You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2021/06/16 21:35:34 UTC
[qpid-broker-j] 01/02: QPID-8541: [Broker-J] Enhance Broker Rest
API to include certificate alias
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit b64ca15d654fc188c55420e30d35dbdc77c8ca35
Author: Marek Laca <mk...@gmail.com>
AuthorDate: Tue Jun 15 18:03:59 2021 +0200
QPID-8541: [Broker-J] Enhance Broker Rest API to include certificate alias
This closes #95
---
.../qpid/server/security/CertificateDetails.java | 2 +-
.../server/security/CertificateDetailsImpl.java | 20 +++++++++-
.../qpid/server/security/FileKeyStoreImpl.java | 25 +++++++++---
.../qpid/server/security/FileTrustStoreImpl.java | 44 +++++++++++++---------
.../transport/network/security/ssl/SSLUtil.java | 12 +++---
.../qpid/management/store/CertificateGridWidget.js | 12 ++++--
6 files changed, 80 insertions(+), 35 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java
index 41f9bfe..1ea0483 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java
@@ -37,5 +37,5 @@ public interface CertificateDetails extends ManagedAttributeValue
List<String> getSubjectAltNames();
Date getValidFrom();
Date getValidUntil();
-
+ String getAlias();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java
index 8561b59..1592e07 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java
@@ -28,6 +28,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
+import java.util.Objects;
import org.apache.qpid.server.model.ManagedAttributeValue;
@@ -35,9 +36,18 @@ public class CertificateDetailsImpl implements CertificateDetails, ManagedAttrib
{
private final X509Certificate _x509cert;
- public CertificateDetailsImpl(final X509Certificate x509cert)
+ private final String _alias;
+
+ public CertificateDetailsImpl(X509Certificate x509cert)
+ {
+ this(x509cert, null);
+ }
+
+ public CertificateDetailsImpl(X509Certificate x509cert, String alias)
{
- _x509cert = x509cert;
+ super();
+ _x509cert = Objects.requireNonNull(x509cert);
+ _alias = alias;
}
@Override
@@ -108,4 +118,10 @@ public class CertificateDetailsImpl implements CertificateDetails, ManagedAttrib
{
return _x509cert.getNotAfter();
}
+
+ @Override
+ public String getAlias()
+ {
+ return _alias;
+ }
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
index b6c6c1a..52df108 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
@@ -29,13 +29,16 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
+import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -80,7 +83,7 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
@ManagedAttributeField
private String _password;
- private volatile Collection<Certificate> _certificates;
+ private volatile Map<String, Certificate> _certificates = Collections.emptyMap();
static
{
@@ -132,16 +135,14 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
private void initialize()
{
- Collection<Certificate> result;
try
{
- result = Collections.unmodifiableCollection(SSLUtil.getCertificates(getInitializedKeyStore(this)));
+ _certificates = Collections.unmodifiableMap(SSLUtil.getCertificates(getInitializedKeyStore(this)));
}
catch (GeneralSecurityException | IOException e)
{
throw new IllegalConfigurationException(String.format("Cannot instantiate keystore '%s'", getName()), e);
}
- _certificates = result;
}
@Override
@@ -401,10 +402,22 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
}
@Override
+ public List<CertificateDetails> getCertificateDetails()
+ {
+ if (_certificates.isEmpty())
+ {
+ return Collections.emptyList();
+ }
+ return _certificates.entrySet().stream()
+ .filter(entry -> entry.getValue() instanceof X509Certificate)
+ .map(entry -> new CertificateDetailsImpl((X509Certificate) entry.getValue(), entry.getKey()))
+ .collect(Collectors.toList());
+ }
+
+ @Override
protected Collection<Certificate> getCertificates()
{
- final Collection<Certificate> certificates = _certificates;
- return certificates == null ? Collections.emptyList() : certificates;
+ return _certificates.values();
}
private boolean containsPrivateKey(final java.security.KeyStore keyStore) throws KeyStoreException
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
index 161c8d4..e2f7342 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
@@ -20,9 +20,7 @@
*/
package org.apache.qpid.server.security;
-import java.io.File;
import java.io.IOException;
-import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@@ -30,12 +28,16 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.Enumeration;
+import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.stream.Collectors;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -74,7 +76,8 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
private volatile String _password;
private volatile TrustManager[] _trustManagers;
- private volatile Certificate[] _certificates;
+
+ private volatile Map<String, Certificate> _certificates = Collections.emptyMap();
static
{
@@ -255,8 +258,20 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
@Override
public Certificate[] getCertificates()
{
- Certificate[] certificates = _certificates;
- return certificates == null ? new Certificate[0] : Arrays.copyOf(certificates, certificates.length);
+ return _certificates.values().toArray(new Certificate[0]);
+ }
+
+ @Override
+ public List<CertificateDetails> getCertificateDetails()
+ {
+ if (_certificates.isEmpty())
+ {
+ return Collections.emptyList();
+ }
+ return _certificates.entrySet().stream()
+ .filter(entry -> entry.getValue() instanceof X509Certificate)
+ .map(entry -> new CertificateDetailsImpl((X509Certificate) entry.getValue(), entry.getKey()))
+ .collect(Collectors.toList());
}
@SuppressWarnings(value = "unused")
@@ -274,18 +289,20 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
protected void initialize()
{
+ final TrustManager[] trustManagers;
+ final Map<String, Certificate> certificates;
try
{
- KeyStore ts = initializeKeyStore(this);
- TrustManager[] trustManagers = createTrustManagers(ts);
- Certificate[] certificates = createCertificates(ts);
- _trustManagers = trustManagers;
- _certificates = certificates;
+ final KeyStore ts = initializeKeyStore(this);
+ trustManagers = createTrustManagers(ts);
+ certificates = Collections.unmodifiableMap(SSLUtil.getCertificates(ts));
}
catch (Exception e)
{
throw new IllegalConfigurationException(String.format("Cannot instantiate trust store '%s'", getName()), e);
}
+ _trustManagers = trustManagers;
+ _certificates = certificates;
}
private TrustManager[] createTrustManagers(final KeyStore ts) throws KeyStoreException
@@ -335,11 +352,4 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
return trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]);
}
}
-
- private Certificate[] createCertificates(final KeyStore ts) throws KeyStoreException
- {
- final Collection<Certificate> certificates = SSLUtil.getCertificates(ts);
-
- return certificates.toArray(new Certificate[certificates.size()]);
- }
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 7640e88..2e62faa 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -56,8 +56,10 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -1051,16 +1053,16 @@ public class SSLUtil
}
- public static Collection<Certificate> getCertificates(final KeyStore ks) throws KeyStoreException
+ public static Map<String, Certificate> getCertificates(final KeyStore ks) throws KeyStoreException
{
- List<Certificate> certificates = new ArrayList<>();
- Enumeration<String> aliases = ks.aliases();
+ final Map<String ,Certificate> certificates = new HashMap<>();
+ final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements())
{
- String alias = aliases.nextElement();
+ final String alias = aliases.nextElement();
if (ks.isCertificateEntry(alias))
{
- certificates.add(ks.getCertificate(alias));
+ certificates.put(alias, ks.getCertificate(alias));
}
}
return certificates;
diff --git a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js
index d64e1f4..fb369d2 100644
--- a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js
+++ b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js
@@ -88,11 +88,11 @@ define(["dojo/_base/declare",
new UpdatableStore([], this.certificatesGridContainer, [{
name: "Subject Name",
field: "subjectName",
- width: "25%"
+ width: "22%"
}, {
name: "Issuer Name",
field: "issuerName",
- width: "25%"
+ width: "22%"
}, {
name: "Serial #",
field: "serialNumber",
@@ -100,13 +100,17 @@ define(["dojo/_base/declare",
}, {
name: "Valid From",
field: "validFrom",
- width: "20%",
+ width: "15%",
formatter: lang.hitch(this, this._formatDate)
}, {
name: "Valid Until",
field: "validUntil",
- width: "20%",
+ width: "15%",
formatter: lang.hitch(this, this._formatDate)
+ }, {
+ name: "Alias",
+ field: "alias",
+ width: "16%"
}], null, gridProperties, EnhancedGrid);
if (window.FileReader)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org