You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org> on 2010/01/21 17:31:54 UTC

[jira] Updated: (QPID-2352) Add SASL encryption support for Java client

     [ https://issues.apache.org/jira/browse/QPID-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajith Attapattu updated QPID-2352:
-----------------------------------

    Attachment: QPID-2352.patch

The attached patch contains the code required to do SASL encryption.
Setting "auth-conf" for Sasl.QOP results in the negotiation of a security strength factor (ssf) of 56.
You need to set sasl_encryption=true as a broker property in the Connection URL or set the following system property -Dqpid.sasl_encryption=true

The code is not fully functional as the c++ broker throws the following exception when it encounters the first encrypted packet from the Java client.
Further investigation is needed to debug the issue.

2010-01-21 11:25:26 info Installing security layer,  SSF: 56
2010-01-21 11:25:26 trace SENT [127.0.0.1:41523]: Frame[BEbe; channel=0; {ConnectionOpenOkBody: known-hosts=str16{V2:49:str16(amqp:tcp:192.168.1.103:5672,tcp:10.3.233.203:5672)}; }]
2010-01-21 11:25:26 debug Exception constructed: SASL decode error: SASL(-1): generic failure: Unable to find a callback: 32775 (qpid/sys/cyrus/CyrusSecurityLayer.cpp:50)
2010-01-21 11:25:26 error internal-error: SASL decode error: SASL(-1): generic failure: Unable to find a callback: 32775 (qpid/sys/cyrus/CyrusSecurityLayer.cpp:50)


> Add SASL encryption support for Java client
> -------------------------------------------
>
>                 Key: QPID-2352
>                 URL: https://issues.apache.org/jira/browse/QPID-2352
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: 0.7
>
>         Attachments: QPID-2352.patch
>
>
> Currently the c++ broker supports SASL based encryption as an alternative for SSL.
> The Java client needs to add support for negotiating a security layer with integrity and confidentially support and then use the negotiated SASL security layer to  encode and decode AMQP frames.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org