diff options
Diffstat (limited to 'java/common/src')
| -rw-r--r-- | java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java | 126 | ||||
| -rw-r--r-- | java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java | 20 |
2 files changed, 32 insertions, 114 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java index 158006f072..e9dec362a6 100644 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java +++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java @@ -7,9 +7,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -22,7 +22,6 @@ package org.apache.qpid.ssl; import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager; import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager; -import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; import javax.net.ssl.KeyManager; @@ -42,55 +41,17 @@ import java.util.Collections; /** * Factory used to create SSLContexts. SSL needs to be configured * before this will work. - * + * */ public class SSLContextFactory { public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS"; - - public static class TrustStoreWrapper - { - private final String trustStorePath; - private final String trustStorePassword; - private final String trustStoreType; - private final Boolean trustStorePeersOnly; - private String trustManagerFactoryAlgorithm; - - public TrustStoreWrapper(final String trustStorePath, final String trustStorePassword, - final String trustStoreType, final Boolean trustStorePeersOnly, - final String trustManagerFactoryAlgorithm) - { - this.trustStorePath = trustStorePath; - this.trustStorePassword = trustStorePassword; - this.trustStoreType = trustStoreType; - this.trustStorePeersOnly = trustStorePeersOnly; - this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm; - } - } private SSLContextFactory() { //no instances } - public static SSLContext buildServerContext(final String keyStorePath, - final String keyStorePassword, final String keyStoreType, - final String keyManagerFactoryAlgorithm) - throws GeneralSecurityException, IOException - { - return buildContext(Collections.<TrustStoreWrapper>emptyList(), keyStorePath, - keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, null); - } - - public static SSLContext buildClientContext(Collection<TrustStoreWrapper> trustStores, - final String keyStorePath, final String keyStorePassword, - final String keyStoreType, final String keyManagerFactoryAlgorithm, - final String certAlias) throws GeneralSecurityException, IOException - { - return buildContext(trustStores, keyStorePath, keyStorePassword, keyStoreType, - keyManagerFactoryAlgorithm, certAlias); - } - public static SSLContext buildClientContext(final String trustStorePath, final String trustStorePassword, final String trustStoreType, final String trustManagerFactoryAlgorithm, final String keyStorePath, @@ -98,17 +59,25 @@ public class SSLContextFactory final String keyManagerFactoryAlgorithm, final String certAlias) throws GeneralSecurityException, IOException { - TrustStoreWrapper trstWrapper = new TrustStoreWrapper(trustStorePath, trustStorePassword, - trustStoreType, Boolean.FALSE, - trustManagerFactoryAlgorithm); - return buildContext(Collections.singletonList(trstWrapper), keyStorePath, - keyStorePassword, keyStoreType, keyManagerFactoryAlgorithm, certAlias); + return buildContext(trustStorePath, + trustStorePassword, + trustStoreType, + trustManagerFactoryAlgorithm, + keyStorePath, + keyStorePassword, + keyStoreType, + keyManagerFactoryAlgorithm, + certAlias); } - - private static SSLContext buildContext(final Collection<TrustStoreWrapper> trstWrappers, - final String keyStorePath, final String keyStorePassword, - final String keyStoreType, final String keyManagerFactoryAlgorithm, - final String certAlias) + + private static SSLContext buildContext(String trustStorePath, + String trustStorePassword, + String trustStoreType, + String trustManagerFactoryAlgorithm, + String keyStorePath, + String keyStorePassword, + String keyStoreType, + String keyManagerFactoryAlgorithm, String certAlias) throws GeneralSecurityException, IOException { // Initialize the SSLContext to work with our key managers. @@ -117,53 +86,20 @@ public class SSLContextFactory final TrustManager[] trustManagers; final KeyManager[] keyManagers; - - final Collection<TrustManager> trustManagersCol = new ArrayList<TrustManager>(); - final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); - for (TrustStoreWrapper tsw : trstWrappers) - { - if (tsw.trustStorePath != null) - { - final KeyStore ts = SSLUtil.getInitializedKeyStore(tsw.trustStorePath, - tsw.trustStorePassword, tsw.trustStoreType); - final TrustManagerFactory tmf = TrustManagerFactory - .getInstance(tsw.trustManagerFactoryAlgorithm); - tmf.init(ts); - TrustManager[] delegateManagers = tmf.getTrustManagers(); - for (TrustManager tm : delegateManagers) - { - if (tm instanceof X509TrustManager) - { - if (Boolean.TRUE.equals(tsw.trustStorePeersOnly)) - { - // truststore is supposed to trust only clients which peers certificates - // are directly in the store. CA signing will not be considered. - mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm)); - } - else - { - mulTrustManager.addTrustManager((X509TrustManager) tm); - } - } - else - { - trustManagersCol.add(tm); - } - } - } - } - if (! mulTrustManager.isEmpty()) - { - trustManagersCol.add(mulTrustManager); - } - - if (trustManagersCol.isEmpty()) + + if (trustStorePath != null) { - trustManagers = null; + final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath, + trustStorePassword, trustStoreType); + final TrustManagerFactory tmf = TrustManagerFactory + .getInstance(trustManagerFactoryAlgorithm); + tmf.init(ts); + + trustManagers = tmf.getTrustManagers(); } else { - trustManagers = trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]); + trustManagers = null; } if (keyStorePath != null) diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java index 21b8871d9a..c5fa852f95 100644 --- a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java +++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java @@ -36,25 +36,7 @@ public class SSLContextFactoryTest extends QpidTestCase private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm(); private static final String CERT_ALIAS_APP1 = "app1"; - public void testBuildServerContext() throws Exception - { - SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM); - assertNotNull("SSLContext should not be null", context); - } - public void testBuildServerContextWithIncorrectPassword() throws Exception - { - try - { - SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM); - fail("Exception was not thrown due to incorrect password"); - } - catch (IOException e) - { - //expected - } - } - public void testTrustStoreDoesNotExist() throws Exception { try @@ -79,7 +61,7 @@ public class SSLContextFactoryTest extends QpidTestCase SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, null); assertNotNull("SSLContext should not be null", context); } - + public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception { SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, STORE_TYPE, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1); |