QPID-3973 : [Java] Add support for non JKS key store types (patch supplied by jsightle@redhat.com)

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1340191 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2012-05-18 17:54:23 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2012-05-18 17:54:23 +0000
commit: 56e8a86b4100b11d8f11a403b1c53fed201d1814 (patch)
tree: e4dfab4c13913e7c923275bdc20be19c62a38d5d /java
parent: b7c76de3585d549ffbdf80ee20eea555489b62b2 (diff)
download: qpid-python-56e8a86b4100b11d8f11a403b1c53fed201d1814.tar.gz
9 files changed, 65 insertions, 28 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/Broker.java b/java/broker/src/main/java/org/apache/qpid/server/Broker.java
index 5004d320c2..ac1fcf05db 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/Broker.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/Broker.java
@@ -242,8 +242,9 @@ public class Broker
             {
                 final String keystorePath = serverConfig.getConnectorKeyStorePath();
                 final String keystorePassword = serverConfig.getConnectorKeyStorePassword();
+                final String keystoreType = serverConfig.getConnectorKeyStoreType();
                 final String keyManagerFactoryAlgorithm = serverConfig.getConnectorKeyManagerFactoryAlgorithm();
-                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, keyManagerFactoryAlgorithm);
+                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, keystoreType, keyManagerFactoryAlgorithm);
 
                 for(int sslPort : sslPorts)
                 {
diff --git a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
index 0be4e682c9..baf6d5e6ad 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
@@ -743,7 +743,7 @@ public class ServerConfiguration extends ConfigurationPlugin
     {
         return getBooleanValue("connector.ssl.sslOnly");
     }
-
+    
     public List getSSLPorts()
     {
         return getListValue("connector.ssl.port", Collections.<Integer>singletonList(DEFAULT_SSL_PORT));
@@ -761,6 +761,11 @@ public class ServerConfiguration extends ConfigurationPlugin
         return getStringValue("connector.ssl.keyStorePassword", fallback);
     }
 
+    public String getConnectorKeyStoreType()
+    {
+        return getStringValue("connector.ssl.keyStoreType", "JKS");
+    }
+
     public String getConnectorKeyManagerFactoryAlgorithm()
     {
         final String systemFallback = KeyManagerFactory.getDefaultAlgorithm();
diff --git a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
index 08ee7c3705..aa5981b81f 100644
--- a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
+++ b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
@@ -110,9 +110,11 @@ public class AMQConnectionDelegate_8_0 implements AMQConnectionDelegate
                 sslContext = SSLContextFactory.buildClientContext(
                                 settings.getTrustStorePath(),
                                 settings.getTrustStorePassword(),
+                                settings.getTrustStoreType(),
                                 settings.getTrustManagerFactoryAlgorithm(),
                                 settings.getKeyStorePath(),
                                 settings.getKeyStorePassword(),
+                                settings.getKeyStoreType(),
                                 settings.getKeyManagerFactoryAlgorithm(),
                                 settings.getCertAlias());
             }
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
index c9ff180c54..b2967bb0bb 100644
--- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
@@ -39,7 +39,6 @@ import java.security.KeyStore;
  */
 public class SSLContextFactory
 {
-    public static final String JAVA_KEY_STORE_CODE = "JKS";
     public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
 
     private SSLContextFactory()
@@ -48,28 +47,32 @@ public class SSLContextFactory
     }
 
     public static SSLContext buildServerContext(final String keyStorePath,
-            final String keyStorePassword, final String keyManagerFactoryAlgorithm)
+            final String keyStorePassword, final String keyStoreType,
+            final String keyManagerFactoryAlgorithm)
             throws GeneralSecurityException, IOException
     {
-        return buildContext(null, null, null, keyStorePath, keyStorePassword,
+        return buildContext(null, null, null, null, keyStorePath, keyStorePassword, keyStoreType,
                 keyManagerFactoryAlgorithm, null);
     }
 
     public static SSLContext buildClientContext(final String trustStorePath,
-            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
-            final String keyStorePath, final String keyStorePassword,
+            final String trustStorePassword, final String trustStoreType,
+            final String trustManagerFactoryAlgorithm, final String keyStorePath, 
+            final String keyStorePassword, final String keyStoreType, 
             final String keyManagerFactoryAlgorithm, final String certAlias)
             throws GeneralSecurityException, IOException
     {
-        return buildContext(trustStorePath, trustStorePassword,
-                trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword,
+        return buildContext(trustStorePath, trustStorePassword, trustStoreType,
+                trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword, keyStoreType,
                 keyManagerFactoryAlgorithm, certAlias);
     }
     
     private static SSLContext buildContext(final String trustStorePath,
-            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
-            final String keyStorePath, final String keyStorePassword,
-            final String keyManagerFactoryAlgorithm, final String certAlias)
+            final String trustStorePassword, final String trustStoreType,
+            final String trustManagerFactoryAlgorithm,
+            final String keyStorePath, final String keyStorePassword, 
+            final String keyStoreType, final String keyManagerFactoryAlgorithm,
+            final String certAlias)
             throws GeneralSecurityException, IOException
     {
         // Initialize the SSLContext to work with our key managers.
@@ -82,7 +85,7 @@ public class SSLContextFactory
         if (trustStorePath != null)
         {
             final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
-                    trustStorePassword);
+                    trustStorePassword, trustStoreType);
             final TrustManagerFactory tmf = TrustManagerFactory
                     .getInstance(trustManagerFactoryAlgorithm);
             tmf.init(ts);
@@ -99,13 +102,13 @@ public class SSLContextFactory
             if (certAlias != null)
             {
                 keyManagers = new KeyManager[] { new QpidClientX509KeyManager(
-                        certAlias, keyStorePath, keyStorePassword,
+                        certAlias, keyStorePath, keyStoreType, keyStorePassword,
                         keyManagerFactoryAlgorithm) };
             }
             else
             {
                 final KeyStore ks = SSLUtil.getInitializedKeyStore(
-                        keyStorePath, keyStorePassword);
+                        keyStorePath, keyStorePassword, keyStoreType);
 
                 char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray();
                 // Set up key manager factory to use our key store
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
index 084428d182..c90a11594c 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
@@ -31,6 +31,7 @@ import static org.apache.qpid.configuration.ClientProperties.SEND_BUFFER_SIZE_PR
 import static org.apache.qpid.configuration.ClientProperties.LEGACY_RECEIVE_BUFFER_SIZE_PROP_NAME;
 import static org.apache.qpid.configuration.ClientProperties.LEGACY_SEND_BUFFER_SIZE_PROP_NAME;
 
+import java.security.KeyStore;
 import java.util.Map;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -67,10 +68,12 @@ public class ConnectionSettings
     private boolean useSSL;
     private String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
     private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
+    private String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType",KeyStore.getDefaultType());
     private String keyManagerFactoryAlgorithm = QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(), QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get();
     private String trustManagerFactoryAlgorithm = QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(), QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get();
-    private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");;
-    private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");;
+    private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
+    private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+    private String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType",KeyStore.getDefaultType());
     private String certAlias;
     private boolean verifyHostname;
     
@@ -262,6 +265,16 @@ public class ConnectionSettings
         this.keyStorePassword = keyStorePassword;
     }
 
+    public void setKeyStoreType(String keyStoreType)
+    {
+        this.keyStoreType = keyStoreType;
+    }
+
+    public String getKeyStoreType()
+    {
+        return keyStoreType;
+    }
+
     public String getTrustStorePath()
     {
         return trustStorePath;
@@ -322,6 +335,16 @@ public class ConnectionSettings
         this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
     }
 
+    public String getTrustStoreType()
+    {
+        return trustStoreType;
+    }
+
+    public void setTrustStoreType(String trustStoreType)
+    {
+        this.trustStoreType = trustStoreType;
+    }
+
     public int getReadBufferSize()
     {
         return readBufferSize;
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
index 442800c529..478355edc1 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
@@ -78,9 +78,11 @@ public class SecurityLayerFactory
                 sslCtx = SSLContextFactory
                         .buildClientContext(settings.getTrustStorePath(),
                                 settings.getTrustStorePassword(),
+                                settings.getTrustStoreType(),
                                 settings.getTrustManagerFactoryAlgorithm(),
                                 settings.getKeyStorePath(),
                                 settings.getKeyStorePassword(),
+                                settings.getKeyStoreType(),
                                 settings.getKeyManagerFactoryAlgorithm(),
                                 settings.getCertAlias());
             }
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
index 3ab028c8a8..0dccf37979 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
@@ -40,11 +40,11 @@ public class QpidClientX509KeyManager extends X509ExtendedKeyManager
     private X509ExtendedKeyManager delegate;
     private String alias;
     
-    public QpidClientX509KeyManager(String alias, String keyStorePath,
+    public QpidClientX509KeyManager(String alias, String keyStorePath, String keyStoreType,
                            String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
     {
         this.alias = alias;    
-        KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword);
+        KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword,keyStoreType);
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
         kmf.init(ks, keyStorePassword.toCharArray());
         this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index 71a73db71f..ce7cc105a1 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -125,9 +125,9 @@ public class SSLUtil
         return id.toString();
     }
     
-    public static KeyStore getInitializedKeyStore(String storePath, String storePassword) throws GeneralSecurityException, IOException
+    public static KeyStore getInitializedKeyStore(String storePath, String storePassword, String keyStoreType) throws GeneralSecurityException, IOException
     {
-        KeyStore ks = KeyStore.getInstance("JKS");
+        KeyStore ks = KeyStore.getInstance(keyStoreType);
         InputStream in = null;
         try
         {
@@ -140,7 +140,7 @@ public class SSLUtil
             {
                 in = Thread.currentThread().getContextClassLoader().getResourceAsStream(storePath);
             }
-            if (in == null)
+            if (in == null && !"PKCS11".equalsIgnoreCase(keyStoreType)) // PKCS11 will not require an explicit path
             {
                 throw new IOException("Unable to load keystore resource: " + storePath);
             }
diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
index 69b04c9979..21b8871d9a 100644
--- a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
+++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
@@ -31,13 +31,14 @@ public class SSLContextFactoryTest extends QpidTestCase
     private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks";
     private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks";
     private static final String STORE_PASSWORD = "password";
+    private static final String STORE_TYPE = "JKS";
     private static final String DEFAULT_KEY_MANAGER_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm();
     private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
     private static final String CERT_ALIAS_APP1 = "app1";
 
     public void testBuildServerContext() throws Exception
     {
-        SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM);
+        SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
         assertNotNull("SSLContext should not be null", context);
     }
 
@@ -45,7 +46,7 @@ public class SSLContextFactoryTest extends QpidTestCase
     {
         try
         {
-            SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", DEFAULT_KEY_MANAGER_ALGORITHM);
+            SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM);
             fail("Exception was not thrown due to incorrect password");
         }
         catch (IOException e)
@@ -58,7 +59,7 @@ public class SSLContextFactoryTest extends QpidTestCase
     {
         try
         {
-            SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, null);
+            SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null);
             fail("Exception was not thrown due to incorrect path");
         }
         catch (IOException e)
@@ -69,19 +70,19 @@ public class SSLContextFactoryTest extends QpidTestCase
 
     public void testBuildClientContextForSSLEncryptionOnly() throws Exception
     {
-        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, null, null, null, null);
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, null, null, null, null, null);
         assertNotNull("SSLContext should not be null", context);
     }
 
     public void testBuildClientContextWithForClientAuth() throws Exception
     {
-        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, null);
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null);
         assertNotNull("SSLContext should not be null", context);
     }
     
     public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception
     {
-        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1);
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1);
         assertNotNull("SSLContext should not be null", context);
     }
 }
author	Robert Godfrey <rgodfrey@apache.org>	2012-05-18 17:54:23 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2012-05-18 17:54:23 +0000
commit	56e8a86b4100b11d8f11a403b1c53fed201d1814 (patch)
tree	e4dfab4c13913e7c923275bdc20be19c62a38d5d /java
parent	b7c76de3585d549ffbdf80ee20eea555489b62b2 (diff)
download	qpid-python-56e8a86b4100b11d8f11a403b1c53fed201d1814.tar.gz