You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2019/05/10 20:11:23 UTC
[qpid-jms-amqp-0-x] branch 6.3.x updated: QPID-8255: [JMS AMQ 0-x] Stop using non-ASCII characters in internal passwords

This is an automated email from the ASF dual-hosted git repository.

orudyy pushed a commit to branch 6.3.x
in repository https://gitbox.apache.org/repos/asf/qpid-jms-amqp-0-x.git


The following commit(s) were added to refs/heads/6.3.x by this push:
     new a8672ab  QPID-8255: [JMS AMQ 0-x] Stop using non-ASCII characters in internal passwords
a8672ab is described below

commit a8672ab66e8885532c19bae6943c3f833840015d
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Fri May 10 20:50:55 2019 +0100

    QPID-8255: [JMS AMQ 0-x] Stop using non-ASCII characters in internal passwords
    
    (cherry picked from commit 5ec0a566a465f7e249d750157b68c99b7789c490)
---
 .../apache/qpid/transport/ConnectionSettings.java  | 23 ++++++++--------------
 .../main/java/org/apache/qpid/util/Strings.java    | 17 ++++++++++++++++
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/client/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/client/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
index b8e9737..16021e4 100644
--- a/client/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
+++ b/client/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
@@ -20,32 +20,29 @@
  */
 package org.apache.qpid.transport;
 
-import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_HEARTBEAT_DELAY;
-import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_HEARTBEAT_TIMEOUT_FACTOR;
-import static org.apache.qpid.transport.LegacyClientProperties.IDLE_TIMEOUT_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.QPID_HEARTBEAT_INTERVAL;
 import static org.apache.qpid.configuration.ClientProperties.QPID_HEARTBEAT_INTERVAL_010_DEFAULT;
 import static org.apache.qpid.configuration.ClientProperties.QPID_HEARTBEAT_TIMEOUT_FACTOR;
 import static org.apache.qpid.configuration.ClientProperties.QPID_HEARTBEAT_TIMEOUT_FACTOR_DEFAULT;
-import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_TCP_NODELAY_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME;
-import static org.apache.qpid.transport.LegacyClientProperties.QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME;
-import static org.apache.qpid.transport.LegacyClientProperties.QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.QPID_TCP_NODELAY_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.RECEIVE_BUFFER_SIZE_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.SEND_BUFFER_SIZE_PROP_NAME;
+import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_HEARTBEAT_DELAY;
+import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_HEARTBEAT_TIMEOUT_FACTOR;
+import static org.apache.qpid.transport.LegacyClientProperties.AMQJ_TCP_NODELAY_PROP_NAME;
+import static org.apache.qpid.transport.LegacyClientProperties.IDLE_TIMEOUT_PROP_NAME;
 import static org.apache.qpid.transport.LegacyClientProperties.LEGACY_RECEIVE_BUFFER_SIZE_PROP_NAME;
 import static org.apache.qpid.transport.LegacyClientProperties.LEGACY_SEND_BUFFER_SIZE_PROP_NAME;
+import static org.apache.qpid.transport.LegacyClientProperties.QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME;
+import static org.apache.qpid.transport.LegacyClientProperties.QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME;
 
 import java.io.FileInputStream;
 import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
-import java.security.SecureRandom;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -62,6 +59,7 @@ import org.apache.qpid.configuration.QpidProperty;
 import org.apache.qpid.ssl.SSLContextFactory;
 import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
 import org.apache.qpid.transport.network.security.ssl.SSLUtil;
+import org.apache.qpid.util.Strings;
 
 
 /**
@@ -74,8 +72,6 @@ public class ConnectionSettings
 {
     public static final String WILDCARD_ADDRESS = "*";
 
-    private static final SecureRandom RANDOM = new SecureRandom();
-
     private String _transport = "tcp";
     private String host = "localhost";
     private String vhost;
@@ -658,10 +654,7 @@ public class ConnectionSettings
             java.security.KeyStore inMemoryKeyStore =
                     java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
 
-            byte[] bytes = new byte[64];
-            char[] chars = new char[64];
-            RANDOM.nextBytes(bytes);
-            StandardCharsets.US_ASCII.decode(ByteBuffer.wrap(bytes)).get(chars);
+            char[] chars = Strings.randomAlphaNumericString(64).toCharArray();
             inMemoryKeyStore.load(null, chars);
             inMemoryKeyStore.setKeyEntry("1", privateKey, chars, certs);
 
diff --git a/client/src/main/java/org/apache/qpid/util/Strings.java b/client/src/main/java/org/apache/qpid/util/Strings.java
index b491d0d..d4d587d 100644
--- a/client/src/main/java/org/apache/qpid/util/Strings.java
+++ b/client/src/main/java/org/apache/qpid/util/Strings.java
@@ -28,6 +28,7 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Random;
 import java.util.Set;
 import java.util.Stack;
 import java.util.regex.Matcher;
@@ -41,10 +42,26 @@ import java.util.regex.Pattern;
 
 public final class Strings
 {
+    private static final String NUMBERS = "0123456789";
+    private static final String LETTERS = "abcdefghijklmnopqrstuvwxwy";
+    private static final String OTHERS = "_-";
+    private static final char[] CHARACTERS = (NUMBERS + LETTERS + LETTERS.toUpperCase() + OTHERS).toCharArray();
+    private static final Random RANDOM = new Random();
+
     private Strings()
     {
     }
 
+    public static String randomAlphaNumericString(int maxLength)
+    {
+        char[] result = new char[maxLength];
+        for (int i = 0; i < maxLength; i++)
+        {
+            result[i] = CHARACTERS[RANDOM.nextInt(CHARACTERS.length)];
+        }
+        return new String(result);
+    }
+
     private static final byte[] EMPTY = new byte[0];
 
     private static final ThreadLocal<char[]> charbuf = new ThreadLocal<char[]>()


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org