Examples with TrustStore org.apache.qpid.server.model.TrustStore used on opensource projects

Search in sources :

Example 6 with TrustStore

use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.

the class MicrosoftLiveOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String liveId = responseMap.get("id");
        if (liveId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
        }
        return new UsernamePrincipal(liveId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 7 with TrustStore

use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.

the class TrustStoreMessageSourceCreator method register.

@Override
public void register(final SystemNodeRegistry registry) {
    final VirtualHost<?> vhost = registry.getVirtualHost();
    VirtualHostNode<?> virtualHostNode = (VirtualHostNode<?>) vhost.getParent();
    final Broker<?> broker = (Broker<?>) virtualHostNode.getParent();
    final Collection<TrustStore> trustStores = broker.getChildren(TrustStore.class);
    final TrustStoreChangeListener trustStoreChangeListener = new TrustStoreChangeListener(registry);
    for (final TrustStore trustStore : trustStores) {
        updateTrustStoreSourceRegistration(registry, trustStore);
        trustStore.addChangeListener(trustStoreChangeListener);
    }
    broker.addChangeListener(new AbstractConfigurationChangeListener() {

        @Override
        public void childAdded(final ConfiguredObject<?> object, final ConfiguredObject<?> child) {
            if (child instanceof TrustStore) {
                TrustStore<?> trustStore = (TrustStore<?>) child;
                updateTrustStoreSourceRegistration(registry, trustStore);
                trustStore.addChangeListener(trustStoreChangeListener);
            }
        }

        @Override
        public void childRemoved(final ConfiguredObject<?> object, final ConfiguredObject<?> child) {
            if (child instanceof TrustStore) {
                TrustStore<?> trustStore = (TrustStore<?>) child;
                trustStore.removeChangeListener(trustStoreChangeListener);
                registry.removeSystemNode(TrustStoreMessageSource.getSourceNameFromTrustStore(trustStore));
            }
        }
    });
}
Also used : Broker(org.apache.qpid.server.model.Broker) TrustStore(org.apache.qpid.server.model.TrustStore) VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode) AbstractConfigurationChangeListener(org.apache.qpid.server.model.AbstractConfigurationChangeListener)

Example 8 with TrustStore

use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.

the class AmqpPortImpl method createSslContext.

private SSLContext createSslContext() {
    KeyStore keyStore = getKeyStore();
    Collection<TrustStore> trustStores = getTrustStores();
    boolean needClientCert = (Boolean) getAttribute(NEED_CLIENT_AUTH) || (Boolean) getAttribute(WANT_CLIENT_AUTH);
    if (needClientCert && trustStores.isEmpty()) {
        throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '" + this.getName() + "' but no trust store defined");
    }
    SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
    SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (getTLSSessionCacheSize() > 0) {
        serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
    }
    if (getTLSSessionTimeout() > 0) {
        serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
    }
    return sslContext;
}
Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) TrustStore(org.apache.qpid.server.model.TrustStore) SSLContext(javax.net.ssl.SSLContext) KeyStore(org.apache.qpid.server.model.KeyStore)

Example 9 with TrustStore

use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.

the class NonJavaTrustStoreTest method testUseOfExpiredTrustAnchorDenied.

public void testUseOfExpiredTrustAnchorDenied() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
    attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
    attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/expired.crt").toExternalForm());
    attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
    TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
    TrustManager[] trustManagers = trustStore.getTrustManagers();
    assertNotNull(trustManagers);
    assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
    assertTrue("Unexpected trust manager type", trustManagers[0] instanceof X509TrustManager);
    X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
    KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE, TestSSLConstants.KEYSTORE_PASSWORD, KeyStore.getDefaultType());
    String alias = clientStore.aliases().nextElement();
    X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
    try {
        trustManager.checkClientTrusted(new X509Certificate[] { certificate }, "NULL");
        fail("Exception not thrown");
    } catch (CertificateException e) {
        if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage())) {
        // IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
        // PASS
        } else {
            throw e;
        }
    }
}
Also used : CertificateExpiredException(java.security.cert.CertificateExpiredException) HashMap(java.util.HashMap) X509TrustManager(javax.net.ssl.X509TrustManager) CertificateException(java.security.cert.CertificateException) TrustStore(org.apache.qpid.server.model.TrustStore) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 10 with TrustStore

use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.

the class NonJavaTrustStoreTest method testCreationOfTrustStoreFromValidCertificate.

public void testCreationOfTrustStoreFromValidCertificate() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
    attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.crt").toExternalForm());
    attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
    TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
    TrustManager[] trustManagers = trustStore.getTrustManagers();
    assertNotNull(trustManagers);
    assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
    assertNotNull("Trust manager unexpected null", trustManagers[0]);
}
Also used : HashMap(java.util.HashMap) TrustStore(org.apache.qpid.server.model.TrustStore) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Aggregations

TrustStore (org.apache.qpid.server.model.TrustStore)18 URL (java.net.URL)8 GeneralSecurityException (java.security.GeneralSecurityException)7 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)6 IOException (java.io.IOException)6 InputStream (java.io.InputStream)6 HttpURLConnection (java.net.HttpURLConnection)6 HashMap (java.util.HashMap)6 Map (java.util.Map)6 UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)6 IdentityResolverException (org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException)6 ConnectionBuilder (org.apache.qpid.server.util.ConnectionBuilder)6 ServerScopedRuntimeException (org.apache.qpid.server.util.ServerScopedRuntimeException)6 X509Certificate (java.security.cert.X509Certificate)5 TrustManager (javax.net.ssl.TrustManager)5 X509TrustManager (javax.net.ssl.X509TrustManager)5 KeyStore (java.security.KeyStore)3 Certificate (java.security.cert.Certificate)3 SSLContext (javax.net.ssl.SSLContext)3 CertificateException (java.security.cert.CertificateException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial