qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob...@apache.org
Subject [2/5] qpid-jms git commit: QPIDJMS-35: add keyAlias transport option, plumb in use of alias key manager, update to use newer (and necessary) abstract parent class
Date Thu, 02 Apr 2015 17:30:57 GMT
QPIDJMS-35: add keyAlias transport option, plumb in use of alias key manager, update to use
newer (and necessary) abstract parent class


Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/fa57ac3b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/fa57ac3b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/fa57ac3b

Branch: refs/heads/master
Commit: fa57ac3b500ded07e98c9b07391f475b6f09cdf1
Parents: 5cb5bc7
Author: Robert Gemmell <robbie@apache.org>
Authored: Thu Apr 2 11:12:06 2015 +0100
Committer: Robert Gemmell <robbie@apache.org>
Committed: Thu Apr 2 15:50:33 2015 +0100

----------------------------------------------------------------------
 .../jms/transports/TransportSslOptions.java     | 17 +++++++++-
 .../qpid/jms/transports/TransportSupport.java   | 28 +++++++++++-----
 .../jms/transports/X509AliasKeyManager.java     | 22 +++++++++----
 .../jms/transports/TransportSslOptionsTest.java |  5 +++
 .../jms/transports/X509AliasKeyManagerTest.java | 34 ++++++++++----------
 5 files changed, 74 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/fa57ac3b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
index c483316..c88e421 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java
@@ -41,6 +41,7 @@ public class TransportSslOptions extends TransportOptions {
 
     private boolean trustAll = DEFAULT_TRUST_ALL;
     private boolean verifyHost = DEFAULT_VERIFY_HOST;
+    private String keyAlias;
 
     static {
         INSTANCE.setKeyStoreLocation(System.getProperty("javax.net.ssl.keyStore"));
@@ -179,6 +180,20 @@ public class TransportSslOptions extends TransportOptions {
         this.verifyHost = verifyHost;
     }
 
+    /**
+     * @return the key alias
+     */
+    public String getKeyAlias() {
+        return keyAlias;
+    }
+
+    /**
+     * @param keyAlias the key alias to use
+     */
+    public void setKeyAlias(String keyAlias) {
+        this.keyAlias = keyAlias;
+    }
+
     @Override
     public TransportSslOptions clone() {
         return copyOptions(new TransportSslOptions());
@@ -196,7 +211,7 @@ public class TransportSslOptions extends TransportOptions {
         copy.setEnabledProtocols(getEnabledProtocols());
         copy.setTrustAll(isTrustAll());
         copy.setVerifyHost(isVerifyHost());
-
+        copy.setKeyAlias(getKeyAlias());
         return copy;
     }
 }

http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/fa57ac3b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
index b1ea723..6a99be1 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java
@@ -34,6 +34,7 @@ import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.slf4j.Logger;
@@ -76,13 +77,7 @@ public class TransportSupport {
         try {
             SSLContext context = SSLContext.getInstance("TLS");
             KeyManager[] keyMgrs = loadKeyManagers(options);
-
-            TrustManager[] trustManagers;
-            if (options.isTrustAll()) {
-                trustManagers = new TrustManager[] { createTrustAllTrustManager() };
-            } else {
-                trustManagers = loadTrustManagers(options);
-            }
+            TrustManager[] trustManagers = loadTrustManagers(options);
 
             context.init(keyMgrs, trustManagers, new SecureRandom());
             return context;
@@ -149,6 +144,10 @@ public class TransportSupport {
     }
 
     private static TrustManager[] loadTrustManagers(TransportSslOptions options) throws Exception
{
+        if (options.isTrustAll()) {
+            return new TrustManager[] { createTrustAllTrustManager() };
+        }
+
         if (options.getTrustStoreLocation() == null) {
             return null;
         }
@@ -177,13 +176,26 @@ public class TransportSupport {
         String storeLocation = options.getKeyStoreLocation();
         String storePassword = options.getKeyStorePassword();
         String storeType = options.getStoreType();
+        String alias = options.getKeyAlias();
 
         LOG.trace("Attempt to load KeyStore from location {} of type {}", storeLocation,
storeType);
 
         KeyStore keyStore = loadStore(storeLocation, storePassword, storeType);
         fact.init(keyStore, storePassword != null ? storePassword.toCharArray() : null);
 
-        return fact.getKeyManagers();
+        KeyManager[] origKeyManagers = fact.getKeyManagers();
+
+        KeyManager[] keyManagers = new KeyManager[origKeyManagers.length];
+        for (int i = 0; i < origKeyManagers.length; i++) {
+            KeyManager km = origKeyManagers[i];
+            if (km instanceof X509ExtendedKeyManager) {
+                km = new X509AliasKeyManager(alias, (X509ExtendedKeyManager) km);
+            }
+
+            keyManagers[i] = km;
+        }
+
+        return keyManagers;
     }
 
     private static KeyStore loadStore(String storePath, final String password, String storeType)
throws Exception {

http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/fa57ac3b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/X509AliasKeyManager.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/X509AliasKeyManager.java
b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/X509AliasKeyManager.java
index 738c58c..585cf56 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/X509AliasKeyManager.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/X509AliasKeyManager.java
@@ -23,17 +23,18 @@ import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
-import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
 
 /**
- * A X509KeyManager wrapper which chooses the given alias if
- * non-null, or else delegates to the wrapped X509KeyManager.
+ * An X509ExtendedKeyManager wrapper which chooses the given alias if
+ * non-null, or else delegates to the wrapped X509ExtendedKeyManager.
  */
-public class X509AliasKeyManager implements X509KeyManager {
-    private X509KeyManager delegate;
+public class X509AliasKeyManager extends X509ExtendedKeyManager {
+    private X509ExtendedKeyManager delegate;
     private String alias;
 
-    public X509AliasKeyManager(String alias, X509KeyManager delegate) {
+    public X509AliasKeyManager(String alias, X509ExtendedKeyManager delegate) {
         this.alias = alias;
         this.delegate = delegate;
     }
@@ -68,4 +69,13 @@ public class X509AliasKeyManager implements X509KeyManager {
         return delegate.getServerAliases(keyType, issuers);
     }
 
+    @Override
+    public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine
engine) {
+        return alias != null ? alias : delegate.chooseEngineClientAlias(keyType, issuers,
engine);
+    }
+
+    @Override
+    public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine
engine) {
+        return alias != null ? alias : delegate.chooseEngineServerAlias(keyType, issuers,
engine);
+    }
 }

http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/fa57ac3b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
index 09a0dd7..828cfac 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java
@@ -31,6 +31,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
     public static final String CLIENT_KEYSTORE = "src/test/resources/client-jks.keystore";
     public static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore";
     public static final String KEYSTORE_TYPE = "jks";
+    public static final String KEY_ALIAS = "myTestAlias";
     public static final boolean TRUST_ALL = true;
     public static final boolean VERIFY_HOST = true;
 
@@ -54,6 +55,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
         assertNull(options.getKeyStorePassword());
         assertNull(options.getTrustStoreLocation());
         assertNull(options.getTrustStorePassword());
+        assertNull(options.getKeyAlias());
     }
 
     @Test
@@ -74,6 +76,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
         assertEquals(CLIENT_TRUSTSTORE, options.getTrustStoreLocation());
         assertEquals(PASSWORD, options.getTrustStorePassword());
         assertEquals(KEYSTORE_TYPE, options.getStoreType());
+        assertEquals(KEY_ALIAS, options.getKeyAlias());
     }
 
     @Test
@@ -94,6 +97,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
         assertEquals(CLIENT_TRUSTSTORE, options.getTrustStoreLocation());
         assertEquals(PASSWORD, options.getTrustStorePassword());
         assertEquals(KEYSTORE_TYPE, options.getStoreType());
+        assertEquals(KEY_ALIAS, options.getKeyAlias());
     }
 
     private TransportSslOptions createSslOptions() {
@@ -106,6 +110,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase {
         options.setStoreType(KEYSTORE_TYPE);
         options.setTrustAll(TRUST_ALL);
         options.setVerifyHost(VERIFY_HOST);
+        options.setKeyAlias(KEY_ALIAS);
 
         options.setSendBufferSize(TEST_SEND_BUFFER_SIZE);
         options.setReceiveBufferSize(TEST_RECEIVE_BUFFER_SIZE);

http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/fa57ac3b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/X509AliasKeyManagerTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/X509AliasKeyManagerTest.java
b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/X509AliasKeyManagerTest.java
index 593d76d..497f441 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/X509AliasKeyManagerTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/X509AliasKeyManagerTest.java
@@ -11,7 +11,7 @@ import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
-import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509ExtendedKeyManager;
 
 import org.junit.Test;
 
@@ -21,10 +21,10 @@ public class X509AliasKeyManagerTest {
     public void testChooseClientAliasDelegatesWithNullWrapperAlias() {
         String wrapperAlias = null;
         String myDelegateAlias = "delegateAlias";
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.chooseClientAlias(any(String[].class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertEquals("Expected delegate alias", myDelegateAlias, wrapper.chooseClientAlias(new
String[0], new Principal[0], new Socket()));
     }
@@ -33,10 +33,10 @@ public class X509AliasKeyManagerTest {
     public void testChooseClientAliasDoesNotDelegateWithNonNullWrapperAlias() {
         String wrapperAlias = "wrapperAlias";
         String myDelegateAlias = "delegateAlias";
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.chooseClientAlias(any(String[].class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertEquals("Expected wrapper alias", wrapperAlias, wrapper.chooseClientAlias(new
String[0], new Principal[0], new Socket()));
     }
@@ -45,10 +45,10 @@ public class X509AliasKeyManagerTest {
     public void testChooseServerAliasDelegatesWithNullWrapperAlias() {
         String wrapperAlias = null;
         String myDelegateAlias = "delegateAlias";
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.chooseServerAlias(any(String.class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertEquals("Expected delegate alias", myDelegateAlias, wrapper.chooseServerAlias("",
new Principal[0], new Socket()));
     }
@@ -57,10 +57,10 @@ public class X509AliasKeyManagerTest {
     public void testChooseServerAliasDoesNotDelegateWithNonNullWrapperAlias() {
         String wrapperAlias = "wrapperAlias";
         String myDelegateAlias = "delegateAlias";
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.chooseServerAlias(any(String.class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertEquals("Expected wrapper alias", wrapperAlias, wrapper.chooseServerAlias("",
new Principal[0], new Socket()));
     }
@@ -70,10 +70,10 @@ public class X509AliasKeyManagerTest {
         String wrapperAlias = "wrapperAlias";
         X509Certificate[] certs = new X509Certificate[7];
 
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.getCertificateChain(any(String.class))).thenReturn(certs);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertSame("Different object returned", certs, wrapper.getCertificateChain(wrapperAlias));
     }
@@ -83,10 +83,10 @@ public class X509AliasKeyManagerTest {
         String wrapperAlias = "wrapperAlias";
         String[] aliases = new String[5];
 
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.getClientAliases(any(String.class), any(Principal[].class))).thenReturn(aliases);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertSame("Different object returned", aliases, wrapper.getClientAliases("", new
Principal[0]));
     }
@@ -96,10 +96,10 @@ public class X509AliasKeyManagerTest {
         String wrapperAlias = "wrapperAlias";
         String[] aliases = new String[3];
 
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.getServerAliases(any(String.class), any(Principal[].class))).thenReturn(aliases);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertSame("Different object returned", aliases, wrapper.getServerAliases("", new
Principal[0]));
     }
@@ -109,10 +109,10 @@ public class X509AliasKeyManagerTest {
         String wrapperAlias = "wrapperAlias";
         PrivateKey mockKey = mock(PrivateKey.class);
 
-        X509KeyManager mock = mock(X509KeyManager.class);
+        X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
         when(mock.getPrivateKey(any(String.class))).thenReturn(mockKey);
 
-        X509KeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
+        X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
 
         assertSame("Different object returned", mockKey, wrapper.getPrivateKey(wrapperAlias));
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message