You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2017/01/05 07:22:41 UTC
svn commit: r1777426 - in
/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security:
SiteSpecificTrustStore.java SiteSpecificTrustStoreImpl.java
Author: kwall
Date: Thu Jan 5 07:22:41 2017
New Revision: 1777426
URL: http://svn.apache.org/viewvc?rev=1777426&view=rev
Log:
QPID-7311: [Java Broker] [SiteSpecificTrustStore] Validate URL on creation
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java?rev=1777426&r1=1777425&r2=1777426&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java Thu Jan 5 07:22:41 2017
@@ -34,7 +34,7 @@ public interface SiteSpecificTrustStore<
{
String CERTIFICATE = "certificate";
- @ManagedAttribute(immutable = true, description = "The URL from which to obtain the trusted certificate. This must include the protocol and port. Example: https://example.com:443")
+ @ManagedAttribute(immutable = true, description = "The URL from which to obtain the trusted certificate. Example: https://example.com or https://example.com:8443")
String getSiteUrl();
@DerivedAttribute(persist = true, description = "The X.509 certificate obtained from the given URL as base64 encoded representation of the ASN.1 DER encoding")
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1777426&r1=1777425&r2=1777426&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java Thu Jan 5 07:22:41 2017
@@ -22,6 +22,7 @@ package org.apache.qpid.server.security;
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
@@ -118,6 +119,26 @@ public class SiteSpecificTrustStoreImpl
}
@Override
+ protected void validateOnCreate()
+ {
+ super.validateOnCreate();
+
+ try
+ {
+ URL url = new URL(_siteUrl);
+
+ if (url.getHost() == null || (url.getPort() == -1 && url.getDefaultPort() == -1))
+ {
+ throw new IllegalConfigurationException(String.format("URL '%s' does not provide a hostname and port number", _siteUrl));
+ }
+ }
+ catch (MalformedURLException e)
+ {
+ throw new IllegalConfigurationException(String.format("'%s' is not a valid URL", _siteUrl));
+ }
+ }
+
+ @Override
public String getCertificate()
{
if (_x509Certificate != null)
@@ -156,7 +177,7 @@ public class SiteSpecificTrustStoreImpl
// verify that it is not in use
String storeName = getName();
- Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts());
+ Collection<Port<?>> ports = new ArrayList<>(_broker.getPorts());
for (Port port : ports)
{
Collection<TrustStore> trustStores = port.getTrustStores();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org