From 670bc62a5072539d8d3b9aeeef40302cd5570007 Mon Sep 17 00:00:00 2001
From: Robert Gemmell <robbie@apache.org>
Date: Thu, 18 Aug 2011 14:42:46 +0000
Subject: QPID-3429: ensure that SSL is enabled correctly in
 MinaNetworkHandler. Refactor SSLContextFactory to be a factory, and present a
 useful interface for both client and server side use. Added keystore for the
 Java broker, renamed existing client trust/key stores for clarity. Fix SSL
 port configuration. Added new SSL tests, and ensure these are *always* run in
 the Java 0-10 profiles.

Committing work by myself and Keith Wall.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1159250 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/qpid/client/AMQConnectionDelegate_8_0.java | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'java/client/src')

diff --git a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
index 0cd1d49224..756bf11663 100644
--- a/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
+++ b/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
@@ -23,6 +23,7 @@ package org.apache.qpid.client;
 import java.io.IOException;
 import java.net.ConnectException;
 import java.nio.channels.UnresolvedAddressException;
+import java.security.GeneralSecurityException;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.EnumSet;
@@ -31,6 +32,7 @@ import java.util.Set;
 
 import javax.jms.JMSException;
 import javax.jms.XASession;
+import javax.net.ssl.SSLContext;
 
 import org.apache.qpid.AMQException;
 import org.apache.qpid.client.failover.FailoverException;
@@ -99,14 +101,21 @@ public class AMQConnectionDelegate_8_0 implements AMQConnectionDelegate
         settings.setProtocol(brokerDetail.getTransport());
 
         SSLConfiguration sslConfig = _conn.getSSLConfiguration();
-        SSLContextFactory sslFactory = null;
+        SSLContext sslContext = null;
         if (sslConfig != null)
         {
-            sslFactory = new SSLContextFactory(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType());
+            try
+            {
+                sslContext = SSLContextFactory.buildClientContext(sslConfig.getKeystorePath(), sslConfig.getKeystorePassword(), sslConfig.getCertType(),null,null,null,null);
+            }
+            catch (GeneralSecurityException e)
+            {
+                throw new AMQException("Unable to create SSLContext: " + e.getMessage(), e);
+            }
         }
 
         OutgoingNetworkTransport transport = Transport.getOutgoingTransportInstance(getProtocolVersion());
-        NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslFactory);
+        NetworkConnection network = transport.connect(settings, _conn._protocolHandler, sslContext);
         _conn._protocolHandler.setNetworkConnection(network);
         _conn._protocolHandler.getProtocolSession().init();
         // this blocks until the connection has been set up or when an error
-- 
cgit v1.2.1