diff options
| author | Robert Gemmell <robbie@apache.org> | 2011-08-18 14:42:46 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2011-08-18 14:42:46 +0000 |
| commit | 670bc62a5072539d8d3b9aeeef40302cd5570007 (patch) | |
| tree | acdecff3d282dc928c26231b9b0e6027394fba37 /java | |
| parent | b18693dde785bfc0b566b6c8adf50ec1004a8135 (diff) | |
| download | qpid-python-670bc62a5072539d8d3b9aeeef40302cd5570007.tar.gz | |
QPID-3429: ensure that SSL is enabled correctly in MinaNetworkHandler. Refactor SSLContextFactory to be a factory, and present a useful interface for both client and server side use. Added keystore for the Java broker, renamed existing client trust/key stores for clarity. Fix SSL port configuration. Added new SSL tests, and ensure these are *always* run in the Java 0-10 profiles.
Committing work by myself and Keith Wall.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1159250 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java')
38 files changed, 515 insertions, 453 deletions
diff --git a/java/broker/etc/config.xml b/java/broker/etc/config.xml index 61f1c832b1..59e5ed0f58 100644 --- a/java/broker/etc/config.xml +++ b/java/broker/etc/config.xml @@ -33,12 +33,12 @@ To disasble Non-SSL port set sslOnly to true --> <ssl> <enabled>false</enabled> + <port>5671</port> <sslOnly>false</sslOnly> <keystorePath>/path/to/keystore.ks</keystorePath> <keystorePassword>keystorepass</keystorePassword> </ssl> <port>5672</port> - <sslport>8672</sslport> <socketReceiveBuffer>262144</socketReceiveBuffer> <socketSendBuffer>262144</socketSendBuffer> </connector> diff --git a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java index 0621b87f0a..95c02c60a7 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java +++ b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java @@ -60,7 +60,7 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa public static final int DEFAULT_FRAME_SIZE = 65536; public static final int DEFAULT_PORT = 5672; - public static final int DEFAULT_SSL_PORT = 8672; + public static final int DEFAULT_SSL_PORT = 5671; public static final long DEFAULT_HOUSEKEEPING_PERIOD = 30000L; public static final int DEFAULT_JMXPORT = 8999; @@ -688,12 +688,12 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa public String getKeystorePath() { - return getStringValue("connector.ssl.keystorePath", "none"); + return getStringValue("connector.ssl.keystorePath"); } public String getKeystorePassword() { - return getStringValue("connector.ssl.keystorePassword", "none"); + return getStringValue("connector.ssl.keystorePassword"); } public String getCertType() diff --git a/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java b/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java index 460ea93509..8a7159bdc2 100755 --- a/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java +++ b/java/broker/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactory.java @@ -20,7 +20,6 @@ */ package org.apache.qpid.server.protocol; -import java.util.EnumSet; import java.util.Set; import java.util.concurrent.atomic.AtomicLong; @@ -32,23 +31,12 @@ import org.apache.qpid.transport.network.NetworkConnection; public class MultiVersionProtocolEngineFactory implements ProtocolEngineFactory { - private static final Set<AmqpProtocolVersion> ALL_VERSIONS = EnumSet.allOf(AmqpProtocolVersion.class); private static final AtomicLong ID_GENERATOR = new AtomicLong(0); private final IApplicationRegistry _appRegistry; private final String _fqdn; private final Set<AmqpProtocolVersion> _supported; - public MultiVersionProtocolEngineFactory() - { - this("localhost", ALL_VERSIONS); - } - - public MultiVersionProtocolEngineFactory(String fqdn) - { - this(fqdn, ALL_VERSIONS); - } - public MultiVersionProtocolEngineFactory(String fqdn, Set<AmqpProtocolVersion> supportedVersions) { _appRegistry = ApplicationRegistry.getInstance(); diff --git a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java index b0893eb53f..37375c2b7b 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java @@ -511,7 +511,7 @@ public class ServerConfigurationTest extends QpidTestCase { // Check default _serverConfig.initialise(); - assertEquals("none", _serverConfig.getKeystorePath()); + assertNull(_serverConfig.getKeystorePath()); // Check value we set _config.setProperty("connector.ssl.keystorePath", "a"); @@ -524,7 +524,7 @@ public class ServerConfigurationTest extends QpidTestCase { // Check default _serverConfig.initialise(); - assertEquals("none", _serverConfig.getKeystorePassword()); + assertNull(_serverConfig.getKeystorePassword()); // Check value we set _config.setProperty("connector.ssl.keystorePassword", "a"); diff --git a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java index 0cd1d49224..756bf11663 100644 --- a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java +++ b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java @@ -23,6 +23,7 @@ package org.apache.qpid.client; import java.io.IOException; import java.net.ConnectException; import java.nio.channels.UnresolvedAddressException; +import java.security.GeneralSecurityException; import java.text.MessageFormat; import java.util.ArrayList; import java.util.EnumSet; @@ -31,6 +32,7 @@ import java.util.Set; import javax.jms.JMSException; import javax.jms.XASession; +import javax.net.ssl.SSLContext; import org.apache.qpid.AMQException; import org.apache.qpid.client.failover.FailoverException; @@ -99,14 +101,21 @@ public class AMQConnectionDelegate_8_0 implements AMQConnectionDelegate settings.setProtocol(brokerDetail.getTransport()); SSLConfiguration sslConfig = _conn.getSSLConfiguration(); - SSLContextFactory sslFactory = null; + SSLContext sslContext = null; if (sslConfig != null) { - sslFactory = new SSLContextFactory(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType()); + try + { + sslContext = SSLContextFactory.buildClientContext(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType(),null,null,null,null); + } + catch (GeneralSecurityException e) + { + throw new AMQException("Unable to create SSLContext: " + e.getMessage(), e); + } } OutgoingNetworkTransport transport = Transport.getOutgoingTransportInstance(getProtocolVersion()); - NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslFactory); + NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslContext); _conn._protocolHandler.setNetworkConnection(network); _conn._protocolHandler.getProtocolSession().init(); // this blocks until the connection has been set up or when an error diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java index 702746b3da..01f13408b0 100644 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java +++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java @@ -20,18 +20,17 @@ */ package org.apache.qpid.ssl; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; /** @@ -39,157 +38,92 @@ import org.apache.qpid.transport.network.security.ssl.SSLUtil; * before this will work. * */ -public class SSLContextFactory { - - /** - * Path to the Java keystore file - */ - private String _keyStorePath; - - /** - * Password for the keystore - */ - private String _keyStorePassword; - - /** - * Cert type to use in keystore - */ - private String _keyStoreCertType; - - /** - * Path to the Java truststore file - */ - private String _trustStorePath; - - /** - * Password for the truststore - */ - private String _trustStorePassword; - - /** - * Cert type to use in truststore - */ - private String _trustStoreCertType; - - private KeyManager customKeyManager; - - public SSLContextFactory(String trustStorePath, String trustStorePassword, - String trustStoreCertType) +public class SSLContextFactory +{ + public static final String JAVA_KEY_STORE_CODE = "JKS"; + public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS"; + public static final String KEY_STORE_CERTIFICATE_TYPE = "SunX509"; + + private SSLContextFactory() { - this(trustStorePath,trustStorePassword,trustStoreCertType, - trustStorePath,trustStorePassword,trustStoreCertType); + //no instances } - /** - * Create a factory instance - * @param keystorePath path to the Java keystore file - * @param keystorePassword password for the Java keystore - * @param certType certificate type - */ - public SSLContextFactory(String trustStorePath, String trustStorePassword, String trustStoreCertType, - String keyStorePath, String keyStorePassword, String keyStoreCertType) - { + public static SSLContext buildServerContext(final String keyStorePath, + final String keyStorePassword, final String keyStoreCertType) + throws GeneralSecurityException, IOException + { + return buildContext(null, null, null, keyStorePath, keyStorePassword, + keyStoreCertType, null); + } - _trustStorePath = trustStorePath; - _trustStorePassword = trustStorePassword; - - if (_trustStorePassword != null && _trustStorePassword.equals("none")) - { - _trustStorePassword = null; - } - _trustStoreCertType = trustStoreCertType; - - _keyStorePath = keyStorePath; - _keyStorePassword = keyStorePassword; - - if (_keyStorePassword != null && _keyStorePassword.equals("none")) - { - _keyStorePassword = null; - } - _keyStoreCertType = keyStoreCertType; - - if (_trustStorePath == null) { - throw new IllegalArgumentException("A TrustStore path or KeyStore path must be specified"); - } - if (_trustStoreCertType == null) { - throw new IllegalArgumentException("Cert type must be specified"); - } - } - - public SSLContextFactory(String trustStorePath, String trustStorePassword, String trustStoreCertType, - KeyManager customKeyManager) + public static SSLContext buildClientContext(final String trustStorePath, + final String trustStorePassword, final String trustStoreCertType, + final String keyStorePath, final String keyStorePassword, + final String keyStoreCertType, final String certAlias) + throws GeneralSecurityException, IOException + { + return buildContext(trustStorePath, trustStorePassword, + trustStoreCertType, keyStorePath, keyStorePassword, + keyStoreCertType, certAlias); + } + + private static SSLContext buildContext(final String trustStorePath, + final String trustStorePassword, final String trustStoreCertType, + final String keyStorePath, final String keyStorePassword, + final String keyStoreCertType, final String certAlias) + throws GeneralSecurityException, IOException { + // Initialize the SSLContext to work with our key managers. + final SSLContext sslContext = SSLContext + .getInstance(TRANSPORT_LAYER_SECURITY_CODE); - _trustStorePath = trustStorePath; - _trustStorePassword = trustStorePassword; - - if (_trustStorePassword != null && _trustStorePassword.equals("none")) + final TrustManager[] trustManagers; + final KeyManager[] keyManagers; + + if (trustStorePath != null) { - _trustStorePassword = null; - } - _trustStoreCertType = trustStoreCertType; - - if (_trustStorePath == null) { - throw new IllegalArgumentException("A TrustStore path or KeyStore path must be specified"); + final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath, + trustStorePassword); + final TrustManagerFactory tmf = TrustManagerFactory + .getInstance(trustStoreCertType); + tmf.init(ts); + + trustManagers = tmf.getTrustManagers(); } - if (_trustStoreCertType == null) { - throw new IllegalArgumentException("Cert type must be specified"); + else + { + trustManagers = null; } - - this.customKeyManager = customKeyManager; - } - - - /** - * Builds a SSLContext appropriate for use with a server - * @return SSLContext - * @throws GeneralSecurityException - * @throws IOException - */ - public SSLContext buildServerContext() throws GeneralSecurityException, IOException - { - KeyStore ts = SSLUtil.getInitializedKeyStore(_trustStorePath,_trustStorePassword); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(_trustStoreCertType); - tmf.init(ts); - - // Initialize the SSLContext to work with our key managers. - SSLContext sslContext = SSLContext.getInstance("TLS"); - - if (customKeyManager != null) + if (keyStorePath != null) { - sslContext.init(new KeyManager[]{customKeyManager}, - tmf.getTrustManagers(), null); - + if (certAlias != null) + { + keyManagers = new KeyManager[] { new QpidClientX509KeyManager( + certAlias, keyStorePath, keyStorePassword, + keyStoreCertType) }; + } + else + { + final KeyStore ks = SSLUtil.getInitializedKeyStore( + keyStorePath, keyStorePassword); + + char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray(); + // Set up key manager factory to use our key store + final KeyManagerFactory kmf = KeyManagerFactory + .getInstance(keyStoreCertType); + kmf.init(ks, keyStoreCharPassword); + keyManagers = kmf.getKeyManagers(); + } } else { - // Create keystore - KeyStore ks = SSLUtil.getInitializedKeyStore(_keyStorePath,_keyStorePassword); - // Set up key manager factory to use our key store - KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyStoreCertType); - kmf.init(ks, _keyStorePassword.toCharArray()); - - sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + keyManagers = null; } - - return sslContext; - } - - /** - * Creates a SSLContext factory appropriate for use with a client - * @return SSLContext - * @throws GeneralSecurityException - * @throws IOException - */ - public SSLContext buildClientContext() throws GeneralSecurityException, IOException - { - KeyStore ks = SSLUtil.getInitializedKeyStore(_trustStorePath,_trustStorePassword); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(_trustStoreCertType); - tmf.init(ks); - SSLContext context = SSLContext.getInstance("TLS"); - context.init(null, tmf.getTrustManagers(), null); - return context; - } - + + sslContext.init(keyManagers, trustManagers, null); + + return sslContext; + } } diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java b/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java index 7099916c33..b371df639e 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/IncomingNetworkTransport.java @@ -20,11 +20,12 @@ */ package org.apache.qpid.transport.network; +import javax.net.ssl.SSLContext; + import org.apache.qpid.protocol.ProtocolEngineFactory; -import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.transport.NetworkTransportConfiguration; public interface IncomingNetworkTransport extends NetworkTransport { - public void accept(NetworkTransportConfiguration config, ProtocolEngineFactory factory, SSLContextFactory sslFactory); + public void accept(NetworkTransportConfiguration config, ProtocolEngineFactory factory, SSLContext sslContext); }
\ No newline at end of file diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java b/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java index ff86ba481f..0bae46e8eb 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/OutgoingNetworkTransport.java @@ -22,11 +22,12 @@ package org.apache.qpid.transport.network; import java.nio.ByteBuffer; -import org.apache.qpid.ssl.SSLContextFactory; +import javax.net.ssl.SSLContext; + import org.apache.qpid.transport.ConnectionSettings; import org.apache.qpid.transport.Receiver; public interface OutgoingNetworkTransport extends NetworkTransport { - public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory); + public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContext sslContext); }
\ No newline at end of file diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java index d611ab1cf3..30e2856c59 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java @@ -27,7 +27,8 @@ import java.net.Socket; import java.net.SocketException; import java.nio.ByteBuffer; -import org.apache.qpid.ssl.SSLContextFactory; +import javax.net.ssl.SSLContext; + import org.apache.qpid.transport.ConnectionSettings; import org.apache.qpid.transport.Receiver; import org.apache.qpid.transport.TransportException; @@ -51,7 +52,7 @@ public class IoNetworkTransport implements OutgoingNetworkTransport private IoNetworkConnection _connection; private long _timeout = 60000; - public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory) + public NetworkConnection connect(ConnectionSettings settings, Receiver<ByteBuffer> delegate, SSLContext sslContext) { int sendBufferSize = settings.getWriteBufferSize(); int receiveBufferSize = settings.getReadBufferSize(); diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java b/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java index c00187480c..ce461a6342 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkHandler.java @@ -21,6 +21,8 @@ package org.apache.qpid.transport.network.mina; +import javax.net.ssl.SSLContext; + import org.apache.mina.common.ByteBuffer; import org.apache.mina.common.IdleStatus; import org.apache.mina.common.IoHandlerAdapter; @@ -30,7 +32,6 @@ import org.apache.mina.filter.SSLFilter; import org.apache.mina.util.SessionUtil; import org.apache.qpid.protocol.ProtocolEngine; import org.apache.qpid.protocol.ProtocolEngineFactory; -import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.transport.network.NetworkConnection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,7 +41,7 @@ public class MinaNetworkHandler extends IoHandlerAdapter private static final Logger LOGGER = LoggerFactory.getLogger(MinaNetworkHandler.class); private ProtocolEngineFactory _factory; - private SSLContextFactory _sslFactory = null; + private SSLContext _sslContext = null; static { @@ -52,15 +53,15 @@ public class MinaNetworkHandler extends IoHandlerAdapter ByteBuffer.setAllocator(new SimpleByteBufferAllocator()); } - public MinaNetworkHandler(SSLContextFactory sslFactory, ProtocolEngineFactory factory) + public MinaNetworkHandler(SSLContext sslContext, ProtocolEngineFactory factory) { - _sslFactory = sslFactory; + _sslContext = sslContext; _factory = factory; } - public MinaNetworkHandler(SSLContextFactory sslFactory) + public MinaNetworkHandler(SSLContext sslContext) { - this(sslFactory, null); + this(sslContext, null); } public void messageReceived(IoSession session, Object message) @@ -100,10 +101,10 @@ public class MinaNetworkHandler extends IoHandlerAdapter SessionUtil.initialize(ioSession); - if (_sslFactory != null) + if (_sslContext != null) { - ioSession.getFilterChain().addBefore("protocolFilter", "sslFilter", - new SSLFilter(_sslFactory.buildServerContext())); + ioSession.getFilterChain().addFirst("sslFilter", + new SSLFilter(_sslContext)); } if (_factory != null) diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java b/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java index d0367b82f4..85b42da2b2 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/mina/MinaNetworkTransport.java @@ -26,6 +26,8 @@ import java.io.IOException; import java.net.InetSocketAddress; import java.net.SocketAddress; +import javax.net.ssl.SSLContext; + import org.apache.mina.common.ConnectFuture; import org.apache.mina.common.ExecutorThreadModel; import org.apache.mina.common.IoConnector; @@ -62,7 +64,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN private InetSocketAddress _address; public NetworkConnection connect(ConnectionSettings settings, - Receiver<java.nio.ByteBuffer> delegate, SSLContextFactory sslFactory) + Receiver<java.nio.ByteBuffer> delegate, SSLContext sslContext) { int transport = getTransport(settings.getProtocol()); @@ -77,7 +79,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN return new SocketConnector(1, new QpidThreadExecutor()); // non-blocking connector } }); - _connection = stc.connect(delegate, settings, sslFactory); + _connection = stc.connect(delegate, settings, sslContext); break; case UNKNOWN: default: @@ -115,7 +117,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN } public void accept(final NetworkTransportConfiguration config, final ProtocolEngineFactory factory, - final SSLContextFactory sslFactory) + final SSLContext sslContext) { int processors = config.getConnectorProcessors(); @@ -146,7 +148,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN try { - _acceptor.bind(_address, new MinaNetworkHandler(sslFactory, factory)); + _acceptor.bind(_address, new MinaNetworkHandler(sslContext, factory)); } catch (IOException e) { @@ -168,7 +170,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN _ioConnectorFactory = socketConnectorFactory; } - public NetworkConnection connect(Receiver<java.nio.ByteBuffer> receiver, ConnectionSettings settings, SSLContextFactory sslFactory) + public NetworkConnection connect(Receiver<java.nio.ByteBuffer> receiver, ConnectionSettings settings, SSLContext sslContext) { final IoConnector ioConnector = _ioConnectorFactory.newConnector(); final SocketAddress address; @@ -203,7 +205,7 @@ public class MinaNetworkTransport implements OutgoingNetworkTransport, IncomingN ((SocketConnector) ioConnector).setWorkerTimeout(0); } - ConnectFuture future = ioConnector.connect(address, new MinaNetworkHandler(sslFactory), ioConnector.getDefaultConfig()); + ConnectFuture future = ioConnector.connect(address, new MinaNetworkHandler(sslContext), ioConnector.getDefaultConfig()); future.join(); if (!future.isConnected()) { diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java index 3479aaa42a..e80f8904a3 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java @@ -25,6 +25,7 @@ import java.nio.ByteBuffer; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.transport.Connection; import org.apache.qpid.transport.ConnectionListener; import org.apache.qpid.transport.ConnectionSettings; @@ -114,7 +115,14 @@ public class SecurityLayer SSLContext sslCtx; try { - sslCtx = SSLUtil.createSSLContext(settings); + sslCtx = SSLContextFactory + .buildClientContext(settings.getTrustStorePath(), + settings.getTrustStorePassword(), + settings.getTrustStoreCertType(), + settings.getKeyStorePath(), + settings.getKeyStorePassword(), + settings.getKeyStoreCertType(), + settings.getCertAlias()); } catch (Exception e) { diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java index 0dd86d4560..4391e8adfc 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java @@ -20,7 +20,9 @@ */ package org.apache.qpid.transport.network.security.ssl; +import java.io.IOException; import java.net.Socket; +import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.Principal; import java.security.PrivateKey; @@ -40,7 +42,7 @@ public class QpidClientX509KeyManager extends X509ExtendedKeyManager String alias; public QpidClientX509KeyManager(String alias, String keyStorePath, - String keyStorePassword,String keyStoreCertType) throws Exception + String keyStorePassword,String keyStoreCertType) throws GeneralSecurityException, IOException { this.alias = alias; KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword); diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java index fd73915b65..6bb038a581 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java @@ -125,38 +125,6 @@ public class SSLUtil return id.toString(); } - public static SSLContext createSSLContext(ConnectionSettings settings) throws Exception - { - SSLContextFactory sslContextFactory; - - if (settings.getCertAlias() == null) - { - sslContextFactory = - new SSLContextFactory(settings.getTrustStorePath(), - settings.getTrustStorePassword(), - settings.getTrustStoreCertType(), - settings.getKeyStorePath(), - settings.getKeyStorePassword(), - settings.getKeyStoreCertType()); - - } else - { - sslContextFactory = - new SSLContextFactory(settings.getTrustStorePath(), - settings.getTrustStorePassword(), - settings.getTrustStoreCertType(), - new QpidClientX509KeyManager(settings.getCertAlias(), - settings.getKeyStorePath(), - settings.getKeyStorePassword(), - settings.getKeyStoreCertType())); - - log.debug("Using custom key manager"); - } - - return sslContextFactory.buildServerContext(); - - } - public static KeyStore getInitializedKeyStore(String storePath, String storePassword) throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance("JKS"); @@ -176,7 +144,10 @@ public class SSLUtil { throw new IOException("Unable to load keystore resource: " + storePath); } - ks.load(in, storePassword.toCharArray()); + + char[] storeCharPassword = storePassword == null ? null : storePassword.toCharArray(); + + ks.load(in, storeCharPassword); } finally { diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java new file mode 100644 index 0000000000..288946e064 --- /dev/null +++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java @@ -0,0 +1,84 @@ +/* Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.ssl; + +import java.io.IOException; + +import javax.net.ssl.SSLContext; + +import org.apache.qpid.test.utils.QpidTestCase; + +public class SSLContextFactoryTest extends QpidTestCase +{ + private static final String BROKER_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_broker_keystore.jks"; + private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks"; + private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks"; + private static final String STORE_PASSWORD = "password"; + private static final String CERT_TYPE = "SunX509"; + private static final String CERT_ALIAS_APP1 = "app1"; + + public void testBuildServerContext() throws Exception + { + SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE); + assertNotNull("SSLContext should not be null", context); + } + + public void testBuildServerContextWithIncorrectPassword() throws Exception + { + try + { + SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", CERT_TYPE); + fail("Exception was not thrown due to incorrect password"); + } + catch (IOException e) + { + //expected + } + } + + public void testTrustStoreDoesNotExist() throws Exception + { + try + { + SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null); + fail("Exception was not thrown due to incorrect path"); + } + catch (IOException e) + { + //expected + } + } + + public void testBuildClientContextForSSLEncryptionOnly() throws Exception + { + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null, null, null, null); + assertNotNull("SSLContext should not be null", context); + } + + public void testBuildClientContextWithForClientAuth() throws Exception + { + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null); + assertNotNull("SSLContext should not be null", context); + } + + public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception + { + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CERT_ALIAS_APP1); + assertNotNull("SSLContext should not be null", context); + } +} diff --git a/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java b/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java index 89542e8125..2ec5e17a16 100644 --- a/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java +++ b/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java @@ -37,7 +37,10 @@ import org.apache.mina.util.AvailablePortFinder; public class QpidTestCase extends TestCase { - protected static final Logger _logger = Logger.getLogger(QpidTestCase.class); + public static final String QPID_HOME = System.getProperty("QPID_HOME"); + public static final String TEST_RESOURCES_DIR = QPID_HOME + "/../test-profiles/test_resources/"; + + private static final Logger _logger = Logger.getLogger(QpidTestCase.class); private final Map<String, String> _propertiesSetForTest = new HashMap<String, String>(); @@ -144,9 +147,9 @@ public class QpidTestCase extends TestCase * completes. * * @param property The property to set - * @param value the value to set it to. + * @param value the value to set it to, if null, the property will be cleared */ - protected void setTestSystemProperty(String property, String value) + protected void setTestSystemProperty(final String property, final String value) { if (!_propertiesSetForTest.containsKey(property)) { @@ -154,7 +157,14 @@ public class QpidTestCase extends TestCase _propertiesSetForTest.put(property, System.getProperty(property)); } - System.setProperty(property, value); + if (value == null) + { + System.clearProperty(property); + } + else + { + System.setProperty(property, value); + } } /** @@ -162,6 +172,7 @@ public class QpidTestCase extends TestCase */ protected void revertTestSystemProperties() { + _logger.debug("reverting " + _propertiesSetForTest.size() + " test properties"); for (String key : _propertiesSetForTest.keySet()) { String value = _propertiesSetForTest.get(key); diff --git a/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java b/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java index 4e504c69eb..d2fab7d163 100644 --- a/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java +++ b/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java @@ -23,9 +23,10 @@ package org.apache.qpid.transport.network; import java.nio.ByteBuffer; +import javax.net.ssl.SSLContext; + import org.apache.qpid.framing.ProtocolVersion; import org.apache.qpid.protocol.ProtocolEngineFactory; -import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.test.utils.QpidTestCase; import org.apache.qpid.transport.ConnectionSettings; import org.apache.qpid.transport.NetworkTransportConfiguration; @@ -129,7 +130,7 @@ public class TransportTest extends QpidTestCase } public NetworkConnection connect(ConnectionSettings settings, - Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory) + Receiver<ByteBuffer> delegate, SSLContext sslContext) { throw new UnsupportedOperationException(); } @@ -149,7 +150,7 @@ public class TransportTest extends QpidTestCase } public void accept(NetworkTransportConfiguration config, - ProtocolEngineFactory factory, SSLContextFactory sslFactory) + ProtocolEngineFactory factory, SSLContext sslContext) { throw new UnsupportedOperationException(); } diff --git a/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java b/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java index 8530240dcc..e075681acb 100644 --- a/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java +++ b/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java @@ -80,7 +80,7 @@ public class IoAcceptor<E> extends Thread try { Socket sock = socket.accept(); - IoTransport<E> transport = new IoTransport<E>(sock, binding,false); + IoTransport<E> transport = new IoTransport<E>(sock, binding); } catch (IOException e) { diff --git a/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java b/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java index 773d7bc117..0de1308281 100644 --- a/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java +++ b/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java @@ -68,18 +68,10 @@ public final class IoTransport<E> private IoReceiver receiver; private long timeout = 60000; - IoTransport(Socket socket, Binding<E,ByteBuffer> binding, boolean ssl) + IoTransport(Socket socket, Binding<E,ByteBuffer> binding) { this.socket = socket; - - if (ssl) - { - setupSSLTransport(socket, binding); - } - else - { - setupTransport(socket, binding); - } + setupTransport(socket, binding); } private void setupTransport(Socket socket, Binding<E, ByteBuffer> binding) @@ -96,41 +88,6 @@ public final class IoTransport<E> ios.registerCloseListener(this.receiver); } - private void setupSSLTransport(Socket socket, Binding<E, ByteBuffer> binding) - { - SSLEngine engine = null; - SSLContext sslCtx; - try - { - sslCtx = createSSLContext(); - } - catch (Exception e) - { - throw new TransportException("Error creating SSL Context", e); - } - - try - { - engine = sslCtx.createSSLEngine(); - engine.setUseClientMode(true); - } - catch(Exception e) - { - throw new TransportException("Error creating SSL Engine", e); - } - IoSender ios = new IoSender(socket, 2*writeBufferSize, timeout); - ios.initiate(); - final SSLStatus sslStatus = new SSLStatus(); - this.sender = new SSLSender(engine,ios, sslStatus); - this.endpoint = binding.endpoint(sender); - this.receiver = new IoReceiver(socket, new SSLReceiver(engine,binding.receiver(endpoint),sslStatus), - 2*readBufferSize, timeout); - this.receiver.initiate(); - ios.registerCloseListener(this.receiver); - - log.info("SSL Sender and Receiver initiated"); - } - public Sender<ByteBuffer> getSender() { return sender; @@ -146,22 +103,4 @@ public final class IoTransport<E> return socket; } - private SSLContext createSSLContext() throws Exception - { - String trustStorePath = System.getProperty("javax.net.ssl.trustStore"); - String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); - String trustStoreCertType = System.getProperty("qpid.ssl.trustStoreCertType","SunX509"); - - String keyStorePath = System.getProperty("javax.net.ssl.keyStore",trustStorePath); - String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword",trustStorePassword); - String keyStoreCertType = System.getProperty("qpid.ssl.keyStoreCertType","SunX509"); - - SSLContextFactory sslContextFactory = new SSLContextFactory(trustStorePath,trustStorePassword, - trustStoreCertType,keyStorePath, - keyStorePassword,keyStoreCertType); - - return sslContextFactory.buildServerContext(); - - } - } diff --git a/java/systests/etc/config-systests-settings.xml b/java/systests/etc/config-systests-settings.xml index 751ff133cb..5ed208bfe7 100644 --- a/java/systests/etc/config-systests-settings.xml +++ b/java/systests/etc/config-systests-settings.xml @@ -20,11 +20,20 @@ - --> <broker> + <connector> + <ssl> + <port>15671</port> + <enabled>false</enabled> + <sslOnly>false</sslOnly> + <keystorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/java_broker_keystore.jks</keystorePath> + <keystorePassword>password</keystorePassword> + </ssl> + </connector> <management> <enabled>false</enabled> <ssl> <enabled>false</enabled> - <keyStorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/keystore.jks</keyStorePath> + <keyStorePath>${QPID_HOME}/../test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath> <keyStorePassword>password</keyStorePassword> </ssl> </management> diff --git a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java index 8cdf12eaa4..471ebb16fc 100644 --- a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java +++ b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java @@ -31,62 +31,72 @@ import org.apache.qpid.test.utils.QpidBrokerTestCase; import org.apache.qpid.transport.Connection; public class SSLTest extends QpidBrokerTestCase -{ - +{ + private static final String KEYSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks"; + private static final String KEYSTORE_PASSWORD = "password"; + private static final String TRUSTSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks"; + private static final String TRUSTSTORE_PASSWORD = "password"; + private static final String CERT_ALIAS_APP1 = "app1"; + private static final String CERT_ALIAS_APP2 = "app2"; + @Override protected void setUp() throws Exception { - System.setProperty("javax.net.debug", "ssl"); + if(isJavaBroker()) + { + setTestClientSystemProperty("profile.use_ssl", "true"); + setConfigurationProperty("connector.ssl.enabled", "true"); + setConfigurationProperty("connector.ssl.sslOnly", "true"); + } + + // set the ssl system properties + setSystemProperty("javax.net.ssl.keyStore", KEYSTORE); + setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD); + setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE); + setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD); + setSystemProperty("javax.net.debug", "ssl"); super.setUp(); } - @Override - protected void tearDown() throws Exception - { - System.setProperty("javax.net.debug", ""); - super.tearDown(); - } - - public void testCreateSSLContextFromConnectionURLParams() + public void testCreateSSLConnectionUsingConnectionURLParams() throws Exception { if (Boolean.getBoolean("profile.use_ssl")) - { + { + // Clear the ssl system properties + setSystemProperty("javax.net.ssl.keyStore", null); + setSystemProperty("javax.net.ssl.keyStorePassword", null); + setSystemProperty("javax.net.ssl.trustStore", null); + setSystemProperty("javax.net.ssl.trustStorePassword", null); + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + "?ssl='true'&ssl_verify_hostname='true'" + "&key_store='%s'&key_store_password='%s'" + "&trust_store='%s'&trust_store_password='%s'" + "'"; - String keyStore = System.getProperty("javax.net.ssl.keyStore"); - String keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword"); - String trustStore = System.getProperty("javax.net.ssl.trustStore"); - String trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword"); + url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT, + KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD); - url = String.format(url,System.getProperty("test.port.ssl"), - keyStore,keyStorePass,trustStore,trustStorePass); + AMQConnection con = new AMQConnection(url); + assertNotNull("connection should be successful", con); + Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); + assertNotNull("create session should be successful", ssn); + } + } + + public void testCreateSSLConnectionUsingSystemProperties() throws Exception + { + if (Boolean.getBoolean("profile.use_ssl")) + { + + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s?ssl='true''"; + + url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT); - // temporarily set the trust/key store jvm args to something else - // to ensure we only read from the connection URL param. - System.setProperty("javax.net.ssl.trustStore","fessgsdgd"); - System.setProperty("javax.net.ssl.trustStorePassword","fessgsdgd"); - System.setProperty("javax.net.ssl.keyStore","fessgsdgd"); - System.setProperty("javax.net.ssl.keyStorePassword","fessgsdgd"); - try - { - AMQConnection con = new AMQConnection(url); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - } - catch (Exception e) - { - fail("SSL Connection should be successful"); - } - finally - { - System.setProperty("javax.net.ssl.trustStore",trustStore); - System.setProperty("javax.net.ssl.trustStorePassword",trustStorePass); - System.setProperty("javax.net.ssl.keyStore",keyStore); - System.setProperty("javax.net.ssl.keyStorePassword",keyStorePass); - } + AMQConnection con = new AMQConnection(url); + assertNotNull("connection should be successful", con); + Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); + assertNotNull("create session should be successful", ssn); } } @@ -95,8 +105,8 @@ public class SSLTest extends QpidBrokerTestCase if (Boolean.getBoolean("profile.use_ssl")) { String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - System.getProperty("test.port.ssl") + - "?ssl='true'&ssl_cert_alias='app1''"; + QpidBrokerTestCase.DEFAULT_SSL_PORT + + "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP1 + "''"; AMQTestConnection_0_10 con = new AMQTestConnection_0_10(url); Connection transportCon = con.getConnection(); @@ -105,8 +115,8 @@ public class SSLTest extends QpidBrokerTestCase con.close(); url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - System.getProperty("test.port.ssl") + - "?ssl='true'&ssl_cert_alias='app2''"; + QpidBrokerTestCase.DEFAULT_SSL_PORT + + "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP2 + "''"; con = new AMQTestConnection_0_10(url); transportCon = con.getConnection(); @@ -116,12 +126,12 @@ public class SSLTest extends QpidBrokerTestCase } } - public void testVerifyHostName() + public void testVerifyHostNameWithIncorrectHostname() { if (Boolean.getBoolean("profile.use_ssl")) { String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" + - System.getProperty("test.port.ssl") + + QpidBrokerTestCase.DEFAULT_SSL_PORT + "?ssl='true'&ssl_verify_hostname='true''"; try @@ -140,42 +150,53 @@ public class SSLTest extends QpidBrokerTestCase } } - public void testVerifyLocalHost() + public void testVerifyLocalHost() throws Exception { if (Boolean.getBoolean("profile.use_ssl")) { String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - System.getProperty("test.port.ssl") + + QpidBrokerTestCase.DEFAULT_SSL_PORT + "?ssl='true'&ssl_verify_hostname='true''"; - - try - { - AMQConnection con = new AMQConnection(url); - } - catch (Exception e) - { - fail("Hostname verification should succeed"); - } - } + + AMQConnection con = new AMQConnection(url); + assertNotNull("connection should have been created", con); + } } - public void testVerifyLocalHostLocalDomain() + public void testVerifyLocalHostLocalDomain() throws Exception { if (Boolean.getBoolean("profile.use_ssl")) { String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" + - System.getProperty("test.port.ssl") + + QpidBrokerTestCase.DEFAULT_SSL_PORT + "?ssl='true'&ssl_verify_hostname='true''"; + + AMQConnection con = new AMQConnection(url); + assertNotNull("connection should have been created", con); + } + } + + public void testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly() throws Exception + { + if (Boolean.getBoolean("profile.use_ssl")) + { + // Clear the ssl system properties + setSystemProperty("javax.net.ssl.keyStore", null); + setSystemProperty("javax.net.ssl.keyStorePassword", null); + setSystemProperty("javax.net.ssl.trustStore", null); + setSystemProperty("javax.net.ssl.trustStorePassword", null); - try - { - AMQConnection con = new AMQConnection(url); - } - catch (Exception e) - { - fail("Hostname verification should succeed"); - } - + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + + "?ssl='true'&ssl_verify_hostname='true'" + + "&trust_store='%s'&trust_store_password='%s'" + + "'"; + + url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT, TRUSTSTORE,TRUSTSTORE_PASSWORD); + + AMQConnection con = new AMQConnection(url); + assertNotNull("connection should be successful", con); + Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); + assertNotNull("create session should be successful", ssn); } } } diff --git a/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java b/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java index 9155b84365..e901903eb4 100644 --- a/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java +++ b/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java @@ -519,7 +519,7 @@ public class BrokerLoggingTest extends AbstractTestLogging setConfigurationProperty("connector.ssl.keyStorePath", getConfigurationStringProperty("management.ssl.keyStorePath")); setConfigurationProperty("connector.ssl.keyStorePassword", getConfigurationStringProperty("management.ssl.keyStorePassword")); - Integer sslPort = Integer.parseInt(getConfigurationStringProperty("connector.sslport")); + Integer sslPort = Integer.parseInt(getConfigurationStringProperty("connector.ssl.port")); startBroker(); diff --git a/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java b/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java index 481b144caf..95edcd353b 100644 --- a/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java +++ b/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQConnectionTest.java @@ -50,9 +50,9 @@ import org.slf4j.LoggerFactory; public class AMQConnectionTest extends QpidBrokerTestCase { - private static AMQConnection _connection; - private static AMQTopic _topic; - private static AMQQueue _queue; + protected static AMQConnection _connection; + protected static AMQTopic _topic; + protected static AMQQueue _queue; private static QueueSession _queueSession; private static TopicSession _topicSession; protected static final Logger _logger = LoggerFactory.getLogger(AMQConnectionTest.class); @@ -60,15 +60,14 @@ public class AMQConnectionTest extends QpidBrokerTestCase protected void setUp() throws Exception { super.setUp(); - _connection = (AMQConnection) getConnection("guest", "guest"); + createConnection(); _topic = new AMQTopic(_connection.getDefaultTopicExchangeName(), new AMQShortString("mytopic")); _queue = new AMQQueue(_connection.getDefaultQueueExchangeName(), new AMQShortString("myqueue")); } - - protected void tearDown() throws Exception + + protected void createConnection() throws Exception { - _connection.close(); - super.tearDown(); + _connection = (AMQConnection) getConnection("guest", "guest"); } /** @@ -207,61 +206,50 @@ public class AMQConnectionTest extends QpidBrokerTestCase public void testPrefetchSystemProperty() throws Exception { - String oldPrefetch = System.getProperty(ClientProperties.MAX_PREFETCH_PROP_NAME); - try - { - _connection.close(); - System.setProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, new Integer(2).toString()); - _connection = (AMQConnection) getConnection(); - _connection.start(); - // Create two consumers on different sessions - Session consSessA = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE); - MessageConsumer consumerA = consSessA.createConsumer(_queue); - - Session producerSession = _connection.createSession(false, Session.AUTO_ACKNOWLEDGE); - MessageProducer producer = producerSession.createProducer(_queue); + _connection.close(); + setTestClientSystemProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, new Integer(2).toString()); + + createConnection(); + _connection.start(); + // Create two consumers on different sessions + Session consSessA = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE); + MessageConsumer consumerA = consSessA.createConsumer(_queue); - // Send 3 messages - for (int i = 0; i < 3; i++) - { - producer.send(producerSession.createTextMessage("test")); - } - - MessageConsumer consumerB = null; - // 0-8, 0-9, 0-9-1 prefetch is per session, not consumer. - if (!isBroker010()) - { - Session consSessB = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE); - consumerB = consSessB.createConsumer(_queue); - } - else - { - consumerB = consSessA.createConsumer(_queue); - } + Session producerSession = _connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + MessageProducer producer = producerSession.createProducer(_queue); - Message msg; - // Check that consumer A has 2 messages - for (int i = 0; i < 2; i++) - { - msg = consumerA.receive(1500); - assertNotNull("Consumer A should receive 2 messages",msg); - } - - msg = consumerA.receive(1500); - assertNull("Consumer A should not have received a 3rd message",msg); - - // Check that consumer B has the last message - msg = consumerB.receive(1500); - assertNotNull("Consumer B should have received the message",msg); + // Send 3 messages + for (int i = 0; i < 3; i++) + { + producer.send(producerSession.createTextMessage("test")); } - finally + + MessageConsumer consumerB = null; + // 0-8, 0-9, 0-9-1 prefetch is per session, not consumer. + if (!isBroker010()) { - if (oldPrefetch == null) - { - oldPrefetch = ClientProperties.MAX_PREFETCH_DEFAULT; - } - System.setProperty(ClientProperties.MAX_PREFETCH_PROP_NAME, oldPrefetch); + Session consSessB = _connection.createSession(true, Session.AUTO_ACKNOWLEDGE); + consumerB = consSessB.createConsumer(_queue); + } + else + { + consumerB = consSessA.createConsumer(_queue); + } + + Message msg; + // Check that consumer A has 2 messages + for (int i = 0; i < 2; i++) + { + msg = consumerA.receive(1500); + assertNotNull("Consumer A should receive 2 messages",msg); } + + msg = consumerA.receive(1500); + assertNull("Consumer A should not have received a 3rd message",msg); + + // Check that consumer B has the last message + msg = consumerB.receive(1500); + assertNotNull("Consumer B should have received the message",msg); } public void testGetChannelID() throws Exception @@ -311,7 +299,7 @@ public class AMQConnectionTest extends QpidBrokerTestCase _connection.close(); stopBroker(port); - System.setProperty("qpid.heartbeat", "1"); + setSystemProperty("qpid.heartbeat", "1"); // in case this broker gets stuck, atleast the rest of the tests will not fail. port = port + 200; @@ -381,9 +369,7 @@ public class AMQConnectionTest extends QpidBrokerTestCase throw e; } finally - { - System.setProperty("qpid.heartbeat", ""); - + { if (process != null) { process.destroy(); @@ -395,9 +381,4 @@ public class AMQConnectionTest extends QpidBrokerTestCase cleanBroker(); } } - - public static junit.framework.Test suite() - { - return new junit.framework.TestSuite(AMQConnectionTest.class); - } } diff --git a/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java b/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java new file mode 100644 index 0000000000..53a433c543 --- /dev/null +++ b/java/systests/src/main/java/org/apache/qpid/test/unit/client/AMQSSLConnectionTest.java @@ -0,0 +1,57 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.qpid.test.unit.client; + +import org.apache.qpid.client.AMQConnection; +import org.apache.qpid.client.AMQConnectionURL; + +public class AMQSSLConnectionTest extends AMQConnectionTest +{ + private static final String KEYSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks"; + private static final String KEYSTORE_PASSWORD = "password"; + private static final String TRUSTSTORE = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks"; + private static final String TRUSTSTORE_PASSWORD = "password"; + + @Override + protected void setUp() throws Exception + { + setTestClientSystemProperty("profile.use_ssl", "true"); + setConfigurationProperty("connector.ssl.enabled", "true"); + setConfigurationProperty("connector.ssl.sslOnly", "true"); + super.setUp(); + } + + protected void createConnection() throws Exception + { + + final String sslPrototypeUrl = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + + "?ssl='true'&ssl_verify_hostname='false'" + + "&key_store='%s'&key_store_password='%s'" + + "&trust_store='%s'&trust_store_password='%s'" + + "'"; + + final String url = String.format(sslPrototypeUrl,System.getProperty("test.port.ssl"), + KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD); + + _connection = (AMQConnection) getConnection(new AMQConnectionURL(url)); + } +} diff --git a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java index c8ccdf91bb..1d9afe3a68 100644 --- a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java +++ b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java @@ -57,6 +57,7 @@ import org.apache.log4j.Logger; import org.apache.qpid.AMQException; import org.apache.qpid.client.AMQConnectionFactory; import org.apache.qpid.client.AMQQueue; +import org.apache.qpid.client.SSLConfiguration; import org.apache.qpid.exchange.ExchangeDefaults; import org.apache.qpid.jms.BrokerDetails; import org.apache.qpid.jms.ConnectionURL; @@ -83,7 +84,7 @@ public class QpidBrokerTestCase extends QpidTestCase INTERNAL /** Test case starts an embedded broker within this JVM */, SPAWNED /** Test case spawns a new broker as a separate process */ } - protected final String QpidHome = System.getProperty("QPID_HOME"); + protected final static String QpidHome = System.getProperty("QPID_HOME"); protected File _configFile = new File(System.getProperty("broker.config")); protected static final Logger _logger = Logger.getLogger(QpidBrokerTestCase.class); @@ -139,7 +140,7 @@ public class QpidBrokerTestCase extends QpidTestCase public static final int DEFAULT_PORT = Integer.getInteger("test.port", ServerConfiguration.DEFAULT_PORT); public static final int FAILING_PORT = Integer.parseInt(System.getProperty("test.port.alt")); public static final int DEFAULT_MANAGEMENT_PORT = Integer.getInteger("test.mport", ServerConfiguration.DEFAULT_JMXPORT); - public static final int DEFAULT_SSL_PORT = Integer.getInteger("test.sslport", ServerConfiguration.DEFAULT_SSL_PORT); + public static final int DEFAULT_SSL_PORT = Integer.getInteger("test.port.ssl", ServerConfiguration.DEFAULT_SSL_PORT); protected String _brokerLanguage = System.getProperty(BROKER_LANGUAGE, JAVA); protected BrokerType _brokerType = BrokerType.valueOf(System.getProperty(BROKER_TYPE, "").toUpperCase()); @@ -258,6 +259,10 @@ public class QpidBrokerTestCase extends QpidTestCase _logger.error("exception stopping broker", e); } + // reset properties used in the test + revertSystemProperties(); + revertLoggingLevels(); + if(_brokerCleanBetweenTests) { try @@ -440,10 +445,11 @@ public class QpidBrokerTestCase extends QpidTestCase protected String getBrokerCommand(int port) throws MalformedURLException { - final String protocolExcludesList = _brokerProtocolExcludes.replace("@PORT", "" + port); + final int sslPort = port-1; + final String protocolExcludesList = getProtocolExcludesList(port, sslPort); return _brokerCommand .replace("@PORT", "" + port) - .replace("@SSL_PORT", "" + (port - 1)) + .replace("@SSL_PORT", "" + sslPort) .replace("@MPORT", "" + getManagementPort(port)) .replace("@CONFIG_FILE", _configFile.toString()) .replace("@EXCLUDES", protocolExcludesList); @@ -476,7 +482,7 @@ public class QpidBrokerTestCase extends QpidTestCase options.setConfigFile(_configFile.getAbsolutePath()); options.addPort(port); - addExcludedPorts(port, options); + addExcludedPorts(port, DEFAULT_SSL_PORT, options); options.setJmxPort(getManagementPort(port)); @@ -597,9 +603,9 @@ public class QpidBrokerTestCase extends QpidTestCase } } - private void addExcludedPorts(int port, BrokerOptions options) + private void addExcludedPorts(int port, int sslPort, BrokerOptions options) { - final String protocolExcludesList = _brokerProtocolExcludes.replace("@PORT", "" + port); + final String protocolExcludesList = getProtocolExcludesList(port, sslPort); if (protocolExcludesList.equals("")) { @@ -621,6 +627,13 @@ public class QpidBrokerTestCase extends QpidTestCase } } + protected String getProtocolExcludesList(int port, int sslPort) + { + final String protocolExcludesList = + _brokerProtocolExcludes.replace("@PORT", "" + port).replace("@SSL_PORT", "" + sslPort); + return protocolExcludesList; + } + private boolean existingInternalBroker() { for(BrokerHolder holder : _brokers.values()) @@ -1049,7 +1062,7 @@ public class QpidBrokerTestCase extends QpidTestCase { return (AMQConnectionFactory) getInitialContext().lookup(factoryName); } - + public Connection getConnection() throws JMSException, NamingException { return getConnection("guest", "guest"); @@ -1117,19 +1130,10 @@ public class QpidBrokerTestCase extends QpidTestCase protected void tearDown() throws java.lang.Exception { - try - { - // close all the connections used by this test. - for (Connection c : _connections) - { - c.close(); - } - } - finally + // close all the connections used by this test. + for (Connection c : _connections) { - // Ensure any problems with close does not interfer with property resets - revertSystemProperties(); - revertLoggingLevels(); + c.close(); } } diff --git a/java/test-profiles/JavaExcludes b/java/test-profiles/JavaExcludes index 4be228c7da..2fc70e6e70 100644 --- a/java/test-profiles/JavaExcludes +++ b/java/test-profiles/JavaExcludes @@ -88,3 +88,6 @@ org.apache.qpid.server.configuration.ServerConfigurationFileTest#* org.apache.qpid.test.unit.client.connection.ConnectionTest#testClientIDVerification org.apache.qpid.jms.xa.XAResourceTest#* + +//The Java broker doesnt support client auth +org.apache.qpid.client.ssl.SSLTest#testMultipleCertsInSingleStore diff --git a/java/test-profiles/JavaPre010Excludes b/java/test-profiles/JavaPre010Excludes index 5d0c82c5d7..a7b008601d 100644 --- a/java/test-profiles/JavaPre010Excludes +++ b/java/test-profiles/JavaPre010Excludes @@ -40,3 +40,8 @@ org.apache.qpid.client.MessageListenerTest#testSynchronousReceiveNoWait org.apache.qpid.test.unit.client.connection.ConnectionTest#testUnsupportedSASLMechanism org.apache.qpid.test.unit.message.JMSPropertiesTest#testQpidExtensionProperties + +//The 0-8/0-9/0-9-1 client configuration for SSL does not work the same as the 0-10 client +//so these tests fail due to the client failing to use SSL +org.apache.qpid.client.ssl.SSLTest#* +org.apache.qpid.test.unit.client.AMQSSLConnectionTest#* diff --git a/java/test-profiles/cpp.ssl.excludes b/java/test-profiles/cpp.ssl.excludes index 4d499c57b9..4b77115c1a 100644 --- a/java/test-profiles/cpp.ssl.excludes +++ b/java/test-profiles/cpp.ssl.excludes @@ -18,3 +18,7 @@ // #org.apache.qpid.test.client.failover.FailoverTest#* + +//This test does not supply a client keystore, therefore it cant login to the C++ broker +//in this test profile as it demands client certificate authentication +org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly diff --git a/java/test-profiles/cpp.ssl.testprofile b/java/test-profiles/cpp.ssl.testprofile index bf71384835..b3bb5e22f7 100644 --- a/java/test-profiles/cpp.ssl.testprofile +++ b/java/test-profiles/cpp.ssl.testprofile @@ -23,7 +23,7 @@ broker.modules=--load-module ${broker.module.ssl} --ssl-cert-name localhost.loca profile.use_ssl=true broker.ready= Listening for SSL connections -javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/keystore.jks +javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/java_client_keystore.jks javax.net.ssl.keyStorePassword=password -javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/certstore.jks +javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/java_client_truststore.jks javax.net.ssl.trustStorePassword=password diff --git a/java/test-profiles/java-dby-spawn.0-9-1.testprofile b/java/test-profiles/java-dby-spawn.0-9-1.testprofile index f79e1f3aad..1580cec1c5 100644 --- a/java/test-profiles/java-dby-spawn.0-9-1.testprofile +++ b/java/test-profiles/java-dby-spawn.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception broker.config=${project.root}/build/etc/config-systests-derby.xml -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore profile.excludes=JavaPersistentExcludes JavaPre010Excludes broker.clean.between.tests=true diff --git a/java/test-profiles/java-dby.0-9-1.testprofile b/java/test-profiles/java-dby.0-9-1.testprofile index f9700da82d..b4d506df05 100644 --- a/java/test-profiles/java-dby.0-9-1.testprofile +++ b/java/test-profiles/java-dby.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception broker.config=${project.root}/build/etc/config-systests-derby.xml -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore profile.excludes=JavaPersistentExcludes JavaPre010Excludes broker.clean.between.tests=true diff --git a/java/test-profiles/java-mms-spawn.0-9-1.testprofile b/java/test-profiles/java-mms-spawn.0-9-1.testprofile index f94b93c793..4563600ba1 100644 --- a/java/test-profiles/java-mms-spawn.0-9-1.testprofile +++ b/java/test-profiles/java-mms-spawn.0-9-1.testprofile @@ -23,7 +23,7 @@ broker.command=${project.root}/build/bin/qpid-server -p @PORT -m @MPORT @EXCLUDE broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT # # Do not enable. Allow client to attempt 0-10 and negotiate downwards # diff --git a/java/test-profiles/java-mms.0-9-1.testprofile b/java/test-profiles/java-mms.0-9-1.testprofile index 45e2fc7162..cec02f3aa6 100644 --- a/java/test-profiles/java-mms.0-9-1.testprofile +++ b/java/test-profiles/java-mms.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.command=${project.root}/build/bin/qpid-server -p @PORT -m @MPORT @EXCLUDE broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT # # Do not enable. Allow client to attempt 0-10 and negotiate downwards # diff --git a/java/test-profiles/test_resources/ssl/java_broker.crt b/java/test-profiles/test_resources/ssl/java_broker.crt new file mode 100644 index 0000000000..7543ee8a7d --- /dev/null +++ b/java/test-profiles/test_resources/ssl/java_broker.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICVzCCAcCgAwIBAgIFAJVWeugwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
+Um9vdENBMB4XDTExMDgxNzEzNTQ1NFoXDTExMTExNzEzNTQ1NFowejEQMA4GA1UE
+BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j
+YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCj
+VSo/qOCDsPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI
+6JlmD2nnjp8Em7+/xa6u4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4
+FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5xKW4maARxwIDAQABoyIwIDAJBgNVHRME
+AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAFsexncH
+xxTjk9YMoPpjjU0t/UgzjBLEruIIQQ/EtcZIOEqNCDwpzfgY/x7GVCy8VjLISgzK
+xJsNv75F/vP8a4eaeTRJmrvVcWUZJu6r/A8WNwJVYUvXhy2+jbfdp/UMlRg+ODw7
+GMU9ILQW4LGJnTtJKrlVrcQqzw6IZRduEE65 +-----END CERTIFICATE----- diff --git a/java/test-profiles/test_resources/ssl/java_broker.req b/java/test-profiles/test_resources/ssl/java_broker.req new file mode 100644 index 0000000000..05fc8b0eda --- /dev/null +++ b/java/test-profiles/test_resources/ssl/java_broker.req @@ -0,0 +1,10 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE +BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV +bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjVSo/qOCD +sPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI6JlmD2nnjp8Em7+/xa6u +4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5 +xKW4maARxwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAjXXfPRv7xQYY3R8lZ78/0gbXZ35Lq/1h +6sxShXfqXxFXE8oP4uGLTlsnSvfsHQL60ihKP3V+nv/zIxNudAsrM57x70owUWyp/bm0XXD89X0T +zEBP9OQexDTwC2r/8gvYMi++022LMTluEPw29bCsp6usuKh61eLmekprpNlhs5M= +-----END NEW CERTIFICATE REQUEST----- diff --git a/java/test-profiles/test_resources/ssl/java_broker_keystore.jks b/java/test-profiles/test_resources/ssl/java_broker_keystore.jks Binary files differnew file mode 100644 index 0000000000..4c4449e20d --- /dev/null +++ b/java/test-profiles/test_resources/ssl/java_broker_keystore.jks diff --git a/java/test-profiles/test_resources/ssl/keystore.jks b/java/test-profiles/test_resources/ssl/java_client_keystore.jks Binary files differindex e3a850a248..e3a850a248 100644 --- a/java/test-profiles/test_resources/ssl/keystore.jks +++ b/java/test-profiles/test_resources/ssl/java_client_keystore.jks diff --git a/java/test-profiles/test_resources/ssl/certstore.jks b/java/test-profiles/test_resources/ssl/java_client_truststore.jks Binary files differindex 2af95f21f8..2af95f21f8 100644 --- a/java/test-profiles/test_resources/ssl/certstore.jks +++ b/java/test-profiles/test_resources/ssl/java_client_truststore.jks |