Merge branch 'master' into rabbitmq-server-505

Author: michaelklishin

README.md

@@ -23,14 +23,14 @@ These versions can still be used with RabbitMQ server `3.x`.
 <dependency>
     <groupId>com.rabbitmq</groupId>
     <artifactId>amqp-client</artifactId>
-    <version>4.0.0</version>
+    <version>4.0.1</version>
 </dependency>
 ```
 
 ### Gradle
 
 ``` groovy
-compile 'com.rabbitmq:amqp-client:4.0.0'
+compile 'com.rabbitmq:amqp-client:4.0.1'
 ```
 
 #### 3.6.x Series

src/main/java/com/rabbitmq/client/ConnectionFactory.java

@@ -576,7 +576,7 @@ public void useSslProtocol()
     public void useSslProtocol(String protocol)
         throws NoSuchAlgorithmException, KeyManagementException
     {
-        useSslProtocol(protocol, new NullTrustManager());
+        useSslProtocol(protocol, new TrustEverythingTrustManager());
     }
 
     /**

src/main/java/com/rabbitmq/client/NullTrustManager.java

@@ -16,15 +16,31 @@
 
 package com.rabbitmq.client;
 
+import org.slf4j.LoggerFactory;
+
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.X509TrustManager;
 
 /**
  * Convenience class providing a default implementation of javax.net.ssl.X509TrustManager.
  * Trusts every single certificate presented to it.
+ *
+ * Deprecated, use {@link TrustEverythingTrustManager} instead.
+ * Will be removed in next major release.
+ *
+ * @deprecated
  */
 public class NullTrustManager implements X509TrustManager {
+
+    public NullTrustManager() {
+        LoggerFactory.getLogger(NullTrustManager.class).warn(
+            "This trust manager trusts every certificate, effectively disabling peer verification. " +
+            "This is convenient for local development but prone to man-in-the-middle attacks. " +
+            "Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation."
+        );
+    }
+
     /**
      * Doesn't even bother looking at its arguments, simply returns,
      * which makes the check succeed.

src/main/java/com/rabbitmq/client/TrustEverythingTrustManager.java

@@ -0,0 +1,63 @@
+// Copyright (c) 2007-Present Pivotal Software, Inc.  All rights reserved.
+//
+// This software, the RabbitMQ Java client library, is triple-licensed under the
+// Mozilla Public License 1.1 ("MPL"), the GNU General Public License version 2
+// ("GPL") and the Apache License version 2 ("ASL"). For the MPL, please see
+// LICENSE-MPL-RabbitMQ. For the GPL, please see LICENSE-GPL2.  For the ASL,
+// please see LICENSE-APACHE2.
+//
+// This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND,
+// either express or implied. See the LICENSE file for specific language governing
+// rights and limitations of this software.
+//
+// If you have any questions regarding licensing, please contact us at
+// [email protected].
+
+
+package com.rabbitmq.client;
+
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
+
+/**
+ * Convenience class providing a default implementation of javax.net.ssl.X509TrustManager.
+ * Trusts every single certificate presented to it.
+ */
+public class TrustEverythingTrustManager implements X509TrustManager {
+
+    public TrustEverythingTrustManager() {
+        LoggerFactory.getLogger(TrustEverythingTrustManager.class).warn(
+            "This trust manager trusts every certificate, effectively disabling peer verification. " +
+            "This is convenient for local development but prone to man-in-the-middle attacks. " +
+            "Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation."
+        );
+    }
+
+    /**
+     * Doesn't even bother looking at its arguments, simply returns,
+     * which makes the check succeed.
+     */
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) {
+        // Do nothing.
+    }
+
+    /**
+     * Doesn't even bother looking at its arguments, simply returns,
+     * which makes the check succeed.
+     */
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) {
+        // Do nothing.
+    }
+
+    /**
+     * Always returns an empty array of X509Certificates.
+     */
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}

src/test/java/com/rabbitmq/client/test/BrokerTestCase.java

@@ -17,6 +17,7 @@
 package com.rabbitmq.client.test;
 
 import com.rabbitmq.client.*;
+import com.rabbitmq.client.impl.nio.NioParams;
 import com.rabbitmq.tools.Host;
 import org.junit.After;
 import org.junit.Before;
@@ -60,10 +61,17 @@ protected void finished(Description description) {
 
     protected ConnectionFactory newConnectionFactory() {
         ConnectionFactory connectionFactory = TestUtils.connectionFactory();
+        if(TestUtils.USE_NIO) {
+            connectionFactory.setNioParams(nioParams());
+        }
         connectionFactory.setAutomaticRecoveryEnabled(isAutomaticRecoveryEnabled());
         return connectionFactory;
     }
 
+    protected NioParams nioParams() {
+        return new NioParams();
+    }
+
     protected boolean isAutomaticRecoveryEnabled() {
         return true;
     }

src/test/java/com/rabbitmq/client/test/server/PersistenceGuarantees.java

@@ -19,6 +19,7 @@
 
 import java.io.IOException;
 
+import com.rabbitmq.client.impl.nio.NioParams;
 import org.junit.Test;
 
 import com.rabbitmq.client.MessageProperties;
@@ -28,6 +29,14 @@ public class PersistenceGuarantees extends BrokerTestCase {
     private static final int COUNT = 10000;
     private String queue;
 
+    @Override
+    protected NioParams nioParams() {
+        NioParams nioParams = super.nioParams();
+        // may need a higher enqueuing timeout on slow environments
+        return nioParams
+            .setWriteEnqueuingTimeoutInMs(nioParams.getWriteEnqueuingTimeoutInMs() * 2);
+    }
+
     protected void declareQueue() throws IOException {
         queue = channel.queueDeclare("", true, false, false, null).getQueue();
     }