QPID-3429: ensure that SSL is enabled correctly in MinaNetworkHandler. Refactor SSLContextFactory to be a factory, and present a useful interface for both client and server side use. Added keystore for the Java broker, renamed existing client trust/key stores for clarity. Fix SSL port configuration. Added new SSL tests, and ensure these are *always* run in the Java 0-10 profiles.

Committing work by myself and Keith Wall.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1159250 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 106 insertions, 71 deletions

diff --git a/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java b/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
new file mode 100644
index 0000000000..288946e064
--- /dev/null
+++ b/qpid/java/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
@@ -0,0 +1,84 @@
+/* Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.ssl;
+
+import java.io.IOException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class SSLContextFactoryTest extends QpidTestCase
+{
+    private static final String BROKER_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_broker_keystore.jks";
+    private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_keystore.jks";
+    private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR + "/ssl/java_client_truststore.jks";
+    private static final String STORE_PASSWORD = "password";
+    private static final String CERT_TYPE = "SunX509";
+    private static final String CERT_ALIAS_APP1 = "app1";
+
+    public void testBuildServerContext() throws Exception
+    {
+        SSLContext context = SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE);
+        assertNotNull("SSLContext should not be null", context);
+    }
+
+    public void testBuildServerContextWithIncorrectPassword() throws Exception
+    {
+        try
+        {
+            SSLContextFactory.buildServerContext(BROKER_KEYSTORE_PATH, "sajdklsad", CERT_TYPE);
+            fail("Exception was not thrown due to incorrect password");
+        }
+        catch (IOException e)
+        {
+            //expected
+        }
+    }
+    
+    public void testTrustStoreDoesNotExist() throws Exception
+    {
+        try
+        {
+            SSLContextFactory.buildClientContext("/path/to/nothing", STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null);
+            fail("Exception was not thrown due to incorrect path");
+        }
+        catch (IOException e)
+        {
+            //expected
+        }
+    }
+
+    public void testBuildClientContextForSSLEncryptionOnly() throws Exception
+    {
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null, null, null, null);
+        assertNotNull("SSLContext should not be null", context);
+    }
+
+    public void testBuildClientContextWithForClientAuth() throws Exception
+    {
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, null);
+        assertNotNull("SSLContext should not be null", context);
+    }
+    
+    public void testBuildClientContextWithForClientAuthWithCertAlias() throws Exception
+    {
+        SSLContext context = SSLContextFactory.buildClientContext(CLIENT_TRUSTSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CLIENT_KEYSTORE_PATH, STORE_PASSWORD, CERT_TYPE, CERT_ALIAS_APP1);
+        assertNotNull("SSLContext should not be null", context);
+    }
+}
diff --git a/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java b/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java
index 89542e8125..2ec5e17a16 100644
--- a/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java
+++ b/qpid/java/common/src/test/java/org/apache/qpid/test/utils/QpidTestCase.java
@@ -37,7 +37,10 @@ import org.apache.mina.util.AvailablePortFinder;
 
 public class QpidTestCase extends TestCase
 {
-    protected static final Logger _logger = Logger.getLogger(QpidTestCase.class);
+    public static final String QPID_HOME = System.getProperty("QPID_HOME");
+    public static final String TEST_RESOURCES_DIR = QPID_HOME + "/../test-profiles/test_resources/";
+
+    private static final Logger _logger = Logger.getLogger(QpidTestCase.class);
 
     private final Map<String, String> _propertiesSetForTest = new HashMap<String, String>();
 
@@ -144,9 +147,9 @@ public class QpidTestCase extends TestCase
      * completes.
      *
      * @param property The property to set
-     * @param value the value to set it to.
+     * @param value the value to set it to, if null, the property will be cleared
      */
-    protected void setTestSystemProperty(String property, String value)
+    protected void setTestSystemProperty(final String property, final String value)
     {
         if (!_propertiesSetForTest.containsKey(property))
         {
@@ -154,7 +157,14 @@ public class QpidTestCase extends TestCase
             _propertiesSetForTest.put(property, System.getProperty(property));
         }
 
-        System.setProperty(property, value);
+        if (value == null)
+        {
+            System.clearProperty(property);
+        }
+        else
+        {
+            System.setProperty(property, value);
+        }
     }
 
     /**
@@ -162,6 +172,7 @@ public class QpidTestCase extends TestCase
      */
     protected void revertTestSystemProperties()
     {
+        _logger.debug("reverting " + _propertiesSetForTest.size() + " test properties");
         for (String key : _propertiesSetForTest.keySet())
         {
             String value = _propertiesSetForTest.get(key);
diff --git a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java
index 4e504c69eb..d2fab7d163 100644
--- a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java
+++ b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/TransportTest.java
@@ -23,9 +23,10 @@ package org.apache.qpid.transport.network;
 
 import java.nio.ByteBuffer;
 
+import javax.net.ssl.SSLContext;
+
 import org.apache.qpid.framing.ProtocolVersion;
 import org.apache.qpid.protocol.ProtocolEngineFactory;
-import org.apache.qpid.ssl.SSLContextFactory;
 import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.transport.ConnectionSettings;
 import org.apache.qpid.transport.NetworkTransportConfiguration;
@@ -129,7 +130,7 @@ public class TransportTest extends QpidTestCase
         }
 
         public NetworkConnection connect(ConnectionSettings settings,
-                Receiver<ByteBuffer> delegate, SSLContextFactory sslFactory)
+                Receiver<ByteBuffer> delegate, SSLContext sslContext)
         {
             throw new UnsupportedOperationException();
         }
@@ -149,7 +150,7 @@ public class TransportTest extends QpidTestCase
         }
 
         public void accept(NetworkTransportConfiguration config,
-                ProtocolEngineFactory factory, SSLContextFactory sslFactory)
+                ProtocolEngineFactory factory, SSLContext sslContext)
         {
             throw new UnsupportedOperationException();
         }
diff --git a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java
index 8530240dcc..e075681acb 100644
--- a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java
+++ b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoAcceptor.java
@@ -80,7 +80,7 @@ public class IoAcceptor<E> extends Thread
             try
             {
                 Socket sock = socket.accept();
-                IoTransport<E> transport = new IoTransport<E>(sock, binding,false);
+                IoTransport<E> transport = new IoTransport<E>(sock, binding);
             }
             catch (IOException e)
             {
diff --git a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java
index 773d7bc117..0de1308281 100644
--- a/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java
+++ b/qpid/java/common/src/test/java/org/apache/qpid/transport/network/io/IoTransport.java
@@ -68,18 +68,10 @@ public final class IoTransport<E>
     private IoReceiver receiver;
     private long timeout = 60000;
 
-    IoTransport(Socket socket, Binding<E,ByteBuffer> binding, boolean ssl)
+    IoTransport(Socket socket, Binding<E,ByteBuffer> binding)
     {
         this.socket = socket;
-
-        if (ssl)
-        {
-            setupSSLTransport(socket, binding);
-        }
-        else
-        {
-            setupTransport(socket, binding);
-        }
+        setupTransport(socket, binding);
     }
 
     private void setupTransport(Socket socket, Binding<E, ByteBuffer> binding)
@@ -96,41 +88,6 @@ public final class IoTransport<E>
         ios.registerCloseListener(this.receiver);
     }
 
-    private void setupSSLTransport(Socket socket, Binding<E, ByteBuffer> binding)
-    {
-        SSLEngine engine = null;
-        SSLContext sslCtx;
-        try
-        {
-            sslCtx = createSSLContext();
-        }
-        catch (Exception e)
-        {
-            throw new TransportException("Error creating SSL Context", e);
-        }
-
-        try
-        {
-            engine = sslCtx.createSSLEngine();
-            engine.setUseClientMode(true);
-        }
-        catch(Exception e)
-        {
-            throw new TransportException("Error creating SSL Engine", e);
-        }
-        IoSender ios = new IoSender(socket, 2*writeBufferSize, timeout);
-        ios.initiate();
-        final SSLStatus sslStatus = new SSLStatus();
-        this.sender = new SSLSender(engine,ios, sslStatus);
-        this.endpoint = binding.endpoint(sender);
-        this.receiver = new IoReceiver(socket, new SSLReceiver(engine,binding.receiver(endpoint),sslStatus),
-                2*readBufferSize, timeout);
-        this.receiver.initiate();
-        ios.registerCloseListener(this.receiver);
-
-        log.info("SSL Sender and Receiver initiated");
-    }
-
     public Sender<ByteBuffer> getSender()
     {
         return sender;
@@ -146,22 +103,4 @@ public final class IoTransport<E>
         return socket;
     }
 
-    private SSLContext createSSLContext() throws Exception
-    {
-        String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
-        String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
-        String trustStoreCertType = System.getProperty("qpid.ssl.trustStoreCertType","SunX509");
-                
-        String keyStorePath = System.getProperty("javax.net.ssl.keyStore",trustStorePath);
-        String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword",trustStorePassword);
-        String keyStoreCertType = System.getProperty("qpid.ssl.keyStoreCertType","SunX509");
-        
-        SSLContextFactory sslContextFactory = new SSLContextFactory(trustStorePath,trustStorePassword,
-                                                                    trustStoreCertType,keyStorePath,
-                                                                    keyStorePassword,keyStoreCertType);
-        
-        return sslContextFactory.buildServerContext();
-        
-    }
-
 }