[JMS AMQP 1.0 Client] Add ability to change the SSL Protocol/Provider used to create the SSLContext

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1655858 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2015-01-29 20:57:38 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2015-01-29 20:57:38 +0000
commit: b0b8d4f3dd7e0fd371e9e94499776b10b7918499 (patch)
tree: 1ad9ba47af41bb4ad9a4a7098721354a04073a46
parent: fd50332c92a3a7e4c2539c08566804b1d84e7883 (diff)
download: qpid-python-b0b8d4f3dd7e0fd371e9e94499776b10b7918499.tar.gz
2 files changed, 94 insertions, 4 deletions
diff --git a/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java b/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
index 90b3298c3a..cf80bb3bd5 100644
--- a/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
+++ b/qpid/java/amqp-1-0-client-jms/src/main/java/org/apache/qpid/amqp_1_0/jms/impl/ConnectionFactoryImpl.java
@@ -67,6 +67,8 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
     private String _trustStorePath;
     private String _trustStorePassword;
     private SSLContext _sslContext;
+    private String _sslProtocol;
+    private String _sslProvider;
 
 
     public ConnectionFactoryImpl(final String host,
@@ -163,7 +165,9 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
                                                           KeyManagerFactory.getDefaultAlgorithm(),
                                                           _trustStorePath,_trustStorePassword,
                                                           KeyStore.getDefaultType(),
-                                                          TrustManagerFactory.getDefaultAlgorithm());
+                                                          TrustManagerFactory.getDefaultAlgorithm(),
+                                                          _sslProtocol,
+                                                          _sslProvider);
                     if(username == null && _keyStoreCertAlias != null)
                     {
                         X509Certificate[] certs = SSLUtil.getClientCertificates(_keyStoreCertAlias,
@@ -220,6 +224,16 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
         _keyStorePassword = keyStorePassword;
     }
 
+    public void setSslProtocol(final String sslProtocol)
+    {
+        _sslProtocol = sslProtocol;
+    }
+
+    public void setSslProvider(final String sslProvider)
+    {
+        _sslProvider = sslProvider;
+    }
+
     public void setKeyStoreCertAlias(final String keyStoreCertAlias)
     {
         _keyStoreCertAlias = keyStoreCertAlias;
@@ -252,6 +266,8 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
         public String keyStorePath;
         public String keyStorePassword;
         public String keyStoreCertAlias;
+        public String sslProvider;
+        public String sslProtocol;
     }
 
 
@@ -388,7 +404,22 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
                 {
                     options.keyStoreCertAlias = value;
                 }
+            },
+            new OptionSetter("ssl-provider","")
+            {
+                public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
+                {
+                    options.sslProvider = value;
+                }
+            },
+            new OptionSetter("ssl-protocol","")
+            {
+                public void setOption(final ConnectionOptions options, final String value) throws MalformedURLException
+                {
+                    options.sslProtocol = value;
+                }
             }
+
         };
 
     public static ConnectionFactoryImpl createFromURL(final String urlString) throws MalformedURLException
@@ -496,6 +527,14 @@ public class ConnectionFactoryImpl implements ConnectionFactory, TopicConnection
         {
             connectionFactory.setTrustStorePassword(options.trustStorePassword);
         }
+        if (options.sslProvider != null)
+        {
+            connectionFactory.setSslProvider(options.sslProvider);
+        }
+        if (options.sslProtocol != null)
+        {
+            connectionFactory.setSslProtocol(options.sslProtocol);
+        }
 
         return connectionFactory;
 
diff --git a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
index 225293c42e..64ab59e6b3 100644
--- a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
+++ b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
@@ -27,12 +27,15 @@ import java.io.InputStream;
 import java.net.Socket;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.logging.Logger;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -48,6 +51,10 @@ public class SSLUtil
     public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
     public static final String SSLV3_PROTOCOL = "SSLv3";
 
+
+    private static final Logger LOGGER = Logger.getLogger(SSLUtil.class.getName());
+
+
     public static SSLContext buildSslContext(final String certAlias,
                                              final String keyStorePath,
                                              final String keyStoreType,
@@ -56,11 +63,13 @@ public class SSLUtil
                                              final String trustStorePath,
                                              final String trustStorePassword,
                                              final String trustStoreType,
-                                             final String trustManagerFactoryAlgorithm) throws GeneralSecurityException, IOException
+                                             final String trustManagerFactoryAlgorithm,
+                                             final String sslProtocol,
+                                             final String sslProvider) throws GeneralSecurityException, IOException
     {
 
-        final SSLContext sslContext = SSLContext
-                .getInstance(TRANSPORT_LAYER_SECURITY_CODE);
+
+        SSLContext sslContext = getSslContext(sslProtocol, sslProvider);
 
         final TrustManager[] trustManagers;
         final KeyManager[] keyManagers;
@@ -109,6 +118,48 @@ public class SSLUtil
         return sslContext;
     }
 
+    private static SSLContext getSslContext(final String sslProtocol, final String sslProvider) throws NoSuchAlgorithmException
+    {
+
+        final String sslProviderName = System.getProperty("qpid.ssl.provider", sslProvider);
+        final String sslProtocolName = System.getProperty("qpid.ssl.protocol", sslProtocol);
+
+        SSLContext sslContext = null;
+        if(sslProviderName != null && sslProtocolName != null)
+        {
+            try
+            {
+                sslContext = SSLContext.getInstance(sslProtocolName, sslProviderName);
+            }
+            catch(NoSuchProviderException e)
+            {
+                LOGGER.info("Unknown SSL Context Provider '"+ sslProviderName + "' will use the default");
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                LOGGER.info("Unknown SSL protocol '" + sslProtocolName
+                            + "' when using the provider '" + sslProviderName + "' will use the default provider");
+            }
+        }
+        if(sslContext == null && sslProtocolName != null)
+        {
+            try
+            {
+                sslContext = SSLContext.getInstance(sslProtocolName);
+            }
+            catch(NoSuchAlgorithmException e)
+            {
+                LOGGER.info("Unknown SSL protocol '" + sslProtocolName +
+                            "' will use '"+TRANSPORT_LAYER_SECURITY_CODE+"'");
+            }
+        }
+        if(sslContext == null)
+        {
+            sslContext = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY_CODE);
+        }
+        return sslContext;
+    }
+
     public static X509Certificate[] getClientCertificates(final String alias,
                                                 final String keyStorePath,
                                                 final String keyStorePassword,
author	Robert Godfrey <rgodfrey@apache.org>	2015-01-29 20:57:38 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2015-01-29 20:57:38 +0000
commit	b0b8d4f3dd7e0fd371e9e94499776b10b7918499 (patch)
tree	1ad9ba47af41bb4ad9a4a7098721354a04073a46
parent	fd50332c92a3a7e4c2539c08566804b1d84e7883 (diff)
download	qpid-python-b0b8d4f3dd7e0fd371e9e94499776b10b7918499.tar.gz