diff options
Diffstat (limited to 'qpid/java/common/src/main/java/org/apache/qpid/transport/network/security')
9 files changed, 82 insertions, 83 deletions
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java index 9fd65c6e51..51ef266ee9 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java @@ -20,22 +20,10 @@ */ package org.apache.qpid.transport.network.security; -import java.nio.ByteBuffer; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; - -import org.apache.qpid.ssl.SSLContextFactory; -import org.apache.qpid.transport.Connection; -import org.apache.qpid.transport.ConnectionSettings; import org.apache.qpid.transport.Receiver; import org.apache.qpid.transport.Sender; -import org.apache.qpid.transport.TransportException; -import org.apache.qpid.transport.network.security.sasl.SASLReceiver; -import org.apache.qpid.transport.network.security.sasl.SASLSender; -import org.apache.qpid.transport.network.security.ssl.SSLReceiver; -import org.apache.qpid.transport.network.security.ssl.SSLSender; -import org.apache.qpid.transport.network.security.ssl.SSLUtil; + +import java.nio.ByteBuffer; public interface SecurityLayer { diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java index 08934004a8..442800c529 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java @@ -21,7 +21,10 @@ package org.apache.qpid.transport.network.security; import org.apache.qpid.ssl.SSLContextFactory; -import org.apache.qpid.transport.*; +import org.apache.qpid.transport.ConnectionSettings; +import org.apache.qpid.transport.Receiver; +import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.TransportException; import org.apache.qpid.transport.network.security.sasl.SASLReceiver; import org.apache.qpid.transport.network.security.sasl.SASLSender; import org.apache.qpid.transport.network.security.ssl.SSLReceiver; @@ -34,6 +37,10 @@ import java.nio.ByteBuffer; public class SecurityLayerFactory { + private SecurityLayerFactory() + { + } + public static SecurityLayer newInstance(ConnectionSettings settings) { @@ -71,10 +78,10 @@ public class SecurityLayerFactory sslCtx = SSLContextFactory .buildClientContext(settings.getTrustStorePath(), settings.getTrustStorePassword(), - settings.getTrustStoreCertType(), + settings.getTrustManagerFactoryAlgorithm(), settings.getKeyStorePath(), settings.getKeyStorePassword(), - settings.getKeyStoreCertType(), + settings.getKeyManagerFactoryAlgorithm(), settings.getCertAlias()); } catch (Exception e) diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java index 7964239e31..625e1a77c2 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java @@ -21,21 +21,19 @@ package org.apache.qpid.transport.network.security.sasl; */ -import java.util.concurrent.atomic.AtomicBoolean; - -import javax.security.sasl.Sasl; -import javax.security.sasl.SaslClient; - import org.apache.qpid.transport.Connection; import org.apache.qpid.transport.ConnectionException; import org.apache.qpid.transport.ConnectionListener; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslClient; + public abstract class SASLEncryptor implements ConnectionListener { - protected SaslClient saslClient; - protected boolean securityLayerEstablished = false; - protected int sendBuffSize; - protected int recvBuffSize; + private SaslClient saslClient; + private boolean securityLayerEstablished = false; + private int sendBuffSize; + private int recvBuffSize; public boolean isSecurityLayerEstablished() { @@ -63,4 +61,19 @@ public abstract class SASLEncryptor implements ConnectionListener public void closed(Connection conn) {} public abstract void securityLayerEstablished(); + + public SaslClient getSaslClient() + { + return saslClient; + } + + public int getSendBuffSize() + { + return sendBuffSize; + } + + public int getRecvBuffSize() + { + return recvBuffSize; + } } diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java index 86106318ef..a100b96412 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java @@ -21,18 +21,16 @@ package org.apache.qpid.transport.network.security.sasl; */ -import java.nio.ByteBuffer; - -import javax.security.sasl.SaslClient; -import javax.security.sasl.SaslException; - import org.apache.qpid.transport.Receiver; import org.apache.qpid.transport.SenderException; import org.apache.qpid.transport.util.Logger; +import javax.security.sasl.SaslException; +import java.nio.ByteBuffer; + public class SASLReceiver extends SASLEncryptor implements Receiver<ByteBuffer> { - Receiver<ByteBuffer> delegate; + private Receiver<ByteBuffer> delegate; private byte[] netData; private static final Logger log = Logger.get(SASLReceiver.class); @@ -58,11 +56,11 @@ public class SASLReceiver extends SASLEncryptor implements Receiver<ByteBuffer> { while (buf.hasRemaining()) { - int length = Math.min(buf.remaining(),recvBuffSize); + int length = Math.min(buf.remaining(), getRecvBuffSize()); buf.get(netData, 0, length); try { - byte[] out = saslClient.unwrap(netData, 0, length); + byte[] out = getSaslClient().unwrap(netData, 0, length); delegate.received(ByteBuffer.wrap(out)); } catch (SaslException e) @@ -79,7 +77,7 @@ public class SASLReceiver extends SASLEncryptor implements Receiver<ByteBuffer> public void securityLayerEstablished() { - netData = new byte[recvBuffSize]; + netData = new byte[getRecvBuffSize()]; log.debug("SASL Security Layer Established"); } diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java index 2d9e4e9a7e..61d54a8386 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java @@ -21,19 +21,17 @@ package org.apache.qpid.transport.network.security.sasl; */ -import java.nio.ByteBuffer; -import java.util.concurrent.atomic.AtomicBoolean; - -import javax.security.sasl.SaslClient; -import javax.security.sasl.SaslException; - import org.apache.qpid.transport.Sender; import org.apache.qpid.transport.SenderException; import org.apache.qpid.transport.util.Logger; +import javax.security.sasl.SaslException; +import java.nio.ByteBuffer; +import java.util.concurrent.atomic.AtomicBoolean; + public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> { - protected Sender<ByteBuffer> delegate; + private Sender<ByteBuffer> delegate; private byte[] appData; private final AtomicBoolean closed = new AtomicBoolean(false); private static final Logger log = Logger.get(SASLSender.class); @@ -54,7 +52,7 @@ public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> { { try { - saslClient.dispose(); + getSaslClient().dispose(); } catch (SaslException e) { @@ -80,14 +78,14 @@ public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> { { while (buf.hasRemaining()) { - int length = Math.min(buf.remaining(),sendBuffSize); - log.debug("sendBuffSize %s", sendBuffSize); + int length = Math.min(buf.remaining(), getSendBuffSize()); + log.debug("sendBuffSize %s", getSendBuffSize()); log.debug("buf.remaining() %s", buf.remaining()); buf.get(appData, 0, length); try { - byte[] out = saslClient.wrap(appData, 0, length); + byte[] out = getSaslClient().wrap(appData, 0, length); log.debug("out.length %s", out.length); delegate.send(ByteBuffer.wrap(out)); @@ -112,7 +110,7 @@ public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> { public void securityLayerEstablished() { - appData = new byte[sendBuffSize]; + appData = new byte[getSendBuffSize()]; log.debug("SASL Security Layer Established"); } diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java index 4391e8adfc..3ab028c8a8 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java @@ -20,6 +20,11 @@ */ package org.apache.qpid.transport.network.security.ssl; +import org.apache.qpid.transport.util.Logger; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedKeyManager; import java.io.IOException; import java.net.Socket; import java.security.GeneralSecurityException; @@ -28,25 +33,19 @@ import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.X509ExtendedKeyManager; - -import org.apache.qpid.transport.util.Logger; - public class QpidClientX509KeyManager extends X509ExtendedKeyManager { private static final Logger log = Logger.get(QpidClientX509KeyManager.class); - X509ExtendedKeyManager delegate; - String alias; + private X509ExtendedKeyManager delegate; + private String alias; public QpidClientX509KeyManager(String alias, String keyStorePath, - String keyStorePassword,String keyStoreCertType) throws GeneralSecurityException, IOException + String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException { this.alias = alias; KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyStoreCertType); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName); kmf.init(ks, keyStorePassword.toCharArray()); this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0]; } diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java index 8ad40bbfd3..13a16d07b5 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java @@ -20,19 +20,17 @@ */ package org.apache.qpid.transport.network.security.ssl; -import java.nio.ByteBuffer; +import org.apache.qpid.transport.Receiver; +import org.apache.qpid.transport.TransportException; +import org.apache.qpid.transport.network.security.SSLStatus; +import org.apache.qpid.transport.util.Logger; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLEngineResult.HandshakeStatus; import javax.net.ssl.SSLEngineResult.Status; import javax.net.ssl.SSLException; - -import org.apache.qpid.transport.ConnectionSettings; -import org.apache.qpid.transport.Receiver; -import org.apache.qpid.transport.TransportException; -import org.apache.qpid.transport.network.security.SSLStatus; -import org.apache.qpid.transport.util.Logger; +import java.nio.ByteBuffer; public class SSLReceiver implements Receiver<ByteBuffer> { diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java index 6f5aa6d86e..88943695d4 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java @@ -19,20 +19,18 @@ */ package org.apache.qpid.transport.network.security.ssl; -import java.nio.ByteBuffer; -import java.util.concurrent.atomic.AtomicBoolean; +import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.SenderException; +import org.apache.qpid.transport.network.security.SSLStatus; +import org.apache.qpid.transport.util.Logger; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLException; import javax.net.ssl.SSLEngineResult.HandshakeStatus; import javax.net.ssl.SSLEngineResult.Status; - -import org.apache.qpid.transport.ConnectionSettings; -import org.apache.qpid.transport.Sender; -import org.apache.qpid.transport.SenderException; -import org.apache.qpid.transport.network.security.SSLStatus; -import org.apache.qpid.transport.util.Logger; +import javax.net.ssl.SSLException; +import java.nio.ByteBuffer; +import java.util.concurrent.atomic.AtomicBoolean; public class SSLSender implements Sender<ByteBuffer> { diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java index 6bb038a581..71a73db71f 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java @@ -20,6 +20,11 @@ */ package org.apache.qpid.transport.network.security.ssl; +import org.apache.qpid.transport.TransportException; +import org.apache.qpid.transport.util.Logger; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLPeerUnverifiedException; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -30,19 +35,14 @@ import java.security.Principal; import java.security.cert.Certificate; import java.security.cert.X509Certificate; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLPeerUnverifiedException; - -import org.apache.qpid.ssl.SSLContextFactory; -import org.apache.qpid.transport.ConnectionSettings; -import org.apache.qpid.transport.TransportException; -import org.apache.qpid.transport.util.Logger; - public class SSLUtil { private static final Logger log = Logger.get(SSLUtil.class); - + + private SSLUtil() + { + } + public static void verifyHostname(SSLEngine engine,String hostnameExpected) { try |