/** * Create Proton SslDomain object from Address using the given Ssl mode * @return the created Ssl domain */ private SslDomain makeDomain() throws IOException { SslDomain domain = Proton.sslDomain(); domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); domain.init(SslDomain.Mode.CLIENT); domain.setSslContext(this.sslContext); return domain; }
keystore.load(null, null); if (sslDomain.getTrustedCaDb() != null) _logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb()); Certificate trustedCaCert = (Certificate) readPemObject(sslDomain.getTrustedCaDb(), null, Certificate.class); keystore.setCertificateEntry(caCertAlias, trustedCaCert); if (sslDomain.getCertificateFile() != null && sslDomain.getPrivateKeyFile() != null) Certificate clientCertificate = (Certificate) readPemObject(sslDomain.getCertificateFile(), null, Certificate.class); Object keyOrKeyPair = readPemObject( sslDomain.getPrivateKeyFile(), sslDomain.getPrivateKeyPassword(), PrivateKey.class, KeyPair.class);
private SslDomain makeDomain(Address address, SslDomain.Mode mode) { SslDomain domain = Proton.sslDomain(); domain.init(mode); if (_certificate != null) { domain.setCredentials(_certificate, _privateKey, _password); } if (_trustedDb != null) { domain.setTrustedCaDb(_trustedDb); } if ("amqps".equalsIgnoreCase(address.getScheme())) { domain.allowUnsecuredClient(false); } else { domain.allowUnsecuredClient(true); } return domain; }
/** * @param domain must implement {@link org.apache.qpid.proton.engine.impl.ssl.ProtonSslEngineProvider}. This is not possible * enforce at the API level because {@link org.apache.qpid.proton.engine.impl.ssl.ProtonSslEngineProvider} is not part of the * public Proton API. */ public SslImpl(SslDomain domain, SslPeerDetails peerDetails) { _domain = domain; _protonSslEngineProvider = (ProtonSslEngineProvider)domain; _peerDetails = peerDetails; if(_domain.getMode() == null) { throw new IllegalStateException("Client/server mode must be configured, SslDomain must have init called."); } if(_peerDetails == null && _domain.getPeerAuthentication() == VerifyMode.VERIFY_PEER_NAME) { throw new IllegalArgumentException("Peer hostname verification is enabled, but no peer details were provided"); } }
private static SslDomain makeDomain(SslDomain.Mode mode) { final SslDomain domain = Proton.sslDomain(); domain.init(mode); // TODO: VERIFY_PEER_NAME support domain.setPeerAuthentication(SslDomain.VerifyMode.ANONYMOUS_PEER); return domain; }
/** * Create Proton SslDomain object from Address using the given Ssl mode * @param mode Proton enum value of requested Ssl mode * @return the created Ssl domain */ private SslDomain makeDomain(SslDomain.Mode mode) { SslDomain domain = Proton.sslDomain(); String trustedDB = getPemFormat(this.config.getPathToCertificate()); if (trustedDB != null ) { domain.setTrustedCaDb(trustedDB); } // Codes_SRS_AMQPSIOTHUBCONNECTION_15_032: [The event handler shall set VERIFY_PEER authentication mode on the domain of the Transport.] if (domain.getTrustedCaDb() != null) { domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); } else { throw new IllegalStateException("SSL connection unsecured, could not find certificate"); } domain.init(mode); return domain; }
@Override public void onConnectionBound(Event event) { // Codes_SRS_SERVICE_SDK_JAVA_AMQPFEEDBACKRECEIVEDHANDLER_12_009: [The event handler shall set the SASL PLAIN authentication on the Transport using the given user name and sas token] // Codes_SRS_SERVICE_SDK_JAVA_AMQPFEEDBACKRECEIVEDHANDLER_12_010: [The event handler shall set VERIFY_PEER authentication mode on the domain of the Transport] Transport transport = event.getConnection().getTransport(); if (transport != null) { if (this.iotHubServiceClientProtocol == IotHubServiceClientProtocol.AMQPS_WS) { WebSocketImpl webSocket = new WebSocketImpl(); webSocket.configure(this.webSocketHostName, WEBSOCKET_PATH, 0, WEBSOCKET_SUB_PROTOCOL, null, null); ((TransportInternal)transport).addTransportLayer(webSocket); } Sasl sasl = transport.sasl(); sasl.plain(this.userName, this.sasToken); SslDomain domain = makeDomain(SslDomain.Mode.CLIENT); domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); try { // Need the base trusted certs for IotHub in our ssl context. IotHubSSLContext handles that domain.setSslContext(new IotHubSSLContext().getSSLContext()); } catch (Exception e) { this.savedException = e; } Ssl ssl = transport.ssl(domain); } }
/** * Create Proton SslDomain object from Address using the given Ssl mode * @param mode The proton enum value of requested Ssl mode * @return The created Ssl domain */ private SslDomain makeDomain(SslDomain.Mode mode) { SslDomain domain = Proton.sslDomain(); try { // Need the base trusted certs for IotHub in our ssl context. IotHubSSLContext handles that domain.setSslContext(new IotHubSSLContext().getSSLContext()); } catch (Exception e) { this.savedException = e; } domain.init(mode); return domain; }
private void initTransportWrapperOnFirstIO() { try { if (_initException == null && _transportWrapper == null) { SslTransportWrapper sslTransportWrapper = new SimpleSslTransportWrapper (_protonSslEngineProvider.createSslEngine(_peerDetails), _inputProcessor, _outputProcessor); if (_domain.allowUnsecuredClient() && _domain.getMode() == SslDomain.Mode.SERVER) { TransportWrapper plainTransportWrapper = new PlainTransportWrapper (_outputProcessor, _inputProcessor); _transportWrapper = new SslHandshakeSniffingTransportWrapper (sslTransportWrapper, plainTransportWrapper); } else { _transportWrapper = sslTransportWrapper; } } } catch (TransportException e) { _initException = e; } } }
/** * Create Proton SslDomain object from Address using the given Ssl mode * @param mode Proton enum value of requested Ssl mode * @return The created Ssl domain */ private SslDomain makeDomain(SslDomain.Mode mode) { SslDomain domain = Proton.sslDomain(); domain.init(mode); return domain; }
/** * Event handler for the connection bound event * @param event The proton event object */ @Override public void onConnectionBound(Event event) { // Codes_SRS_SERVICE_SDK_JAVA_AMQPSENDHANDLER_12_010: [The event handler shall set the SASL PLAIN authentication on the Transport using the given user name and sas token] // Codes_SRS_SERVICE_SDK_JAVA_AMQPSENDHANDLER_12_011: [The event handler shall set VERIFY_PEER authentication mode on the domain of the Transport] Transport transport = event.getConnection().getTransport(); if (transport != null) { if (this.iotHubServiceClientProtocol == IotHubServiceClientProtocol.AMQPS_WS) { WebSocketImpl webSocket = new WebSocketImpl(); webSocket.configure(this.webSocketHostName, WEBSOCKET_PATH, 0, WEBSOCKET_SUB_PROTOCOL, null, null); ((TransportInternal)transport).addTransportLayer(webSocket); } Sasl sasl = transport.sasl(); sasl.plain(this.userName, this.sasToken); SslDomain domain = makeDomain(SslDomain.Mode.CLIENT); domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); Ssl ssl = transport.ssl(domain); } }
if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER)
private SSLContext getOrCreateSslContext(SslDomain sslDomain) if(_sslContext == null && sslDomain.getSslContext() != null) _sslContext = sslDomain.getSslContext(); if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER)
private void initTransportWrapperOnFirstIO() { if (_transportWrapper == null) { SslTransportWrapper sslTransportWrapper = new SimpleSslTransportWrapper( _protonSslEngineProvider.createSslEngine(_peerDetails), _inputProcessor, _outputProcessor); if (_domain.allowUnsecuredClient()) { TransportWrapper plainTransportWrapper = new PlainTransportWrapper(_outputProcessor, _inputProcessor); _transportWrapper = new SslHandshakeSniffingTransportWrapper(sslTransportWrapper, plainTransportWrapper); } else { _transportWrapper = sslTransportWrapper; } } } }
private SSLEngine createAndInitialiseSslEngine(SslDomain domain, SslPeerDetails peerDetails) { SslDomain.Mode mode = domain.getMode(); SSLContext sslContext = getOrCreateSslContext(domain); SSLEngine sslEngine = createSslEngine(sslContext, peerDetails); if (domain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) { addAnonymousCipherSuites(sslEngine); } else { if (mode == SslDomain.Mode.SERVER) { sslEngine.setNeedClientAuth(true); } } if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, mode + " Enabled cipher suites " + Arrays.asList(sslEngine.getEnabledCipherSuites())); } boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false; sslEngine.setUseClientMode(useClientMode); return sslEngine; }
domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); domain.setSslContext(new IotHubSSLContext().getSSLContext());
private void initTransportWrapperOnFirstIO() { try { if (_initException == null && _transportWrapper == null) { SslTransportWrapper sslTransportWrapper = new SimpleSslTransportWrapper (_protonSslEngineProvider.createSslEngine(_peerDetails), _inputProcessor, _outputProcessor); if (_domain.allowUnsecuredClient() && _domain.getMode() == SslDomain.Mode.SERVER) { TransportWrapper plainTransportWrapper = new PlainTransportWrapper (_outputProcessor, _inputProcessor); _transportWrapper = new SslHandshakeSniffingTransportWrapper (sslTransportWrapper, plainTransportWrapper); } else { _transportWrapper = sslTransportWrapper; } } } catch (TransportException e) { _initException = e; } } }
/** * Create Proton SslDomain object from Address using the given Ssl mode * @param mode Proton enum value of requested Ssl mode * @return The created Ssl domain */ private SslDomain makeDomain(SslDomain.Mode mode) { SslDomain domain = Proton.sslDomain(); domain.init(mode); return domain; }
SslDomain domain = makeDomain(address, SslDomain.Mode.CLIENT); if (_trustedDb != null) { domain.setPeerAuthentication(SslDomain.VerifyMode.VERIFY_PEER); domain.setPeerAuthentication(SslDomain.VerifyMode.ANONYMOUS_PEER);
if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER)