diff options
| author | Keith Wall <kwall@apache.org> | 2012-01-29 22:57:31 +0000 |
|---|---|---|
| committer | Keith Wall <kwall@apache.org> | 2012-01-29 22:57:31 +0000 |
| commit | 948bfbdc46e09ea02808724760d03de51b8abb7f (patch) | |
| tree | fd0f58fe7c72af8979fd09f575689ea6adf9e7d5 /java/common | |
| parent | 86bfd7d89ab6ccdb6a57aa83c2379c4616e4f3f7 (diff) | |
| download | qpid-python-948bfbdc46e09ea02808724760d03de51b8abb7f.tar.gz | |
QPID-3739: Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have misleading names and would be better called qpid.ssl.[Key|Trust]ManagerFactory.algorithm
* Introduced two properties qpid.ssl.KeyManagerFactory.algorithm and qpid.ssl.TrustManagerFactory.algorithm to allow a client user to override the algorithm name used when Qpid client constructs a KeyManager or TrustManager.
* Continued to support qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType (now marked as deprecated)
* Introduced a new Java Broker configuration key connector/ssl/keyManagerFactoryAlgorithm
* Continued to support broker configuration key connector/ssl/certType (now marked as deprecated and will issue warning if used).
* Changed the default from hardcoded 'SunX509' to the value(s) returned by KeyManagerFactory#getDefaultAlgorithm() and TrustManagerFactory#getDefaultAlgorithm(). This allows the Java Broker and Client to be used out of the box on non-Sun JDKs without having to set qpid.ssl.KeyManagerFactory.algorithm or qpid.ssl.TrustManagerFactory.algorithm.
* Updated client docbook documentation.
Tested both Java Broker and Client on IBM JDK and ensured all 0-10 and 0-9-1 profiles pass (including SSLTest which was failing prior to this change).
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1237504 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/common')
12 files changed, 317 insertions, 64 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java b/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java index 63a78f7971..517fd1829f 100644 --- a/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java +++ b/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java @@ -1,4 +1,3 @@ -package org.apache.qpid.configuration; /* * * Licensed to the Apache Software Foundation (ASF) under one @@ -19,7 +18,7 @@ package org.apache.qpid.configuration; * under the License. * */ - +package org.apache.qpid.configuration; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -40,7 +39,7 @@ public interface Accessor { public Boolean getBoolean(String name) { - return Boolean.getBoolean(name); + return System.getProperty(name) == null ? null : Boolean.getBoolean(name); } public Integer getInt(String name) diff --git a/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java b/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java index 69a6602baf..ef7feba53c 100644 --- a/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java +++ b/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java @@ -95,6 +95,7 @@ public class ClientProperties * synchronous operations. */ public static final String QPID_SYNC_OP_TIMEOUT = "qpid.sync_op_timeout"; + @Deprecated public static final String AMQJ_DEFAULT_SYNCWRITE_TIMEOUT = "amqj.default_syncwrite_timeout"; /** @@ -106,6 +107,7 @@ public class ClientProperties * System properties to change the default value used for TCP_NODELAY */ public static final String QPID_TCP_NODELAY_PROP_NAME = "qpid.tcp_nodelay"; + @Deprecated public static final String AMQJ_TCP_NODELAY_PROP_NAME = "amqj.tcp_nodelay"; /** @@ -119,4 +121,23 @@ public class ClientProperties private ClientProperties() { } + + /** + * System property used to set the key manager factory algorithm. + * + * Historically, Qpid referred to this as {@value #QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME}. + */ + public static final String QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME = "qpid.ssl.KeyManagerFactory.algorithm"; + @Deprecated + public static final String QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME = "qpid.ssl.keyStoreCertType"; + + /** + * System property used to set the trust manager factory algorithm. + * + * Historically, Qpid referred to this {@value #QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME}. + */ + public static final String QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME = "qpid.ssl.TrustManagerFactory.algorithm"; + @Deprecated + public static final String QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME = "qpid.ssl.trustStoreCertType"; + } diff --git a/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java b/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java index 19e998733a..81702ee1ea 100644 --- a/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java +++ b/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java @@ -70,13 +70,13 @@ public class PropertyUtils parsePropertyString(value, fragments, propertyRefs); StringBuffer sb = new StringBuffer(); - Iterator j = propertyRefs.iterator(); + Iterator<String> j = propertyRefs.iterator(); for (String fragment : fragments) { if (fragment == null) { - String propertyName = (String) j.next(); + String propertyName = j.next(); // try to get it from the project or keys // Backward compatibility diff --git a/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java b/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java index e88c7784a2..e0989495bb 100644 --- a/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java +++ b/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java @@ -20,7 +20,7 @@ package org.apache.qpid.configuration; import org.apache.qpid.configuration.Accessor.SystemPropertyAccessor; -abstract class QpidProperty<T> +public abstract class QpidProperty<T> { private T defValue; private String[] names; @@ -38,7 +38,7 @@ abstract class QpidProperty<T> this.names = names; } - T get() + public T get() { for (String name : names) { diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java index 87073c1090..c9ff180c54 100644 --- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java +++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java @@ -41,7 +41,6 @@ public class SSLContextFactory { public static final String JAVA_KEY_STORE_CODE = "JKS"; public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS"; - public static final String KEY_STORE_CERTIFICATE_TYPE = "SunX509"; private SSLContextFactory() { @@ -49,28 +48,28 @@ public class SSLContextFactory } public static SSLContext buildServerContext(final String keyStorePath, - final String keyStorePassword, final String keyStoreCertType) + final String keyStorePassword, final String keyManagerFactoryAlgorithm) throws GeneralSecurityException, IOException { return buildContext(null, null, null, keyStorePath, keyStorePassword, - keyStoreCertType, null); + keyManagerFactoryAlgorithm, null); } public static SSLContext buildClientContext(final String trustStorePath, - final String trustStorePassword, final String trustStoreCertType, + final String trustStorePassword, final String trustManagerFactoryAlgorithm, final String keyStorePath, final String keyStorePassword, - final String keyStoreCertType, final String certAlias) + final String keyManagerFactoryAlgorithm, final String certAlias) throws GeneralSecurityException, IOException { return buildContext(trustStorePath, trustStorePassword, - trustStoreCertType, keyStorePath, keyStorePassword, - keyStoreCertType, certAlias); + trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword, + keyManagerFactoryAlgorithm, certAlias); } private static SSLContext buildContext(final String trustStorePath, - final String trustStorePassword, final String trustStoreCertType, + final String trustStorePassword, final String trustManagerFactoryAlgorithm, final String keyStorePath, final String keyStorePassword, - final String keyStoreCertType, final String certAlias) + final String keyManagerFactoryAlgorithm, final String certAlias) throws GeneralSecurityException, IOException { // Initialize the SSLContext to work with our key managers. @@ -85,7 +84,7 @@ public class SSLContextFactory final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath, trustStorePassword); final TrustManagerFactory tmf = TrustManagerFactory - .getInstance(trustStoreCertType); + .getInstance(trustManagerFactoryAlgorithm); tmf.init(ts); trustManagers = tmf.getTrustManagers(); @@ -101,7 +100,7 @@ public class SSLContextFactory { keyManagers = new KeyManager[] { new QpidClientX509KeyManager( certAlias, keyStorePath, keyStorePassword, - keyStoreCertType) }; + keyManagerFactoryAlgorithm) }; } else { @@ -111,7 +110,7 @@ public class SSLContextFactory char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray(); // Set up key manager factory to use our key store final KeyManagerFactory kmf = KeyManagerFactory - .getInstance(keyStoreCertType); + .getInstance(keyManagerFactoryAlgorithm); kmf.init(ks, keyStoreCharPassword); keyManagers = kmf.getKeyManagers(); } diff --git a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java index e04511497a..91a029ffec 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java +++ b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java @@ -20,10 +20,20 @@ */ package org.apache.qpid.transport; -import org.apache.qpid.configuration.ClientProperties; - import java.util.Map; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; + +import org.apache.qpid.configuration.QpidProperty; + +import static org.apache.qpid.configuration.ClientProperties.QPID_TCP_NODELAY_PROP_NAME; +import static org.apache.qpid.configuration.ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME; +import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME; +import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME; +import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME; +import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME; + /** * A ConnectionSettings object can only be associated with * one Connection object. I have added an assertion that will @@ -32,6 +42,8 @@ import java.util.Map; */ public class ConnectionSettings { + public static final String DEFAULT_ALGORITHM_NAME = "SunX509"; + public static final String WILDCARD_ADDRESS = "*"; private String protocol = "tcp"; @@ -40,21 +52,20 @@ public class ConnectionSettings private String username = "guest"; private String password = "guest"; private int port = 5672; - private boolean tcpNodelay = Boolean.valueOf(System.getProperty(ClientProperties.QPID_TCP_NODELAY_PROP_NAME, - System.getProperty(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, "true"))); + private boolean tcpNodelay = QpidProperty.booleanProperty(Boolean.TRUE, QPID_TCP_NODELAY_PROP_NAME, AMQJ_TCP_NODELAY_PROP_NAME).get(); private int maxChannelCount = 32767; private int maxFrameSize = 65535; private int heartbeatInterval; private int readBufferSize = 65535; private int writeBufferSize = 65535; private long transportTimeout = 60000; - + // SSL props private boolean useSSL; private String keyStorePath = System.getProperty("javax.net.ssl.keyStore"); private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); - private String keyStoreCertType = System.getProperty("qpid.ssl.keyStoreCertType","SunX509");; - private String trustStoreCertType = System.getProperty("qpid.ssl.trustStoreCertType","SunX509");; + private String keyManagerFactoryAlgorithm = QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(), QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get(); + private String trustManagerFactoryAlgorithm = QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(), QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get(); private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");; private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");; private String certAlias; @@ -288,24 +299,24 @@ public class ConnectionSettings this.verifyHostname = verifyHostname; } - public String getKeyStoreCertType() + public String getKeyManagerFactoryAlgorithm() { - return keyStoreCertType; + return keyManagerFactoryAlgorithm; } - public void setKeyStoreCertType(String keyStoreCertType) + public void setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm) { - this.keyStoreCertType = keyStoreCertType; + this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm; } - public String getTrustStoreCertType() + public String getTrustManagerFactoryAlgorithm() { - return trustStoreCertType; + return trustManagerFactoryAlgorithm; } - public void setTrustStoreCertType(String trustStoreCertType) + public void setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm) { - this.trustStoreCertType = trustStoreCertType; + this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm; } public int getReadBufferSize() @@ -337,5 +348,4 @@ public class ConnectionSettings { this.transportTimeout = transportTimeout; } - } diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java index d51491862b..442800c529 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java @@ -78,10 +78,10 @@ public class SecurityLayerFactory sslCtx = SSLContextFactory .buildClientContext(settings.getTrustStorePath(), settings.getTrustStorePassword(), - settings.getTrustStoreCertType(), + settings.getTrustManagerFactoryAlgorithm(), settings.getKeyStorePath(), settings.getKeyStorePassword(), - settings.getKeyStoreCertType(), + settings.getKeyManagerFactoryAlgorithm(), settings.getCertAlias()); } catch (Exception e) diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java index 7879f2c849..3ab028c8a8 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java @@ -41,11 +41,11 @@ public class QpidClientX509KeyManager extends X509ExtendedKeyManager private String alias; public QpidClientX509KeyManager(String alias, String keyStorePath, - String keyStorePassword,String keyStoreCertType) throws GeneralSecurityException, IOException + String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException { this.alias = alias; KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyStoreCertType); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName); kmf.init(ks, keyStorePassword.toCharArray()); this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0]; } diff --git a/java/common/src/test/java/org/apache/qpid/configuration/QpidPropertyTest.java b/java/common/src/test/java/org/apache/qpid/configuration/QpidPropertyTest.java new file mode 100644 index 0000000000..2a8c177f64 --- /dev/null +++ b/java/common/src/test/java/org/apache/qpid/configuration/QpidPropertyTest.java @@ -0,0 +1,166 @@ +/* Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.configuration; + +import org.apache.qpid.test.utils.QpidTestCase; + +public class QpidPropertyTest extends QpidTestCase +{ + private static final String TEST_VALUE1 = "TEST_VALUE1"; + private static final String TEST_VALUE2 = "TEST_VALUE2"; + private static final String DEFAULT_VALUE = "DEFAULT_VALUE"; + + private String _systemPropertyName; + private String _deprecatedSystemPropertyName; + + @Override + protected void setUp() throws Exception + { + super.setUp(); + _systemPropertyName = getName() + ".current"; + _deprecatedSystemPropertyName = getName() + ".deprecated"; + } + + public void testValueReadFromSystemProperty() throws Exception + { + setTestSystemProperty(_systemPropertyName, TEST_VALUE1); + assertSystemPropertiesSet(_systemPropertyName); + + String propertyValue = QpidProperty.stringProperty(DEFAULT_VALUE, _systemPropertyName).get(); + assertEquals(TEST_VALUE1, propertyValue); + } + + public void testValueReadFromSecondChoiceSystemPropertyWhenFirstChoiceNotSet() throws Exception + { + setTestSystemProperty(_deprecatedSystemPropertyName, TEST_VALUE2); + assertSystemPropertiesSet(_deprecatedSystemPropertyName); + assertSystemPropertiesNotSet(_systemPropertyName); + + String propertyValue = QpidProperty.stringProperty("default", _systemPropertyName, _deprecatedSystemPropertyName).get(); + assertEquals(TEST_VALUE2, propertyValue); + } + + public void testValueReadFromFirstChoiceSystemPropertyWhenBothFirstAndSecondChoiceSet() throws Exception + { + setTestSystemProperty(_systemPropertyName, TEST_VALUE1); + setTestSystemProperty(_deprecatedSystemPropertyName, TEST_VALUE2); + assertSystemPropertiesSet(_systemPropertyName, _deprecatedSystemPropertyName); + + String propertyValue = QpidProperty.stringProperty("default", _systemPropertyName, _deprecatedSystemPropertyName).get(); + assertEquals(TEST_VALUE1, propertyValue); + } + + public void testValueIsDefaultWhenOneSystemPropertyIsNotSet() throws Exception + { + assertSystemPropertiesNotSet(_systemPropertyName); + + String propertyValue = QpidProperty.stringProperty(DEFAULT_VALUE, _systemPropertyName).get(); + assertEquals(DEFAULT_VALUE, propertyValue); + } + + public void testValueIsDefaultWhenTwoSystemPropertiesAreNotSet() throws Exception + { + assertSystemPropertiesNotSet(_systemPropertyName, _deprecatedSystemPropertyName); + + String propertyValue = QpidProperty.stringProperty(DEFAULT_VALUE, _systemPropertyName).get(); + assertEquals(DEFAULT_VALUE, propertyValue); + } + + public void testValueIsNullWhenNoDefaultAndNoSystemPropertiesAreSet() throws Exception + { + assertSystemPropertiesNotSet(_systemPropertyName, _deprecatedSystemPropertyName); + + String nullString = null; + String propertyValue = QpidProperty.stringProperty(nullString, _systemPropertyName).get(); + assertNull(propertyValue); + } + + public void testBooleanValueReadFromSystemProperty() throws Exception + { + setTestSystemProperty(_systemPropertyName, Boolean.FALSE.toString()); + assertSystemPropertiesSet(_systemPropertyName); + + boolean propertyValue = QpidProperty.booleanProperty(Boolean.TRUE, _systemPropertyName).get(); + assertFalse(propertyValue); + } + + public void testBooleanValueIsDefaultWhenOneSystemPropertyIsNotSet() throws Exception + { + assertSystemPropertiesNotSet(_systemPropertyName); + + Boolean propertyValue = QpidProperty.booleanProperty(Boolean.TRUE, _systemPropertyName).get(); + assertTrue(propertyValue); + } + + public void testIntegerValueReadFromSystemProperty() throws Exception + { + int expectedValue = 15; + setTestSystemProperty(_systemPropertyName, Integer.valueOf(expectedValue).toString()); + assertSystemPropertiesSet(_systemPropertyName); + + int propertyValue = QpidProperty.intProperty(14, _systemPropertyName).get(); + assertEquals(expectedValue, propertyValue); + } + + public void testIntegerValueIsDefaultWhenOneSystemPropertyIsNotSet() throws Exception + { + int expectedValue = 15; + assertSystemPropertiesNotSet(_systemPropertyName); + + int propertyValue = QpidProperty.intProperty(expectedValue, _systemPropertyName).get(); + assertEquals(expectedValue, propertyValue); + } + + public void testLongValueReadFromSystemProperty() throws Exception + { + long expectedValue = 15; + setTestSystemProperty(_systemPropertyName, Long.valueOf(expectedValue).toString()); + assertSystemPropertiesSet(_systemPropertyName); + + long propertyValue = QpidProperty.longProperty(14l, _systemPropertyName).get(); + assertEquals(expectedValue, propertyValue); + } + + public void testLongValueIsDefaultWhenOneSystemPropertyIsNotSet() throws Exception + { + long expectedValue = 15; + assertSystemPropertiesNotSet(_systemPropertyName); + + long propertyValue = QpidProperty.longProperty(expectedValue, _systemPropertyName).get(); + assertEquals(expectedValue, propertyValue); + } + + private void assertSystemPropertiesSet(String... systemPropertyNames) + { + for (String systemPropertyName : systemPropertyNames) + { + assertTrue("System property " + systemPropertyName + " should be set", + System.getProperties().containsKey(systemPropertyName)); + } + } + + private void assertSystemPropertiesNotSet(String... systemPropertyNames) + { + for (String systemPropertyName : systemPropertyNames) + { + assertFalse("System property " + systemPropertyName + " should not be set", + System.getProperties().containsKey(systemPropertyName)); + } + } + +} diff --git a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java index c373da0887..69b04c9979 100644 --- a/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java +++ b/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java @@ -19,7 +19,10 @@ package org.apache.qpid.ssl; import org.apache.qpid.test.utils.QpidTestCase; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; + import java.io.IOException; public class SSLContextFactoryTest extends QpidTestCase @@ -28,12 +31,13 @@ public class SSLContextFactoryTest extends QpidTestCase private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks"; private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks"; private static final String STORE_PASSWORD = "password"; - private static final String CERT_TYPE = "SunX509"; + private static final String DEFAULT_KEY_MANAGER_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm(); + private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm(); private static final String CERT_ALIAS_APP1 = "app1"; public void testBuildServerContext() throws Exception { - SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE); + SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM); assertNotNull("SSLContext should not be null", context); } @@ -41,7 +45,7 @@ public class SSLContextFactoryTest extends QpidTestCase { try { - SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", CERT_TYPE); + SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", DEFAULT_KEY_MANAGER_ALGORITHM); fail("Exception was not thrown due to incorrect password"); } catch (IOException e) @@ -54,7 +58,7 @@ public class SSLContextFactoryTest extends QpidTestCase { try { - SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null); + SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, null); fail("Exception was not thrown due to incorrect path"); } catch (IOException e) @@ -65,19 +69,19 @@ public class SSLContextFactoryTest extends QpidTestCase public void testBuildClientContextForSSLEncryptionOnly() throws Exception { - SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null, null, null, null); + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, null, null, null, null); assertNotNull("SSLContext should not be null", context); } public void testBuildClientContextWithForClientAuth() throws Exception { - SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null); + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, null); assertNotNull("SSLContext should not be null", context); } public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception { - SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CERT_ALIAS_APP1); + SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, DEFAULT_TRUST_MANAGER_ALGORITHM, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, DEFAULT_KEY_MANAGER_ALGORITHM, CERT_ALIAS_APP1); assertNotNull("SSLContext should not be null", context); } } diff --git a/java/common/src/test/java/org/apache/qpid/transport/ConnectionSettingsTest.java b/java/common/src/test/java/org/apache/qpid/transport/ConnectionSettingsTest.java index 7d28f079ec..47773ff2f8 100644 --- a/java/common/src/test/java/org/apache/qpid/transport/ConnectionSettingsTest.java +++ b/java/common/src/test/java/org/apache/qpid/transport/ConnectionSettingsTest.java @@ -20,11 +20,16 @@ */ package org.apache.qpid.transport; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; + import org.apache.qpid.configuration.ClientProperties; import org.apache.qpid.test.utils.QpidTestCase; public class ConnectionSettingsTest extends QpidTestCase { + private static final String TEST_ALGORITHM_NAME = "algorithmName"; + private ConnectionSettings _conConnectionSettings; protected void setUp() throws Exception @@ -33,37 +38,91 @@ public class ConnectionSettingsTest extends QpidTestCase _conConnectionSettings = new ConnectionSettings(); } - public void testDefaultTCP_NODELAY() + public void testTcpNoDelayDefault() { assertTrue("Default for isTcpNodelay() should be true", _conConnectionSettings.isTcpNodelay()); } - public void testSystemPropertyOverrideTrueForTCP_NODELAY() + public void testTcpNoDelayOverrideTrue() { - systemPropertyOverrideForTCP_NODELAYImpl(ClientProperties.QPID_TCP_NODELAY_PROP_NAME, true); + systemPropertyOverrideForTcpDelay(ClientProperties.QPID_TCP_NODELAY_PROP_NAME, true); } - public void testSystemPropertyOverrideFalseForTCP_NODELAY() + public void testTcpNoDelayOverrideFalse() { - systemPropertyOverrideForTCP_NODELAYImpl(ClientProperties.QPID_TCP_NODELAY_PROP_NAME, false); + systemPropertyOverrideForTcpDelay(ClientProperties.QPID_TCP_NODELAY_PROP_NAME, false); } - public void testLegacySystemPropertyOverrideTrueForTCP_NODELAY() + @SuppressWarnings("deprecation") + public void testTcpNoDelayLegacyOverrideTrue() { - systemPropertyOverrideForTCP_NODELAYImpl(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, true); + systemPropertyOverrideForTcpDelay(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, true); } - public void testLegacySystemPropertyOverrideFalseForTCP_NODELAY() + @SuppressWarnings("deprecation") + public void testTcpNoDelayLegacyOverrideFalse() { - systemPropertyOverrideForTCP_NODELAYImpl(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, false); + systemPropertyOverrideForTcpDelay(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, false); } - private void systemPropertyOverrideForTCP_NODELAYImpl(String propertyName, boolean value) + public void testKeyManagerFactoryAlgorithmDefault() { - //set the default via system property - setTestSystemProperty(propertyName, String.valueOf(value)); + assertEquals(KeyManagerFactory.getDefaultAlgorithm(), _conConnectionSettings.getKeyManagerFactoryAlgorithm()); + } - _conConnectionSettings = new ConnectionSettings(); + public void testKeyManagerFactoryAlgorithmOverridden() + { + String algorithmName = TEST_ALGORITHM_NAME; + systemPropertyOverrideForKeyFactoryAlgorithm(ClientProperties.QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, algorithmName); + } + + @SuppressWarnings("deprecation") + public void testKeyManagerFactoryAlgorithmLegacyOverridden() + { + String algorithmName = TEST_ALGORITHM_NAME; + systemPropertyOverrideForKeyFactoryAlgorithm(ClientProperties.QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME, algorithmName); + } + + public void testTrustManagerFactoryAlgorithmDefault() + { + assertEquals(TrustManagerFactory.getDefaultAlgorithm(), _conConnectionSettings.getTrustManagerFactoryAlgorithm()); + } + + public void testTrustManagerFactoryAlgorithmOverridden() + { + String algorithmName = TEST_ALGORITHM_NAME; + systemPropertyOverrideForTrustFactoryAlgorithm(ClientProperties.QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, algorithmName); + } + + @SuppressWarnings("deprecation") + public void testTrustManagerFactoryAlgorithmLegacyOverridden() + { + String algorithmName = TEST_ALGORITHM_NAME; + systemPropertyOverrideForTrustFactoryAlgorithm(ClientProperties.QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME, algorithmName); + } + + private void systemPropertyOverrideForTcpDelay(String propertyName, boolean value) + { + resetSystemProperty(propertyName, String.valueOf(value)); assertEquals("Value for isTcpNodelay() is incorrect", value, _conConnectionSettings.isTcpNodelay()); } + + private void systemPropertyOverrideForKeyFactoryAlgorithm(String propertyName, String value) + { + resetSystemProperty(propertyName, value); + assertEquals(value, _conConnectionSettings.getKeyManagerFactoryAlgorithm()); + } + + private void systemPropertyOverrideForTrustFactoryAlgorithm(String propertyName, String value) + { + resetSystemProperty(propertyName, value); + assertEquals(value, _conConnectionSettings.getTrustManagerFactoryAlgorithm()); + } + + private void resetSystemProperty(String propertyName, String value) + { + setTestSystemProperty(propertyName, value); + + _conConnectionSettings = new ConnectionSettings(); + } } diff --git a/java/common/src/test/java/org/apache/qpid/util/PropertyUtilsTest.java b/java/common/src/test/java/org/apache/qpid/util/PropertyUtilsTest.java index 9fd18d461a..c5464aab79 100644 --- a/java/common/src/test/java/org/apache/qpid/util/PropertyUtilsTest.java +++ b/java/common/src/test/java/org/apache/qpid/util/PropertyUtilsTest.java @@ -40,9 +40,4 @@ public class PropertyUtilsTest extends QpidTestCase String expandedProperty = PropertyUtils.replaceProperties("${banana}xyz${concrete}"); assertEquals(expandedProperty, "fruityxyzhorrible"); } - - public static junit.framework.Test suite() - { - return new junit.framework.TestSuite(PropertyUtilsTest.class); - } } |