You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2017/10/12 08:23:29 UTC
qpid-broker-j git commit: QPID-7967: [Java Broker] Add context
variables to configure TLS session timeouts and TLS session cache size
Repository: qpid-broker-j
Updated Branches:
refs/heads/master 332a3c08c -> d60f40a49
QPID-7967: [Java Broker] Add context variables to configure TLS session timeouts and TLS session cache size
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/d60f40a4
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/d60f40a4
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/d60f40a4
Branch: refs/heads/master
Commit: d60f40a4942c491c603a66c4407ab6f94e87c2df
Parents: 332a3c0
Author: Alex Rudyy <or...@apache.org>
Authored: Wed Oct 11 21:19:50 2017 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Wed Oct 11 21:19:50 2017 +0100
----------------------------------------------------------------------
.../java/org/apache/qpid/server/model/Port.java | 6 ++++
.../apache/qpid/server/model/port/AmqpPort.java | 10 +++++++
.../qpid/server/model/port/AmqpPortImpl.java | 30 +++++++++++++++++++-
.../apache/qpid/server/model/port/HttpPort.java | 10 +++++++
.../qpid/server/model/port/HttpPortImpl.java | 25 +++++++++++++---
.../management/plugin/HttpManagement.java | 10 +++++++
6 files changed, 86 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
index b34f400..003caf7 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
@@ -111,6 +111,12 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
@ManagedAttribute( mandatory = true )
AuthenticationProvider<?> getAuthenticationProvider();
+ @DerivedAttribute(description = "TLS session timeout in seconds")
+ int getTLSSessionTimeout();
+
+ @DerivedAttribute(description = "TLS session cache size")
+ int getTLSSessionCacheSize();
+
Collection<Connection> getConnections();
void start();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
index 857c72d..331271b 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
@@ -114,6 +114,16 @@ public interface AmqpPort<X extends AmqpPort<X>> extends Port<X>
@ManagedContextDefault(name = HEART_BEAT_DELAY)
int DEFAULT_HEART_BEAT_DELAY = 0;
+ String TLS_SESSION_TIMEOUT = "qpid.port.amqp.tlsSessionTimeout";
+ @SuppressWarnings("unused")
+ @ManagedContextDefault(name = TLS_SESSION_TIMEOUT, description = "TLS session timeout for AMQP ports (seconds).")
+ int DEFAULT_TLS_SESSION_TIMEOUT = 5* 60;
+
+ String TLS_SESSION_CACHE_SIZE = "qpid.port.amqp.tlsSessionCacheSize";
+ @SuppressWarnings("unused")
+ @ManagedContextDefault(name = TLS_SESSION_CACHE_SIZE, description = "TLS session cache size for AMQP ports (seconds).")
+ int DEFAULT_TLS_SESSION_CACHE_SIZE = 100;
+
SSLContext getSSLContext();
@ManagedAttribute(defaultValue = "*")
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
index 15630b7..4faebe6 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
@@ -33,6 +33,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSessionContext;
import javax.security.auth.Subject;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -106,6 +107,8 @@ public class AmqpPortImpl extends AbstractPort<AmqpPortImpl> implements AmqpPort
private volatile boolean _closeWhenNoRoute;
private volatile int _sessionCountLimit;
private volatile int _heartBeatDelay;
+ private volatile int _tlsSessionTimeout;
+ private volatile int _tlsSessionCacheSize;
@ManagedObjectFactoryConstructor
@@ -195,6 +198,8 @@ public class AmqpPortImpl extends AbstractPort<AmqpPortImpl> implements AmqpPort
_closeWhenNoRoute = getContextValue(Boolean.class, AmqpPort.CLOSE_WHEN_NO_ROUTE);
_sessionCountLimit = getContextValue(Integer.class, AmqpPort.SESSION_COUNT_LIMIT);
_heartBeatDelay = getContextValue(Integer.class, AmqpPort.HEART_BEAT_DELAY);
+ _tlsSessionTimeout = getContextValue(Integer.class, AmqpPort.TLS_SESSION_TIMEOUT);
+ _tlsSessionCacheSize = getContextValue(Integer.class, AmqpPort.TLS_SESSION_CACHE_SIZE);
}
@Override
@@ -356,7 +361,18 @@ public class AmqpPortImpl extends AbstractPort<AmqpPortImpl> implements AmqpPort
+ this.getName() + "' but no trust store defined");
}
- return SSLUtil.createSslContext(keyStore, trustStores, getName());
+ SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
+ SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
+ if (getTLSSessionCacheSize() > 0)
+ {
+ serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
+ }
+ if (getTLSSessionTimeout() > 0)
+ {
+ serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
+ }
+
+ return sslContext;
}
private Protocol getDefaultAmqpSupportedReply()
@@ -578,4 +594,16 @@ public class AmqpPortImpl extends AbstractPort<AmqpPortImpl> implements AmqpPort
{
return _heartBeatDelay;
}
+
+ @Override
+ public int getTLSSessionTimeout()
+ {
+ return _tlsSessionTimeout;
+ }
+
+ @Override
+ public int getTLSSessionCacheSize()
+ {
+ return _tlsSessionCacheSize;
+ }
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
index 6f344db..cc61281 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
@@ -62,6 +62,16 @@ public interface HttpPort<X extends HttpPort<X>> extends Port<X>
description = "The maximum amount of time (in milliseconds) a session can be active.")
long DEFAULT_ABSOLUTE_SESSION_TIMEOUT = -1;
+ String TLS_SESSION_TIMEOUT = "qpid.port.http.tlsSessionTimeout";
+ @SuppressWarnings("unused")
+ @ManagedContextDefault(name = TLS_SESSION_TIMEOUT, description = "TLS session timeout for HTTP ports (seconds).")
+ int DEFAULT_TLS_SESSION_TIMEOUT = 15 * 60;
+
+ String TLS_SESSION_CACHE_SIZE = "qpid.port.http.tlsSessionCacheSize";
+ @SuppressWarnings("unused")
+ @ManagedContextDefault(name = TLS_SESSION_CACHE_SIZE, description = "TLS session cache size for HTTP ports (seconds).")
+ int DEFAULT_TLS_SESSION_CACHE_SIZE = 1000;
+
@ManagedAttribute(defaultValue = "*")
String getBindingAddress();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
index c10ebec..8a655ad 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
@@ -46,10 +46,13 @@ public class HttpPortImpl extends AbstractPort<HttpPortImpl> implements HttpPort
@ManagedAttributeField
private boolean _manageBrokerOnNoAliasMatch;
- private int _numberOfAcceptors;
- private int _numberOfSelectors;
- private int _acceptsBacklogSize;
- private long _absoluteSessionTimeout;
+
+ private volatile int _numberOfAcceptors;
+ private volatile int _numberOfSelectors;
+ private volatile int _acceptsBacklogSize;
+ private volatile long _absoluteSessionTimeout;
+ private volatile int _tlsSessionTimeout;
+ private volatile int _tlsSessionCacheSize;
@ManagedObjectFactoryConstructor
public HttpPortImpl(final Map<String, Object> attributes,
@@ -125,6 +128,18 @@ public class HttpPortImpl extends AbstractPort<HttpPortImpl> implements HttpPort
}
@Override
+ public int getTLSSessionTimeout()
+ {
+ return _tlsSessionTimeout;
+ }
+
+ @Override
+ public int getTLSSessionCacheSize()
+ {
+ return _tlsSessionCacheSize;
+ }
+
+ @Override
protected void onOpen()
{
super.onOpen();
@@ -133,6 +148,8 @@ public class HttpPortImpl extends AbstractPort<HttpPortImpl> implements HttpPort
_numberOfAcceptors = getContextValue(Integer.class, HttpPort.PORT_HTTP_NUMBER_OF_ACCEPTORS);
_numberOfSelectors = getContextValue(Integer.class, HttpPort.PORT_HTTP_NUMBER_OF_SELECTORS);
_absoluteSessionTimeout = getContextValue(Long.class, HttpPort.ABSOLUTE_SESSION_TIMEOUT);
+ _tlsSessionTimeout = getContextValue(Integer.class, HttpPort.TLS_SESSION_TIMEOUT);
+ _tlsSessionCacheSize = getContextValue(Integer.class, HttpPort.TLS_SESSION_CACHE_SIZE);
}
@Override
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d60f40a4/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 3b9d7de..f81648b 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -41,6 +41,7 @@ import java.util.concurrent.Executors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSessionContext;
import javax.servlet.DispatcherType;
import javax.servlet.MultipartConfigElement;
import javax.servlet.http.HttpServletRequest;
@@ -600,6 +601,15 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, port.getName());
+ SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
+ if (port.getTLSSessionCacheSize() > 0)
+ {
+ serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
+ }
+ if (port.getTLSSessionTimeout() > 0)
+ {
+ serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
+ }
SslContextFactory factory = new SslContextFactory()
{
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org