You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2015/01/31 13:02:44 UTC
svn commit: r1656188 - in /qpid/trunk/qpid/java:
amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/
amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/
amqp-1-0-client/src/main/java/org/apache/qpid/amqp_...
Author: rgodfrey
Date: Sat Jan 31 12:02:43 2015
New Revision: 1656188
URL: http://svn.apache.org/r1656188
Log:
QPID-6349 : [JMS AMQP 1.0 Client] Add ability to change the SSL enabled protocols used on the SSLSocket
Added:
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java (with props)
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvider.java
- copied, changed from r1655162, qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java
Removed:
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java
Modified:
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionImpl.java
qpid/trunk/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/Connection.java
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProviderFactory.java
qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TransportProvider.java
Modified: qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java Sat Jan 31 12:02:43 2015
@@ -40,6 +40,7 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
+import org.apache.qpid.amqp_1_0.client.SSLOptions;
import org.apache.qpid.amqp_1_0.client.SSLUtil;
import org.apache.qpid.amqp_1_0.jms.ConnectionFactory;
@@ -66,9 +67,15 @@ public class ConnectionFactoryImpl imple
private String _keyStoreCertAlias;
private String _trustStorePath;
private String _trustStorePassword;
+ private String _sslContextProtocol;
+ private String _sslContextProvider;
+ private String _sslEnabledProtocols;
+ private String _sslDisabledProtocols;
+
+
+
private SSLContext _sslContext;
- private String _sslProtocol;
- private String _sslProvider;
+ private SSLOptions _sslOptions;
public ConnectionFactoryImpl(final String host,
@@ -166,8 +173,9 @@ public class ConnectionFactoryImpl imple
_trustStorePath,_trustStorePassword,
KeyStore.getDefaultType(),
TrustManagerFactory.getDefaultAlgorithm(),
- _sslProtocol,
- _sslProvider);
+ _sslContextProtocol,
+ _sslContextProvider
+ );
if(username == null && _keyStoreCertAlias != null)
{
X509Certificate[] certs = SSLUtil.getClientCertificates(_keyStoreCertAlias,
@@ -202,6 +210,7 @@ public class ConnectionFactoryImpl imple
connection.setTopicPrefix(_topicPrefix);
connection.setUseBinaryMessageId(_useBinaryMessageId);
connection.setSyncPublish(_syncPublish);
+ connection.setSslOptions(_sslOptions);
if(_maxPrefetch != 0)
{
connection.setMaxPrefetch(_maxPrefetch);
@@ -224,14 +233,14 @@ public class ConnectionFactoryImpl imple
_keyStorePassword = keyStorePassword;
}
- public void setSslProtocol(final String sslProtocol)
+ public void setSslContextProtocol(final String sslContextProtocol)
{
- _sslProtocol = sslProtocol;
+ _sslContextProtocol = sslContextProtocol;
}
- public void setSslProvider(final String sslProvider)
+ public void setSslContextProvider(final String sslContextProvider)
{
- _sslProvider = sslProvider;
+ _sslContextProvider = sslContextProvider;
}
public void setKeyStoreCertAlias(final String keyStoreCertAlias)
@@ -266,8 +275,10 @@ public class ConnectionFactoryImpl imple
public String keyStorePath;
public String keyStorePassword;
public String keyStoreCertAlias;
- public String sslProvider;
- public String sslProtocol;
+ public String sslContextProvider;
+ public String sslContextProtocol;
+ public String sslEnabledProtocols;
+ public String sslDisabledProtocols;
}
@@ -405,18 +416,32 @@ public class ConnectionFactoryImpl imple
options.keyStoreCertAlias = value;
}
},
- new OptionSetter("ssl-provider","")
+ new OptionSetter("ssl-context-provider","")
+ {
+ public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
+ {
+ options.sslContextProvider = value;
+ }
+ },
+ new OptionSetter("ssl-context-protocol","")
{
public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
{
- options.sslProvider = value;
+ options.sslContextProtocol = value;
}
},
- new OptionSetter("ssl-protocol","")
+ new OptionSetter("ssl-enabled-protocols","")
{
public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
{
- options.sslProtocol = value;
+ options.sslEnabledProtocols = value;
+ }
+ },
+ new OptionSetter("ssl-disabled-protocols","")
+ {
+ public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
+ {
+ options.sslDisabledProtocols = value;
}
}
@@ -527,13 +552,21 @@ public class ConnectionFactoryImpl imple
{
connectionFactory.setTrustStorePassword(options.trustStorePassword);
}
- if (options.sslProvider != null)
+ if (options.sslContextProvider != null)
+ {
+ connectionFactory.setSslContextProvider(options.sslContextProvider);
+ }
+ if (options.sslContextProtocol != null)
{
- connectionFactory.setSslProvider(options.sslProvider);
+ connectionFactory.setSslContextProtocol(options.sslContextProtocol);
}
- if (options.sslProtocol != null)
+ if (options.sslEnabledProtocols != null)
{
- connectionFactory.setSslProtocol(options.sslProtocol);
+ connectionFactory.setSslEnabledProtocols(options.sslEnabledProtocols);
+ }
+ if (options.sslDisabledProtocols != null)
+ {
+ connectionFactory.setSslDisabledProtocols(options.sslDisabledProtocols);
}
return connectionFactory;
@@ -598,5 +631,160 @@ public class ConnectionFactoryImpl imple
_syncPublish = syncPublish;
}
+ public String getSslContextProvider()
+ {
+ return _sslContextProvider;
+ }
+
+ public String getSslContextProtocol()
+ {
+ return _sslContextProtocol;
+ }
+
+ public String getTrustStorePassword()
+ {
+ return _trustStorePassword;
+ }
+
+ public String getTrustStorePath()
+ {
+ return _trustStorePath;
+ }
+
+ public String getKeyStoreCertAlias()
+ {
+ return _keyStoreCertAlias;
+ }
+
+ public String getKeyStorePassword()
+ {
+ return _keyStorePassword;
+ }
+
+ public String getKeyStorePath()
+ {
+ return _keyStorePath;
+ }
+
+ public int getMaxPrefetch()
+ {
+ return _maxPrefetch;
+ }
+
+ public int getMaxSessions()
+ {
+ return _maxSessions;
+ }
+
+ public Boolean getSyncPublish()
+ {
+ return _syncPublish;
+ }
+
+ public boolean isUseBinaryMessageId()
+ {
+ return _useBinaryMessageId;
+ }
+
+ public boolean isSsl()
+ {
+ return _ssl;
+ }
+
+ public String getRemoteHost()
+ {
+ return _remoteHost;
+ }
+
+ public String getClientId()
+ {
+ return _clientId;
+ }
+
+ public String getPassword()
+ {
+ return _password;
+ }
+
+ public String getUsername()
+ {
+ return _username;
+ }
+
+ public int getPort()
+ {
+ return _port;
+ }
+
+ public String getHost()
+ {
+ return _host;
+ }
+
+ public String getProtocol()
+ {
+ return _protocol;
+ }
+
+ public void setHost(final String host)
+ {
+ _host = host;
+ }
+
+ public void setPort(final int port)
+ {
+ _port = port;
+ }
+
+ public void setUsername(final String username)
+ {
+ _username = username;
+ }
+
+ public void setPassword(final String password)
+ {
+ _password = password;
+ }
+
+ public void setClientId(final String clientId)
+ {
+ _clientId = clientId;
+ }
+ public void setRemoteHost(final String remoteHost)
+ {
+ _remoteHost = remoteHost;
+ }
+
+ public void setSsl(final boolean ssl)
+ {
+ _ssl = ssl;
+ }
+
+ public void setMaxSessions(final int maxSessions)
+ {
+ _maxSessions = maxSessions;
+ }
+
+ public String getSslEnabledProtocols()
+ {
+ return _sslEnabledProtocols;
+ }
+
+ public void setSslEnabledProtocols(final String sslEnabledProtocols)
+ {
+ _sslEnabledProtocols = sslEnabledProtocols;
+ _sslOptions = new SSLOptions(_sslEnabledProtocols, _sslDisabledProtocols);
+ }
+
+ public String getSslDisabledProtocols()
+ {
+ return _sslDisabledProtocols;
+ }
+
+ public void setSslDisabledProtocols(final String sslDisabledProtocols)
+ {
+ _sslDisabledProtocols = sslDisabledProtocols;
+ _sslOptions = new SSLOptions(_sslEnabledProtocols, _sslDisabledProtocols);
+ }
}
Modified: qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionImpl.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionImpl.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionImpl.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionImpl.java Sat Jan 31 12:02:43 2015
@@ -41,6 +41,7 @@ import javax.net.ssl.SSLContext;
import org.apache.qpid.amqp_1_0.client.ConnectionErrorException;
import org.apache.qpid.amqp_1_0.client.ConnectionException;
+import org.apache.qpid.amqp_1_0.client.SSLOptions;
import org.apache.qpid.amqp_1_0.jms.Connection;
import org.apache.qpid.amqp_1_0.jms.ConnectionMetaData;
import org.apache.qpid.amqp_1_0.jms.Session;
@@ -77,11 +78,7 @@ public class ConnectionImpl implements C
private Boolean _syncPublish;
private int _maxSessions;
private int _maxPrefetch;
-
- public void setMaxPrefetch(final int maxPrefetch)
- {
- _maxPrefetch = maxPrefetch;
- }
+ private SSLOptions _sslOptions;
private static enum State
{
@@ -175,6 +172,7 @@ public class ConnectionImpl implements C
{
_conn = new org.apache.qpid.amqp_1_0.client.Connection(_protocol, _host,
_port, _username, _password, container, _remoteHost, _sslContext,
+ _sslOptions,
_maxSessions - 1);
_conn.setConnectionErrorTask(new ConnectionErrorTask());
// TODO - retrieve negotiated AMQP version
@@ -674,6 +672,21 @@ public class ConnectionImpl implements C
return _syncPublish;
}
+ public void setMaxPrefetch(final int maxPrefetch)
+ {
+ _maxPrefetch = maxPrefetch;
+ }
+
+ public void setSslOptions(final SSLOptions sslOptions)
+ {
+ _sslOptions = sslOptions;
+ }
+
+ public SSLOptions getSslOptions()
+ {
+ return _sslOptions;
+ }
+
private class ConnectionErrorTask implements Runnable
{
Modified: qpid/trunk/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java Sat Jan 31 12:02:43 2015
@@ -33,6 +33,7 @@ import org.eclipse.jetty.websocket.WebSo
import org.eclipse.jetty.websocket.WebSocketClientFactory;
import org.apache.qpid.amqp_1_0.client.ConnectionException;
+import org.apache.qpid.amqp_1_0.client.SSLOptions;
import org.apache.qpid.amqp_1_0.client.SSLUtil;
import org.apache.qpid.amqp_1_0.client.TransportProvider;
import org.apache.qpid.amqp_1_0.codec.FrameWriter;
@@ -111,7 +112,9 @@ class WebSocketProvider implements Trans
public void connect(final ConnectionEndpoint conn,
final String address,
final int port,
- final SSLContext sslContext, final ExceptionHandler exceptionHandler) throws ConnectionException
+ final SSLContext sslContext,
+ final SSLOptions sslOptions,
+ final ExceptionHandler exceptionHandler) throws ConnectionException
{
try
Modified: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/Connection.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/Connection.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/Connection.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/Connection.java Sat Jan 31 12:02:43 2015
@@ -149,10 +149,26 @@ public class Connection implements Excep
final SSLContext sslContext,
final int channelMax) throws ConnectionException
{
+ this(protocol, address, port, username, password,container,remoteHost,sslContext,
+ null, channelMax);
+ }
+
+ public Connection(final String protocol,
+ final String address,
+ final int port,
+ final String username,
+ final String password,
+ final Container container,
+ final String remoteHost,
+ final SSLContext sslContext,
+ final SSLOptions sslOptions,
+ final int channelMax) throws ConnectionException
+ {
this(protocol, address, port, username, password, MAX_FRAME_SIZE,container,remoteHost,sslContext,
- channelMax);
+ sslOptions, channelMax);
}
+
public Connection(final String address,
final int port,
final String username,
@@ -163,7 +179,11 @@ public class Connection implements Excep
boolean ssl,
int channelMax) throws ConnectionException
{
- this(ssl?"amqp":"amqps",address,port,username,password,maxFrameSize,container,remoteHostname,getSslContext(ssl),channelMax);
+ this(ssl?"amqp":"amqps",address,port,username,password,maxFrameSize,container,
+ remoteHostname,
+ getSslContext(ssl),
+ null,
+ channelMax);
}
private static SSLContext getSslContext(final boolean ssl) throws ConnectionException
@@ -187,7 +207,7 @@ public class Connection implements Excep
final Container container,
final String remoteHostname,
SSLContext sslContext,
- int channelMax) throws ConnectionException
+ final SSLOptions sslOptions, int channelMax) throws ConnectionException
{
_address = address;
@@ -255,7 +275,7 @@ public class Connection implements Excep
TransportProvider transportProvider = getTransportProvider(protocol);
- transportProvider.connect(_conn,address,port, sslContext, this);
+ transportProvider.connect(_conn,address,port, sslContext, sslOptions, this);
try
Added: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java?rev=1656188&view=auto
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java (added)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java Sat Jan 31 12:02:43 2015
@@ -0,0 +1,79 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.amqp_1_0.client;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+public class SSLOptions
+{
+ private final List<String> _enabledProtocols;
+ private final List<String> _disabledProtocols;
+
+ public SSLOptions(String enabledProtocols, String disabledProtocols)
+ {
+ if(enabledProtocols == null)
+ {
+ enabledProtocols = System.getProperty("qpid.ssl.enabledProtocols");
+ }
+
+ if(disabledProtocols == null)
+ {
+ disabledProtocols = System.getProperty("qpid.ssl.disabledProtocols", SSLUtil.SSLV3_PROTOCOL);
+ }
+
+ if(enabledProtocols == null)
+ {
+ _enabledProtocols = null;
+ }
+ else
+ {
+ _enabledProtocols = Collections.unmodifiableList(Arrays.asList(enabledProtocols.split(",")));
+ }
+
+ if(disabledProtocols == null)
+ {
+ _disabledProtocols = null;
+ }
+ else
+ {
+ _disabledProtocols = Collections.unmodifiableList(Arrays.asList(disabledProtocols.split(",")));
+ }
+ }
+
+ public SSLOptions(final List<String> enabledProtocols, final List<String> disabledProtocols)
+ {
+ this._enabledProtocols = enabledProtocols == null ? Collections.<String>emptyList() : Collections.unmodifiableList(new ArrayList<>(enabledProtocols));
+ this._disabledProtocols = disabledProtocols == null ? Collections.<String>emptyList() : Collections.unmodifiableList(new ArrayList<>(disabledProtocols));
+ }
+
+ public List<String> getEnabledProtocols()
+ {
+ return _enabledProtocols;
+ }
+
+ public List<String> getDisabledProtocols()
+ {
+ return _disabledProtocols;
+ }
+}
Propchange: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLOptions.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java Sat Jan 31 12:02:43 2015
@@ -118,11 +118,12 @@ public class SSLUtil
return sslContext;
}
- private static SSLContext getSslContext(final String sslProtocol, final String sslProvider) throws NoSuchAlgorithmException
+ private static SSLContext getSslContext(final String sslProtocol,
+ final String sslProvider) throws NoSuchAlgorithmException
{
- final String sslProviderName = System.getProperty("qpid.ssl.provider", sslProvider);
- final String sslProtocolName = System.getProperty("qpid.ssl.protocol", sslProtocol);
+ final String sslProviderName = sslProvider != null ? sslProvider : System.getProperty("qpid.ssl.contextProvider");
+ final String sslProtocolName = sslProtocol != null ? sslProtocol : System.getProperty("qpid.ssl.contextProtocol", TRANSPORT_LAYER_SECURITY_CODE);
SSLContext sslContext = null;
if(sslProviderName != null && sslProtocolName != null)
Copied: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvider.java (from r1655162, qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvider.java?p2=qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvider.java&p1=qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java&r1=1655162&r2=1656188&rev=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvider.java Sat Jan 31 12:02:43 2015
@@ -26,6 +26,10 @@ import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -40,7 +44,7 @@ import org.apache.qpid.amqp_1_0.transpor
import org.apache.qpid.amqp_1_0.type.FrameBody;
import org.apache.qpid.amqp_1_0.type.SaslFrameBody;
-class TCPTransportProvier implements TransportProvider
+class TCPTransportProvider implements TransportProvider
{
private static final Logger RAW_LOGGER = Logger.getLogger("RAW");
@@ -57,7 +61,7 @@ class TCPTransportProvier implements Tra
private long _readIdleTimeout = Long.getLong("qpid.connection_read_idle_timeout", -1L);
private final AtomicLong _threadNameIndex = new AtomicLong();
- public TCPTransportProvier(final String transport)
+ public TCPTransportProvider(final String transport)
{
_transport = transport;
}
@@ -67,7 +71,7 @@ class TCPTransportProvier implements Tra
final String address,
final int port,
final SSLContext sslContext,
- final ExceptionHandler exceptionHandler) throws ConnectionException
+ final SSLOptions sslOptions, final ExceptionHandler exceptionHandler) throws ConnectionException
{
try
{
@@ -75,7 +79,30 @@ class TCPTransportProvier implements Tra
{
final SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(address, port);
- SSLUtil.removeSSLv3Support(sslSocket);
+ if(sslOptions == null)
+ {
+ SSLUtil.removeSSLv3Support(sslSocket);
+ }
+ else
+ {
+ final List<String> enabledProtocols = sslOptions.getEnabledProtocols();
+ final List<String> disabledProtocols = sslOptions.getDisabledProtocols();
+
+ if(enabledProtocols != null && !enabledProtocols.isEmpty())
+ {
+ final Set<String> supportedSuites =
+ new HashSet<>(Arrays.asList(sslSocket.getSupportedProtocols()));
+ supportedSuites.retainAll(enabledProtocols);
+ sslSocket.setEnabledProtocols(supportedSuites.toArray(new String[supportedSuites.size()]));
+ }
+
+ if(disabledProtocols != null && !disabledProtocols.isEmpty())
+ {
+ final Set<String> enabledSuites = new HashSet<>(Arrays.asList(sslSocket.getEnabledProtocols()));
+ enabledSuites.removeAll(disabledProtocols);
+ sslSocket.setEnabledProtocols(enabledSuites.toArray(new String[enabledSuites.size()]));
+ }
+ }
sslSocket.startHandshake();
conn.setExternalPrincipal(sslSocket.getSession().getLocalPrincipal());
_socket=sslSocket;
Modified: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProviderFactory.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProviderFactory.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProviderFactory.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProviderFactory.java Sat Jan 31 12:02:43 2015
@@ -34,6 +34,6 @@ public class TCPTransportProviderFactory
@Override
public TransportProvider getProvider(final String transport)
{
- return new TCPTransportProvier(transport);
+ return new TCPTransportProvider(transport);
}
}
Modified: qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TransportProvider.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TransportProvider.java?rev=1656188&r1=1656187&r2=1656188&view=diff
==============================================================================
--- qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TransportProvider.java (original)
+++ qpid/trunk/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TransportProvider.java Sat Jan 31 12:02:43 2015
@@ -31,6 +31,7 @@ public interface TransportProvider
String address,
int port,
SSLContext sslContext,
+ final SSLOptions sslOptions,
ExceptionHandler exceptionHandler) throws ConnectionException;
void close();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org