Examples with QpidPeersOnlyTrustManager org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager used on opensource projects

Example 6 with QpidPeersOnlyTrustManager

use of org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager in project qpid-broker-j by apache.

the class TrustManagerTest method testQpidMultipleTrustManagerWithTrustAndPeerStores.

/**
 * Tests that the QpidMultipleTrustManager gives the expected behaviour when wrapping a
 * QpidPeersOnlyTrustManager against the peer certificate, a regular TrustManager
 * against the CA root certificate.
 */
@Test
public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception {
    final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
    final KeyStore ts = createKeyStore(_ca);
    final X509TrustManager tm = getX509TrustManager(ts);
    assertNotNull("The regular trust manager for the trust store was not found", tm);
    mulTrustManager.addTrustManager(tm);
    final KeyStore ps = createKeyStore(_app1);
    final X509TrustManager tm2 = getX509TrustManager(ts);
    assertNotNull("The regular trust manager for the peer store was not found", tm2);
    mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ps, tm2));
    try {
        // verify the CA-trusted app1 cert (should succeed)
        mulTrustManager.checkClientTrusted(new X509Certificate[] { _app1, _ca }, "RSA");
    } catch (CertificateException ex) {
        fail("Trusted client's validation against the broker's multi store manager failed.");
    }
    try {
        // verify the CA-trusted app2 cert (should succeed)
        mulTrustManager.checkClientTrusted(new X509Certificate[] { _app2, _ca }, "RSA");
    } catch (CertificateException ex) {
        fail("Trusted client's validation against the broker's multi store manager failed.");
    }
    try {
        // verify the untrusted cert (should fail)
        mulTrustManager.checkClientTrusted(new X509Certificate[] { _untrusted }, "RSA");
        fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
    } catch (CertificateException ex) {
    // expected
    }
}

Example 7 with QpidPeersOnlyTrustManager

use of org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager in project qpid-broker-j by apache.

the class FileTrustStoreTest method testCreatePeersOnlyTrustStoreFromFile_Success.

@Test
public void testCreatePeersOnlyTrustStoreFromFile_Success() throws Exception {
    final KeyCertificatePair keyPairAndRootCA = TlsResourceBuilder.createKeyPairAndRootCA(DN_CA);
    final Path keyStoreFile = TLS_RESOURCE.createTrustStore(DN_FOO, keyPairAndRootCA);
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(FileTrustStore.NAME, NAME);
    attributes.put(FileTrustStore.STORE_URL, keyStoreFile.toFile().getAbsolutePath());
    attributes.put(FileTrustStore.PASSWORD, TLS_RESOURCE.getSecret());
    attributes.put(FileTrustStore.PEERS_ONLY, true);
    attributes.put(FileTrustStore.TRUST_STORE_TYPE, TLS_RESOURCE.getKeyStoreType());
    final FileTrustStore<?> fileTrustStore = createFileTrustStore(attributes);
    TrustManager[] trustManagers = fileTrustStore.getTrustManagers();
    assertNotNull(trustManagers);
    assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
    assertNotNull("Trust manager unexpected null", trustManagers[0]);
    final boolean condition = trustManagers[0] instanceof QpidPeersOnlyTrustManager;
    assertTrue("Trust manager unexpected null", condition);
}