summaryrefslogtreecommitdiff
path: root/qpid/java
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/java')
-rw-r--r--qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java3
-rw-r--r--qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java32
-rw-r--r--qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java12
-rw-r--r--qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java18
4 files changed, 37 insertions, 28 deletions
diff --git a/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java b/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java
index 02bf93664e..af871d2bc4 100644
--- a/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java
+++ b/qpid/java/amqp-1-0-client-websocket/src/main/java/org/apache/qpid/amqp_1_0/client/websocket/WebSocketProvider.java
@@ -33,6 +33,7 @@ import org.eclipse.jetty.websocket.WebSocketClient;
import org.eclipse.jetty.websocket.WebSocketClientFactory;
import org.apache.qpid.amqp_1_0.client.ConnectionException;
+import org.apache.qpid.amqp_1_0.client.SSLUtil;
import org.apache.qpid.amqp_1_0.client.TransportProvider;
import org.apache.qpid.amqp_1_0.codec.FrameWriter;
import org.apache.qpid.amqp_1_0.framing.AMQFrame;
@@ -71,7 +72,7 @@ class WebSocketProvider implements TransportProvider
sslContextFactory.setSslContext(context);
- sslContextFactory.addExcludeProtocols("SSLv3");
+ sslContextFactory.addExcludeProtocols(SSLUtil.SSLV3_PROTOCOL);
factory.start();
return factory;
diff --git a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
index 70e5d08f15..225293c42e 100644
--- a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
+++ b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/SSLUtil.java
@@ -20,13 +20,6 @@
*/
package org.apache.qpid.amqp_1_0.client;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509ExtendedKeyManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@@ -37,10 +30,23 @@ import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedKeyManager;
public class SSLUtil
{
public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
+ public static final String SSLV3_PROTOCOL = "SSLv3";
public static SSLContext buildSslContext(final String certAlias,
final String keyStorePath,
@@ -212,4 +218,16 @@ public class SSLUtil
return delegate.chooseEngineServerAlias(keyType, issuers, engine);
}
}
+
+ public static void removeSSLv3Support(final SSLSocket socket)
+ {
+ List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ }
+ }
+
}
diff --git a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java
index 1cf270f930..720f12dc0d 100644
--- a/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java
+++ b/qpid/java/amqp-1-0-client/src/main/java/org/apache/qpid/amqp_1_0/client/TCPTransportProvier.java
@@ -26,9 +26,6 @@ import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -77,15 +74,8 @@ class TCPTransportProvier implements TransportProvider
if(sslContext != null)
{
final SSLSocketFactory socketFactory = sslContext.getSocketFactory();
-
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(address, port);
- List<String> supportedProtocols = Arrays.asList(sslSocket.getSupportedProtocols());
- if(supportedProtocols.contains("SSLv3"))
- {
- List<String> allowedProtocols = new ArrayList<>(supportedProtocols);
- allowedProtocols.remove("SSLv3");
- sslSocket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
- }
+ SSLUtil.removeSSLv3Support(sslSocket);
sslSocket.startHandshake();
conn.setExternalPrincipal(sslSocket.getSession().getLocalPrincipal());
_socket=sslSocket;
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index 0494f60e23..98229fd2a1 100644
--- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -250,10 +250,10 @@ public class SSLUtil
public static void removeSSLv3Support(final SSLEngine engine)
{
- List<String> supportedProtocols = Arrays.asList(engine.getSupportedProtocols());
- if(supportedProtocols.contains(SSLV3_PROTOCOL))
+ List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
{
- List<String> allowedProtocols = new ArrayList<>(supportedProtocols);
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
allowedProtocols.remove(SSLV3_PROTOCOL);
engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
}
@@ -261,10 +261,10 @@ public class SSLUtil
public static void removeSSLv3Support(final SSLSocket socket)
{
- List<String> supportedProtocols = Arrays.asList(socket.getSupportedProtocols());
- if(supportedProtocols.contains(SSLV3_PROTOCOL))
+ List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
{
- List<String> allowedProtocols = new ArrayList<>(supportedProtocols);
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
allowedProtocols.remove(SSLV3_PROTOCOL);
socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
}
@@ -273,10 +273,10 @@ public class SSLUtil
public static void removeSSLv3Support(final SSLServerSocket socket)
{
- List<String> supportedProtocols = Arrays.asList(socket.getSupportedProtocols());
- if(supportedProtocols.contains(SSLV3_PROTOCOL))
+ List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
{
- List<String> allowedProtocols = new ArrayList<>(supportedProtocols);
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
allowedProtocols.remove(SSLV3_PROTOCOL);
socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
}
View Lorry Controller Status