QPID-3739: Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have misleading names and would be better called qpid.ssl.[Key|Trust]ManagerFactory.algorithm

* Introduced two properties qpid.ssl.KeyManagerFactory.algorithm and qpid.ssl.TrustManagerFactory.algorithm to allow a client user to override the algorithm name used when Qpid client constructs a KeyManager or TrustManager. * Continued to support qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType (now marked as deprecated) * Introduced a new Java Broker configuration key connector/ssl/keyManagerFactoryAlgorithm * Continued to support broker configuration key connector/ssl/certType (now marked as deprecated and will issue warning if used). * Changed the default from hardcoded 'SunX509' to the value(s) returned by KeyManagerFactory#getDefaultAlgorithm() and TrustManagerFactory#getDefaultAlgorithm(). This allows the Java Broker and Client to be used out of the box on non-Sun JDKs without having to set qpid.ssl.KeyManagerFactory.algorithm or qpid.ssl.TrustManagerFactory.algorithm. * Updated client docbook documentation. Tested both Java Broker and Client on IBM JDK and ensured all 0-10 and 0-9-1 profiles pass (including SSLTest which was failing prior to this change). git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1237504 13f79535-47bb-0310-9956-ffa450edef68
author: Keith Wall <kwall@apache.org> 2012-01-29 22:57:31 +0000
committer: Keith Wall <kwall@apache.org> 2012-01-29 22:57:31 +0000
commit: 948bfbdc46e09ea02808724760d03de51b8abb7f (patch)
tree: fd0f58fe7c72af8979fd09f575689ea6adf9e7d5 /java/common/src/main
parent: 86bfd7d89ab6ccdb6a57aa83c2379c4616e4f3f7 (diff)
download: qpid-python-948bfbdc46e09ea02808724760d03de51b8abb7f.tar.gz
8 files changed, 68 insertions, 39 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java b/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java
index 63a78f7971..517fd1829f 100644
--- a/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java
+++ b/java/common/src/main/java/org/apache/qpid/configuration/Accessor.java
@@ -1,4 +1,3 @@
-package org.apache.qpid.configuration;
 /*
  * 
  * Licensed to the Apache Software Foundation (ASF) under one
@@ -19,7 +18,7 @@ package org.apache.qpid.configuration;
  * under the License.
  * 
  */
-
+package org.apache.qpid.configuration;
 
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -40,7 +39,7 @@ public interface Accessor
     {
         public Boolean getBoolean(String name)
         {
-            return Boolean.getBoolean(name);
+            return System.getProperty(name) == null ? null : Boolean.getBoolean(name);
         }
         
         public Integer getInt(String name)
diff --git a/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java b/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java
index 69a6602baf..ef7feba53c 100644
--- a/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java
+++ b/java/common/src/main/java/org/apache/qpid/configuration/ClientProperties.java
@@ -95,6 +95,7 @@ public class ClientProperties
      * synchronous operations.
      */
     public static final String QPID_SYNC_OP_TIMEOUT = "qpid.sync_op_timeout";
+    @Deprecated
     public static final String AMQJ_DEFAULT_SYNCWRITE_TIMEOUT = "amqj.default_syncwrite_timeout";
 
     /**
@@ -106,6 +107,7 @@ public class ClientProperties
      * System properties to change the default value used for TCP_NODELAY
      */
     public static final String QPID_TCP_NODELAY_PROP_NAME = "qpid.tcp_nodelay";
+    @Deprecated
     public static final String AMQJ_TCP_NODELAY_PROP_NAME = "amqj.tcp_nodelay";
 
     /**
@@ -119,4 +121,23 @@ public class ClientProperties
     private ClientProperties()
     {
     }
+
+    /**
+     * System property used to set the key manager factory algorithm.
+     *
+     * Historically, Qpid referred to this as {@value #QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME}.
+     */
+    public static final String QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME = "qpid.ssl.KeyManagerFactory.algorithm";
+    @Deprecated
+    public static final String QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME = "qpid.ssl.keyStoreCertType";
+
+    /**
+     * System property used to set the trust manager factory algorithm.
+     *
+     * Historically, Qpid referred to this {@value #QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME}.
+     */
+    public static final String QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME = "qpid.ssl.TrustManagerFactory.algorithm";
+    @Deprecated
+    public static final String QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME = "qpid.ssl.trustStoreCertType";
+
 }
diff --git a/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java b/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java
index 19e998733a..81702ee1ea 100644
--- a/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java
+++ b/java/common/src/main/java/org/apache/qpid/configuration/PropertyUtils.java
@@ -70,13 +70,13 @@ public class PropertyUtils
         parsePropertyString(value, fragments, propertyRefs);
 
         StringBuffer sb = new StringBuffer();
-        Iterator j = propertyRefs.iterator();
+        Iterator<String> j = propertyRefs.iterator();
 
         for (String fragment : fragments)
         {
             if (fragment == null)
             {
-                String propertyName = (String) j.next();
+                String propertyName = j.next();
 
                 // try to get it from the project or keys
                 // Backward compatibility
diff --git a/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java b/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java
index e88c7784a2..e0989495bb 100644
--- a/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java
+++ b/java/common/src/main/java/org/apache/qpid/configuration/QpidProperty.java
@@ -20,7 +20,7 @@ package org.apache.qpid.configuration;
 
 import org.apache.qpid.configuration.Accessor.SystemPropertyAccessor;
 
-abstract class QpidProperty<T>
+public abstract class QpidProperty<T>
 {
     private T defValue;
     private String[] names;
@@ -38,7 +38,7 @@ abstract class QpidProperty<T>
         this.names = names;
     }
 
-    T get()
+    public T get()
     {
         for (String name : names)
         {
diff --git a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
index 87073c1090..c9ff180c54 100644
--- a/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/ssl/SSLContextFactory.java
@@ -41,7 +41,6 @@ public class SSLContextFactory
 {
     public static final String JAVA_KEY_STORE_CODE = "JKS";
     public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
-    public static final String KEY_STORE_CERTIFICATE_TYPE = "SunX509";
 
     private SSLContextFactory()
     {
@@ -49,28 +48,28 @@ public class SSLContextFactory
     }
 
     public static SSLContext buildServerContext(final String keyStorePath,
-            final String keyStorePassword, final String keyStoreCertType)
+            final String keyStorePassword, final String keyManagerFactoryAlgorithm)
             throws GeneralSecurityException, IOException
     {
         return buildContext(null, null, null, keyStorePath, keyStorePassword,
-                keyStoreCertType, null);
+                keyManagerFactoryAlgorithm, null);
     }
 
     public static SSLContext buildClientContext(final String trustStorePath,
-            final String trustStorePassword, final String trustStoreCertType,
+            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
             final String keyStorePath, final String keyStorePassword,
-            final String keyStoreCertType, final String certAlias)
+            final String keyManagerFactoryAlgorithm, final String certAlias)
             throws GeneralSecurityException, IOException
     {
         return buildContext(trustStorePath, trustStorePassword,
-                trustStoreCertType, keyStorePath, keyStorePassword,
-                keyStoreCertType, certAlias);
+                trustManagerFactoryAlgorithm, keyStorePath, keyStorePassword,
+                keyManagerFactoryAlgorithm, certAlias);
     }
     
     private static SSLContext buildContext(final String trustStorePath,
-            final String trustStorePassword, final String trustStoreCertType,
+            final String trustStorePassword, final String trustManagerFactoryAlgorithm,
             final String keyStorePath, final String keyStorePassword,
-            final String keyStoreCertType, final String certAlias)
+            final String keyManagerFactoryAlgorithm, final String certAlias)
             throws GeneralSecurityException, IOException
     {
         // Initialize the SSLContext to work with our key managers.
@@ -85,7 +84,7 @@ public class SSLContextFactory
             final KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
                     trustStorePassword);
             final TrustManagerFactory tmf = TrustManagerFactory
-                    .getInstance(trustStoreCertType);
+                    .getInstance(trustManagerFactoryAlgorithm);
             tmf.init(ts);
 
             trustManagers = tmf.getTrustManagers();
@@ -101,7 +100,7 @@ public class SSLContextFactory
             {
                 keyManagers = new KeyManager[] { new QpidClientX509KeyManager(
                         certAlias, keyStorePath, keyStorePassword,
-                        keyStoreCertType) };
+                        keyManagerFactoryAlgorithm) };
             }
             else
             {
@@ -111,7 +110,7 @@ public class SSLContextFactory
                 char[] keyStoreCharPassword = keyStorePassword == null ? null : keyStorePassword.toCharArray();
                 // Set up key manager factory to use our key store
                 final KeyManagerFactory kmf = KeyManagerFactory
-                        .getInstance(keyStoreCertType);
+                        .getInstance(keyManagerFactoryAlgorithm);
                 kmf.init(ks, keyStoreCharPassword);
                 keyManagers = kmf.getKeyManagers();
             }
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
index e04511497a..91a029ffec 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
@@ -20,10 +20,20 @@
  */
 package org.apache.qpid.transport;
 
-import org.apache.qpid.configuration.ClientProperties;
-
 import java.util.Map;
 
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.qpid.configuration.QpidProperty;
+
+import static org.apache.qpid.configuration.ClientProperties.QPID_TCP_NODELAY_PROP_NAME;
+import static org.apache.qpid.configuration.ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME;
+import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME;
+import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME;
+import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME;
+import static org.apache.qpid.configuration.ClientProperties.QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME;
+
 /**
  * A ConnectionSettings object can only be associated with
  * one Connection object. I have added an assertion that will
@@ -32,6 +42,8 @@ import java.util.Map;
  */
 public class ConnectionSettings
 {
+    public static final String DEFAULT_ALGORITHM_NAME = "SunX509";
+
     public static final String WILDCARD_ADDRESS = "*";
 
     private String protocol = "tcp";
@@ -40,21 +52,20 @@ public class ConnectionSettings
     private String username = "guest";
     private String password = "guest";
     private int port = 5672;
-    private boolean tcpNodelay = Boolean.valueOf(System.getProperty(ClientProperties.QPID_TCP_NODELAY_PROP_NAME,
-                                         System.getProperty(ClientProperties.AMQJ_TCP_NODELAY_PROP_NAME, "true")));
+    private boolean tcpNodelay = QpidProperty.booleanProperty(Boolean.TRUE, QPID_TCP_NODELAY_PROP_NAME, AMQJ_TCP_NODELAY_PROP_NAME).get();
     private int maxChannelCount = 32767;
     private int maxFrameSize = 65535;
     private int heartbeatInterval;
     private int readBufferSize = 65535;
     private int writeBufferSize = 65535;
     private long transportTimeout = 60000;
-    
+
     // SSL props
     private boolean useSSL;
     private String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
     private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
-    private String keyStoreCertType = System.getProperty("qpid.ssl.keyStoreCertType","SunX509");;
-    private String trustStoreCertType = System.getProperty("qpid.ssl.trustStoreCertType","SunX509");;
+    private String keyManagerFactoryAlgorithm = QpidProperty.stringProperty(KeyManagerFactory.getDefaultAlgorithm(), QPID_SSL_KEY_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_KEY_STORE_CERT_TYPE_PROP_NAME).get();
+    private String trustManagerFactoryAlgorithm = QpidProperty.stringProperty(TrustManagerFactory.getDefaultAlgorithm(), QPID_SSL_TRUST_MANAGER_FACTORY_ALGORITHM_PROP_NAME, QPID_SSL_TRUST_STORE_CERT_TYPE_PROP_NAME).get();
     private String trustStorePath = System.getProperty("javax.net.ssl.trustStore");;
     private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");;
     private String certAlias;
@@ -288,24 +299,24 @@ public class ConnectionSettings
         this.verifyHostname = verifyHostname;
     }
     
-    public String getKeyStoreCertType()
+    public String getKeyManagerFactoryAlgorithm()
     {
-        return keyStoreCertType;
+        return keyManagerFactoryAlgorithm;
     }
 
-    public void setKeyStoreCertType(String keyStoreCertType)
+    public void setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
     {
-        this.keyStoreCertType = keyStoreCertType;
+        this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm;
     }
 
-    public String getTrustStoreCertType()
+    public String getTrustManagerFactoryAlgorithm()
     {
-        return trustStoreCertType;
+        return trustManagerFactoryAlgorithm;
     }
 
-    public void setTrustStoreCertType(String trustStoreCertType)
+    public void setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
     {
-        this.trustStoreCertType = trustStoreCertType;
+        this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
     }
 
     public int getReadBufferSize()
@@ -337,5 +348,4 @@ public class ConnectionSettings
     {
         this.transportTimeout = transportTimeout;
     }
-
 }
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
index d51491862b..442800c529 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
@@ -78,10 +78,10 @@ public class SecurityLayerFactory
                 sslCtx = SSLContextFactory
                         .buildClientContext(settings.getTrustStorePath(),
                                 settings.getTrustStorePassword(),
-                                settings.getTrustStoreCertType(),
+                                settings.getTrustManagerFactoryAlgorithm(),
                                 settings.getKeyStorePath(),
                                 settings.getKeyStorePassword(),
-                                settings.getKeyStoreCertType(),
+                                settings.getKeyManagerFactoryAlgorithm(),
                                 settings.getCertAlias());
             }
             catch (Exception e)
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
index 7879f2c849..3ab028c8a8 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
@@ -41,11 +41,11 @@ public class QpidClientX509KeyManager extends X509ExtendedKeyManager
     private String alias;
     
     public QpidClientX509KeyManager(String alias, String keyStorePath,
-                           String keyStorePassword,String keyStoreCertType) throws GeneralSecurityException, IOException
+                           String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
     {
         this.alias = alias;    
         KeyStore ks = SSLUtil.getInitializedKeyStore(keyStorePath,keyStorePassword);
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyStoreCertType);
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
         kmf.init(ks, keyStorePassword.toCharArray());
         this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
     }
author	Keith Wall <kwall@apache.org>	2012-01-29 22:57:31 +0000
committer	Keith Wall <kwall@apache.org>	2012-01-29 22:57:31 +0000
commit	948bfbdc46e09ea02808724760d03de51b8abb7f (patch)
tree	fd0f58fe7c72af8979fd09f575689ea6adf9e7d5 /java/common/src/main
parent	86bfd7d89ab6ccdb6a57aa83c2379c4616e4f3f7 (diff)
download	qpid-python-948bfbdc46e09ea02808724760d03de51b8abb7f.tar.gz