diff options
| author | Robert Godfrey <rgodfrey@apache.org> | 2013-08-08 15:05:58 +0000 |
|---|---|---|
| committer | Robert Godfrey <rgodfrey@apache.org> | 2013-08-08 15:05:58 +0000 |
| commit | 77a78ab0a981d953e814360140c84323e54e2633 (patch) | |
| tree | 3132e43caf7658b236225159808acb8288200c1c /java | |
| parent | 937ff9ea7be81f26a8f1d8d5914e6ab75733ff9e (diff) | |
| download | qpid-python-77a78ab0a981d953e814360140c84323e54e2633.tar.gz | |
QPID-5056 : [Java Broker] Change configuration model to allow for KeyStores/TrustStores which are not JKS files on the filesystem
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1511825 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java')
10 files changed, 213 insertions, 162 deletions
diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index e66680ce12..c47ec9b9e7 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -22,6 +22,9 @@ package org.apache.qpid.server.management.plugin; import java.lang.reflect.Type; import java.net.SocketAddress; +import java.security.GeneralSecurityException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.Collection; import java.util.Collections; import java.util.EnumSet; @@ -30,6 +33,7 @@ import java.util.HashSet; import java.util.Map; import java.util.UUID; +import javax.net.ssl.SSLContext; import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.logging.actors.CurrentActor; @@ -239,13 +243,17 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem { throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore"); } - String keyStorePath = (String)keyStore.getAttribute(KeyStore.PATH); - String keyStorePassword = keyStore.getPassword(); - SslContextFactory factory = new SslContextFactory(); - factory.setKeyStorePath(keyStorePath); - factory.setKeyStorePassword(keyStorePassword); - + try + { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(keyStore.getKeyManagers(), null, null); + factory.setSslContext(sslContext); + } + catch (GeneralSecurityException e) + { + throw new RuntimeException("Cannot configure port " + port.getName() + " for transport " + Transport.SSL, e); + } connector = new SslSocketConnector(factory); } else diff --git a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java index d094134e11..32aac51008 100644 --- a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java +++ b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java @@ -20,6 +20,7 @@ */ package org.apache.qpid.server.jmx; +import javax.net.ssl.KeyManager; import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.BrokerProperties; import org.apache.qpid.server.logging.actors.CurrentActor; @@ -124,26 +125,19 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry { KeyStore keyStore = _connectorPort.getKeyStore(); - String keyStorePath = (String) keyStore.getAttribute(KeyStore.PATH); - String keyStorePassword = keyStore.getPassword(); - String keyStoreType = (String) keyStore.getAttribute(KeyStore.TYPE); - String keyManagerFactoryAlgorithm = (String) keyStore.getAttribute(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM); - SSLContext sslContext; try { - sslContext = SSLContextFactory.buildServerContext(keyStorePath, keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm); + + sslContext = SSLContext.getInstance("TLS"); + sslContext.init(keyStore.getKeyManagers(), null, null); } catch (GeneralSecurityException e) { throw new RuntimeException("Unable to create SSLContext for key store", e); } - catch (IOException e) - { - throw new RuntimeException("Unable to create SSLContext for key store", e); - } - CurrentActor.get().message(ManagementConsoleMessages.SSL_KEYSTORE(keyStorePath)); + CurrentActor.get().message(ManagementConsoleMessages.SSL_KEYSTORE(keyStore.getName())); //create the SSL RMI socket factories csf = new SslRMIClientSocketFactory(); diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/KeyStore.java b/java/broker/src/main/java/org/apache/qpid/server/model/KeyStore.java index 74a7469ffb..ab909390bd 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/KeyStore.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/KeyStore.java @@ -20,9 +20,11 @@ */ package org.apache.qpid.server.model; +import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import javax.net.ssl.KeyManager; public interface KeyStore extends ConfiguredObject { @@ -64,4 +66,7 @@ public interface KeyStore extends ConfiguredObject public String getPassword(); public void setPassword(String password); + + public KeyManager[] getKeyManagers() throws GeneralSecurityException; + } diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/TrustStore.java b/java/broker/src/main/java/org/apache/qpid/server/model/TrustStore.java index c686e7bd50..d313e1832f 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/TrustStore.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/TrustStore.java @@ -20,9 +20,11 @@ */ package org.apache.qpid.server.model; +import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import javax.net.ssl.TrustManager; public interface TrustStore extends ConfiguredObject { @@ -64,4 +66,8 @@ public interface TrustStore extends ConfiguredObject public String getPassword(); public void setPassword(String password); + + public TrustManager[] getTrustManagers() throws GeneralSecurityException; + + } diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java index 02ff98fb0e..a4ce95e5aa 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java @@ -21,18 +21,21 @@ package org.apache.qpid.server.model.adapter; import static org.apache.qpid.transport.ConnectionSettings.WILDCARD_ADDRESS; -import java.io.IOException; import java.net.InetSocketAddress; import java.security.GeneralSecurityException; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.UUID; +import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import org.apache.qpid.server.configuration.BrokerProperties; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.logging.actors.CurrentActor; @@ -46,10 +49,9 @@ import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.configuration.updater.TaskExecutor; import org.apache.qpid.server.protocol.AmqpProtocolVersion; import org.apache.qpid.server.protocol.MultiVersionProtocolEngineFactory; -import org.apache.qpid.server.util.MapValueConverter; -import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.transport.NetworkTransportConfiguration; import org.apache.qpid.transport.network.IncomingNetworkTransport; +import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager; public class AmqpPortAdapter extends PortAdapter { @@ -136,8 +138,8 @@ public class AmqpPortAdapter extends PortAdapter private SSLContext createSslContext() { KeyStore keyStore = getKeyStore(); - Collection<TrustStore> trustStores = getTrustStores(); + boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH); if (needClientCert && trustStores.isEmpty()) { @@ -145,44 +147,58 @@ public class AmqpPortAdapter extends PortAdapter + this.getName() + "' but no trust store defined"); } - String keystorePath = (String)keyStore.getAttribute(KeyStore.PATH); - String keystorePassword = keyStore.getPassword(); - String keystoreType = (String)keyStore.getAttribute(KeyStore.TYPE); - String keyManagerFactoryAlgorithm = (String)keyStore.getAttribute(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM); - String certAlias = (String)keyStore.getAttribute(KeyStore.CERTIFICATE_ALIAS); - - final SSLContext sslContext; try { - if(! trustStores.isEmpty()) + SSLContext sslContext = SSLContext.getInstance("TLS"); + KeyManager[] keyManagers = keyStore.getKeyManagers(); + + TrustManager[] trustManagers; + if(trustStores == null || trustStores.isEmpty()) { - Collection<SSLContextFactory.TrustStoreWrapper> trstWrappers = new ArrayList<SSLContextFactory.TrustStoreWrapper>(); - for (TrustStore trustStore : trustStores) - { - trstWrappers.add(new SSLContextFactory.TrustStoreWrapper((String)trustStore.getAttribute(TrustStore.PATH), - trustStore.getPassword(), - (String)trustStore.getAttribute(TrustStore.TYPE), - (Boolean) trustStore.getAttribute(TrustStore.PEERS_ONLY), - (String)trustStore.getAttribute(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM))); - } - sslContext = SSLContextFactory.buildClientContext(trstWrappers, keystorePath, - keystorePassword, keystoreType, - keyManagerFactoryAlgorithm, certAlias); + trustManagers = null; + } + else if(trustStores.size() == 1) + { + trustManagers = trustStores.iterator().next().getTrustManagers(); } else { - sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, keystoreType, keyManagerFactoryAlgorithm); + Collection<TrustManager> trustManagerList = new ArrayList<TrustManager>(); + final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); + + for(TrustStore ts : trustStores) + { + TrustManager[] managers = ts.getTrustManagers(); + if(managers != null) + { + for(TrustManager manager : managers) + { + if(manager instanceof X509TrustManager) + { + mulTrustManager.addTrustManager((X509TrustManager)manager); + } + else + { + trustManagerList.add(manager); + } + } + } + } + if(!mulTrustManager.isEmpty()) + { + trustManagerList.add(mulTrustManager); + } + trustManagers = trustManagerList.toArray(new TrustManager[trustManagerList.size()]); } + sslContext.init(keyManagers, trustManagers, null); + + return sslContext; + } catch (GeneralSecurityException e) { throw new RuntimeException("Unable to create SSLContext for key or trust store", e); } - catch (IOException e) - { - throw new RuntimeException("Unable to create SSLContext - unable to load key/trust store", e); - } - return sslContext; } private AmqpProtocolVersion getDefaultAmqpSupportedReply() diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/KeyStoreAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/KeyStoreAdapter.java index 4d4d3bb31d..1101232c96 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/KeyStoreAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/KeyStoreAdapter.java @@ -20,8 +20,10 @@ */ package org.apache.qpid.server.model.adapter; +import java.io.IOException; import java.lang.reflect.Type; import java.security.AccessControlException; +import java.security.GeneralSecurityException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -32,6 +34,7 @@ import java.util.HashMap; import java.util.Map; import java.util.UUID; +import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import org.apache.qpid.server.configuration.IllegalConfigurationException; @@ -42,6 +45,7 @@ import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.State; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.util.MapValueConverter; +import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; public class KeyStoreAdapter extends AbstractKeyStoreAdapter implements KeyStore @@ -210,4 +214,41 @@ public class KeyStoreAdapter extends AbstractKeyStoreAdapter implements KeyStore + keyManagerFactoryAlgorithm); } } + + public KeyManager[] getKeyManagers() throws GeneralSecurityException + { + String keyStorePath = (String)getAttribute(KeyStore.PATH); + String keyStorePassword = getPassword(); + String keyStoreType = (String)getAttribute(KeyStore.TYPE); + String keyManagerFactoryAlgorithm = (String)getAttribute(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM); + String certAlias = (String)getAttribute(KeyStore.CERTIFICATE_ALIAS); + + try + { + if (certAlias != null) + { + return new KeyManager[] { + new QpidClientX509KeyManager( certAlias, keyStorePath, keyStoreType, keyStorePassword, + keyManagerFactoryAlgorithm) + }; + + } + else + { + final java.security.KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath, keyStorePassword, keyStoreType); + + char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray(); + + final KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithm); + + kmf.init(ks, keyStoreCharPassword); + + return kmf.getKeyManagers(); + } + } + catch (IOException e) + { + throw new GeneralSecurityException(e); + } + } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java index 06089e43c6..5e7bfff4de 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java @@ -20,8 +20,11 @@ */ package org.apache.qpid.server.model.adapter; +import java.io.IOException; import java.lang.reflect.Type; import java.security.AccessControlException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collection; @@ -30,8 +33,10 @@ import java.util.HashMap; import java.util.Map; import java.util.UUID; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.IntegrityViolationException; @@ -40,6 +45,8 @@ import org.apache.qpid.server.model.State; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.util.MapValueConverter; +import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager; +import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; public class TrustStoreAdapter extends AbstractKeyStoreAdapter implements TrustStore @@ -189,4 +196,60 @@ public class TrustStoreAdapter extends AbstractKeyStoreAdapter implements TrustS throw new IllegalConfigurationException("Unknown trustManagerFactoryAlgorithm: " + trustManagerFactoryAlgorithm); } } + + public TrustManager[] getTrustManagers() throws GeneralSecurityException + { + String trustStorePath = (String)getAttribute(TrustStore.PATH); + String trustStorePassword = getPassword(); + String trustStoreType = (String)getAttribute(TrustStore.TYPE); + String trustManagerFactoryAlgorithm = (String)getAttribute(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM); + + try + { + KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath, trustStorePassword, trustStoreType); + final TrustManagerFactory tmf = TrustManagerFactory + .getInstance(trustManagerFactoryAlgorithm); + tmf.init(ts); + final Collection<TrustManager> trustManagersCol = new ArrayList<TrustManager>(); + final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); + TrustManager[] delegateManagers = tmf.getTrustManagers(); + for (TrustManager tm : delegateManagers) + { + if (tm instanceof X509TrustManager) + { + if (Boolean.TRUE.equals(getAttribute(PEERS_ONLY))) + { + // truststore is supposed to trust only clients which peers certificates + // are directly in the store. CA signing will not be considered. + mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm)); + } + else + { + mulTrustManager.addTrustManager((X509TrustManager) tm); + } + } + else + { + trustManagersCol.add(tm); + } + } + if (! mulTrustManager.isEmpty()) + { + trustManagersCol.add(mulTrustManager); + } + + if (trustManagersCol.isEmpty()) + { + return null; + } + else + { + return trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]); + } + } + catch (IOException e) + { + throw new GeneralSecurityException(e); + } + } } diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java index 158006f072..e9dec362a6 100644 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java +++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java @@ -7,9 +7,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -22,7 +22,6 @@ package org.apache.qpid.ssl; import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager; import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager; -import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; import javax.net.ssl.KeyManager; @@ -42,55 +41,17 @@ import java.util.Collections; /** * Factory used to create SSLContexts. SSL needs to be configured * before this will work. - * + * */ public class SSLContextFactory { public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS"; - - public static class TrustStoreWrapper - { - private final String trustStorePath; - private final String trustStorePassword; - private final String trustStoreType; - private final Boolean trustStorePeersOnly; - private String trustManagerFactoryAlgorithm; - - public TrustStoreWrapper(final String trustStorePath, final String trustStorePassword, - final String trustStoreType, final Boolean trustStorePeersOnly, - final String trustManagerFactoryAlgorithm) - { - this.trustStorePath = trustStorePath; - this.trustStorePassword = trustStorePassword; - this.trustStoreType = trustStoreType; - this.trustStorePeersOnly = trustStorePeersOnly; - this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm; - } - } private SSLContextFactory() { //no instances } - public static SSLContext buildServerContext(final String keyStorePath, - final String keyStorePassword, final String keyStoreType, - final String keyManagerFactoryAlgorithm) - throws GeneralSecurityException, IOException - { - return buildContext(Collections.<TrustStoreWrapper>emptyList(), keyStorePath, - keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, null); - } - - public static SSLContext buildClientContext(Collection<TrustStoreWrapper> trustStores, - final String keyStorePath, final String keyStorePassword, - final String keyStoreType, final String keyManagerFactoryAlgorithm, - final String certAlias) throws GeneralSecurityException, IOException - { - return buildContext(trustStores, keyStorePath, keyStorePassword, keyStoreType, - keyManagerFactoryAlgorithm, certAlias); - } - public static SSLContext buildClientContext(final String trustStorePath, final String trustStorePassword, final String trustStoreType, final String trustManagerFactoryAlgorithm, final String keyStorePath, @@ -98,17 +59,25 @@ public class SSLContextFactory final String keyManagerFactoryAlgorithm, final String certAlias) throws GeneralSecurityException, IOException { - TrustStoreWrapper trstWrapper = new TrustStoreWrapper(trustStorePath, trustStorePassword, - trustStoreType, Boolean.FALSE, - trustManagerFactoryAlgorithm); - return buildContext(Collections.singletonList(trstWrapper), keyStorePath, - keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, certAlias); + return buildContext(trustStorePath, + trustStorePassword, + trustStoreType, + trustManagerFactoryAlgorithm, + keyStorePath, + keyStorePassword, + keyStoreType, + keyManagerFactoryAlgorithm, + certAlias); } - - private static SSLContext buildContext(final Collection<TrustStoreWrapper> trstWrappers, - final String keyStorePath, final String keyStorePassword, - final String keyStoreType, final String keyManagerFactoryAlgorithm, - final String certAlias) + + private static SSLContext buildContext(String trustStorePath, + String trustStorePassword, + String trustStoreType, + String trustManagerFactoryAlgorithm, + String keyStorePath, + String keyStorePassword, + String keyStoreType, + String keyManagerFactoryAlgorithm, String certAlias) throws GeneralSecurityException, IOException { // Initialize the SSLContext to work with our key managers. @@ -117,53 +86,20 @@ public class SSLContextFactory final TrustManager[] trustManagers; final KeyManager[] keyManagers; - - final Collection<TrustManager> trustManagersCol = new ArrayList<TrustManager>(); - final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); - for (TrustStoreWrapper tsw : trstWrappers) - { - if (tsw.trustStorePath != null) - { - final KeyStore ts = SSLUtil.getInitializedKeyStore(tsw.trustStorePath, - tsw.trustStorePassword, tsw.trustStoreType); - final TrustManagerFactory tmf = TrustManagerFactory - .getInstance(tsw.trustManagerFactoryAlgorithm); - tmf.init(ts); - TrustManager[] delegateManagers = tmf.getTrustManagers(); - for (TrustManager tm : delegateManagers) - { - if (tm instanceof X509TrustManager) - { - if (Boolean.TRUE.equals(tsw.trustStorePeersOnly)) - { - // truststore is supposed to trust only clients which peers certificates - // are directly in the store. CA signing will not be considered. - mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm)); - } - else - { - mulTrustManager.addTrustManager((X509TrustManager) tm); - } - } - else - { - trustManagersCol.add(tm); - } - } - } - } - if (! mulTrustManager.isEmpty()) - { - trustManagersCol.add(mulTrustManager); - } - - if (trustManagersCol.isEmpty()) + + if (trustStorePath != null) { - trustManagers = null; + final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath, + trustStorePassword, trustStoreType); + final TrustManagerFactory tmf = TrustManagerFactory + .getInstance(trustManagerFactoryAlgorithm); + tmf.init(ts); + + trustManagers = tmf.getTrustManagers(); } else { - trustManagers = trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]); + trustManagers = null; } if (keyStorePath != null) diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java index 21b8871d9a..c5fa852f95 100644 --- a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java +++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java @@ -36,25 +36,7 @@ public class SSLContextFactoryTest extends QpidTestCase private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm(); private static final String CERT_ALIAS_APP1 = "app1"; - public void testBuildServerContext() throws Exception - { - SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM); - assertNotNull("SSLContext should not be null", context); - } - public void testBuildServerContextWithIncorrectPassword() throws Exception - { - try - { - SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM); - fail("Exception was not thrown due to incorrect password"); - } - catch (IOException e) - { - //expected - } - } - public void testTrustStoreDoesNotExist() throws Exception { try @@ -79,7 +61,7 @@ public class SSLContextFactoryTest extends QpidTestCase SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null); assertNotNull("SSLContext should not be null", context); } - + public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception { SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1); diff --git a/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/ManagementLoggingTest.java b/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/ManagementLoggingTest.java index 7a66fe6a7c..f396c79351 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/ManagementLoggingTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/ManagementLoggingTest.java @@ -249,7 +249,7 @@ public class ManagementLoggingTest extends AbstractTestLogging // Validate the keystore path is as expected assertTrue("SSL Keystore entry expected.:" + getMessageString(log), - getMessageString(log).endsWith(TestSSLConstants.BROKER_KEYSTORE)); + getMessageString(log).endsWith("systestsKeyStore")); } } |