QPID-5960: Turn on SSL host name verification by default

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1616378 13f79535-47bb-0310-9956-ffa450edef68
author: Alex Rudyy <orudyy@apache.org> 2014-08-07 00:20:24 +0000
committer: Alex Rudyy <orudyy@apache.org> 2014-08-07 00:20:24 +0000
commit: 87456620af31532eb5af81c0207e7533ae67fb39 (patch)
tree: 866844d60f28c65c90ac382a0383a1be4609b5c3 /qpid/java/client
parent: dc820f18f1d290835df8e620e649ad73e2a7fc7b (diff)
download: qpid-python-87456620af31532eb5af81c0207e7533ae67fb39.tar.gz
2 files changed, 42 insertions, 4 deletions
diff --git a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
index a659e44363..bde20d0550 100644
--- a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
+++ b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQBrokerDetails.java
@@ -20,6 +20,7 @@
  */
 package org.apache.qpid.client;
 
+import org.apache.qpid.configuration.ClientProperties;
 import org.apache.qpid.jms.BrokerDetails;
 import org.apache.qpid.transport.ConnectionSettings;
 import org.apache.qpid.url.URLHelper;
@@ -470,7 +471,10 @@ public class AMQBrokerDetails implements BrokerDetails, Serializable
         }
         // ----------------------------
 
-        conSettings.setVerifyHostname(getBooleanProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME));
+        boolean defaultSSLVerifyHostName = Boolean.parseBoolean(
+                System.getProperty(ClientProperties.CONNECTION_OPTION_SSL_VERIFY_HOST_NAME,
+                    String.valueOf(ClientProperties.DEFAULT_CONNECTION_OPTION_SSL_VERIFY_HOST_NAME)));
+        conSettings.setVerifyHostname(getBooleanProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME, defaultSSLVerifyHostName ));
 
         if (getProperty(BrokerDetails.OPTIONS_TCP_NO_DELAY) != null)
         {
diff --git a/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java b/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
index ad9d3d3516..2733d7bf6d 100644
--- a/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
+++ b/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
@@ -20,14 +20,14 @@
  */
 package org.apache.qpid.test.unit.client.BrokerDetails;
 
-import junit.framework.TestCase;
-
 import org.apache.qpid.client.AMQBrokerDetails;
+import org.apache.qpid.configuration.ClientProperties;
 import org.apache.qpid.jms.BrokerDetails;
+import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.transport.ConnectionSettings;
 import org.apache.qpid.url.URLSyntaxException;
 
-public class BrokerDetailsTest extends TestCase
+public class BrokerDetailsTest extends QpidTestCase
 {
     public void testDefaultTCP_NODELAY() throws URLSyntaxException
     {
@@ -190,4 +190,38 @@ public class BrokerDetailsTest extends TestCase
 
         assertEquals(Integer.valueOf(60), broker.buildConnectionSettings().getHeartbeatInterval08());
     }
+
+    public void testSslVerifyHostNameIsTurnedOnByDefault() throws Exception
+    {
+        String brokerURL = "tcp://localhost:5672?ssl='true'";
+        AMQBrokerDetails broker = new AMQBrokerDetails(brokerURL);
+        ConnectionSettings connectionSettings = broker.buildConnectionSettings();
+        assertTrue(String.format("Unexpected '%s' option value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                connectionSettings.isVerifyHostname());
+        assertNull(String.format("Unexpected '%s' property value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                broker.getProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME));
+    }
+
+    public void testSslVerifyHostNameIsTurnedOff() throws Exception
+    {
+        String brokerURL = "tcp://localhost:5672?ssl='true'&ssl_verify_hostname='false'";
+        AMQBrokerDetails broker = new AMQBrokerDetails(brokerURL);
+        ConnectionSettings connectionSettings = broker.buildConnectionSettings();
+        assertFalse(String.format("Unexpected '%s' option value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                connectionSettings.isVerifyHostname());
+        assertEquals(String.format("Unexpected '%s' property value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                "false", broker.getProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME));
+    }
+
+    public void testSslVerifyHostNameTurnedOffViaSystemProperty() throws Exception
+    {
+        setTestSystemProperty(ClientProperties.CONNECTION_OPTION_SSL_VERIFY_HOST_NAME, "false");
+        String brokerURL = "tcp://localhost:5672?ssl='true'";
+        AMQBrokerDetails broker = new AMQBrokerDetails(brokerURL);
+        ConnectionSettings connectionSettings = broker.buildConnectionSettings();
+        assertFalse(String.format("Unexpected '%s' option value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                connectionSettings.isVerifyHostname());
+        assertNull(String.format("Unexpected '%s' property value", BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME),
+                broker.getProperty(BrokerDetails.OPTIONS_SSL_VERIFY_HOSTNAME));
+    }
 }
author	Alex Rudyy <orudyy@apache.org>	2014-08-07 00:20:24 +0000
committer	Alex Rudyy <orudyy@apache.org>	2014-08-07 00:20:24 +0000
commit	87456620af31532eb5af81c0207e7533ae67fb39 (patch)
tree	866844d60f28c65c90ac382a0383a1be4609b5c3 /qpid/java/client
parent	dc820f18f1d290835df8e620e649ad73e2a7fc7b (diff)
download	qpid-python-87456620af31532eb5af81c0207e7533ae67fb39.tar.gz