You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2015/06/07 23:02:03 UTC
svn commit: r1684078 [3/3] - in /qpid/java/trunk:
client/src/main/java/org/apache/qpid/client/
client/src/main/java/org/apache/qpid/client/message/
client/src/main/java/org/apache/qpid/client/messaging/address/
client/src/main/java/org/apache/qpid/clie...
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java Sun Jun 7 21:02:02 2015
@@ -110,14 +110,27 @@ public class ConnectionSettings
private String _clientCertificateIntermediateCertsPath;
private String _trustedCertificatesFile;
+ private String _encryptionKeyStorePath = System.getProperty("javax.net.ssl.keyStore");
+ private String _encryptionKeyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
+ private String _encryptionKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType",KeyStore.getDefaultType());
+ private String _encryptionKeyManagerFactoryAlgorithm = QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(), QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get();
+ private String _encryptionTrustManagerFactoryAlgorithm = QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(), QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get();
+ private String _encryptionTrustStorePath = System.getProperty("javax.net.ssl.trustStore");
+ private String _encryptionTrustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+ private String _encryptionTrustStoreType = System.getProperty("javax.net.ssl.trustStoreType",KeyStore.getDefaultType());
+
+ private String _encryptionRemoteTrustStoreName;
+
// SASL props
private String saslMechs = System.getProperty("qpid.sasl_mechs", null);
private String saslProtocol = System.getProperty("qpid.sasl_protocol", "AMQP");
private String saslServerName = System.getProperty("qpid.sasl_server_name", "localhost");
private boolean useSASLEncryption;
-
+
private Map<String, Object> _clientProperties;
-
+ private KeyStore _encryptionTrustStore;
+ private KeyStore _encryptionKeyStore;
+
public boolean isTcpNodelay()
{
return tcpNodelay;
@@ -461,6 +474,96 @@ public class ConnectionSettings
_trustedCertificatesFile = trustedCertificatesFile;
}
+ public String getEncryptionKeyStorePath()
+ {
+ return _encryptionKeyStorePath;
+ }
+
+ public void setEncryptionKeyStorePath(final String encryptionKeyStorePath)
+ {
+ _encryptionKeyStorePath = encryptionKeyStorePath;
+ }
+
+ public String getEncryptionKeyStorePassword()
+ {
+ return _encryptionKeyStorePassword;
+ }
+
+ public void setEncryptionKeyStorePassword(final String encryptionKeyStorePassword)
+ {
+ _encryptionKeyStorePassword = encryptionKeyStorePassword;
+ }
+
+ public String getEncryptionKeyStoreType()
+ {
+ return _encryptionKeyStoreType;
+ }
+
+ public void setEncryptionKeyStoreType(final String encryptionKeyStoreType)
+ {
+ _encryptionKeyStoreType = encryptionKeyStoreType;
+ }
+
+ public String getEncryptionKeyManagerFactoryAlgorithm()
+ {
+ return _encryptionKeyManagerFactoryAlgorithm;
+ }
+
+ public void setEncryptionKeyManagerFactoryAlgorithm(final String encryptionKeyManagerFactoryAlgorithm)
+ {
+ _encryptionKeyManagerFactoryAlgorithm = encryptionKeyManagerFactoryAlgorithm;
+ }
+
+ public String getEncryptionTrustManagerFactoryAlgorithm()
+ {
+ return _encryptionTrustManagerFactoryAlgorithm;
+ }
+
+ public void setEncryptionTrustManagerFactoryAlgorithm(final String encryptionTrustManagerFactoryAlgorithm)
+ {
+ _encryptionTrustManagerFactoryAlgorithm = encryptionTrustManagerFactoryAlgorithm;
+ }
+
+ public String getEncryptionTrustStorePath()
+ {
+ return _encryptionTrustStorePath;
+ }
+
+ public void setEncryptionTrustStorePath(final String encryptionTrustStorePath)
+ {
+ _encryptionTrustStorePath = encryptionTrustStorePath;
+ }
+
+ public String getEncryptionTrustStorePassword()
+ {
+ return _encryptionTrustStorePassword;
+ }
+
+ public void setEncryptionTrustStorePassword(final String encryptionTrustStorePassword)
+ {
+ _encryptionTrustStorePassword = encryptionTrustStorePassword;
+ }
+
+ public String getEncryptionTrustStoreType()
+ {
+ return _encryptionTrustStoreType;
+ }
+
+ public void setEncryptionTrustStoreType(final String encryptionTrustStoreType)
+ {
+ _encryptionTrustStoreType = encryptionTrustStoreType;
+ }
+
+ public String getEncryptionRemoteTrustStoreName()
+ {
+ return _encryptionRemoteTrustStoreName;
+ }
+
+ public void setEncryptionRemoteTrustStoreName(final String encryptionRemoteTrustStoreName)
+ {
+ _encryptionRemoteTrustStoreName = encryptionRemoteTrustStoreName;
+ }
+
public int getConnectTimeout()
{
return connectTimeout;
@@ -591,4 +694,37 @@ public class ConnectionSettings
return tmf.getTrustManagers();
}
}
+
+ public interface RemoteStoreFinder
+ {
+ public KeyStore getKeyStore(String name) throws GeneralSecurityException, IOException;
+ }
+
+ public synchronized KeyStore getEncryptionTrustStore(final RemoteStoreFinder storeFinder) throws GeneralSecurityException, IOException
+ {
+ if(_encryptionTrustStore == null)
+ {
+ if (_encryptionTrustStorePath != null)
+ {
+ _encryptionTrustStore = SSLUtil.getInitializedKeyStore(getEncryptionTrustStorePath(),
+ getEncryptionTrustStorePassword(),
+ getEncryptionTrustStoreType());
+ }
+ else if(_encryptionRemoteTrustStoreName != null)
+ {
+ return storeFinder.getKeyStore(_encryptionRemoteTrustStoreName);
+ }
+ }
+ return _encryptionTrustStore;
+ }
+
+
+ public synchronized KeyStore getEncryptionKeyStore() throws GeneralSecurityException, IOException
+ {
+ if(_encryptionKeyStore == null && _encryptionKeyStorePath != null)
+ {
+ _encryptionKeyStore = SSLUtil.getInitializedKeyStore(getEncryptionKeyStorePath(), getEncryptionKeyStorePassword(), getEncryptionKeyStoreType());
+ }
+ return _encryptionKeyStore;
+ }
}
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/DeliveryProperties.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/DeliveryProperties.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/DeliveryProperties.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/DeliveryProperties.java Sun Jun 7 21:02:02 2015
@@ -21,7 +21,9 @@ package org.apache.qpid.transport;
*/
+import java.util.ArrayList;
import java.util.LinkedHashMap;
+import java.util.List;
import java.util.Map;
import org.apache.qpid.transport.codec.Decoder;
@@ -73,6 +75,34 @@ public final class DeliveryProperties ex
public DeliveryProperties() {}
+ public DeliveryProperties(final DeliveryProperties deliveryProp)
+ {
+ this(deliveryProp.getPriority(), deliveryProp.getDeliveryMode(),
+ deliveryProp.getTtl(), deliveryProp.getTimestamp(),
+ deliveryProp.getExpiration(), deliveryProp.getExchange(),
+ deliveryProp.getRoutingKey(), deliveryProp.getResumeId(),
+ deliveryProp.getResumeTtl(), getOptions(deliveryProp));
+ }
+
+ private static Option[] getOptions(final DeliveryProperties deliveryProp)
+ {
+ List<Option> optionList = new ArrayList<>();
+ if(deliveryProp.getDiscardUnroutable())
+ {
+ optionList.add(Option.DISCARD_UNROUTABLE);
+ }
+ if(deliveryProp.getImmediate())
+ {
+ optionList.add(Option.DISCARD_UNROUTABLE);
+ }
+ if(deliveryProp.getRedelivered())
+ {
+ optionList.add(Option.REDELIVERED);
+ }
+ return optionList.toArray(new Option[optionList.size()]);
+ }
+
+
public DeliveryProperties(MessageDeliveryPriority priority, MessageDeliveryMode deliveryMode, long ttl, long timestamp, long expiration, String exchange, String routingKey, String resumeId, long resumeTtl, Option ... _options) {
if(priority != null) {
setPriority(priority);
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/MessageProperties.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/MessageProperties.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/MessageProperties.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/MessageProperties.java Sun Jun 7 21:02:02 2015
@@ -73,6 +73,14 @@ public final class MessageProperties ext
public MessageProperties() {}
+ public MessageProperties(final MessageProperties messageProps)
+ {
+ this(messageProps.getContentLength(), messageProps.getMessageId(), messageProps.getCorrelationId(),
+ messageProps.getReplyTo(), messageProps.getContentType(), messageProps.getContentEncoding(),
+ messageProps.getUserId(), messageProps.getAppId(),
+ messageProps.getApplicationHeaders() == null ? null :new LinkedHashMap<>(messageProps.getApplicationHeaders()));
+ }
+
public MessageProperties(long contentLength, java.util.UUID messageId, byte[] correlationId, ReplyTo replyTo, String contentType, String contentEncoding, byte[] userId, byte[] appId, Map<String,Object> applicationHeaders) {
setContentLength(contentLength);
if(messageId != null) {
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/url/BindingURL.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/url/BindingURL.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/url/BindingURL.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/url/BindingURL.java Sun Jun 7 21:02:02 2015
@@ -41,6 +41,9 @@ public interface BindingURL
String OPTION_EXCHANGE_AUTODELETE = "exchangeautodelete";
String OPTION_EXCHANGE_DURABLE = "exchangedurable";
String OPTION_EXCHANGE_INTERNAL = "exchangeinternal";
+ String OPTION_SEND_ENCRYPTED = "sendencrypted";
+ String OPTION_ENCRYPTED_RECIPIENTS = "encryptedrecipients";
+
/**
* This option is only applicable for 0-8/0-9/0-9-1 protocols connection
@@ -61,7 +64,9 @@ public interface BindingURL
OPTION_EXCHANGE_AUTODELETE,
OPTION_EXCHANGE_DURABLE,
OPTION_EXCHANGE_DURABLE,
- OPTION_REJECT_BEHAVIOUR)));
+ OPTION_REJECT_BEHAVIOUR,
+ OPTION_SEND_ENCRYPTED,
+ OPTION_ENCRYPTED_RECIPIENTS)));
String getURL();
Modified: qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java (original)
+++ qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java Sun Jun 7 21:02:02 2015
@@ -45,12 +45,12 @@ import ch.qos.logback.core.Appender;
import ch.qos.logback.core.FileAppender;
import org.apache.qpid.AMQException;
+import org.apache.qpid.client.BrokerDetails;
import org.apache.qpid.client.AMQConnectionFactory;
import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.client.AMQQueue;
import org.apache.qpid.client.AMQTopic;
import org.apache.qpid.exchange.ExchangeDefaults;
-import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.server.Broker;
import org.apache.qpid.server.BrokerOptions;
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/failover/FailoverBehaviourTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/failover/FailoverBehaviourTest.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/failover/FailoverBehaviourTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/failover/FailoverBehaviourTest.java Sun Jun 7 21:02:02 2015
@@ -19,12 +19,11 @@
package org.apache.qpid.client.failover;
import org.apache.qpid.AMQException;
+import org.apache.qpid.client.BrokerDetails;
import org.apache.qpid.client.AMQConnection;
import org.apache.qpid.client.AMQConnectionFactory;
import org.apache.qpid.client.AMQDestination;
import org.apache.qpid.client.AMQSession;
-import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ConnectionListener;
import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.jms.FailoverPolicy;
Added: qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java?rev=1684078&view=auto
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java (added)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java Sun Jun 7 21:02:02 2015
@@ -0,0 +1,320 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.systest.messageencryption;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.jms.Connection;
+import javax.jms.JMSException;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+
+import org.apache.qpid.client.AMQConnection;
+import org.apache.qpid.client.AMQConnectionURL;
+import org.apache.qpid.client.message.JMSBytesMessage;
+import org.apache.qpid.client.message.JMSTextMessage;
+import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.security.FileTrustStore;
+import org.apache.qpid.test.utils.QpidBrokerTestCase;
+
+import org.apache.qpid.test.utils.TestSSLConstants;
+
+public class MessageEncryptionTest extends QpidBrokerTestCase implements TestSSLConstants
+{
+
+ public static final String TEST_MESSAGE_TEXT = "test message";
+
+ @Override
+ public void setUp() throws Exception
+ {
+
+ }
+
+ public void testEncryptionUsingMessageHeader() throws Exception
+ {
+ if(isStrongEncryptionEnabled())
+ {
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
+ prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ recvConnOptions.put("encryption_key_store", KEYSTORE);
+ recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ producer.send(message);
+
+
+ Message receivedMessage = consumer.receive(1000l);
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof JMSTextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
+ }
+ }
+
+ public void testEncryptionFromADDRAddress() throws Exception
+ {
+ if(isStrongEncryptionEnabled())
+ {
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
+ prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ recvConnOptions.put("encryption_key_store", KEYSTORE);
+ recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue prodQueue = prodSession.createQueue("ADDR: " + getTestQueueName() + " ; {x-send-encrypted : true, x-encrypted-recipients : 'CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'} ");
+ final MessageProducer producer = prodSession.createProducer(prodQueue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ producer.send(message);
+
+
+ Message receivedMessage = consumer.receive(1000l);
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof JMSTextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
+ }
+ }
+
+ public void testEncryptionFromBURLAddress() throws Exception
+ {
+ if(isStrongEncryptionEnabled())
+ {
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
+ prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ recvConnOptions.put("encryption_key_store", KEYSTORE);
+ recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue prodQueue = prodSession.createQueue("BURL:direct:///"
+ + getTestQueueName()
+ + "/"
+ + getTestQueueName()
+ + "?sendencrypted='true'&encryptedrecipients='CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'");
+ final MessageProducer producer = prodSession.createProducer(prodQueue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ producer.send(message);
+
+
+ Message receivedMessage = consumer.receive(1000l);
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof JMSTextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
+ }
+ }
+
+
+ public void testBrokerAsTrustStoreProvider() throws Exception
+ {
+ if(isStrongEncryptionEnabled())
+ {
+ addPeerStoreToBroker();
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_remote_trust_store","$certificates%5c/peerstore");
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ recvConnOptions.put("encryption_key_store", KEYSTORE);
+ recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ producer.send(message);
+
+
+ Message receivedMessage = consumer.receive(1000l);
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof JMSTextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
+ }
+ }
+
+
+ public void testUnknownRecipient() throws Exception
+ {
+
+ if(isStrongEncryptionEnabled())
+ {
+ addPeerStoreToBroker();
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_remote_trust_store","$certificates%5c/peerstore");
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ recvConnOptions.put("encryption_key_store", KEYSTORE);
+ recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=unknwon@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ try
+ {
+ producer.send(message);
+ fail("Should not have been able to send a message to an unknown recipient");
+ }
+ catch(JMSException e)
+ {
+ // pass;
+ }
+
+ }
+ }
+
+ public void testRecipientHasNoValidCert() throws Exception
+ {
+ if(isStrongEncryptionEnabled())
+ {
+ super.setUp();
+ Map<String, String> prodConnOptions = new HashMap<>();
+ prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
+ prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
+ Connection producerConnection = getConnectionWithOptions(prodConnOptions);
+
+
+ Map<String, String> recvConnOptions = new HashMap<>();
+ Connection recvConnection = getConnectionWithOptions(recvConnOptions);
+
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue queue = getTestQueue();
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue prodQueue = prodSession.createQueue("ADDR: " + getTestQueueName() + " ; {x-send-encrypted : true, x-encrypted-recipients : 'CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'} ");
+ final MessageProducer producer = prodSession.createProducer(prodQueue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ producer.send(message);
+
+
+ Message receivedMessage = consumer.receive(1000l);
+ assertNotNull(receivedMessage);
+ assertFalse(receivedMessage instanceof JMSTextMessage);
+ assertTrue(receivedMessage instanceof JMSBytesMessage);
+ }
+ }
+
+ private void addPeerStoreToBroker()
+ {
+ Map<String, Object> peerStoreAttributes = new HashMap<>();
+ peerStoreAttributes.put("name" , "peerstore");
+ peerStoreAttributes.put("storeUrl" , "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_peerstore.jks");
+ peerStoreAttributes.put("password" , "password");
+ peerStoreAttributes.put("type", "FileTrustStore");
+ peerStoreAttributes.put("exposedAsMessageSource", true);
+ getBrokerConfiguration().addObjectConfiguration(TrustStore.class,peerStoreAttributes);
+
+
+ }
+
+
+ private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException
+ {
+ return Cipher.getMaxAllowedKeyLength("AES")>=256;
+ }
+}
Propchange: qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/test/unit/client/connection/ConnectionTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/test/unit/client/connection/ConnectionTest.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/test/unit/client/connection/ConnectionTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/test/unit/client/connection/ConnectionTest.java Sun Jun 7 21:02:02 2015
@@ -27,6 +27,7 @@ import javax.jms.TopicSession;
import org.apache.qpid.AMQConnectionFailureException;
import org.apache.qpid.AMQException;
import org.apache.qpid.AMQUnresolvedAddressException;
+import org.apache.qpid.client.BrokerDetails;
import org.apache.qpid.client.AMQConnection;
import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.client.AMQQueue;
@@ -34,8 +35,6 @@ import org.apache.qpid.client.AMQSession
import org.apache.qpid.client.AMQTopic;
import org.apache.qpid.configuration.ClientProperties;
import org.apache.qpid.exchange.ExchangeDefaults;
-import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.jms.Session;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/transport/MaxFrameSizeTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/transport/MaxFrameSizeTest.java?rev=1684078&r1=1684077&r2=1684078&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/transport/MaxFrameSizeTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/transport/MaxFrameSizeTest.java Sun Jun 7 21:02:02 2015
@@ -20,7 +20,6 @@
*/
package org.apache.qpid.transport;
-import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -41,10 +40,10 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
+import org.apache.qpid.client.BrokerDetails;
import org.apache.qpid.codec.AMQDecoder;
import org.apache.qpid.codec.ClientDecoder;
import org.apache.qpid.framing.*;
-import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org