QPID-3739: Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have misleading names and would be better called qpid.ssl.[Key|Trust]ManagerFactory.algorithm

* Introduced two properties qpid.ssl.KeyManagerFactory.algorithm and qpid.ssl.TrustManagerFactory.algorithm to allow a client user to override the algorithm name used when Qpid client constructs a KeyManager or TrustManager. * Continued to support qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType (now marked as deprecated) * Introduced a new Java Broker configuration key connector/ssl/keyManagerFactoryAlgorithm * Continued to support broker configuration key connector/ssl/certType (now marked as deprecated and will issue warning if used). * Changed the default from hardcoded 'SunX509' to the value(s) returned by KeyManagerFactory#getDefaultAlgorithm() and TrustManagerFactory#getDefaultAlgorithm(). This allows the Java Broker and Client to be used out of the box on non-Sun JDKs without having to set qpid.ssl.KeyManagerFactory.algorithm or qpid.ssl.TrustManagerFactory.algorithm. * Updated client docbook documentation. Tested both Java Broker and Client on IBM JDK and ensured all 0-10 and 0-9-1 profiles pass (including SSLTest which was failing prior to this change). git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1237504 13f79535-47bb-0310-9956-ffa450edef68
author: Keith Wall <kwall@apache.org> 2012-01-29 22:57:31 +0000
committer: Keith Wall <kwall@apache.org> 2012-01-29 22:57:31 +0000
commit: 7e6ec5fd3acd4b118830183ac1003f249d464bc1 (patch)
tree: 302d3b15e53107e8c49cf7b89af4cabdbd080029 /qpid/java/broker
parent: 98a611242810c00526ce903e45c44c4c176cc7e6 (diff)
download: qpid-python-7e6ec5fd3acd4b118830183ac1003f249d464bc1.tar.gz
3 files changed, 29 insertions, 8 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
index 91967c9f16..8bc95a32f2 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
@@ -212,8 +212,8 @@ public class Broker
             {
                 final String keystorePath = serverConfig.getConnectorKeyStorePath();
                 final String keystorePassword = serverConfig.getConnectorKeyStorePassword();
-                final String certType = serverConfig.getConnectorCertType();
-                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, certType);
+                final String keyManagerFactoryAlgorithm = serverConfig.getConnectorKeyManagerFactoryAlgorithm();
+                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, keyManagerFactoryAlgorithm);
 
                 for(int sslPort : sslPorts)
                 {
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
index cb6ebb9b95..d81116e454 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
@@ -48,6 +48,8 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import javax.net.ssl.KeyManagerFactory;
+
 public class ServerConfiguration extends ConfigurationPlugin
 {
     protected static final Logger _logger = Logger.getLogger(ServerConfiguration.class);
@@ -255,6 +257,13 @@ public class ServerConfiguration extends ConfigurationPlugin
                         + (_configFile == null ? "" : " Configuration file : " + _configFile));
             }
         }
+
+        // QPID-3739 certType was a misleading name.
+        if (contains("connector.ssl.certType"))
+        {
+            _logger.warn("Validation warning: connector/ssl/certType is deprecated and must be replaced by connector/ssl/keyManagerFactoryAlgorithm"
+                    + (_configFile == null ? "" : " Configuration file : " + _configFile));
+        }
     }
 
     /*
@@ -719,9 +728,12 @@ public class ServerConfiguration extends ConfigurationPlugin
         return getStringValue("connector.ssl.keyStorePassword", fallback);
     }
 
-    public String getConnectorCertType()
+    public String getConnectorKeyManagerFactoryAlgorithm()
     {
-        return getStringValue("connector.ssl.certType", "SunX509");
+        final String systemFallback = KeyManagerFactory.getDefaultAlgorithm();
+        // deprecated, pre-0.15 brokers supported this name.
+        final String fallback = getStringValue("connector.ssl.certType", systemFallback);
+        return getStringValue("connector.ssl.keyManagerFactoryAlgorithm", fallback);
     }
 
     public String getDefaultVirtualHost()
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
index 81de6be703..abdc7f2246 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
@@ -40,6 +40,8 @@ import java.io.IOException;
 import java.io.Writer;
 import java.util.Locale;
 
+import javax.net.ssl.KeyManagerFactory;
+
 public class ServerConfigurationTest extends QpidTestCase
 {
     private XMLConfiguration _config = new XMLConfiguration();
@@ -575,17 +577,24 @@ public class ServerConfigurationTest extends QpidTestCase
         assertEquals("b", _serverConfig.getConnectorKeyStorePassword());
     }
 
-    public void testGetConnectorCertType() throws ConfigurationException
+    public void testConnectorGetKeyManagerAlgorithm() throws ConfigurationException
     {
         // Check default
         _serverConfig.initialise();
-        assertEquals("SunX509", _serverConfig.getConnectorCertType());
+        assertEquals(KeyManagerFactory.getDefaultAlgorithm(), _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
 
         // Check value we set
-        _config.setProperty("connector.ssl.certType", "a");
+        _config.setProperty("connector.ssl.keyManagerFactoryAlgorithm", "a");
+        _serverConfig = new ServerConfiguration(_config);
+        _serverConfig.initialise();
+        assertEquals("a", _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
+
+        // Ensure we continue to support the old name certType
+        _config.clearProperty("connector.ssl.keyManagerFactoryAlgorithm");
+        _config.setProperty("connector.ssl.certType", "b");
         _serverConfig = new ServerConfiguration(_config);
         _serverConfig.initialise();
-        assertEquals("a", _serverConfig.getConnectorCertType());
+        assertEquals("b", _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
     }
 
     public void testGetHousekeepingCheckPeriod() throws ConfigurationException
author	Keith Wall <kwall@apache.org>	2012-01-29 22:57:31 +0000
committer	Keith Wall <kwall@apache.org>	2012-01-29 22:57:31 +0000
commit	7e6ec5fd3acd4b118830183ac1003f249d464bc1 (patch)
tree	302d3b15e53107e8c49cf7b89af4cabdbd080029 /qpid/java/broker
parent	98a611242810c00526ce903e45c44c4c176cc7e6 (diff)
download	qpid-python-7e6ec5fd3acd4b118830183ac1003f249d464bc1.tar.gz