Examples with KeyStore - org.apache.qpid.server.model.KeyStore

Example 1 with KeyStore

use of org.apache.qpid.server.model.KeyStore in project qpid-broker-j by apache.

the class HttpManagement method getSslContextFactory.

private SslContextFactory getSslContextFactory(final HttpPort<?> port) {
    KeyStore keyStore = port.getKeyStore();
    if (keyStore == null) {
        throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
    }
    boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
    Collection<TrustStore> trustStores = port.getTrustStores();
    if (needClientCert && trustStores.isEmpty()) {
        throw new IllegalConfigurationException(String.format("Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined", this.getName()));
    }
    SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, port.getName());
    SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (port.getTLSSessionCacheSize() > 0) {
        serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
    }
    if (port.getTLSSessionTimeout() > 0) {
        serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
    }
    SslContextFactory factory = new SslContextFactory() {

        @Override
        public void customize(final SSLEngine sslEngine) {
            super.customize(sslEngine);
            if (port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty()) {
                SSLParameters sslParameters = sslEngine.getSSLParameters();
                sslParameters.setUseCipherSuitesOrder(true);
                sslEngine.setSSLParameters(sslParameters);
            }
            SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
            SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
        }
    };
    factory.setSslContext(sslContext);
    if (port.getNeedClientAuth()) {
        factory.setNeedClientAuth(true);
    } else if (port.getWantClientAuth()) {
        factory.setWantClientAuth(true);
    }
    return factory;
}

Also used : SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SSLSessionContext(javax.net.ssl.SSLSessionContext) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) TrustStore(org.apache.qpid.server.model.TrustStore) SSLContext(javax.net.ssl.SSLContext) KeyStore(org.apache.qpid.server.model.KeyStore)

Example 2 with KeyStore

use of org.apache.qpid.server.model.KeyStore in project qpid-broker-j by apache.

the class SNITest method doBrokerStartup.

private void doBrokerStartup(boolean useMatching, String defaultAlias, final boolean ignoreInvalidSni) throws Exception {
    final File initialConfiguration = createInitialContext();
    _brokerWork = TestFileUtils.createTestDirectory("qpid-work", true);
    Map<String, String> context = new HashMap<>();
    context.put("qpid.work_dir", _brokerWork.toString());
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(SystemConfig.INITIAL_CONFIGURATION_LOCATION, initialConfiguration.getAbsolutePath());
    attributes.put(SystemConfig.TYPE, JsonSystemConfigImpl.SYSTEM_CONFIG_TYPE);
    attributes.put(SystemConfig.CONTEXT, context);
    _systemLauncher = new SystemLauncher(new DefaultSystemLauncherListener() {

        @Override
        public void onContainerResolve(final SystemConfig<?> systemConfig) {
            _broker = systemConfig.getContainer(Broker.class);
        }
    });
    _systemLauncher.startup(attributes);
    final Map<String, Object> authProviderAttr = new HashMap<>();
    authProviderAttr.put(AuthenticationProvider.NAME, "myAuthProvider");
    authProviderAttr.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE);
    final AuthenticationProvider authProvider = _broker.createChild(AuthenticationProvider.class, authProviderAttr);
    Map<String, Object> keyStoreAttr = new HashMap<>();
    keyStoreAttr.put(FileKeyStore.NAME, "myKeyStore");
    keyStoreAttr.put(FileKeyStore.STORE_URL, _keyStoreFile.toURI().toURL().toString());
    keyStoreAttr.put(FileKeyStore.PASSWORD, TLS_RESOURCE.getSecret());
    keyStoreAttr.put(FileKeyStore.USE_HOST_NAME_MATCHING, useMatching);
    keyStoreAttr.put(FileKeyStore.CERTIFICATE_ALIAS, defaultAlias);
    final KeyStore keyStore = _broker.createChild(KeyStore.class, keyStoreAttr);
    Map<String, Object> portAttr = new HashMap<>();
    portAttr.put(Port.NAME, "myPort");
    portAttr.put(Port.TYPE, "AMQP");
    portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
    portAttr.put(Port.PORT, 0);
    portAttr.put(Port.AUTHENTICATION_PROVIDER, authProvider);
    portAttr.put(Port.KEY_STORE, keyStore);
    portAttr.put(Port.CONTEXT, Collections.singletonMap(AmqpPort.PORT_IGNORE_INVALID_SNI, String.valueOf(ignoreInvalidSni)));
    final Port<?> port = _broker.createChild(Port.class, portAttr);
    _boundPort = port.getBoundPort();
}

Also used : SystemConfig(org.apache.qpid.server.model.SystemConfig) Broker(org.apache.qpid.server.model.Broker) HashMap(java.util.HashMap) AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider) FileKeyStore(org.apache.qpid.server.security.FileKeyStore) KeyStore(org.apache.qpid.server.model.KeyStore) SystemLauncher(org.apache.qpid.server.SystemLauncher) DefaultSystemLauncherListener(org.apache.qpid.server.SystemLauncherListener.DefaultSystemLauncherListener) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) File(java.io.File)

Example 3 with KeyStore

use of org.apache.qpid.server.model.KeyStore in project qpid-broker-j by apache.

the class AmqpPortImpl method createSslContext.

private SSLContext createSslContext() {
    KeyStore keyStore = getKeyStore();
    Collection<TrustStore> trustStores = getTrustStores();
    boolean needClientCert = (Boolean) getAttribute(NEED_CLIENT_AUTH) || (Boolean) getAttribute(WANT_CLIENT_AUTH);
    if (needClientCert && trustStores.isEmpty()) {
        throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '" + this.getName() + "' but no trust store defined");
    }
    SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
    SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (getTLSSessionCacheSize() > 0) {
        serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
    }
    if (getTLSSessionTimeout() > 0) {
        serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
    }
    return sslContext;
}

Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) TrustStore(org.apache.qpid.server.model.TrustStore) SSLContext(javax.net.ssl.SSLContext) KeyStore(org.apache.qpid.server.model.KeyStore)

Example 4 with KeyStore

use of org.apache.qpid.server.model.KeyStore in project qpid-broker-j by apache.

the class HttpManagement method createSslContext.

private SSLContext createSslContext(final HttpPort<?> port) {
    KeyStore keyStore = port.getKeyStore();
    if (keyStore == null) {
        throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
    }
    final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
    final Collection<TrustStore> trustStores = port.getTrustStores();
    if (needClientCert && trustStores.isEmpty()) {
        throw new IllegalConfigurationException(String.format("Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined", this.getName()));
    }
    final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
    final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (port.getTLSSessionCacheSize() > 0) {
        serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
    }
    if (port.getTLSSessionTimeout() > 0) {
        serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
    }
    return sslContext;
}

Aggregations

KeyStore (org.apache.qpid.server.model.KeyStore)4 SSLContext (javax.net.ssl.SSLContext)3 SSLSessionContext (javax.net.ssl.SSLSessionContext)3 IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)3 TrustStore (org.apache.qpid.server.model.TrustStore)3 File (java.io.File)1 HashMap (java.util.HashMap)1 SSLEngine (javax.net.ssl.SSLEngine)1 SSLParameters (javax.net.ssl.SSLParameters)1 SystemLauncher (org.apache.qpid.server.SystemLauncher)1 DefaultSystemLauncherListener (org.apache.qpid.server.SystemLauncherListener.DefaultSystemLauncherListener)1 AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1 Broker (org.apache.qpid.server.model.Broker)1 ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)1 SystemConfig (org.apache.qpid.server.model.SystemConfig)1 FileKeyStore (org.apache.qpid.server.security.FileKeyStore)1 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)1