QPID-5056 : [Java Broker] Change configuration model to allow for KeyStores/TrustStores which are not JKS files on the filesystem

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1511825 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2013-08-08 15:05:58 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2013-08-08 15:05:58 +0000
commit: 77a78ab0a981d953e814360140c84323e54e2633 (patch)
tree: 3132e43caf7658b236225159808acb8288200c1c /java/common/src
parent: 937ff9ea7be81f26a8f1d8d5914e6ab75733ff9e (diff)
download: qpid-python-77a78ab0a981d953e814360140c84323e54e2633.tar.gz
2 files changed, 32 insertions, 114 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
index 158006f072..e9dec362a6 100644
--- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
@@ -7,9 +7,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- * 
+ *
  *   http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -22,7 +22,6 @@ package org.apache.qpid.ssl;
 
 import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
-import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
 import org.apache.qpid.transport.network.security.ssl.SSLUtil;
 
 import javax.net.ssl.KeyManager;
@@ -42,55 +41,17 @@ import java.util.Collections;
 /**
  * Factory used to create SSLContexts. SSL needs to be configured
  * before this will work.
- * 
+ *
  */
 public class SSLContextFactory
 {
     public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
-    
-    public static class TrustStoreWrapper
-    {
-        private final String trustStorePath;
-        private final String trustStorePassword;
-        private final String trustStoreType;
-        private final Boolean trustStorePeersOnly;
-        private String trustManagerFactoryAlgorithm;
-        
-        public TrustStoreWrapper(final String trustStorePath, final String trustStorePassword,
-                final String trustStoreType, final Boolean trustStorePeersOnly,
-                final String trustManagerFactoryAlgorithm)
-        {
-            this.trustStorePath = trustStorePath;
-            this.trustStorePassword = trustStorePassword;
-            this.trustStoreType = trustStoreType;
-            this.trustStorePeersOnly = trustStorePeersOnly;
-            this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
-        }
-    }
 
     private SSLContextFactory()
     {
         //no instances
     }
 
-    public static SSLContext buildServerContext(final String keyStorePath,
-            final String keyStorePassword, final String keyStoreType,
-            final String keyManagerFactoryAlgorithm)
-            throws GeneralSecurityException, IOException
-    {
-        return buildContext(Collections.<TrustStoreWrapper>emptyList(), keyStorePath,
-                keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, null);
-    }
-    
-    public static SSLContext buildClientContext(Collection<TrustStoreWrapper> trustStores,
-            final String keyStorePath, final String keyStorePassword,
-            final String keyStoreType, final String keyManagerFactoryAlgorithm,
-            final String certAlias) throws GeneralSecurityException, IOException
-    {
-        return buildContext(trustStores, keyStorePath, keyStorePassword, keyStoreType,
-                            keyManagerFactoryAlgorithm, certAlias);
-    }
-
     public static SSLContext buildClientContext(final String trustStorePath,
             final String trustStorePassword, final String trustStoreType,
             final String trustManagerFactoryAlgorithm, final String keyStorePath,
@@ -98,17 +59,25 @@ public class SSLContextFactory
             final String keyManagerFactoryAlgorithm, final String certAlias)
             throws GeneralSecurityException, IOException
     {
-        TrustStoreWrapper trstWrapper = new TrustStoreWrapper(trustStorePath, trustStorePassword,
-                                                              trustStoreType, Boolean.FALSE,
-                                                              trustManagerFactoryAlgorithm);
-        return buildContext(Collections.singletonList(trstWrapper), keyStorePath,
-                keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, certAlias);
+        return buildContext(trustStorePath,
+                trustStorePassword,
+                trustStoreType,
+                trustManagerFactoryAlgorithm,
+                keyStorePath,
+                keyStorePassword,
+                keyStoreType,
+                keyManagerFactoryAlgorithm,
+                certAlias);
     }
-    
-    private static SSLContext buildContext(final Collection<TrustStoreWrapper> trstWrappers,
-            final String keyStorePath, final String keyStorePassword, 
-            final String keyStoreType, final String keyManagerFactoryAlgorithm,
-            final String certAlias)
+
+    private static SSLContext buildContext(String trustStorePath,
+                                           String trustStorePassword,
+                                           String trustStoreType,
+                                           String trustManagerFactoryAlgorithm,
+                                           String keyStorePath,
+                                           String keyStorePassword,
+                                           String keyStoreType,
+                                           String keyManagerFactoryAlgorithm, String certAlias)
             throws GeneralSecurityException, IOException
     {
         // Initialize the SSLContext to work with our key managers.
@@ -117,53 +86,20 @@ public class SSLContextFactory
 
         final TrustManager[] trustManagers;
         final KeyManager[] keyManagers;
-        
-        final Collection<TrustManager> trustManagersCol = new ArrayList<TrustManager>();
-        final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
-        for (TrustStoreWrapper tsw : trstWrappers)
-        {
-            if (tsw.trustStorePath != null)
-            {
-                final KeyStore ts = SSLUtil.getInitializedKeyStore(tsw.trustStorePath,
-                        tsw.trustStorePassword, tsw.trustStoreType);
-                final TrustManagerFactory tmf = TrustManagerFactory
-                        .getInstance(tsw.trustManagerFactoryAlgorithm);
-                tmf.init(ts);
-                TrustManager[] delegateManagers = tmf.getTrustManagers();
-                for (TrustManager tm : delegateManagers)
-                {
-                    if (tm instanceof X509TrustManager)
-                    {
-                        if (Boolean.TRUE.equals(tsw.trustStorePeersOnly))
-                        {
-                            // truststore is supposed to trust only clients which peers certificates
-                            // are directly in the store. CA signing will not be considered.
-                            mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm));
-                        }
-                        else
-                        {
-                            mulTrustManager.addTrustManager((X509TrustManager) tm);
-                        }
-                    }
-                    else
-                    {
-                        trustManagersCol.add(tm);
-                    }
-                }
-            }
-        }
-        if (! mulTrustManager.isEmpty())
-        {
-            trustManagersCol.add(mulTrustManager);
-        }
-        
-        if (trustManagersCol.isEmpty())
+
+        if (trustStorePath != null)
         {
-            trustManagers = null;
+            final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
+                    trustStorePassword, trustStoreType);
+            final TrustManagerFactory tmf = TrustManagerFactory
+                    .getInstance(trustManagerFactoryAlgorithm);
+            tmf.init(ts);
+
+            trustManagers = tmf.getTrustManagers();
         }
         else
         {
-            trustManagers = trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]);
+            trustManagers = null;
         }
 
         if (keyStorePath != null)
diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
index 21b8871d9a..c5fa852f95 100644
--- a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
+++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
@@ -36,25 +36,7 @@ public class SSLContextFactoryTest extends QpidTestCase
     private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
     private static final String CERT_ALIAS_APP1 = "app1";
 
-    public void testBuildServerContext() throws Exception
-    {
-        SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
-        assertNotNull("SSLContext should not be null", context);
-    }
 
-    public void testBuildServerContextWithIncorrectPassword() throws Exception
-    {
-        try
-        {
-            SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
-            fail("Exception was not thrown due to incorrect password");
-        }
-        catch (IOException e)
-        {
-            //expected
-        }
-    }
-    
     public void testTrustStoreDoesNotExist() throws Exception
     {
         try
@@ -79,7 +61,7 @@ public class SSLContextFactoryTest extends QpidTestCase
         SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null);
         assertNotNull("SSLContext should not be null", context);
     }
-    
+
     public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception
     {
         SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1);
author	Robert Godfrey <rgodfrey@apache.org>	2013-08-08 15:05:58 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2013-08-08 15:05:58 +0000
commit	77a78ab0a981d953e814360140c84323e54e2633 (patch)
tree	3132e43caf7658b236225159808acb8288200c1c /java/common/src
parent	937ff9ea7be81f26a8f1d8d5914e6ab75733ff9e (diff)
download	qpid-python-77a78ab0a981d953e814360140c84323e54e2633.tar.gz