diff options
| author | Rajith Muditha Attapattu <rajith@apache.org> | 2010-03-19 15:56:03 +0000 |
|---|---|---|
| committer | Rajith Muditha Attapattu <rajith@apache.org> | 2010-03-19 15:56:03 +0000 |
| commit | d6de561675087e8b1a6978d82569467c4aeff398 (patch) | |
| tree | 6057b2e481b9217c843887471077a478c714b2ba | |
| parent | 03f0284987ba1429996911ddb7dd260b7f10b29e (diff) | |
| download | qpid-python-d6de561675087e8b1a6978d82569467c4aeff398.tar.gz | |
Added support for QPID-2444 QPID-2446
1. You could specify ssl_verify_hostname as a Broker argument in the Connection URL to explicitly enable SSL hostname verification.
2. You could specify a per connection trust store and key store to allow each connection to use it's own client certificate.
trust_store,trust_store_passowrd, key_store, key_store_password could be specified as Broker arguments in the Connection URL.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@925289 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java | 121 | ||||
| -rw-r--r-- | java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java | 8 |
2 files changed, 91 insertions, 38 deletions
diff --git a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java index 5ad297580e..9bded39af4 100644 --- a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java +++ b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java @@ -157,45 +157,9 @@ public class AMQConnectionDelegate_0_10 implements AMQConnectionDelegate, Connec + _conn.getPassword()); } - String saslMechs = brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_MECHS) != null ? - brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_MECHS): - System.getProperty("qpid.sasl_mechs", "PLAIN"); - - // Sun SASL Kerberos client uses the - // protocol + servername as the service key. - String protocol = brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_PROTOCOL_NAME) != null ? - brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_PROTOCOL_NAME): - System.getProperty("qpid.sasl_protocol", "AMQP"); - - String saslServerName = brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_SERVER_NAME) != null ? - brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_SERVER_NAME): - System.getProperty("qpid.sasl_server_name", "localhost"); - - boolean useSSL = brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SSL); - - boolean useSASLEncryption = brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SASL_ENCRYPTION)? - brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SASL_ENCRYPTION): - Boolean.getBoolean("qpid.sasl_encryption"); - - boolean useTcpNodelay = brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_TCP_NO_DELAY)? - brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_TCP_NO_DELAY): - Boolean.getBoolean("amqj.tcp_nodelay"); - - ConnectionSettings conSettings = new ConnectionSettings(); - conSettings.setHost(brokerDetail.getHost()); - conSettings.setPort(brokerDetail.getPort()); - conSettings.setVhost(_conn.getVirtualHost()); - conSettings.setUsername(_conn.getUsername()); - conSettings.setPassword(_conn.getPassword()); - conSettings.setUseSASLEncryption(useSASLEncryption); - conSettings.setUseSSL(useSSL); - conSettings.setSaslMechs(saslMechs); - conSettings.setTcpNodelay(useTcpNodelay); - conSettings.setSaslProtocol(protocol); - conSettings.setSaslServerName(saslServerName); - conSettings.setHeartbeatInterval(getHeartbeatInterval(brokerDetail)); - + retriveConnectionSettings(conSettings,brokerDetail); + _qpidConnection.connect(conSettings); _conn._connected = true; @@ -328,6 +292,87 @@ public class AMQConnectionDelegate_0_10 implements AMQConnectionDelegate, Connec return ProtocolVersion.v0_10; } + private void retriveConnectionSettings(ConnectionSettings conSettings, BrokerDetails brokerDetail) + { + + conSettings.setHost(brokerDetail.getHost()); + conSettings.setPort(brokerDetail.getPort()); + conSettings.setVhost(_conn.getVirtualHost()); + conSettings.setUsername(_conn.getUsername()); + conSettings.setPassword(_conn.getPassword()); + + // ------------ sasl options --------------- + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_MECHS) != null) + { + conSettings.setSaslMechs( + brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_MECHS)); + } + + // Sun SASL Kerberos client uses the + // protocol + servername as the service key. + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_PROTOCOL_NAME) != null) + { + conSettings.setSaslProtocol( + brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_PROTOCOL_NAME)); + } + + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_SERVER_NAME) != null) + { + conSettings.setSaslServerName( + brokerDetail.getProperty(BrokerDetails.OPTIONS_SASL_SERVER_NAME)); + } + + conSettings.setUseSASLEncryption( + brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SASL_ENCRYPTION)); + + // ------------- ssl options --------------------- + conSettings.setUseSSL(brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SSL)); + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_TRUST_STORE) != null) + { + conSettings.setTrustStorePath( + brokerDetail.getProperty(BrokerDetails.OPTIONS_TRUST_STORE)); + } + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_TRUST_STORE_PASSWORD) != null) + { + conSettings.setTrustStorePassword( + brokerDetail.getProperty(BrokerDetails.OPTIONS_TRUST_STORE_PASSWORD)); + } + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_KEY_STORE) != null) + { + conSettings.setKeyStorePath( + brokerDetail.getProperty(BrokerDetails.OPTIONS_KEY_STORE)); + } + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_KEY_STORE_PASSWORD) != null) + { + conSettings.setKeyStorePassword( + brokerDetail.getProperty(BrokerDetails.OPTIONS_KEY_STORE_PASSWORD)); + } + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_SSL_CERT_ALIAS) != null) + { + conSettings.setCertAlias( + brokerDetail.getProperty(BrokerDetails.OPTIONS_SSL_CERT_ALIAS)); + } + // ---------------------------- + + conSettings.setVerifyHostname(brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME)); + + + if (brokerDetail.getProperty(BrokerDetails.OPTIONS_TCP_NO_DELAY) != null) + { + conSettings.setTcpNodelay( + brokerDetail.getBooleanProperty(BrokerDetails.OPTIONS_TCP_NO_DELAY)); + } + + conSettings.setHeartbeatInterval(getHeartbeatInterval(brokerDetail)); + } + // The idle_timeout prop is in milisecs while // the new heartbeat prop is in secs private int getHeartbeatInterval(BrokerDetails brokerDetail) diff --git a/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java b/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java index c09472fcad..6d81f728c9 100644 --- a/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java +++ b/java/client/src/main/java/org/apache/qpid/jms/BrokerDetails.java @@ -42,6 +42,14 @@ public interface BrokerDetails public static final String OPTIONS_TCP_NO_DELAY = "tcp_nodelay"; public static final String OPTIONS_SASL_PROTOCOL_NAME = "sasl_protocol"; public static final String OPTIONS_SASL_SERVER_NAME = "sasl_server"; + + public static final String OPTIONS_TRUST_STORE = "trust_store"; + public static final String OPTIONS_TRUST_STORE_PASSWORD = "trust_store_password"; + public static final String OPTIONS_KEY_STORE = "key_store"; + public static final String OPTIONS_KEY_STORE_PASSWORD = "key_store_password"; + public static final String OPTIONS_SSL_VERIFY_HOSTNAME = "ssl_verify_hostname"; + public static final String OPTIONS_SSL_CERT_ALIAS = "ssl_cert_alias"; + public static final int DEFAULT_PORT = 5672; public static final String SOCKET = "socket"; |