You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org> on 2010/01/21 03:34:54 UTC
[jira] Created: (QPID-2352) Add SASL encryption support for Java
client
Add SASL encryption support for Java client
-------------------------------------------
Key: QPID-2352
URL: https://issues.apache.org/jira/browse/QPID-2352
Project: Qpid
Issue Type: Bug
Components: Java Client
Reporter: Rajith Attapattu
Assignee: Rajith Attapattu
Fix For: 0.7
Currently the c++ broker supports SASL based encryption as an alternative for SSL.
The Java client needs to add support for negotiating a security layer with integrity and confidentially support and then use the negotiated SASL security layer to encode and decode AMQP frames.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Updated: (QPID-2352) Add SASL encryption support for Java
client
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajith Attapattu updated QPID-2352:
-----------------------------------
Attachment: QPID-2352.patch
The attached patch contains the code required to do SASL encryption.
Setting "auth-conf" for Sasl.QOP results in the negotiation of a security strength factor (ssf) of 56.
You need to set sasl_encryption=true as a broker property in the Connection URL or set the following system property -Dqpid.sasl_encryption=true
The code is not fully functional as the c++ broker throws the following exception when it encounters the first encrypted packet from the Java client.
Further investigation is needed to debug the issue.
2010-01-21 11:25:26 info Installing security layer, SSF: 56
2010-01-21 11:25:26 trace SENT [127.0.0.1:41523]: Frame[BEbe; channel=0; {ConnectionOpenOkBody: known-hosts=str16{V2:49:str16(amqp:tcp:192.168.1.103:5672,tcp:10.3.233.203:5672)}; }]
2010-01-21 11:25:26 debug Exception constructed: SASL decode error: SASL(-1): generic failure: Unable to find a callback: 32775 (qpid/sys/cyrus/CyrusSecurityLayer.cpp:50)
2010-01-21 11:25:26 error internal-error: SASL decode error: SASL(-1): generic failure: Unable to find a callback: 32775 (qpid/sys/cyrus/CyrusSecurityLayer.cpp:50)
> Add SASL encryption support for Java client
> -------------------------------------------
>
> Key: QPID-2352
> URL: https://issues.apache.org/jira/browse/QPID-2352
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
> Attachments: QPID-2352.patch
>
>
> Currently the c++ broker supports SASL based encryption as an alternative for SSL.
> The Java client needs to add support for negotiating a security layer with integrity and confidentially support and then use the negotiated SASL security layer to encode and decode AMQP frames.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Commented: (QPID-2352) Add SASL encryption support for Java
client
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805750#action_12805750 ]
Rajith Attapattu commented on QPID-2352:
----------------------------------------
I have committed the above patch at rev 903942 in Qpid trunk.
The patch isn't fully functional, however the code is dormant unless enabled explicitly.
> Add SASL encryption support for Java client
> -------------------------------------------
>
> Key: QPID-2352
> URL: https://issues.apache.org/jira/browse/QPID-2352
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
> Attachments: QPID-2352.patch
>
>
> Currently the c++ broker supports SASL based encryption as an alternative for SSL.
> The Java client needs to add support for negotiating a security layer with integrity and confidentially support and then use the negotiated SASL security layer to encode and decode AMQP frames.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org