You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/04/03 18:39:43 UTC
svn commit: r1737595 - in
/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server: model/
security/ security/auth/manager/
Author: kwall
Date: Sun Apr 3 16:39:42 2016
New Revision: 1737595
URL: http://svn.apache.org/viewvc?rev=1737595&view=rev
Log:
QPID-7160: [Java Broker] Tactical fix - ensure trust/key stores active before objects that commonly use them (ports, auth providers etc)
Also ensure that we fail early if the truststore produces no trust-mangers (rather than failling at connect time, with a DummyX509TrustManager
'No X509TrustManager implementation available' exception.
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java Sun Apr 3 16:39:42 2016
@@ -78,12 +78,12 @@ public final class BrokerModel extends M
addRelationship(Broker.class, BrokerLogger.class);
addRelationship(Broker.class, VirtualHostNode.class);
+ addRelationship(Broker.class, TrustStore.class);
+ addRelationship(Broker.class, KeyStore.class);
addRelationship(Broker.class, Port.class);
addRelationship(Broker.class, AccessControlProvider.class);
addRelationship(Broker.class, AuthenticationProvider.class);
addRelationship(Broker.class, GroupProvider.class);
- addRelationship(Broker.class, TrustStore.class);
- addRelationship(Broker.class, KeyStore.class);
addRelationship(Broker.class, Plugin.class);
addRelationship(BrokerLogger.class, BrokerLogInclusionRule.class);
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java Sun Apr 3 16:39:42 2016
@@ -300,7 +300,7 @@ public class FileTrustStoreImpl extends
if (trustManagersCol.isEmpty())
{
- return null;
+ throw new IllegalStateException("Truststore " + this + " defines no trust mangers");
}
else
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java Sun Apr 3 16:39:42 2016
@@ -105,6 +105,10 @@ public class ManagedPeerCertificateTrust
@Override
public TrustManager[] getTrustManagers()
{
+ if (_trustManagers == null || _trustManagers.length == 0)
+ {
+ throw new IllegalStateException("Truststore " + this + " defines no trust mangers");
+ }
return _trustManagers;
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java Sun Apr 3 16:39:42 2016
@@ -170,7 +170,10 @@ public class NonJavaTrustStoreImpl
@Override
public TrustManager[] getTrustManagers() throws GeneralSecurityException
{
-
+ if (_trustManagers == null || _trustManagers.length == 0)
+ {
+ throw new IllegalStateException("Truststore " + this + " defines no trust mangers");
+ }
return _trustManagers;
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java Sun Apr 3 16:39:42 2016
@@ -136,6 +136,10 @@ public class SiteSpecificTrustStoreImpl
@Override
public TrustManager[] getTrustManagers() throws GeneralSecurityException
{
+ if (_trustManagers == null || _trustManagers.length == 0)
+ {
+ throw new IllegalStateException("Truststore " + this + " defines no trust mangers");
+ }
return _trustManagers;
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java?rev=1737595&r1=1737594&r2=1737595&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java Sun Apr 3 16:39:42 2016
@@ -50,6 +50,7 @@ import javax.security.sasl.AuthorizeCall
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
+import com.google.common.util.concurrent.ListenableFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -167,7 +168,13 @@ public class SimpleLDAPAuthenticationMan
_tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
_tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
_tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ }
+
+ @Override
+ protected ListenableFuture<Void> activate()
+ {
_sslSocketFactoryOverrideClass = createSslSocketFactoryOverrideClass(_trustStore);
+ return super.activate();
}
@Override
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org