public void onTransportError(Throwable cause) {
- LOG.debug("Transport error caught: {}", cause.getMessage());
+ LOG.debug("Transport error caught: {}", cause.getMessage(), cause);
exceptions.add(cause);
}
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/test/resources/example-jks.keystore
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/resources/example-jks.keystore b/qpid-jms-client/src/test/resources/example-jks.keystore
new file mode 100644
index 0000000..697a1de
Binary files /dev/null and b/qpid-jms-client/src/test/resources/example-jks.keystore differ
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/12decc45/qpid-jms-client/src/test/resources/example-jks.truststore
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/resources/example-jks.truststore b/qpid-jms-client/src/test/resources/example-jks.truststore
new file mode 100644
index 0000000..9259c10
Binary files /dev/null and b/qpid-jms-client/src/test/resources/example-jks.truststore differ
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org