QPID-3973 : [Java] Add support for non JKS key store types (patch supplied by jsightle@redhat.com)

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1340191 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2012-05-18 17:54:23 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2012-05-18 17:54:23 +0000
commit: 56e8a86b4100b11d8f11a403b1c53fed201d1814 (patch)
tree: e4dfab4c13913e7c923275bdc20be19c62a38d5d /java/common/src/main
parent: b7c76de3585d549ffbdf80ee20eea555489b62b2 (diff)
download: qpid-python-56e8a86b4100b11d8f11a403b1c53fed201d1814.tar.gz
5 files changed, 48 insertions, 20 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
index c9ff180c54..b2967bb0bb 100644
--- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
@@ -39,7 +39,6 @@ import java.security.KeyStore;
  */
 public class SSLContextFactory
 {
-    public static final String JAVA_KEY_STORE_CODE = "JKS";
     public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
 
     private SSLContextFactory()
@@ -48,28 +47,32 @@ public class SSLContextFactory
     }
 
     public static SSLContext buildServerContext(final String keyStorePath,
-            final String keyStorePassword, final String keyManagerFactoryAlgorithm)
+            final String keyStorePassword, final String keyStoreType,
+            final String keyManagerFactoryAlgorithm)
             throws GeneralSecurityException, IOException
     {
-        return buildContext(null, null, null, keyStorePath, keyStorePassword,
+        return buildContext(null, null, null, null, keyStorePath, keyStorePassword, keyStoreType,
                 keyManagerFactoryAlgorithm, null);
     }
 
     public static SSLContext buildClientContext(final String trustStorePath,
-            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
-            final String keyStorePath, final String keyStorePassword,
+            final String trustStorePassword, final String trustStoreType,
+            final String trustManagerFactoryAlgorithm, final String keyStorePath, 
+            final String keyStorePassword, final String keyStoreType, 
             final String keyManagerFactoryAlgorithm, final String certAlias)
             throws GeneralSecurityException, IOException
     {
-        return buildContext(trustStorePath, trustStorePassword,
-                trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword,
+        return buildContext(trustStorePath, trustStorePassword, trustStoreType,
+                trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword, keyStoreType,
                 keyManagerFactoryAlgorithm, certAlias);
     }
     
     private static SSLContext buildContext(final String trustStorePath,
-            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
-            final String keyStorePath, final String keyStorePassword,
-            final String keyManagerFactoryAlgorithm, final String certAlias)
+            final String trustStorePassword, final String trustStoreType,
+            final String trustManagerFactoryAlgorithm,
+            final String keyStorePath, final String keyStorePassword, 
+            final String keyStoreType, final String keyManagerFactoryAlgorithm,
+            final String certAlias)
             throws GeneralSecurityException, IOException
     {
         // Initialize the SSLContext to work with our key managers.
@@ -82,7 +85,7 @@ public class SSLContextFactory
         if (trustStorePath != null)
         {
             final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
-                    trustStorePassword);
+                    trustStorePassword, trustStoreType);
             final TrustManagerFactory tmf = TrustManagerFactory
                     .getInstance(trustManagerFactoryAlgorithm);
             tmf.init(ts);
@@ -99,13 +102,13 @@ public class SSLContextFactory
             if (certAlias != null)
             {
                 keyManagers = new KeyManager[] { new QpidClientX509KeyManager(
-                        certAlias, keyStorePath, keyStorePassword,
+                        certAlias, keyStorePath, keyStoreType, keyStorePassword,
                         keyManagerFactoryAlgorithm) };
             }
             else
             {
                 final KeyStore ks = SSLUtil.getInitializedKeyStore(
-                        keyStorePath, keyStorePassword);
+                        keyStorePath, keyStorePassword, keyStoreType);
 
                 char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray();
                 // Set up key manager factory to use our key store
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
index 084428d182..c90a11594c 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
@@ -31,6 +31,7 @@ import static org.apache.qpid.configuration.ClientProperties.SEND_BUFFER_SIZE_PR
 import static org.apache.qpid.configuration.ClientProperties.LEGACY_RECEIVE_BUFFER_SIZE_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.LEGACY_SEND_BUFFER_SIZE_PROP_NAME;
 
+import java.security.KeyStore;
 import java.util.Map;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -67,10 +68,12 @@ public class ConnectionSettings
     private boolean useSSL;
     private String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
     private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
+    private String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType",KeyStore.getDefaultType());
     private String keyManagerFactoryAlgorithm = QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(), QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get();
     private String trustManagerFactoryAlgorithm = QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(), QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get();
-    private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");;
-    private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");;
+    private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
+    private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+    private String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType",KeyStore.getDefaultType());
     private String certAlias;
     private boolean verifyHostname;
     
@@ -262,6 +265,16 @@ public class ConnectionSettings
         this.keyStorePassword = keyStorePassword;
     }
 
+    public void setKeyStoreType(String keyStoreType)
+    {
+        this.keyStoreType = keyStoreType;
+    }
+
+    public String getKeyStoreType()
+    {
+        return keyStoreType;
+    }
+
     public String getTrustStorePath()
     {
         return trustStorePath;
@@ -322,6 +335,16 @@ public class ConnectionSettings
         this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
     }
 
+    public String getTrustStoreType()
+    {
+        return trustStoreType;
+    }
+
+    public void setTrustStoreType(String trustStoreType)
+    {
+        this.trustStoreType = trustStoreType;
+    }
+
     public int getReadBufferSize()
     {
         return readBufferSize;
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
index 442800c529..478355edc1 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
@@ -78,9 +78,11 @@ public class SecurityLayerFactory
                 sslCtx = SSLContextFactory
                         .buildClientContext(settings.getTrustStorePath(),
                                 settings.getTrustStorePassword(),
+                                settings.getTrustStoreType(),
                                 settings.getTrustManagerFactoryAlgorithm(),
                                 settings.getKeyStorePath(),
                                 settings.getKeyStorePassword(),
+                                settings.getKeyStoreType(),
                                 settings.getKeyManagerFactoryAlgorithm(),
                                 settings.getCertAlias());
             }
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
index 3ab028c8a8..0dccf37979 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
@@ -40,11 +40,11 @@ public class QpidClientX509KeyManager extends X509ExtendedKeyManager
     private X509ExtendedKeyManager delegate;
     private String alias;
     
-    public QpidClientX509KeyManager(String alias, String keyStorePath,
+    public QpidClientX509KeyManager(String alias, String keyStorePath, String keyStoreType,
                            String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
     {
         this.alias = alias;    
-        KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword);
+        KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword,keyStoreType);
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
         kmf.init(ks, keyStorePassword.toCharArray());
         this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index 71a73db71f..ce7cc105a1 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -125,9 +125,9 @@ public class SSLUtil
         return id.toString();
     }
     
-    public static KeyStore getInitializedKeyStore(String storePath, String storePassword) throws GeneralSecurityException, IOException
+    public static KeyStore getInitializedKeyStore(String storePath, String storePassword, String keyStoreType) throws GeneralSecurityException, IOException
     {
-        KeyStore ks = KeyStore.getInstance("JKS");
+        KeyStore ks = KeyStore.getInstance(keyStoreType);
         InputStream in = null;
         try
         {
@@ -140,7 +140,7 @@ public class SSLUtil
             {
                 in = Thread.currentThread().getContextClassLoader().getResourceAsStream(storePath);
             }
-            if (in == null)
+            if (in == null && !"PKCS11".equalsIgnoreCase(keyStoreType)) // PKCS11 will not require an explicit path
             {
                 throw new IOException("Unable to load keystore resource: " + storePath);
             }
author	Robert Godfrey <rgodfrey@apache.org>	2012-05-18 17:54:23 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2012-05-18 17:54:23 +0000
commit	56e8a86b4100b11d8f11a403b1c53fed201d1814 (patch)
tree	e4dfab4c13913e7c923275bdc20be19c62a38d5d /java/common/src/main
parent	b7c76de3585d549ffbdf80ee20eea555489b62b2 (diff)
download	qpid-python-56e8a86b4100b11d8f11a403b1c53fed201d1814.tar.gz