diff options
| author | Martin Ritchie <ritchiem@apache.org> | 2007-02-14 15:40:47 +0000 |
|---|---|---|
| committer | Martin Ritchie <ritchiem@apache.org> | 2007-02-14 15:40:47 +0000 |
| commit | c206a9ed35ac489ffc86b47fb6c8df69266a73fa (patch) | |
| tree | 2f657e59ffa3072817b1820d5672dc7480222c09 /java/common/src | |
| parent | 80e9cae3e7fd6bb8216c0b0ddf74a51c48784814 (diff) | |
| download | qpid-python-c206a9ed35ac489ffc86b47fb6c8df69266a73fa.tar.gz | |
Applied QPID-6 SSL Options patch from Kevin Smith
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@507584 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/common/src')
5 files changed, 157 insertions, 487 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/BogusSSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/BogusSSLContextFactory.java deleted file mode 100644 index fee02c9d93..0000000000 --- a/java/common/src/main/java/org/apache/qpid/ssl/BogusSSLContextFactory.java +++ /dev/null @@ -1,159 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.ssl; - -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -/** - * Factory to create a bogus SSLContext. This means that it is easy to test SSL but this - * cannot be used in a production environment. - * <p/> - * This is based on the sample that comes with MINA, written by Trustin Lee - */ -public class BogusSSLContextFactory -{ - /** - * Protocol to use. - */ - private static final String PROTOCOL = "TLS"; - - /** - * Bougus Server certificate keystore file name. - */ - private static final String BOGUS_KEYSTORE = "qpid.cert"; - - // NOTE: The keystore was generated using keytool: - // keytool -genkey -alias qpid -keysize 512 -validity 3650 - // -keyalg RSA -dname "CN=amqp.org" -keypass qpidpw - // -storepass qpidpw -keystore qpid.cert - - private static final char[] BOGUS_KEYSTORE_PASSWORD = {'q', 'p', 'i', 'd', 'p', 'w'}; - - private static SSLContext serverInstance = null; - - private static SSLContext clientInstance = null; - - /** - * Get SSLContext singleton. - * - * @return SSLContext - * @throws java.security.GeneralSecurityException - */ - public static SSLContext getInstance(boolean server) - throws GeneralSecurityException - { - SSLContext retInstance; - if (server) - { - // FIXME: looks like double-checking locking - if (serverInstance == null) - { - synchronized (BogusSSLContextFactory.class) - { - if (serverInstance == null) - { - try - { - serverInstance = createBougusServerSSLContext(); - } - catch (Exception ioe) - { - throw new GeneralSecurityException( - "Can't create Server SSLContext:" + ioe); - } - } - } - } - retInstance = serverInstance; - } - else - { - // FIXME: looks like double-checking locking - if (clientInstance == null) - { - synchronized (BogusSSLContextFactory.class) - { - if (clientInstance == null) - { - clientInstance = createBougusClientSSLContext(); - } - } - } - retInstance = clientInstance; - } - return retInstance; - } - - private static SSLContext createBougusServerSSLContext() - throws GeneralSecurityException, IOException - { - // Create keystore - KeyStore ks = KeyStore.getInstance("JKS"); - InputStream in = null; - try - { - in = BogusSSLContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE); - if (in == null) - { - throw new IOException("Unable to load keystore resource: " + BOGUS_KEYSTORE); - } - ks.load(in, BOGUS_KEYSTORE_PASSWORD); - } - finally - { - if (in != null) - { - //noinspection EmptyCatchBlock - try - { - in.close(); - } - catch (IOException ignored) - { - } - } - } - - // Set up key manager factory to use our key store - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, BOGUS_KEYSTORE_PASSWORD); - - // Initialize the SSLContext to work with our key managers. - SSLContext sslContext = SSLContext.getInstance(PROTOCOL); - sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null); - - return sslContext; - } - - private static SSLContext createBougusClientSSLContext() - throws GeneralSecurityException - { - SSLContext context = SSLContext.getInstance(PROTOCOL); - context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null); - return context; - } - -} diff --git a/java/common/src/main/java/org/apache/qpid/ssl/BogusTrustManagerFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/BogusTrustManagerFactory.java deleted file mode 100644 index 4fb6f75b8d..0000000000 --- a/java/common/src/main/java/org/apache/qpid/ssl/BogusTrustManagerFactory.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.ssl; - -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactorySpi; -import javax.net.ssl.X509TrustManager; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -/** - * Bogus trust manager factory. Used to make testing SSL simpler - i.e no need to - * mess about with keystores. - * <p/> - * This is based on the example that comes with MINA, written by Trustin Lee. - */ -class BogusTrustManagerFactory extends TrustManagerFactorySpi -{ - - static final X509TrustManager X509 = new X509TrustManager() - { - public void checkClientTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException - { - } - - public void checkServerTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException - { - } - - public X509Certificate[] getAcceptedIssuers() - { - return new X509Certificate[ 0 ]; - } - }; - - static final TrustManager[] X509_MANAGERS = new TrustManager[]{X509}; - - public BogusTrustManagerFactory() - { - } - - protected TrustManager[] engineGetTrustManagers() - { - return X509_MANAGERS; - } - - protected void engineInit(KeyStore keystore) throws KeyStoreException - { - // noop - } - - protected void engineInit( - ManagerFactoryParameters managerFactoryParameters) - throws InvalidAlgorithmParameterException - { - // noop - } -} diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java new file mode 100644 index 0000000000..950279fff1 --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java @@ -0,0 +1,157 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.ssl; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; + +/** + * Factory used to create SSLContexts. SSL needs to be configured + * before this will work. + * + */ +public class SSLContextFactory { + + /** + * Path to the Java keystore file + */ + private String _keystorePath; + + /** + * Password for the keystore + */ + private String _keystorePassword; + + /** + * Cert type to use + */ + private String _certType; + + /** + * Create a factory instance + * @param keystorePath path to the Java keystore file + * @param keystorePassword password for the Java keystore + * @param certType certificate type + */ + public SSLContextFactory(String keystorePath, String keystorePassword, + String certType) + { + _keystorePath = keystorePath; + _keystorePassword = keystorePassword; + if (_keystorePassword.equals("none")) + { + _keystorePassword = null; + } + _certType = certType; + if (keystorePath == null) { + throw new IllegalArgumentException("Keystore path must be specified"); + } + if (certType == null) { + throw new IllegalArgumentException("Cert type must be specified"); + } + } + + /** + * Builds a SSLContext appropriate for use with a server + * @return SSLContext + * @throws GeneralSecurityException + * @throws IOException + */ + public SSLContext buildServerContext() throws GeneralSecurityException, IOException + { + // Create keystore + KeyStore ks = getInitializedKeyStore(); + + // Set up key manager factory to use our key store + KeyManagerFactory kmf = KeyManagerFactory.getInstance(_certType); + kmf.init(ks, _keystorePassword.toCharArray()); + + // Initialize the SSLContext to work with our key managers. + SSLContext sslContext = SSLContext.getInstance("TLS"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(_certType); + tmf.init(ks); + sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + + return sslContext; + } + + /** + * Creates a SSLContext factory appropriate for use with a client + * @return SSLContext + * @throws GeneralSecurityException + * @throws IOException + */ + public SSLContext buildClientContext() throws GeneralSecurityException, IOException + { + KeyStore ks = getInitializedKeyStore(); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(_certType); + tmf.init(ks); + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, tmf.getTrustManagers(), null); + return context; + } + + private KeyStore getInitializedKeyStore() throws GeneralSecurityException, IOException + { + KeyStore ks = KeyStore.getInstance("JKS"); + InputStream in = null; + try + { + File f = new File(_keystorePath); + if (f.exists()) + { + in = new FileInputStream(f); + } + else + { + in = Thread.currentThread().getContextClassLoader().getResourceAsStream(_keystorePath); + } + if (in == null) + { + throw new IOException("Unable to load keystore resource: " + _keystorePath); + } + ks.load(in, _keystorePassword.toCharArray()); + } + finally + { + if (in != null) + { + //noinspection EmptyCatchBlock + try + { + in.close(); + } + catch (IOException ignored) + { + } + } + } + return ks; + } +} diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLServerSocketFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLServerSocketFactory.java deleted file mode 100644 index 90b3589752..0000000000 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLServerSocketFactory.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.ssl; - -import javax.net.ServerSocketFactory; -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.security.GeneralSecurityException; - -/** - * Simple Server Socket factory to create sockets with or without SSL enabled. - * If SSL enabled a "bogus" SSL Context is used (suitable for test purposes) - * <p/> - * This is based on the example that comes with MINA, written by Trustin Lee. - */ -public class SSLServerSocketFactory extends javax.net.ServerSocketFactory -{ - private static boolean sslEnabled = false; - - private static javax.net.ServerSocketFactory sslFactory = null; - - private static ServerSocketFactory factory = null; - - public SSLServerSocketFactory() - { - super(); - } - - public ServerSocket createServerSocket(int port) throws IOException - { - return new ServerSocket(port); - } - - public ServerSocket createServerSocket(int port, int backlog) - throws IOException - { - return new ServerSocket(port, backlog); - } - - public ServerSocket createServerSocket(int port, int backlog, - InetAddress ifAddress) - throws IOException - { - return new ServerSocket(port, backlog, ifAddress); - } - - public static javax.net.ServerSocketFactory getServerSocketFactory() - throws IOException - { - if (isSslEnabled()) - { - if (sslFactory == null) - { - try - { - sslFactory = BogusSSLContextFactory.getInstance(true) - .getServerSocketFactory(); - } - catch (GeneralSecurityException e) - { - IOException ioe = new IOException( - "could not create SSL socket"); - ioe.initCause(e); - throw ioe; - } - } - return sslFactory; - } - else - { - if (factory == null) - { - factory = new SSLServerSocketFactory(); - } - return factory; - } - - } - - public static boolean isSslEnabled() - { - return sslEnabled; - } - - public static void setSslEnabled(boolean newSslEnabled) - { - sslEnabled = newSslEnabled; - } -} diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLSocketFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLSocketFactory.java deleted file mode 100644 index ef9820f067..0000000000 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLSocketFactory.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.ssl; - -import javax.net.SocketFactory; -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; -import java.security.GeneralSecurityException; - -/** - * Simple Socket factory to create sockets with or without SSL enabled. - * If SSL enabled a "bogus" SSL Context is used (suitable for test purposes). - * <p/> - * This is based on an example that comes with MINA, written by Trustin Lee. - */ -public class SSLSocketFactory extends SocketFactory -{ - private static boolean sslEnabled = false; - - private static javax.net.ssl.SSLSocketFactory sslFactory = null; - - private static javax.net.SocketFactory factory = null; - - public SSLSocketFactory() - { - super(); - } - - public Socket createSocket(String arg1, int arg2) throws IOException, - UnknownHostException - { - if (isSslEnabled()) - { - return getSSLFactory().createSocket(arg1, arg2); - } - else - { - return new Socket(arg1, arg2); - } - } - - public Socket createSocket(String arg1, int arg2, InetAddress arg3, - int arg4) throws IOException, - UnknownHostException - { - if (isSslEnabled()) - { - return getSSLFactory().createSocket(arg1, arg2, arg3, arg4); - } - else - { - return new Socket(arg1, arg2, arg3, arg4); - } - } - - public Socket createSocket(InetAddress arg1, int arg2) - throws IOException - { - if (isSslEnabled()) - { - return getSSLFactory().createSocket(arg1, arg2); - } - else - { - return new Socket(arg1, arg2); - } - } - - public Socket createSocket(InetAddress arg1, int arg2, InetAddress arg3, - int arg4) throws IOException - { - if (isSslEnabled()) - { - return getSSLFactory().createSocket(arg1, arg2, arg3, arg4); - } - else - { - return new Socket(arg1, arg2, arg3, arg4); - } - } - - public static javax.net.SocketFactory getSocketFactory() - { - if (factory == null) - { - factory = new SSLSocketFactory(); - } - return factory; - } - - private javax.net.ssl.SSLSocketFactory getSSLFactory() - { - if (sslFactory == null) - { - try - { - sslFactory = BogusSSLContextFactory.getInstance(false) - .getSocketFactory(); - } - catch (GeneralSecurityException e) - { - throw new RuntimeException("could not create SSL socket", e); - } - } - return sslFactory; - } - - public static boolean isSslEnabled() - { - return sslEnabled; - } - - public static void setSslEnabled(boolean newSslEnabled) - { - sslEnabled = newSslEnabled; - } - -} |