Applied QPID-6 SSL Options patch from Kevin Smith

git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@507584 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 48 insertions, 36 deletions

diff --git a/java/broker/src/main/java/org/apache/qpid/server/Main.java b/java/broker/src/main/java/org/apache/qpid/server/Main.java
index 55009bbf49..37ac7b8b44 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/Main.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/Main.java
@@ -327,7 +327,7 @@ public class Main implements ProtocolVersionList
                 sconfig.setThreadModel(ReadWriteThreadModel.getInstance());
             }
 
-            if (connectorConfig.enableNonSSL)
+            if (!connectorConfig.enableSSL)
             {
                 AMQPFastProtocolHandler handler = new AMQPProtocolProvider().getHandler();
                 InetSocketAddress bindAddress;
@@ -343,10 +343,9 @@ public class Main implements ProtocolVersionList
                 _logger.info("Qpid.AMQP listening on non-SSL address " + bindAddress);
             }
 
-            if (connectorConfig.enableSSL)
+            else
             {
                 AMQPFastProtocolHandler handler = new AMQPProtocolProvider().getHandler();
-                handler.setUseSSL(true);
                 try
                 {
                     acceptor.bind(new InetSocketAddress(connectorConfig.sslPort),
diff --git a/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java b/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
index d7e6af0c29..76a293c161 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
@@ -20,15 +20,8 @@
  */
 package org.apache.qpid.server.protocol;
 
-import org.apache.qpid.AMQException;
-import org.apache.qpid.codec.AMQCodecFactory;
-import org.apache.qpid.framing.*;
-import org.apache.qpid.server.exchange.ExchangeRegistry;
-import org.apache.qpid.server.queue.QueueRegistry;
-import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.registry.IApplicationRegistry;
-import org.apache.qpid.server.transport.ConnectorConfiguration;
-import org.apache.qpid.ssl.BogusSSLContextFactory;
+import java.io.IOException;
+
 import org.apache.log4j.Logger;
 import org.apache.mina.common.ByteBuffer;
 import org.apache.mina.common.IdleStatus;
@@ -37,8 +30,19 @@ import org.apache.mina.common.IoSession;
 import org.apache.mina.filter.SSLFilter;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
 import org.apache.mina.util.SessionUtil;
-
-import java.io.IOException;
+import org.apache.qpid.AMQException;
+import org.apache.qpid.codec.AMQCodecFactory;
+import org.apache.qpid.framing.AMQDataBlock;
+import org.apache.qpid.framing.AMQProtocolHeaderException;
+import org.apache.qpid.framing.AMQShortString;
+import org.apache.qpid.framing.ConnectionCloseBody;
+import org.apache.qpid.framing.HeartbeatBody;
+import org.apache.qpid.framing.ProtocolInitiation;
+import org.apache.qpid.framing.ProtocolVersionList;
+import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.registry.IApplicationRegistry;
+import org.apache.qpid.server.transport.ConnectorConfiguration;
+import org.apache.qpid.ssl.SSLContextFactory;
 
 
 /**
@@ -56,17 +60,14 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter implements Protoco
     private final IApplicationRegistry _applicationRegistry;
 
 
-    private boolean _useSSL;
-
     public AMQPFastProtocolHandler(Integer applicationRegistryInstance)
     {
-        this(ApplicationRegistry.getInstance(applicationRegistryInstance));
+    	this(ApplicationRegistry.getInstance(applicationRegistryInstance));
     }
 
     public AMQPFastProtocolHandler(IApplicationRegistry applicationRegistry)
     {
         _applicationRegistry = applicationRegistry;
-
         _logger.debug("AMQPFastProtocolHandler created");
     }
 
@@ -89,16 +90,30 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter implements Protoco
                 getConfiguredObject(ConnectorConfiguration.class);
         if (connectorConfig.enableExecutorPool)
         {
-            if (_useSSL)
+            if (connectorConfig.enableSSL)
             {
+            	String keystorePath = connectorConfig.keystorePath;
+            	String keystorePassword = connectorConfig.keystorePassword;
+            	String certType = connectorConfig.certType;
+            	SSLContextFactory sslContextFactory = new SSLContextFactory(keystorePath, keystorePassword, certType);
                 protocolSession.getFilterChain().addAfter("AsynchronousReadFilter", "sslFilter",
-                                                          new SSLFilter(BogusSSLContextFactory.getInstance(true)));
+                                                          new SSLFilter(sslContextFactory.buildServerContext()));
             }
             protocolSession.getFilterChain().addBefore("AsynchronousWriteFilter", "protocolFilter", pcf);
         }
         else
         {
-            protocolSession.getFilterChain().addLast("protocolFilter", pcf);
+        	protocolSession.getFilterChain().addLast("protocolFilter", pcf);
+            if (connectorConfig.enableSSL)
+            {
+            	String keystorePath = connectorConfig.keystorePath;
+            	String keystorePassword = connectorConfig.keystorePassword;
+            	String certType = connectorConfig.certType;
+            	SSLContextFactory sslContextFactory = new SSLContextFactory(keystorePath, keystorePassword, certType);
+                protocolSession.getFilterChain().addBefore("protocolFilter", "sslFilter",
+                                                          new SSLFilter(sslContextFactory.buildServerContext()));
+            }        	
+            
         }
     }
 
@@ -216,14 +231,4 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter implements Protoco
             _logger.debug("Message sent: " + object);
         }
     }
-
-    public boolean isUseSSL()
-    {
-        return _useSSL;
-    }
-
-    public void setUseSSL(boolean useSSL)
-    {
-        _useSSL = useSSL;
-    }
 }
diff --git a/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
index ac164f0cab..12489ad70e 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
@@ -70,13 +70,21 @@ public class ConnectorConfiguration
                 defaultValue = "false")
     public boolean enableDirectBuffers;
 
-    @Configured(path = "connector.ssl",
+    @Configured(path = "connector.ssl.enabled",
                 defaultValue = "false")
     public boolean enableSSL;
-
-    @Configured(path = "connector.nonssl",
-                defaultValue = "true")
-    public boolean enableNonSSL;
+    
+    @Configured(path = "connector.ssl.keystorePath",
+    			defaultValue = "none")
+    public String keystorePath;
+    
+    @Configured(path = "connector.ssl.keystorePassword",
+    			defaultValue = "none")
+    public String keystorePassword;
+    
+    @Configured(path = "connector.ssl.certType",
+    			defaultValue = "SunX509")
+    public String certType;
 
     public IoAcceptor createAcceptor()
     {