summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java21
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java2
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java16
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java14
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java4
5 files changed, 48 insertions, 9 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java b/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
index 74064c9d11..d5f97f48a8 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
@@ -181,10 +181,25 @@ public class ClientDelegate extends ConnectionDelegate
@Override public void connectionOpenOk(Connection conn, ConnectionOpenOk ok)
{
SaslClient sc = conn.getSaslClient();
- if (sc != null && sc.getMechanismName().equals("GSSAPI") && getUserID() != null)
+ if (sc != null)
{
- conn.setUserID(getUserID());
+ if (sc.getMechanismName().equals("GSSAPI"))
+ {
+ String id = getKerberosUser();
+ if (id != null)
+ {
+ conn.setUserID(id);
+ }
+ }
+ else if (sc.getMechanismName().equals("EXTERNAL"))
+ {
+ if (conn.getSecurityLayer() != null)
+ {
+ conn.setUserID(conn.getSecurityLayer().getUserID());
+ }
+ }
}
+
conn.setState(OPEN);
}
@@ -245,7 +260,7 @@ public class ClientDelegate extends ConnectionDelegate
}
- private String getUserID()
+ private String getKerberosUser()
{
log.debug("Obtaining userID from kerberos");
String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName();
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java
index bb877d4185..3f0966903d 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayer.java
@@ -156,7 +156,7 @@ public class SecurityLayer
public String getUserID()
{
- return null;
+ return SSLUtil.retriveIdentity(engine);
}
}
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java
index 73b2fcb731..082ae9e8ec 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLReceiver.java
@@ -28,6 +28,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
+import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.Receiver;
import org.apache.qpid.transport.TransportException;
import org.apache.qpid.transport.util.Logger;
@@ -42,7 +43,8 @@ public class SSLReceiver implements Receiver<ByteBuffer>
private ByteBuffer localBuffer;
private boolean dataCached = false;
private final Object notificationToken;
-
+ private ConnectionSettings settings;
+
private static final Logger log = Logger.get(SSLReceiver.class);
public SSLReceiver(SSLEngine engine, Receiver<ByteBuffer> delegate,SSLSender sender)
@@ -56,6 +58,11 @@ public class SSLReceiver implements Receiver<ByteBuffer>
notificationToken = sender.getNotificationToken();
}
+ public void setConnectionSettings(ConnectionSettings settings)
+ {
+ this.settings = settings;
+ }
+
public void closed()
{
delegate.closed();
@@ -159,8 +166,13 @@ public class SSLReceiver implements Receiver<ByteBuffer>
sender.doTasks();
handshakeStatus = engine.getHandshakeStatus();
- case NEED_WRAP:
case FINISHED:
+ if (this.settings != null && this.settings.isVerifyHostname() )
+ {
+ SSLUtil.verifyHostname(engine, this.settings.getHost());
+ }
+
+ case NEED_WRAP:
case NOT_HANDSHAKING:
synchronized(notificationToken)
{
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java
index bc1bee1e5d..24cedcc75a 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLSender.java
@@ -28,6 +28,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
+import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.Sender;
import org.apache.qpid.transport.SenderException;
import org.apache.qpid.transport.util.Logger;
@@ -39,7 +40,8 @@ public class SSLSender implements Sender<ByteBuffer>
private int sslBufSize;
private ByteBuffer netData;
private long timeout = 30000;
-
+ private ConnectionSettings settings;
+
private final Object engineState = new Object();
private final AtomicBoolean closed = new AtomicBoolean(false);
@@ -53,6 +55,11 @@ public class SSLSender implements Sender<ByteBuffer>
netData = ByteBuffer.allocate(sslBufSize);
timeout = Long.getLong("qpid.ssl_timeout", 60000);
}
+
+ public void setConnectionSettings(ConnectionSettings settings)
+ {
+ this.settings = settings;
+ }
public void close()
{
@@ -225,6 +232,11 @@ public class SSLSender implements Sender<ByteBuffer>
break;
case FINISHED:
+ if (this.settings != null && this.settings.isVerifyHostname() )
+ {
+ SSLUtil.verifyHostname(engine, this.settings.getHost());
+ }
+
case NOT_HANDSHAKING:
break; //do nothing
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index f74a6ecae4..f23d9ae359 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -38,7 +38,7 @@ public class SSLUtil
log.debug("Host Name obtained from DN : " + hostname);
}
- if (hostname != null && hostname.equalsIgnoreCase(hostnameExpected))
+ if (hostname != null && !hostname.equalsIgnoreCase(hostnameExpected))
{
throw new TransportException("SSL hostname verification failed." +
" Expected : " + hostnameExpected +
@@ -50,7 +50,7 @@ public class SSLUtil
{
log.warn("Exception received while trying to verify hostname",e);
// For some reason the SSL engine sets the handshake status to FINISH twice
- // in succession. For some reason the first time the peer certificate
+ // in succession. The first time the peer certificate
// info is not available. The second time it works !
// Therefore have no choice but to ignore the exception here.
}
View Lorry Controller Status