You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/07/30 09:50:56 UTC
[qpid-broker-j] branch master updated (16bc623 -> 5273a45)
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git.
from 16bc623 QPID-8449: [Broker-J][WMC] Fix query store updater
new f75463c QPID-8455: [Broker-J] Use allow/deny list terminology for existing attributes and context variables
new 5273a45 QPID-8455: [Broker-J] Add functionality to upgrade broker configuration
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../server/configuration/CommonProperties.java | 18 +-
.../java/org/apache/qpid/server/model/Broker.java | 20 +--
.../java/org/apache/qpid/server/model/Port.java | 10 +-
.../qpid/server/model/port/AbstractPort.java | 32 ++--
.../manager/SimpleLDAPAuthenticationManager.java | 8 +-
.../SimpleLDAPAuthenticationManagerImpl.java | 40 ++---
.../oauth2/OAuth2AuthenticationProvider.java | 8 +-
.../oauth2/OAuth2AuthenticationProviderImpl.java | 40 ++---
.../CloudFoundryOAuth2IdentityResolverService.java | 8 +-
.../facebook/FacebookIdentityResolverService.java | 8 +-
.../GitHubOAuth2IdentityResolverService.java | 8 +-
.../GoogleOAuth2IdentityResolverService.java | 8 +-
.../KeycloakOAuth2IdentityResolverService.java | 8 +-
...MicrosoftLiveOAuth2IdentityResolverService.java | 8 +-
...oudFoundryDashboardManagementGroupProvider.java | 8 +-
...oundryDashboardManagementGroupProviderImpl.java | 48 ++---
.../store/BrokerStoreUpgraderAndRecoverer.java | 16 +-
.../qpid/server/store/StoreUpgraderPhase.java | 29 +++-
.../apache/qpid/server/store/UpgraderHelper.java | 60 +++++++
.../VirtualHostStoreUpgraderAndRecoverer.java | 13 +-
.../NonBlockingConnectionTLSDelegate.java | 6 +-
.../transport/network/security/ssl/SSLUtil.java | 62 +++----
...uiteAndProtocolRestrictingSSLSocketFactory.java | 48 ++---
.../apache/qpid/server/util/ConnectionBuilder.java | 40 ++---
.../manager/oauth2/OAuth2MockEndpointHolder.java | 28 +--
.../store/BrokerStoreUpgraderAndRecovererTest.java | 116 +++++++++++++
.../qpid/server/store/UpgraderHelperTest.java} | 47 +++--
.../VirtualHostStoreUpgraderAndRecovererTest.java | 82 +++++++++
.../server/transport/TCPandSSLTransportTest.java | 8 +-
.../network/security/ssl/SSLUtilTest.java | 48 ++---
.../server/management/plugin/HttpManagement.java | 12 +-
.../v7_0/category/ContainerController.java | 94 ----------
.../v7_0/category/ContainerDecorator.java | 129 ++++++++++++++
.../v7_0/category/LegacyCategoryController.java | 13 +-
.../category/LegacyCategoryControllerFactory.java | 33 ++--
.../LegacyManagementControllerFactory_v7_1.java | 3 +-
.../LegacyCategoryControllerFactory_v7_1.java | 6 +-
.../LegacyManagementControllerFactory_v8_0.java | 7 +-
.../LegacyCategoryControllerFactory_v8_0.java | 27 ++-
.../category/LegacyCategoryController_v8_0.java | 193 +++++++++++++++++++++
.../LegacyCategoryController_v8_0Test.java | 161 +++++++++++++++++
.../transport/websocket/WebSocketProvider.java | 12 +-
.../LegacyManagementTest.java} | 39 ++---
.../qpid/tests/http/v8_0/LegacyManagementTest.java | 118 +++++++++++++
.../apache/qpid/systests/ConnectionBuilder.java | 4 +-
.../systests/QpidJmsClient0xConnectionBuilder.java | 8 +-
.../systests/QpidJmsClientConnectionBuilder.java | 6 +-
...ava => ObjectMessageClassAllowlistingTest.java} | 50 +++---
.../qpid/systests/admin/SpawnBrokerAdmin.java | 35 ++--
.../qpid/systests/admin/SpawnBrokerAdminTest.java | 16 +-
50 files changed, 1332 insertions(+), 517 deletions(-)
create mode 100644 broker-core/src/main/java/org/apache/qpid/server/store/UpgraderHelper.java
copy broker-core/src/{main/java/org/apache/qpid/server/store/NonNullUpgrader.java => test/java/org/apache/qpid/server/store/UpgraderHelperTest.java} (51%)
delete mode 100644 broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerController.java
create mode 100644 broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerDecorator.java
rename broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/{v7_0 => v7_1}/LegacyManagementControllerFactory_v7_1.java (96%)
rename broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/{v7_0 => v7_1}/category/LegacyCategoryControllerFactory_v7_1.java (87%)
rename broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/{v7_0 => v8_0}/LegacyManagementControllerFactory_v8_0.java (86%)
rename broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/{v7_0 => v8_0}/category/LegacyCategoryControllerFactory_v8_0.java (51%)
create mode 100644 broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0.java
create mode 100644 broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0Test.java
copy systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/{query/QueryBrokerTest.java => v7_0/LegacyManagementTest.java} (50%)
create mode 100644 systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v8_0/LegacyManagementTest.java
rename systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/{ObjectMessageClassWhitelistingTest.java => ObjectMessageClassAllowlistingTest.java} (84%)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-broker-j] 02/02: QPID-8455: [Broker-J] Add functionality to
upgrade broker configuration
Posted by or...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 5273a45b67ef94dfddbdc45eb5486273b9f89c4c
Author: Dedeepya Tunga <de...@jpmchase.com>
AuthorDate: Tue Jul 21 18:07:01 2020 +0530
QPID-8455: [Broker-J] Add functionality to upgrade broker configuration
---
.../store/BrokerStoreUpgraderAndRecoverer.java | 16 +-
.../qpid/server/store/StoreUpgraderPhase.java | 29 +++-
.../apache/qpid/server/store/UpgraderHelper.java | 60 +++++++
.../VirtualHostStoreUpgraderAndRecoverer.java | 13 +-
.../store/BrokerStoreUpgraderAndRecovererTest.java | 116 +++++++++++++
.../qpid/server/store/UpgraderHelperTest.java | 50 ++++++
.../VirtualHostStoreUpgraderAndRecovererTest.java | 82 +++++++++
.../v7_0/category/ContainerController.java | 94 ----------
.../v7_0/category/ContainerDecorator.java | 129 ++++++++++++++
.../v7_0/category/LegacyCategoryController.java | 13 +-
.../category/LegacyCategoryControllerFactory.java | 33 ++--
.../LegacyManagementControllerFactory_v7_1.java | 3 +-
.../LegacyCategoryControllerFactory_v7_1.java | 6 +-
.../LegacyManagementControllerFactory_v8_0.java | 7 +-
.../LegacyCategoryControllerFactory_v8_0.java | 27 ++-
.../category/LegacyCategoryController_v8_0.java | 193 +++++++++++++++++++++
.../LegacyCategoryController_v8_0Test.java | 161 +++++++++++++++++
.../qpid/tests/http/v7_0/LegacyManagementTest.java | 50 ++++++
.../qpid/tests/http/v8_0/LegacyManagementTest.java | 118 +++++++++++++
.../qpid/systests/admin/SpawnBrokerAdmin.java | 2 -
20 files changed, 1058 insertions(+), 144 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java b/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
index 3925f72..8b362e6 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
@@ -48,6 +48,8 @@ public class BrokerStoreUpgraderAndRecoverer extends AbstractConfigurationStoreU
{
private static final Logger LOGGER = LoggerFactory.getLogger(BrokerStoreUpgraderAndRecoverer.class);
+
+
public static final String VIRTUALHOSTS = "virtualhosts";
private final SystemConfig<?> _systemConfig;
@@ -734,20 +736,24 @@ public class BrokerStoreUpgraderAndRecoverer extends AbstractConfigurationStoreU
}
}
- private class Upgrader_8_0_to_9_0 extends StoreUpgraderPhase
+ private static class Upgrader_8_0_to_9_0 extends StoreUpgraderPhase
{
- public Upgrader_8_0_to_9_0()
+
+ Upgrader_8_0_to_9_0()
{
super("modelVersion", "8.0", "9.0");
}
@Override
- public void configuredObject(final ConfiguredObjectRecord record)
+ public void configuredObject(ConfiguredObjectRecord record)
{
- if("Broker".equals(record.getType()))
+ if ("Broker".equals(record.getType()))
{
- upgradeRootRecord(record);
+ record = upgradeRootRecord(record);
}
+ renameContextVariables(record,
+ "context",
+ UpgraderHelper.MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES);
}
@Override
diff --git a/broker-core/src/main/java/org/apache/qpid/server/store/StoreUpgraderPhase.java b/broker-core/src/main/java/org/apache/qpid/server/store/StoreUpgraderPhase.java
index b40dc73..df8bcf8 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/store/StoreUpgraderPhase.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/store/StoreUpgraderPhase.java
@@ -55,4 +55,31 @@ public abstract class StoreUpgraderPhase extends NonNullUpgrader
return _toVersion;
}
-}
\ No newline at end of file
+ ConfiguredObjectRecord renameContextVariables(final ConfiguredObjectRecord record,
+ final String contextAttributeName,
+ final Map<String, String> oldToNewNameMapping)
+ {
+ final Map<String, Object> attributes = record.getAttributes();
+ if (attributes != null && attributes.containsKey(contextAttributeName))
+ {
+ final Object context = attributes.get(contextAttributeName);
+ if (context instanceof Map)
+ {
+ final Map<String, String> newContext =
+ UpgraderHelper.renameContextVariables((Map<String, String>) context, oldToNewNameMapping);
+
+ final Map<String, Object> updatedAttributes = new HashMap<>(record.getAttributes());
+ updatedAttributes.put(contextAttributeName, newContext);
+ final ConfiguredObjectRecord updatedRecord = new ConfiguredObjectRecordImpl(record.getId(),
+ record.getType(),
+ updatedAttributes,
+ record.getParents());
+ getUpdateMap().put(updatedRecord.getId(), updatedRecord);
+ return updatedRecord;
+ }
+ }
+ return record;
+ }
+
+
+}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/store/UpgraderHelper.java b/broker-core/src/main/java/org/apache/qpid/server/store/UpgraderHelper.java
new file mode 100644
index 0000000..4428d67
--- /dev/null
+++ b/broker-core/src/main/java/org/apache/qpid/server/store/UpgraderHelper.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.store;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+public class UpgraderHelper
+{
+ public static final Map<String, String> MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES = new HashMap<>();
+ static
+ {
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES.put("qpid.security.tls.protocolWhiteList",
+ "qpid.security.tls.protocolAllowList");
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES.put("qpid.security.tls.protocolBlackList",
+ "qpid.security.tls.protocolDenyList");
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES.put("qpid.security.tls.cipherSuiteWhiteList",
+ "qpid.security.tls.cipherSuiteAllowList");
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES.put("qpid.security.tls.cipherSuiteBlackList",
+ "qpid.security.tls.cipherSuiteDenyList");
+ }
+
+ public static Map<String, String> renameContextVariables(final Map<String, String> context,
+ final Map<String, String> oldToNewNameMapping)
+ {
+ final Map<String, String> newContext = new HashMap<>(context);
+ oldToNewNameMapping.forEach((oldName, newName) -> {
+ if (newContext.containsKey(oldName))
+ {
+ final String value = newContext.remove(oldName);
+ newContext.put(newName, value);
+ }
+ });
+ return newContext;
+ }
+
+ public static Map<String, String> reverse(Map<String, String> map)
+ {
+ return map.entrySet().stream().collect(Collectors.toMap(Map.Entry::getValue, Map.Entry::getKey));
+ }
+}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecoverer.java b/broker-core/src/main/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecoverer.java
index d1bc608..248c89b 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecoverer.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecoverer.java
@@ -1088,20 +1088,23 @@ public class VirtualHostStoreUpgraderAndRecoverer extends AbstractConfigurationS
}
}
- private class Upgrader_8_0_to_9_0 extends StoreUpgraderPhase
+ private static class Upgrader_8_0_to_9_0 extends StoreUpgraderPhase
{
- public Upgrader_8_0_to_9_0()
+ Upgrader_8_0_to_9_0()
{
super("modelVersion", "8.0", "9.0");
}
@Override
- public void configuredObject(final ConfiguredObjectRecord record)
+ public void configuredObject(ConfiguredObjectRecord record)
{
- if("VirtualHost".equals(record.getType()))
+ if ("VirtualHost".equals(record.getType()))
{
- upgradeRootRecord(record);
+ record = upgradeRootRecord(record);
}
+ renameContextVariables(record,
+ "context",
+ UpgraderHelper.MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES);
}
@Override
diff --git a/broker-core/src/test/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecovererTest.java b/broker-core/src/test/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecovererTest.java
index 8d8f991..67c1d1d 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecovererTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecovererTest.java
@@ -35,6 +35,7 @@ import java.util.List;
import java.util.Map;
import java.util.UUID;
+import org.apache.qpid.server.configuration.CommonProperties;
import org.junit.Before;
import org.junit.Test;
@@ -888,6 +889,121 @@ public class BrokerStoreUpgraderAndRecovererTest extends UnitTestBase
upgradedAttributes.containsKey("conection.closeWhenNoRoute"));
}
+ @Test
+ public void testContextVariableUpgradeForTLSProtocolsSetOnBroker()
+ {
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.protocolWhiteList", ".*");
+ context.put("qpid.security.tls.protocolBlackList", "Ssl.*");
+
+ _brokerRecord.getAttributes().put("modelVersion", "8.0");
+ _brokerRecord.getAttributes().put("context", context);
+
+ final DurableConfigurationStore dcs = new DurableConfigurationStoreStub(_brokerRecord);
+ final BrokerStoreUpgraderAndRecoverer recoverer = new BrokerStoreUpgraderAndRecoverer(_systemConfig);
+ final List<ConfiguredObjectRecord> records = upgrade(dcs, recoverer);
+
+ final Map<String, String> contextMap = findCategoryRecordAndGetContext("Broker", records);
+
+ assertEquals(".*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST));
+ assertEquals("Ssl.*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST));
+ }
+
+
+ @Test
+ public void testContextVariableUpgradeForTLSCipherSuitesSetOnBroker()
+ {
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.cipherSuiteWhiteList", ".*");
+ context.put("qpid.security.tls.cipherSuiteBlackList", "Ssl.*");
+
+ _brokerRecord.getAttributes().put("modelVersion", "8.0");
+ _brokerRecord.getAttributes().put("context", context);
+
+ final DurableConfigurationStore dcs = new DurableConfigurationStoreStub(_brokerRecord);
+ final BrokerStoreUpgraderAndRecoverer recoverer = new BrokerStoreUpgraderAndRecoverer(_systemConfig);
+ final List<ConfiguredObjectRecord> records = upgrade(dcs, recoverer);
+
+ final Map<String, String> contextMap = findCategoryRecordAndGetContext("Broker", records);
+
+ assertEquals(".*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST));
+ assertEquals("Ssl.*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST));
+ }
+
+ @Test
+ public void testContextVariableUpgradeForTLSProtocolsSetOnPort()
+ {
+ _brokerRecord.getAttributes().put("modelVersion", "8.0");
+
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.protocolWhiteList", ".*");
+ context.put("qpid.security.tls.protocolBlackList", "Ssl.*");
+
+ final ConfiguredObjectRecord portRecord =
+ createMockRecordForGivenCategoryTypeAndContext("Port", "AMQP", context);
+
+ final DurableConfigurationStore dcs = new DurableConfigurationStoreStub(portRecord, _brokerRecord);
+ final BrokerStoreUpgraderAndRecoverer recoverer = new BrokerStoreUpgraderAndRecoverer(_systemConfig);
+
+ final List<ConfiguredObjectRecord> records = upgrade(dcs, recoverer);
+
+ final Map<String, String> contextMap = findCategoryRecordAndGetContext("Port", records);
+
+ assertEquals(".*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST));
+ assertEquals("Ssl.*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST));
+ }
+
+ @Test
+ public void testContextVariableUpgradeForTLSCipherSuitesSetOnAuthenticationProvider()
+ {
+ _brokerRecord.getAttributes().put("modelVersion", "8.0");
+
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.cipherSuiteWhiteList", ".*");
+ context.put("qpid.security.tls.cipherSuiteBlackList", "Ssl.*");
+ final ConfiguredObjectRecord authenticationProviderRecord =
+ createMockRecordForGivenCategoryTypeAndContext("AuthenticationProvider", "OAuth2", context);
+
+ final DurableConfigurationStore dcs =
+ new DurableConfigurationStoreStub(authenticationProviderRecord, _brokerRecord);
+ final BrokerStoreUpgraderAndRecoverer recoverer = new BrokerStoreUpgraderAndRecoverer(_systemConfig);
+
+ final List<ConfiguredObjectRecord> records = upgrade(dcs, recoverer);
+
+ final Map<String, String> contextMap = findCategoryRecordAndGetContext("AuthenticationProvider", records);
+
+ assertEquals(".*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST));
+ assertEquals("Ssl.*", contextMap.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST));
+ }
+
+ private ConfiguredObjectRecord createMockRecordForGivenCategoryTypeAndContext(final String category,
+ final String type,
+ final Map<String, String> context)
+ {
+ final ConfiguredObjectRecord record = mock(ConfiguredObjectRecord.class);
+ when(record.getId()).thenReturn(UUID.randomUUID());
+ when(record.getType()).thenReturn(category);
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put("name", getTestName());
+ attributes.put("type", type);
+ attributes.put("context", context);
+ when(record.getAttributes()).thenReturn(attributes);
+ return record;
+ }
+
+ @SuppressWarnings("unchecked")
+ private Map<String, String> findCategoryRecordAndGetContext(final String category,
+ final List<ConfiguredObjectRecord> records)
+ {
+ final List<ConfiguredObjectRecord> foundRecords = findRecordByType(category, records);
+ assertEquals("Unexpected number of records", 1, foundRecords.size());
+ final Map<String, Object> attributes = foundRecords.get(0).getAttributes();
+ assertNotNull(attributes);
+ final Object context = attributes.get("context");
+ assertTrue(context instanceof Map);
+ return (Map<String, String>) context;
+ }
+
private void assertModelVersionUpgraded(final List<ConfiguredObjectRecord> records)
{
ConfiguredObjectRecord upgradedBrokerRecord = findRecordById(_brokerRecord.getId(), records);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/store/UpgraderHelperTest.java b/broker-core/src/test/java/org/apache/qpid/server/store/UpgraderHelperTest.java
new file mode 100644
index 0000000..a429199
--- /dev/null
+++ b/broker-core/src/test/java/org/apache/qpid/server/store/UpgraderHelperTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.store;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.notNullValue;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+
+public class UpgraderHelperTest
+{
+
+ @Test
+ public void renameContextVariables()
+ {
+ final Map<String, String> context = new HashMap<>();
+ context.put("foo", "fooValue");
+ context.put("bar", "barValue");
+ final Map<String, String> newContext =
+ UpgraderHelper.renameContextVariables(context, Collections.singletonMap("foo", "newFoo"));
+ assertThat(newContext, is(notNullValue()));
+ assertThat(newContext.size(), equalTo(context.size()));
+ assertThat(newContext.get("bar"), equalTo(context.get("bar")));
+ assertThat(newContext.get("newFoo"), equalTo(context.get("foo")));
+ }
+}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecovererTest.java b/broker-core/src/test/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecovererTest.java
index 0f2cf93..c45c024 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecovererTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/store/VirtualHostStoreUpgraderAndRecovererTest.java
@@ -38,6 +38,7 @@ import java.util.UUID;
import org.junit.Before;
import org.junit.Test;
+import org.apache.qpid.server.configuration.CommonProperties;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.OverflowPolicy;
import org.apache.qpid.server.model.VirtualHostNode;
@@ -312,6 +313,56 @@ public class VirtualHostStoreUpgraderAndRecovererTest extends UnitTestBase
assertEquals("Unexpected messageGroupType", "STANDARD", upgradedAttributes.get("messageGroupType"));
}
+ @Test
+ public void testContextVariableUpgradeForTLSProtocolsSetOnVirtualHost() throws Exception
+ {
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.protocolWhiteList", ".*");
+ context.put("qpid.security.tls.protocolBlackList", "Ssl.*");
+
+ final Map<String, Object> rootAttributes = new HashMap<>();
+ rootAttributes.put("modelVersion", "8.0");
+ rootAttributes.put("name", "root");
+ rootAttributes.put("context", context);
+ final ConfiguredObjectRecord rootRecord = new ConfiguredObjectRecordImpl(UUID.randomUUID(),
+ "VirtualHost",
+ rootAttributes);
+ final List<ConfiguredObjectRecord> upgradedRecords =
+ _upgraderAndRecoverer.upgrade(_store,
+ Collections.singletonList(rootRecord),
+ "VirtualHost",
+ "modelVersion");
+
+ final Map<String, Object> newContext = getContextForRecordWithGivenId(rootRecord.getId(), upgradedRecords);
+ assertEquals(".*", newContext.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST));
+ assertEquals("Ssl.*", newContext.get(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST));
+ }
+
+ @Test
+ public void testContextVariableUpgradeForTLSCipherSuitesSetOnVirtualHostAccessControlProvider() throws Exception
+ {
+ final Map<String, Object> rootAttributes = new HashMap<>();
+ rootAttributes.put("modelVersion", "8.0");
+ rootAttributes.put("name", "root");
+ final ConfiguredObjectRecord rootRecord =
+ new ConfiguredObjectRecordImpl(UUID.randomUUID(), "VirtualHost", rootAttributes);
+
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.cipherSuiteWhiteList", ".*");
+ context.put("qpid.security.tls.cipherSuiteBlackList", "Ssl.*");
+ final ConfiguredObjectRecord accessControlProviderRecord =
+ createMockRecordForGivenCategoryTypeAndContext("VirtualHostAccessControlProvider", "test", context);
+
+ final List<ConfiguredObjectRecord> records = Arrays.asList(rootRecord, accessControlProviderRecord);
+ final List<ConfiguredObjectRecord> upgradedRecords =
+ _upgraderAndRecoverer.upgrade(_store, records, "VirtualHost", "modelVersion");
+
+ final Map<String, Object> newContext =
+ getContextForRecordWithGivenId(accessControlProviderRecord.getId(), upgradedRecords);
+ assertEquals(".*", newContext.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST));
+ assertEquals("Ssl.*", newContext.get(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST));
+ }
+
private ConfiguredObjectRecord findRecordById(UUID id, List<ConfiguredObjectRecord> records)
{
for (ConfiguredObjectRecord record : records)
@@ -323,4 +374,35 @@ public class VirtualHostStoreUpgraderAndRecovererTest extends UnitTestBase
}
return null;
}
+
+ private ConfiguredObjectRecord createMockRecordForGivenCategoryTypeAndContext(final String category,
+ final String type,
+ final Map<String, String> context)
+ {
+ final ConfiguredObjectRecord record = mock(ConfiguredObjectRecord.class);
+ when(record.getId()).thenReturn(UUID.randomUUID());
+ when(record.getType()).thenReturn(category);
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put("name", getTestName());
+ attributes.put("type", type);
+ attributes.put("context", context);
+ when(record.getAttributes()).thenReturn(attributes);
+ return record;
+ }
+
+ private Map<String, Object> getContextForRecordWithGivenId(final UUID rootRecordId,
+ final List<ConfiguredObjectRecord> upgradedRecords)
+ {
+ final ConfiguredObjectRecord upgradedRecord = findRecordById(rootRecordId, upgradedRecords);
+ assertNotNull(upgradedRecord);
+ final Map<String, Object> attributes = upgradedRecord.getAttributes();
+ assertNotNull(attributes);
+
+ final Object context = attributes.get("context");
+ assertTrue(context instanceof Map);
+ @SuppressWarnings("unchecked")
+ final Map<String, Object> contextMap = (Map<String, Object>) context;
+ return contextMap;
+ }
+
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerController.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerController.java
deleted file mode 100644
index 0c39f8f..0000000
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerController.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.server.management.plugin.controller.v7_0.category;
-
-
-import java.util.Set;
-
-import org.apache.qpid.server.management.plugin.controller.GenericLegacyConfiguredObject;
-import org.apache.qpid.server.management.plugin.controller.LegacyConfiguredObject;
-import org.apache.qpid.server.management.plugin.controller.LegacyManagementController;
-import org.apache.qpid.server.management.plugin.controller.TypeController;
-
-
-class ContainerController extends LegacyCategoryController
-{
- ContainerController(final LegacyManagementController legacyManagementController,
- final String type,
- final String parentType,
- final String defaultType,
- final Set<TypeController> typeControllers)
- {
- super(legacyManagementController, type, parentType, defaultType, typeControllers);
- }
-
- @Override
- protected LegacyConfiguredObject convertNextVersionLegacyConfiguredObject(final LegacyConfiguredObject object)
- {
- return new LegacyContainer(getManagementController(), object, getCategory());
- }
-
- static class LegacyContainer extends GenericLegacyConfiguredObject
- {
- private static final String MODEL_VERSION = "modelVersion";
-
- LegacyContainer(final LegacyManagementController managementController,
- final LegacyConfiguredObject nextVersionLegacyConfiguredObject,
- final String category)
- {
- super(managementController, nextVersionLegacyConfiguredObject, category);
- }
-
- @Override
- public Object getAttribute(final String name)
- {
- if (MODEL_VERSION.equals(name))
- {
- return getManagementController().getVersion();
- }
- return super.getAttribute(name);
- }
-
- @Override
- public Object getActualAttribute(final String name)
- {
- if (MODEL_VERSION.equals(name))
- {
- return getManagementController().getVersion();
- }
- return super.getActualAttribute(name);
- }
-
- @Override
- public LegacyConfiguredObject getParent(final String category)
- {
- if (LegacyCategoryControllerFactory.CATEGORY_BROKER.equals(getCategory())
- && LegacyCategoryControllerFactory.CATEGORY_SYSTEM_CONFIG.equals(category))
- {
- LegacyConfiguredObject nextVersionParent = getNextVersionLegacyConfiguredObject().getParent(category);
- return new GenericLegacyConfiguredObject(getManagementController(),
- nextVersionParent,
- category);
- }
- return super.getParent(category);
- }
- }
-}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerDecorator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerDecorator.java
new file mode 100644
index 0000000..33695d7
--- /dev/null
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/ContainerDecorator.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.management.plugin.controller.v7_0.category;
+
+import java.util.Collection;
+import java.util.Map;
+
+import org.apache.qpid.server.management.plugin.ManagementResponse;
+import org.apache.qpid.server.management.plugin.controller.GenericLegacyConfiguredObject;
+import org.apache.qpid.server.management.plugin.controller.LegacyConfiguredObject;
+
+public class ContainerDecorator implements LegacyConfiguredObject
+{
+ private static final String MODEL_VERSION = "modelVersion";
+ private final GenericLegacyConfiguredObject _original;
+
+ public ContainerDecorator(final GenericLegacyConfiguredObject original)
+ {
+ _original = original;
+ }
+
+ @Override
+ public Collection<String> getAttributeNames()
+ {
+ return _original.getAttributeNames();
+ }
+
+ @Override
+ public Object getAttribute(final String name)
+ {
+ if (MODEL_VERSION.equals(name))
+ {
+ return _original.getManagementController().getVersion();
+ }
+ return _original.getAttribute(name);
+ }
+
+ @Override
+ public Map<String, Object> getStatistics()
+ {
+ return _original.getStatistics();
+ }
+
+ @Override
+ public Object getActualAttribute(final String name)
+ {
+ if (MODEL_VERSION.equals(name))
+ {
+ return _original.getManagementController().getVersion();
+ }
+ return _original.getActualAttribute(name);
+ }
+
+ @Override
+ public boolean isSecureAttribute(final String name)
+ {
+ return _original.isSecureAttribute(name);
+ }
+
+ @Override
+ public boolean isOversizedAttribute(final String name)
+ {
+ return _original.isOversizedAttribute(name);
+ }
+
+ @Override
+ public String getCategory()
+ {
+ return _original.getCategory();
+ }
+
+ @Override
+ public Collection<LegacyConfiguredObject> getChildren(final String category)
+ {
+ return _original.getChildren(category);
+ }
+
+ @Override
+ public LegacyConfiguredObject getParent(final String category)
+ {
+ if (LegacyCategoryControllerFactory.CATEGORY_BROKER.equals(getCategory())
+ && LegacyCategoryControllerFactory.CATEGORY_SYSTEM_CONFIG.equals(category))
+ {
+ LegacyConfiguredObject nextVersionParent = _original.getNextVersionConfiguredObject().getParent(category);
+ return new GenericLegacyConfiguredObject(_original.getManagementController(),
+ nextVersionParent,
+ category);
+ }
+ return _original.getParent(category);
+ }
+
+ @Override
+ public String getContextValue(final String contextKey)
+ {
+ return _original.getContextValue(contextKey);
+ }
+
+ @Override
+ public ManagementResponse invoke(final String operation,
+ final Map<String, Object> parameters,
+ final boolean isSecure)
+ {
+ return _original.invoke(operation, parameters, isSecure);
+ }
+
+ @Override
+ public LegacyConfiguredObject getNextVersionConfiguredObject()
+ {
+ return _original.getNextVersionConfiguredObject();
+ }
+}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryController.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryController.java
index 7aad335..deffdf8 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryController.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryController.java
@@ -33,7 +33,7 @@ public class LegacyCategoryController extends GenericCategoryController
{
private final String _parentCategory;
- LegacyCategoryController(final LegacyManagementController managementController,
+ public LegacyCategoryController(final LegacyManagementController managementController,
final String name,
final String parentCategory,
final String defaultType,
@@ -56,8 +56,13 @@ public class LegacyCategoryController extends GenericCategoryController
@Override
protected LegacyConfiguredObject convertNextVersionLegacyConfiguredObject(final LegacyConfiguredObject object)
{
- return new GenericLegacyConfiguredObject(getManagementController(),
- object,
- getCategory());
+ final GenericLegacyConfiguredObject legacyegacyConfiguredObject =
+ new GenericLegacyConfiguredObject(getManagementController(), object, getCategory());
+ if (LegacyCategoryControllerFactory.CATEGORY_VIRTUAL_HOST.equals(getCategory())
+ || LegacyCategoryControllerFactory.CATEGORY_BROKER.equals(getCategory()))
+ {
+ return new ContainerDecorator(legacyegacyConfiguredObject);
+ }
+ return legacyegacyConfiguredObject;
}
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory.java
index 92373b9..e413d26 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory.java
@@ -34,23 +34,23 @@ import org.apache.qpid.server.plugin.PluggableService;
@PluggableService
public class LegacyCategoryControllerFactory implements CategoryControllerFactory
{
- static final String CATEGORY_BROKER = "Broker";
+ public static final String CATEGORY_BROKER = "Broker";
private static final String CATEGORY_BROKER_LOGGER = "BrokerLogger";
private static final String CATEGORY_BROKER_LOG_INCLUSION_RULE = "BrokerLogInclusionRule";
- private static final String CATEGORY_AUTHENTICATION_PROVIDER = "AuthenticationProvider";
+ public static final String CATEGORY_AUTHENTICATION_PROVIDER = "AuthenticationProvider";
private static final String CATEGORY_USER = "User";
private static final String CATEGORY_ACCESS_CONTROL_PROVIDER = "AccessControlProvider";
private static final String CATEGORY_PLUGIN = "Plugin";
private static final String CATEGORY_TRUST_STORE = "TrustStore";
private static final String CATEGORY_KEY_STORE = "KeyStore";
- private static final String CATEGORY_PORT = "Port";
+ public static final String CATEGORY_PORT = "Port";
private static final String CATEGORY_VIRTUAL_HOST_ALIAS = "VirtualHostAlias";
private static final String CATEGORY_GROUP_PROVIDER = "GroupProvider";
private static final String CATEGORY_GROUP = "Group";
private static final String CATEGORY_GROUP_MEMBER = "GroupMember";
private static final String CATEGORY_VIRTUAL_HOST_NODE = "VirtualHostNode";
private static final String CATEGORY_REMOTE_REPLICATION_NODE = "RemoteReplicationNode";
- static final String CATEGORY_VIRTUAL_HOST = "VirtualHost";
+ public static final String CATEGORY_VIRTUAL_HOST = "VirtualHost";
private static final String CATEGORY_VIRTUAL_HOST_LOGGER = "VirtualHostLogger";
private static final String CATEGORY_VIRTUAL_HOST_LOG_INCLUSION_RULE = "VirtualHostLogInclusionRule";
private static final String CATEGORY_VIRTUAL_HOST_ACCESS_CONTROL_PROVIDER = "VirtualHostAccessControlProvider";
@@ -60,7 +60,7 @@ public class LegacyCategoryControllerFactory implements CategoryControllerFactor
private static final String CATEGORY_CONNECTION = "Connection";
private static final String CATEGORY_SESSION = "Session";
static final String CATEGORY_SYSTEM_CONFIG = "SystemConfig";
- static final Map<String, String> SUPPORTED_CATEGORIES =
+ public static final Map<String, String> SUPPORTED_CATEGORIES =
Collections.unmodifiableMap(new HashMap<String, String>()
{
{
@@ -92,7 +92,7 @@ public class LegacyCategoryControllerFactory implements CategoryControllerFactor
}
});
- private static final Map<String, String> DEFAULT_TYPES = Collections.unmodifiableMap(new HashMap<String, String>()
+ public static final Map<String, String> DEFAULT_TYPES = Collections.unmodifiableMap(new HashMap<String, String>()
{
{
put(CATEGORY_BROKER_LOGGER, "Broker");
@@ -111,22 +111,11 @@ public class LegacyCategoryControllerFactory implements CategoryControllerFactor
{
if (SUPPORTED_CATEGORIES.containsKey(type))
{
- if (CATEGORY_VIRTUAL_HOST.equals(type) || CATEGORY_BROKER.equals(type))
- {
- return new ContainerController(legacyManagementController,
- type,
- SUPPORTED_CATEGORIES.get(type),
- DEFAULT_TYPES.get(type),
- legacyManagementController.getTypeControllersByCategory(type));
- }
- else
- {
- return new LegacyCategoryController(legacyManagementController,
- type,
- SUPPORTED_CATEGORIES.get(type),
- DEFAULT_TYPES.get(type),
- legacyManagementController.getTypeControllersByCategory(type));
- }
+ return new LegacyCategoryController(legacyManagementController,
+ type,
+ SUPPORTED_CATEGORIES.get(type),
+ DEFAULT_TYPES.get(type),
+ legacyManagementController.getTypeControllersByCategory(type));
}
else
{
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v7_1.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/LegacyManagementControllerFactory_v7_1.java
similarity index 96%
rename from broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v7_1.java
rename to broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/LegacyManagementControllerFactory_v7_1.java
index 0bd8242..c5d0439 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v7_1.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/LegacyManagementControllerFactory_v7_1.java
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,7 +17,7 @@
* under the License.
*
*/
-package org.apache.qpid.server.management.plugin.controller.v7_0;
+package org.apache.qpid.server.management.plugin.controller.v7_1;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.ManagementController;
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v7_1.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/category/LegacyCategoryControllerFactory_v7_1.java
similarity index 87%
rename from broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v7_1.java
rename to broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/category/LegacyCategoryControllerFactory_v7_1.java
index 40e02cd..cb224e0 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v7_1.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_1/category/LegacyCategoryControllerFactory_v7_1.java
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,9 +17,10 @@
* under the License.
*
*/
-package org.apache.qpid.server.management.plugin.controller.v7_0.category;
+package org.apache.qpid.server.management.plugin.controller.v7_1.category;
-import org.apache.qpid.server.management.plugin.controller.v7_0.LegacyManagementControllerFactory_v7_1;
+import org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryControllerFactory;
+import org.apache.qpid.server.management.plugin.controller.v7_1.LegacyManagementControllerFactory_v7_1;
import org.apache.qpid.server.plugin.PluggableService;
@PluggableService
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v8_0.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/LegacyManagementControllerFactory_v8_0.java
similarity index 86%
rename from broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v8_0.java
rename to broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/LegacyManagementControllerFactory_v8_0.java
index 977029e..9aa6d17 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/LegacyManagementControllerFactory_v8_0.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/LegacyManagementControllerFactory_v8_0.java
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,11 +17,12 @@
* under the License.
*
*/
-package org.apache.qpid.server.management.plugin.controller.v7_0;
+package org.apache.qpid.server.management.plugin.controller.v8_0;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.ManagementController;
import org.apache.qpid.server.management.plugin.ManagementControllerFactory;
+import org.apache.qpid.server.management.plugin.controller.v7_0.LegacyManagementController;
import org.apache.qpid.server.plugin.PluggableService;
@PluggableService
@@ -53,7 +53,8 @@ public class LegacyManagementControllerFactory_v8_0 implements ManagementControl
final ManagementController nextVersionManagementController)
{
- LegacyManagementController controller = new LegacyManagementController(nextVersionManagementController, MODEL_VERSION);
+ LegacyManagementController
+ controller = new LegacyManagementController(nextVersionManagementController, MODEL_VERSION);
controller.initialize();
return controller;
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v8_0.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryControllerFactory_v8_0.java
similarity index 51%
rename from broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v8_0.java
rename to broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryControllerFactory_v8_0.java
index 7be3a34..fee75db 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v7_0/category/LegacyCategoryControllerFactory_v8_0.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryControllerFactory_v8_0.java
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,9 +17,12 @@
* under the License.
*
*/
-package org.apache.qpid.server.management.plugin.controller.v7_0.category;
+package org.apache.qpid.server.management.plugin.controller.v8_0.category;
-import org.apache.qpid.server.management.plugin.controller.v7_0.LegacyManagementControllerFactory_v8_0;
+import org.apache.qpid.server.management.plugin.controller.CategoryController;
+import org.apache.qpid.server.management.plugin.controller.LegacyManagementController;
+import org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryControllerFactory;
+import org.apache.qpid.server.management.plugin.controller.v8_0.LegacyManagementControllerFactory_v8_0;
import org.apache.qpid.server.plugin.PluggableService;
@PluggableService
@@ -31,4 +33,23 @@ public class LegacyCategoryControllerFactory_v8_0 extends LegacyCategoryControll
{
return LegacyManagementControllerFactory_v8_0.MODEL_VERSION;
}
+
+
+ @Override
+ public CategoryController createController(final String type,
+ final LegacyManagementController legacyManagementController)
+ {
+ if (SUPPORTED_CATEGORIES.containsKey(type))
+ {
+ return new LegacyCategoryController_v8_0(legacyManagementController,
+ type,
+ SUPPORTED_CATEGORIES.get(type),
+ DEFAULT_TYPES.get(type),
+ legacyManagementController.getTypeControllersByCategory(type));
+ }
+ else
+ {
+ throw new IllegalArgumentException(String.format("Unsupported type '%s'", type));
+ }
+ }
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0.java
new file mode 100644
index 0000000..cdf25aa
--- /dev/null
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0.java
@@ -0,0 +1,193 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.management.plugin.controller.v8_0.category;
+
+import static org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryControllerFactory.CATEGORY_AUTHENTICATION_PROVIDER;
+import static org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryControllerFactory.CATEGORY_PORT;
+import static org.apache.qpid.server.store.UpgraderHelper.MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.qpid.server.management.plugin.controller.GenericLegacyConfiguredObject;
+import org.apache.qpid.server.management.plugin.controller.LegacyConfiguredObject;
+import org.apache.qpid.server.management.plugin.controller.LegacyManagementController;
+import org.apache.qpid.server.management.plugin.controller.TypeController;
+import org.apache.qpid.server.management.plugin.controller.v7_0.category.ContainerDecorator;
+import org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryController;
+import org.apache.qpid.server.management.plugin.controller.v7_0.category.LegacyCategoryControllerFactory;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.store.UpgraderHelper;
+
+public class LegacyCategoryController_v8_0 extends LegacyCategoryController
+{
+ private static final Map<String, String> NEW_TO_OLD =
+ UpgraderHelper.reverse(MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES);
+
+
+ LegacyCategoryController_v8_0(final LegacyManagementController legacyManagementController,
+ final String type,
+ final String parentCategory,
+ final String defaultType,
+ final Set<TypeController> typeControllersByCategory)
+ {
+ super(legacyManagementController, type, parentCategory, defaultType, typeControllersByCategory);
+ }
+
+
+ @Override
+ protected LegacyConfiguredObject convertNextVersionLegacyConfiguredObject(final LegacyConfiguredObject object)
+ {
+ final LegacyConfiguredObject_v8_0 converted = new LegacyConfiguredObject_v8_0(getManagementController(),
+ object,
+ getCategory());
+ if (LegacyCategoryControllerFactory.CATEGORY_VIRTUAL_HOST.equals(getCategory())
+ || LegacyCategoryControllerFactory.CATEGORY_BROKER.equals(getCategory()))
+ {
+ return new ContainerDecorator(converted);
+ }
+ return converted;
+ }
+
+ @Override
+ protected Map<String, Object> convertAttributesToNextVersion(final ConfiguredObject<?> root,
+ final List<String> path,
+ final Map<String, Object> attributes)
+ {
+ Map<String, Object> nextVersionAttributes;
+ if (attributes.containsKey("context"))
+ {
+ nextVersionAttributes = convertContextToNextVersion(attributes);
+ }
+ else
+ {
+ nextVersionAttributes = attributes;
+ }
+ return super.convertAttributesToNextVersion(root, path, nextVersionAttributes);
+ }
+
+ private Map<String, Object> convertContextToNextVersion(final Map<String, Object> attributes)
+ {
+ final Object context = attributes.get("context");
+ if (context instanceof Map)
+ {
+ @SuppressWarnings("unchecked") final Map<String, String> oldContext = (Map<String, String>) context;
+ final Map<String, String> newContext = UpgraderHelper.renameContextVariables(oldContext,
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES);
+ final Map<String, Object> nextVersionAttributes = new HashMap<>(attributes);
+ nextVersionAttributes.put("context", newContext);
+ return nextVersionAttributes;
+ }
+ return attributes;
+ }
+
+ static class LegacyConfiguredObject_v8_0 extends GenericLegacyConfiguredObject
+ {
+ private static final Map<String, String> ALLOW_DENY_TO_WHITE_BLACK_MAPPING = new HashMap<>();
+
+ static
+ {
+ ALLOW_DENY_TO_WHITE_BLACK_MAPPING.put("tlsProtocolAllowList", "tlsProtocolWhiteList");
+ ALLOW_DENY_TO_WHITE_BLACK_MAPPING.put("tlsProtocolDenyList", "tlsProtocolBlackList");
+ ALLOW_DENY_TO_WHITE_BLACK_MAPPING.put("tlsCipherSuiteAllowList", "tlsCipherSuiteWhiteList");
+ ALLOW_DENY_TO_WHITE_BLACK_MAPPING.put("tlsCipherSuiteDenyList", "tlsCipherSuiteBlackList");
+ }
+
+ private static final Map<String, String> WHITE_BLACK_TO_ALLOW_DENY_MAPPING =
+ UpgraderHelper.reverse(ALLOW_DENY_TO_WHITE_BLACK_MAPPING);
+
+ LegacyConfiguredObject_v8_0(final LegacyManagementController managementController,
+ final LegacyConfiguredObject nextVersionLegacyConfiguredObject,
+ final String category)
+ {
+ super(managementController, nextVersionLegacyConfiguredObject, category);
+ }
+
+ @Override
+ public Object getAttribute(final String name)
+ {
+ Object value;
+ if ("context".equals(name))
+ {
+ return convertContextToModelVersion(super.getAttribute(name));
+ }
+ else if (isPortOrAuthenticationPovider() && WHITE_BLACK_TO_ALLOW_DENY_MAPPING.containsKey(name))
+ {
+ value = super.getAttribute(WHITE_BLACK_TO_ALLOW_DENY_MAPPING.getOrDefault(name, name));
+ }
+ else
+ {
+ value = super.getAttribute(name);
+ }
+ return value;
+ }
+
+ private boolean isPortOrAuthenticationPovider()
+ {
+ return CATEGORY_PORT.equals(getCategory()) || CATEGORY_AUTHENTICATION_PROVIDER.equals(getCategory());
+ }
+
+ @Override
+ public Collection<String> getAttributeNames()
+ {
+ final Collection<String> attributeNames = super.getAttributeNames();
+ if (isPortOrAuthenticationPovider())
+ {
+ return attributeNames.stream()
+ .map(i -> ALLOW_DENY_TO_WHITE_BLACK_MAPPING.getOrDefault(i, i))
+ .collect(Collectors.toList());
+ }
+ return attributeNames;
+ }
+
+ @Override
+ public Object getActualAttribute(final String name)
+ {
+ Object value = super.getActualAttribute(name);
+ if ("context".equals(name))
+ {
+ return convertContextToModelVersion(value);
+ }
+ return value;
+ }
+
+ @Override
+ public String getContextValue(final String contextKey)
+ {
+ final String nextVersionName =
+ MODEL9_MAPPING_FOR_RENAME_TO_ALLOW_DENY_CONTEXT_VARIABLES.getOrDefault(contextKey, contextKey);
+ return super.getContextValue(nextVersionName);
+ }
+
+ private Object convertContextToModelVersion(final Object value)
+ {
+ if (value instanceof Map)
+ {
+ return UpgraderHelper.renameContextVariables((Map<String, String>) value, NEW_TO_OLD);
+ }
+ return null;
+ }
+ }
+}
diff --git a/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0Test.java b/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0Test.java
new file mode 100644
index 0000000..ba1a746
--- /dev/null
+++ b/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/controller/v8_0/category/LegacyCategoryController_v8_0Test.java
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.management.plugin.controller.v8_0.category;
+
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.instanceOf;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.AdditionalMatchers.not;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import org.apache.qpid.server.management.plugin.ManagementController;
+import org.apache.qpid.server.management.plugin.ManagementException;
+import org.apache.qpid.server.management.plugin.controller.LegacyConfiguredObject;
+import org.apache.qpid.server.management.plugin.controller.LegacyManagementController;
+import org.apache.qpid.server.model.ConfiguredObject;
+
+
+public class LegacyCategoryController_v8_0Test
+{
+ private static final String TEST_CATEGORY = "Port";
+ private static final String PARENT_CATEGORY = "Broker";
+ private static final String DEFAULT_TYPE = "";
+ private static final String PORT_NAME = "testPort";
+ private static final String PROTOCOL_ALLOW_LIST = "Tls.*";
+ private static final String PROTOCOL_DENY_LIST = "Ssl.*";
+ private static final String NEW_CONTEXT_TLS_PROTOCOL_ALLOW_LIST = "qpid.security.tls.protocolAllowList";
+ private static final String NEW_CONTEXT_TLS_PROTOCOL_DENY_LIST = "qpid.security.tls.protocolDenyList";
+ private static final String OLD_CONTEXT_TLS_PROTOCOL_WHITE_LIST = "qpid.security.tls.protocolWhiteList";
+ private static final String OLD_CONTEXT_TLS_PROTOCOL_BLACK_LIST = "qpid.security.tls.protocolBlackList";
+ private static final String ATTRIBUTE_NAME = "name";
+ private static final String ATTRIBUTE_CONTEXT = "context";
+
+ private LegacyCategoryController_v8_0 _controller;
+ private ConfiguredObject _root;
+ private ManagementController _nextVersionManagementController;
+
+ @Before
+ public void setUp()
+ {
+ _nextVersionManagementController = mock(ManagementController.class);
+ LegacyManagementController managementController = mock(LegacyManagementController.class);
+ when(managementController.getNextVersionManagementController()).thenReturn(_nextVersionManagementController);
+ _controller = new LegacyCategoryController_v8_0(managementController,
+ TEST_CATEGORY,
+ PARENT_CATEGORY,
+ DEFAULT_TYPE,
+ Collections.emptySet());
+
+ _root = mock(ConfiguredObject.class);
+ }
+
+ @Test
+ public void getExistingPortWithSetAllowDenyTlsProtocolSettings()
+ {
+ final List<String> path = Arrays.asList("port", PORT_NAME);
+ final Map<String, List<String>> parameters = Collections.emptyMap();
+ final LegacyConfiguredObject nextVersionPort = createNewVersionPortMock();
+
+ when(_nextVersionManagementController.get(_root,
+ TEST_CATEGORY,
+ path,
+ parameters)).thenReturn(nextVersionPort);
+
+ final Object port = _controller.get(_root, path, parameters);
+ assertThat(port, instanceOf(LegacyConfiguredObject.class));
+ final LegacyConfiguredObject newPort = (LegacyConfiguredObject)port;
+ assertPortTLSSettings(newPort);
+ }
+
+
+ @Test
+ public void testCreatePortWithSetAllowDenyTlsProtocolSettings()
+ {
+ final List<String> path = Arrays.asList("port", PORT_NAME);
+
+ final Map<String, String> oldContext = new HashMap<>();
+ oldContext.put(OLD_CONTEXT_TLS_PROTOCOL_WHITE_LIST,PROTOCOL_ALLOW_LIST);
+ oldContext.put(OLD_CONTEXT_TLS_PROTOCOL_BLACK_LIST,PROTOCOL_DENY_LIST);
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put(ATTRIBUTE_NAME, PORT_NAME);
+ attributes.put(ATTRIBUTE_CONTEXT, oldContext);
+ attributes.put("type", "AMQP");
+
+
+ final Map<String,String> newVersionContext = new HashMap<>();
+ newVersionContext.put(NEW_CONTEXT_TLS_PROTOCOL_ALLOW_LIST, PROTOCOL_ALLOW_LIST);
+ newVersionContext.put(NEW_CONTEXT_TLS_PROTOCOL_DENY_LIST, PROTOCOL_DENY_LIST);
+ Map<String, Object> newAttributes = new HashMap<>();
+ newAttributes.put(ATTRIBUTE_NAME, PORT_NAME);
+ newAttributes.put(ATTRIBUTE_CONTEXT, newVersionContext);
+ newAttributes.put("type", "AMQP");
+
+ LegacyConfiguredObject newVersionPort = createNewVersionPortMock();
+ when(_nextVersionManagementController.createOrUpdate(eq(_root), eq(TEST_CATEGORY), eq(path), eq(newAttributes), eq(false) )).thenReturn(newVersionPort);
+ ManagementException error = ManagementException.createUnprocessableManagementException("unexpected");
+ when(_nextVersionManagementController.createOrUpdate(any(ConfiguredObject.class), anyString(), eq(path), not(eq(newAttributes)), anyBoolean())).thenThrow(error);
+ LegacyConfiguredObject port = _controller.createOrUpdate(_root, path, attributes, false) ;
+ assertThat(port, is(notNullValue()));
+ assertPortTLSSettings(port);
+ }
+
+ private void assertPortTLSSettings(final LegacyConfiguredObject port)
+ {
+ assertThat(port.getAttribute(ATTRIBUTE_NAME), equalTo(PORT_NAME));
+ assertThat(port.getContextValue(OLD_CONTEXT_TLS_PROTOCOL_WHITE_LIST), equalTo(PROTOCOL_ALLOW_LIST));
+ assertThat(port.getContextValue(OLD_CONTEXT_TLS_PROTOCOL_BLACK_LIST), equalTo(PROTOCOL_DENY_LIST));
+ final Object context = port.getAttribute(ATTRIBUTE_CONTEXT);
+ assertThat(context, instanceOf(Map.class));
+ final Map contextMap = (Map) context;
+ assertThat(contextMap.get(OLD_CONTEXT_TLS_PROTOCOL_WHITE_LIST), equalTo(PROTOCOL_ALLOW_LIST));
+ assertThat(contextMap.get(OLD_CONTEXT_TLS_PROTOCOL_BLACK_LIST), equalTo(PROTOCOL_DENY_LIST));
+ }
+ private LegacyConfiguredObject createNewVersionPortMock()
+ {
+ final LegacyConfiguredObject nextVersionPort = mock(LegacyConfiguredObject.class);
+ final Map<String,String> newVersionContext = new HashMap<>();
+ newVersionContext.put(NEW_CONTEXT_TLS_PROTOCOL_ALLOW_LIST, PROTOCOL_ALLOW_LIST);
+ newVersionContext.put(NEW_CONTEXT_TLS_PROTOCOL_DENY_LIST, PROTOCOL_DENY_LIST);
+ when(nextVersionPort.getAttribute(ATTRIBUTE_NAME)).thenReturn(PORT_NAME);
+ when(nextVersionPort.getAttribute(ATTRIBUTE_CONTEXT)).thenReturn(newVersionContext);
+ when(nextVersionPort.getContextValue(NEW_CONTEXT_TLS_PROTOCOL_ALLOW_LIST)).thenReturn(PROTOCOL_ALLOW_LIST);
+ when(nextVersionPort.getContextValue(NEW_CONTEXT_TLS_PROTOCOL_DENY_LIST)).thenReturn(PROTOCOL_DENY_LIST);
+ return nextVersionPort;
+ }
+
+}
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v7_0/LegacyManagementTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v7_0/LegacyManagementTest.java
new file mode 100644
index 0000000..14543a8
--- /dev/null
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v7_0/LegacyManagementTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.tests.http.v7_0;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.notNullValue;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
+import org.apache.qpid.tests.http.HttpRequestConfig;
+import org.apache.qpid.tests.http.HttpTestBase;
+
+@HttpRequestConfig(useVirtualHostAsHost = false)
+public class LegacyManagementTest extends HttpTestBase
+{
+ @Test
+ public void testModelVersion() throws Exception
+ {
+ final Map<String, Object> brokerAttributes = getHelper().getJsonAsMap("/api/v7.0/broker");
+ assertThat(brokerAttributes, is(notNullValue()));
+ assertThat(brokerAttributes.get("modelVersion"), equalTo("7.0"));
+ }
+
+}
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v8_0/LegacyManagementTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v8_0/LegacyManagementTest.java
new file mode 100644
index 0000000..862a0e6
--- /dev/null
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/v8_0/LegacyManagementTest.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.tests.http.v8_0;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.notNullValue;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
+import org.apache.qpid.tests.http.HttpRequestConfig;
+import org.apache.qpid.tests.http.HttpTestBase;
+
+@HttpRequestConfig(useVirtualHostAsHost = false)
+public class LegacyManagementTest extends HttpTestBase
+{
+ @Test
+ public void testModelVersion() throws Exception
+ {
+ final Map<String, Object> brokerAttributes = getHelper().getJsonAsMap("/api/v8.0/broker");
+ assertThat(brokerAttributes, is(notNullValue()));
+ assertThat(brokerAttributes.get("modelVersion"), equalTo("8.0"));
+ }
+
+ @Test
+ public void testPortAllowDenyProtocolSettings() throws Exception
+ {
+ final String authenticationProviderName = getTestName() + "AuthenticationProvider";
+ final Map<String, Object> authenticationProviderAttributes = new HashMap<>();
+ authenticationProviderAttributes.put("type", "Anonymous");
+ authenticationProviderAttributes.put("name", authenticationProviderName);
+ getHelper().submitRequest("/api/v8.0/authenticationprovider", "POST", authenticationProviderAttributes, HttpServletResponse.SC_CREATED);
+
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.protocolWhiteList", "TLSv1");
+ context.put("qpid.security.tls.protocolBlackList", "SSL.*");
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put("name", getTestName());
+ attributes.put("type", "AMQP");
+ attributes.put("port", 0);
+ attributes.put("context", context);
+ attributes.put("authenticationProvider", authenticationProviderName);
+ getHelper().submitRequest("/api/v8.0/port", "POST", attributes, HttpServletResponse.SC_CREATED);
+
+ final Map<String, Object> portAttributes = getHelper().getJsonAsMap("port/" + getTestName());
+ assertThat(portAttributes, is(notNullValue()));
+ final Object portContext = portAttributes.get("context");
+ assertThat(portContext, instanceOf(Map.class));
+ final Map contextMap = (Map)portContext;
+ assertThat(contextMap.get("qpid.security.tls.protocolAllowList"), is(equalTo("TLSv1")));
+ assertThat(contextMap.get("qpid.security.tls.protocolDenyList"), is(equalTo("SSL.*")));
+ assertThat(portAttributes.get("tlsProtocolAllowList"),is(equalTo(Collections.singletonList("TLSv1"))));
+ assertThat(portAttributes.get("tlsProtocolDenyList"),is(equalTo(Collections.singletonList("SSL.*"))));
+
+ final Map<String, Object> portAttributes8_0 = getHelper().getJsonAsMap("/api/v8.0/port/" + getTestName());
+ assertThat(portAttributes8_0, is(notNullValue()));
+ final Object portContext8_0 = portAttributes8_0.get("context");
+ assertThat(portContext8_0, instanceOf(Map.class));
+ final Map contextMap8_0 = (Map)portContext8_0;
+ assertThat(contextMap8_0.get("qpid.security.tls.protocolWhiteList"), is(equalTo("TLSv1")));
+ assertThat(contextMap8_0.get("qpid.security.tls.protocolBlackList"), is(equalTo("SSL.*")));
+ assertThat(portAttributes8_0.get("tlsProtocolWhiteList"),is(equalTo(Collections.singletonList("TLSv1"))));
+ assertThat(portAttributes8_0.get("tlsProtocolBlackList"),is(equalTo(Collections.singletonList("SSL.*"))));
+ }
+
+ @Test
+ public void testBrokerAllowDenyProtocolSettings() throws Exception
+ {
+ final Map<String, String> context = new HashMap<>();
+ context.put("qpid.security.tls.protocolWhiteList", "TLSv1");
+ context.put("qpid.security.tls.protocolBlackList", "");
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put("context", context);
+ getHelper().submitRequest("/api/v8.0/broker", "POST", attributes, HttpServletResponse.SC_OK);
+
+ final Map<String, Object> brokerAttributes = getHelper().getJsonAsMap("broker");
+ assertThat(brokerAttributes, is(notNullValue()));
+ final Object portContext = brokerAttributes.get("context");
+ assertThat(portContext, instanceOf(Map.class));
+ final Map contextMap = (Map)portContext;
+ assertThat(contextMap.get("qpid.security.tls.protocolAllowList"), is(equalTo("TLSv1")));
+ assertThat(contextMap.get("qpid.security.tls.protocolDenyList"), is(equalTo("")));
+
+ final Map<String, Object> brokerAttributes8_0 = getHelper().getJsonAsMap("/api/v8.0/broker");
+ assertThat(brokerAttributes8_0, is(notNullValue()));
+ final Object brokerContext8_0 = brokerAttributes8_0.get("context");
+ assertThat(brokerContext8_0, instanceOf(Map.class));
+ final Map contextMap8_0 = (Map)brokerContext8_0;
+ assertThat(contextMap8_0.get("qpid.security.tls.protocolWhiteList"), is(equalTo("TLSv1")));
+ assertThat(contextMap8_0.get("qpid.security.tls.protocolBlackList"), is(equalTo("")));
+ }
+}
diff --git a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
index deacb21..e73776f 100644
--- a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
+++ b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
@@ -751,8 +751,6 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
List<String> jvmArguments = new ArrayList<>();
jvmArguments.add("java");
-// jvmArguments.add("-cp");
-// jvmArguments.add(classpath);
jvmArguments.add("-Djava.io.tmpdir=" + escape(System.getProperty("java.io.tmpdir")));
jvmArguments.add("-Dlogback.configurationFile=default-broker-logback.xml");
jvmArguments.add("-Dqpid.tests.mms.messagestore.persistence=true");
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-broker-j] 01/02: QPID-8455: [Broker-J] Use allow/deny list
terminology for existing attributes and context variables
Posted by or...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit f75463cfa1697a4824d19629d4fbf5ffde6ca1f5
Author: Dedeepya Tunga <de...@jpmchase.com>
AuthorDate: Fri Jul 17 18:34:45 2020 +0530
QPID-8455: [Broker-J] Use allow/deny list terminology for existing attributes and context variables
This closes #51
---
.../server/configuration/CommonProperties.java | 18 +++----
.../java/org/apache/qpid/server/model/Broker.java | 20 +++----
.../java/org/apache/qpid/server/model/Port.java | 10 ++--
.../qpid/server/model/port/AbstractPort.java | 32 +++++------
.../manager/SimpleLDAPAuthenticationManager.java | 8 +--
.../SimpleLDAPAuthenticationManagerImpl.java | 40 +++++++-------
.../oauth2/OAuth2AuthenticationProvider.java | 8 +--
.../oauth2/OAuth2AuthenticationProviderImpl.java | 40 +++++++-------
.../CloudFoundryOAuth2IdentityResolverService.java | 8 +--
.../facebook/FacebookIdentityResolverService.java | 8 +--
.../GitHubOAuth2IdentityResolverService.java | 8 +--
.../GoogleOAuth2IdentityResolverService.java | 8 +--
.../KeycloakOAuth2IdentityResolverService.java | 8 +--
...MicrosoftLiveOAuth2IdentityResolverService.java | 8 +--
...oudFoundryDashboardManagementGroupProvider.java | 8 +--
...oundryDashboardManagementGroupProviderImpl.java | 48 ++++++++---------
.../NonBlockingConnectionTLSDelegate.java | 6 +--
.../transport/network/security/ssl/SSLUtil.java | 62 +++++++++++-----------
...uiteAndProtocolRestrictingSSLSocketFactory.java | 48 ++++++++---------
.../apache/qpid/server/util/ConnectionBuilder.java | 40 +++++++-------
.../manager/oauth2/OAuth2MockEndpointHolder.java | 28 +++++-----
.../server/transport/TCPandSSLTransportTest.java | 8 +--
.../network/security/ssl/SSLUtilTest.java | 48 ++++++++---------
.../server/management/plugin/HttpManagement.java | 12 ++---
.../transport/websocket/WebSocketProvider.java | 12 ++---
.../apache/qpid/systests/ConnectionBuilder.java | 4 +-
.../systests/QpidJmsClient0xConnectionBuilder.java | 8 +--
.../systests/QpidJmsClientConnectionBuilder.java | 6 +--
...ava => ObjectMessageClassAllowlistingTest.java} | 50 ++++++++---------
.../qpid/systests/admin/SpawnBrokerAdmin.java | 37 +++++++------
.../qpid/systests/admin/SpawnBrokerAdminTest.java | 16 ++++--
31 files changed, 339 insertions(+), 326 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java b/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
index 600f985..f9517fe 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
@@ -54,15 +54,15 @@ public class CommonProperties
public static final String IO_NETWORK_TRANSPORT_TIMEOUT_PROP_NAME = "qpid.io_network_transport_timeout";
public static final int IO_NETWORK_TRANSPORT_TIMEOUT_DEFAULT = 60000;
- public static final String QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST = "qpid.security.tls.protocolWhiteList";
- public static final String QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT = "TLSv1\\.[0-9]+";
- public static final String QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST = "qpid.security.tls.protocolBlackList";
- public static final String QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT = "TLSv1\\.[0-1]";
-
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST = "qpid.security.tls.cipherSuiteWhiteList";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST_DEFAULT = "";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST = "qpid.security.tls.cipherSuiteBlackList";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST_DEFAULT = "";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST = "qpid.security.tls.protocolAllowList";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT = "TLSv1\\.[0-9]+";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_DENY_LIST = "qpid.security.tls.protocolDenyList";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT = "TLSv1\\.[0-1]";
+
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST = "qpid.security.tls.cipherSuiteAllowList";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST_DEFAULT = "";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST = "qpid.security.tls.cipherSuiteDenyList";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST_DEFAULT = "";
private static final String MANIFEST_HEADER_IMPLEMENTATION_BUILD = "Implementation-Build";
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java b/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
index 4e45159..53bd58f 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
@@ -107,19 +107,19 @@ public interface Broker<X extends Broker<X>> extends ConfiguredObject<X>, EventL
@ManagedContextDefault(name = BROKER_MSG_AUTH)
boolean DEFAULT_BROKER_MSG_AUTH = false;
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST)
- String DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST =
- "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST)
+ String DEFAULT_SECURITY_TLS_PROTOCOL_ALLOW_LIST =
+ "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST)
- String DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST =
- "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST)
+ String DEFAULT_SECURITY_TLS_PROTOCOL_DENY_LIST =
+ "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST)
- String DEFAULT_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST = "[]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST)
+ String DEFAULT_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST = "[]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST)
- String DEFAULT_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST = "[]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST)
+ String DEFAULT_SECURITY_TLS_CIPHER_SUITE_DENY_LIST = "[]";
@ManagedContextDefault(name = QPID_DOCUMENTATION_URL)
String DEFAULT_DOCUMENTATION_URL = "http://qpid.apache.org/releases/qpid-broker-j-${qpid.version}/book/";
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
index 510d4d5..892bd78 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
@@ -31,7 +31,7 @@ import com.google.common.util.concurrent.ListenableFuture;
import org.apache.qpid.server.configuration.CommonProperties;
import org.apache.qpid.server.security.SubjectCreator;
-@ManagedContextDependency({CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST})
+@ManagedContextDependency({CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST})
@ManagedObject( description = Port.CLASS_DESCRIPTION, amqpName = "org.apache.qpid.Port")
public interface Port<X extends Port<X>> extends ConfiguredObject<X>
{
@@ -91,16 +91,16 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
Collection<TrustStore> getTrustStores();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
@ManagedAttribute(defaultValue = "*",
description = "The network interface this port binds to expressed as an IP address or a"
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
index a5fb3d2..6946120 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
@@ -83,11 +83,11 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
@ManagedAttributeField
private String _bindingAddress;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsProtocolAllowList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
public AbstractPort(Map<String, Object> attributes,
Container<?> container)
@@ -109,10 +109,10 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
protected void onOpen()
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
}
@Override
@@ -423,27 +423,27 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
@Override
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
index fe650f7..8229b49 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
@@ -105,15 +105,15 @@ public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticat
String getLoginConfigScope();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
index 46846a5..a575532 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
@@ -146,11 +146,11 @@ public class SimpleLDAPAuthenticationManagerImpl
@ManagedAttributeField
private String _loginConfigScope;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private AuthenticationResultCacher _authenticationResultCacher;
@@ -189,10 +189,10 @@ public class SimpleLDAPAuthenticationManagerImpl
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
Integer cacheMaxSize = getContextValue(Integer.class, AUTHENTICATION_CACHE_MAX_SIZE);
Long cacheExpirationTime = getContextValue(Long.class, AUTHENTICATION_CACHE_EXPIRATION_TIME);
@@ -577,10 +577,10 @@ public class SimpleLDAPAuthenticationManagerImpl
}
SSLSocketFactory sslSocketFactory = new CipherSuiteAndProtocolRestrictingSSLSocketFactory(sslContext.getSocketFactory(),
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList,
- _tlsProtocolWhiteList,
- _tlsProtocolBlackList);
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList,
+ _tlsProtocolAllowList,
+ _tlsProtocolDenyList);
Class<? extends AbstractLDAPSSLSocketFactory> clazz = LDAPSSLSocketFactoryGenerator.createSubClass(clazzName,
sslSocketFactory);
LOGGER.debug("Connection to Directory will use custom SSL socket factory : {}", clazz);
@@ -761,27 +761,27 @@ public class SimpleLDAPAuthenticationManagerImpl
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
private void closeSafely(InitialDirContext ctx)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
index 9cbbcdf..42341a1 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
@@ -103,16 +103,16 @@ public interface OAuth2AuthenticationProvider<T extends OAuth2AuthenticationProv
String getDefaultScope();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
int getConnectTimeout();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
index 6854bd5..094dbd8 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
@@ -106,11 +106,11 @@ public class OAuth2AuthenticationProviderImpl
private OAuth2IdentityResolverService _identityResolverService;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private int _connectTimeout;
private int _readTimeout;
@@ -130,10 +130,10 @@ public class OAuth2AuthenticationProviderImpl
super.onOpen();
String type = getIdentityResolverType();
_identityResolverService = new QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(type);
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
_connectTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_READ_TIMEOUT);
@@ -259,10 +259,10 @@ public class OAuth2AuthenticationProviderImpl
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(getTlsCipherSuiteDenyList());
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
@@ -496,27 +496,27 @@ public class OAuth2AuthenticationProviderImpl
return identityResolverService == null ? null : identityResolverService.getDefaultScope(this); }
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
@Override
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
index ae9e724..d64c93c 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
@@ -95,10 +95,10 @@ public class CloudFoundryOAuth2IdentityResolverService implements OAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
index 3a1c8bd..11f1aea 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
@@ -98,10 +98,10 @@ public class FacebookIdentityResolverService implements OAuth2IdentityResolverSe
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
index e086ae6..afb3aea 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
@@ -104,10 +104,10 @@ public class GitHubOAuth2IdentityResolverService implements OAuth2IdentityResolv
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
index 03613d3..cb29f73 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
@@ -108,10 +108,10 @@ public class GoogleOAuth2IdentityResolverService implements OAuth2IdentityResolv
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
index 51a9bc6..6b4582d 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
@@ -108,10 +108,10 @@ public class KeycloakOAuth2IdentityResolverService implements OAuth2IdentityReso
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
index d2ce9c7..93a7940 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
@@ -96,10 +96,10 @@ public class MicrosoftLiveOAuth2IdentityResolverService implements OAuth2Identit
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
index fd1c5a0..7291cbe 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
@@ -52,11 +52,11 @@ public interface CloudFoundryDashboardManagementGroupProvider<X extends CloudFou
Map<String, String> getServiceToManagementGroupMapping();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
index 0e551d1..b26a397 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
@@ -20,10 +20,10 @@
*/
package org.apache.qpid.server.security.group.cloudfoundry;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -87,10 +87,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
@ManagedAttributeField
private Map<String, String> _serviceToManagementGroupMapping;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private int _connectTimeout;
private int _readTimeout;
@@ -104,10 +104,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
public void onOpen()
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
_connectTimeout = getContextValue(Integer.class, QPID_GROUPPROVIDER_CLOUDFOUNDRY_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class, QPID_GROUPPROVIDER_CLOUDFOUNDRY_READ_TIMEOUT);
}
@@ -207,10 +207,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(_tlsProtocolWhiteList)
- .setTlsProtocolBlackList(_tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(_tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(_tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolAllowList(_tlsProtocolAllowList)
+ .setTlsProtocolDenyList(_tlsProtocolDenyList)
+ .setTlsCipherSuiteAllowList(_tlsCipherSuiteAllowList)
+ .setTlsCipherSuiteDenyList(_tlsCipherSuiteDenyList);
LOGGER.debug("About to call CloudFoundryDashboardManagementEndpoint '{}'", cloudFoundryEndpoint);
connection = connectionBuilder.build();
@@ -288,27 +288,27 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
index 3e52716..747e0c4 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
@@ -349,9 +349,9 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
- SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
- if(port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolAllowList(), port.getTlsProtocolDenyList());
+ SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteAllowList(), port.getTlsCipherSuiteDenyList());
+ if(port.getTlsCipherSuiteAllowList() != null && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index dd581ca..1baec00 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -648,84 +648,84 @@ public class SSLUtil
}
public static void updateEnabledTlsProtocols(final SSLEngine engine,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
String[] filteredProtocols = filterEnabledProtocols(engine.getEnabledProtocols(),
engine.getSupportedProtocols(),
- protocolWhiteList,
- protocolBlackList);
+ protocolAllowList,
+ protocolDenyList);
engine.setEnabledProtocols(filteredProtocols);
}
public static void updateEnabledTlsProtocols(final SSLSocket socket,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
String[] filteredProtocols = filterEnabledProtocols(socket.getEnabledProtocols(),
socket.getSupportedProtocols(),
- protocolWhiteList,
- protocolBlackList);
+ protocolAllowList,
+ protocolDenyList);
socket.setEnabledProtocols(filteredProtocols);
}
public static String[] filterEnabledProtocols(final String[] enabledProtocols,
final String[] supportedProtocols,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
- return filterEntries(enabledProtocols, supportedProtocols, protocolWhiteList, protocolBlackList);
+ return filterEntries(enabledProtocols, supportedProtocols, protocolAllowList, protocolDenyList);
}
public static String[] filterEnabledCipherSuites(final String[] enabledCipherSuites,
final String[] supportedCipherSuites,
- final List<String> cipherSuiteWhiteList,
- final List<String> cipherSuiteBlackList)
+ final List<String> cipherSuiteAllowList,
+ final List<String> cipherSuiteDenyList)
{
- return filterEntries(enabledCipherSuites, supportedCipherSuites, cipherSuiteWhiteList, cipherSuiteBlackList);
+ return filterEntries(enabledCipherSuites, supportedCipherSuites, cipherSuiteAllowList, cipherSuiteDenyList);
}
public static void updateEnabledCipherSuites(final SSLEngine engine,
- final List<String> cipherSuitesWhiteList,
- final List<String> cipherSuitesBlackList)
+ final List<String> cipherSuitesAllowList,
+ final List<String> cipherSuitesDenyList)
{
String[] filteredCipherSuites = filterEntries(engine.getEnabledCipherSuites(),
engine.getSupportedCipherSuites(),
- cipherSuitesWhiteList,
- cipherSuitesBlackList);
+ cipherSuitesAllowList,
+ cipherSuitesDenyList);
engine.setEnabledCipherSuites(filteredCipherSuites);
}
public static void updateEnabledCipherSuites(final SSLSocket socket,
- final List<String> cipherSuitesWhiteList,
- final List<String> cipherSuitesBlackList)
+ final List<String> cipherSuitesAllowList,
+ final List<String> cipherSuitesDenyList)
{
String[] filteredCipherSuites = filterEntries(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites(),
- cipherSuitesWhiteList,
- cipherSuitesBlackList);
+ cipherSuitesAllowList,
+ cipherSuitesDenyList);
socket.setEnabledCipherSuites(filteredCipherSuites);
}
static String[] filterEntries(final String[] enabledEntries,
final String[] supportedEntries,
- final List<String> whiteList,
- final List<String> blackList)
+ final List<String> allowList,
+ final List<String> denyList)
{
List<String> filteredList;
- if (whiteList != null && !whiteList.isEmpty())
+ if (allowList != null && !allowList.isEmpty())
{
filteredList = new ArrayList<>();
List<String> supportedList = new ArrayList<>(Arrays.asList(supportedEntries));
- // the outer loop must be over the white list to preserve its order
- for (String whiteListedRegEx : whiteList)
+ // the outer loop must be over the allow list to preserve its order
+ for (String allowListedRegEx : allowList)
{
Iterator<String> supportedIter = supportedList.iterator();
while (supportedIter.hasNext())
{
String supportedEntry = supportedIter.next();
- if (supportedEntry.matches(whiteListedRegEx))
+ if (supportedEntry.matches(allowListedRegEx))
{
filteredList.add(supportedEntry);
supportedIter.remove();
@@ -738,14 +738,14 @@ public class SSLUtil
filteredList = new ArrayList<>(Arrays.asList(enabledEntries));
}
- if (blackList != null && !blackList.isEmpty())
+ if (denyList != null && !denyList.isEmpty())
{
- for (String blackListedRegEx : blackList)
+ for (String denyListedRegEx : denyList)
{
Iterator<String> entriesIter = filteredList.iterator();
while (entriesIter.hasNext())
{
- if (entriesIter.next().matches(blackListedRegEx))
+ if (entriesIter.next().matches(denyListedRegEx))
{
entriesIter.remove();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java b/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
index cbe5431..72abcc4 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
@@ -36,22 +36,22 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocketFactory
{
private final SSLSocketFactory _wrappedSocketFactory;
- private final List<String> _tlsCipherSuiteWhiteList;
- private final List<String> _tlsCipherSuiteBlackList;
- private final List<String> _tlsProtocolWhiteList;
- private final List<String> _tlsProtocolBlackList;
+ private final List<String> _tlsCipherSuiteAllowList;
+ private final List<String> _tlsCipherSuiteDenyList;
+ private final List<String> _tlsProtocolAllowList;
+ private final List<String> _tlsProtocolDenyList;
public CipherSuiteAndProtocolRestrictingSSLSocketFactory(final SSLSocketFactory wrappedSocketFactory,
- final List<String> tlsCipherSuiteWhiteList,
- final List<String> tlsCipherSuiteBlackList,
- final List<String> tlsProtocolWhiteList,
- final List<String> tlsProtocolBlackList)
+ final List<String> tlsCipherSuiteAllowList,
+ final List<String> tlsCipherSuiteDenyList,
+ final List<String> tlsProtocolAllowList,
+ final List<String> tlsProtocolDenyList)
{
_wrappedSocketFactory = wrappedSocketFactory;
- _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList == null ? null : new ArrayList<>(tlsCipherSuiteWhiteList);
- _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList == null ? null : new ArrayList<>(tlsCipherSuiteBlackList);
- _tlsProtocolWhiteList = tlsProtocolWhiteList == null ? null : new ArrayList<>(tlsProtocolWhiteList);
- _tlsProtocolBlackList = tlsProtocolBlackList == null ? null : new ArrayList<>(tlsProtocolBlackList);
+ _tlsCipherSuiteAllowList = tlsCipherSuiteAllowList == null ? null : new ArrayList<>(tlsCipherSuiteAllowList);
+ _tlsCipherSuiteDenyList = tlsCipherSuiteDenyList == null ? null : new ArrayList<>(tlsCipherSuiteDenyList);
+ _tlsProtocolAllowList = tlsProtocolAllowList == null ? null : new ArrayList<>(tlsProtocolAllowList);
+ _tlsProtocolDenyList = tlsProtocolDenyList == null ? null : new ArrayList<>(tlsProtocolDenyList);
}
@Override
@@ -59,8 +59,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
{
return SSLUtil.filterEnabledCipherSuites(_wrappedSocketFactory.getDefaultCipherSuites(),
_wrappedSocketFactory.getSupportedCipherSuites(),
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList);
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList);
}
@Override
@@ -74,8 +74,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
throws IOException
{
final SSLSocket newSocket = (SSLSocket) _wrappedSocketFactory.createSocket(socket, host, port, autoClose);
- SSLUtil.updateEnabledCipherSuites(newSocket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(newSocket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(newSocket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(newSocket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return newSocket;
}
@@ -83,8 +83,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
public Socket createSocket(final String host, final int port) throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -93,8 +93,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port, localhost, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -102,8 +102,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
public Socket createSocket(final InetAddress host, final int port) throws IOException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -115,8 +115,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
{
final SSLSocket socket =
(SSLSocket) _wrappedSocketFactory.createSocket(address, port, localAddress, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java b/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
index a418e76..bef39eb 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
@@ -48,10 +48,10 @@ public class ConnectionBuilder
private int _connectTimeout;
private int _readTimeout;
private TrustManager[] _trustMangers;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
public ConnectionBuilder(final URL url)
@@ -77,27 +77,27 @@ public class ConnectionBuilder
return this;
}
- public ConnectionBuilder setTlsProtocolWhiteList(final List<String> tlsProtocolWhiteList)
+ public ConnectionBuilder setTlsProtocolAllowList(final List<String> tlsProtocolAllowList)
{
- _tlsProtocolWhiteList = tlsProtocolWhiteList;
+ _tlsProtocolAllowList = tlsProtocolAllowList;
return this;
}
- public ConnectionBuilder setTlsProtocolBlackList(final List<String> tlsProtocolBlackList)
+ public ConnectionBuilder setTlsProtocolDenyList(final List<String> tlsProtocolDenyList)
{
- _tlsProtocolBlackList = tlsProtocolBlackList;
+ _tlsProtocolDenyList = tlsProtocolDenyList;
return this;
}
- public ConnectionBuilder setTlsCipherSuiteWhiteList(final List<String> tlsCipherSuiteWhiteList)
+ public ConnectionBuilder setTlsCipherSuiteAllowList(final List<String> tlsCipherSuiteAllowList)
{
- _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList;
+ _tlsCipherSuiteAllowList = tlsCipherSuiteAllowList;
return this;
}
- public ConnectionBuilder setTlsCipherSuiteBlackList(final List<String> tlsCipherSuiteBlackList)
+ public ConnectionBuilder setTlsCipherSuiteDenyList(final List<String> tlsCipherSuiteDenyList)
{
- _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList;
+ _tlsCipherSuiteDenyList = tlsCipherSuiteDenyList;
return this;
}
@@ -153,18 +153,18 @@ public class ConnectionBuilder
});
}
- if ((_tlsProtocolWhiteList != null && !_tlsProtocolWhiteList.isEmpty()) ||
- (_tlsProtocolBlackList != null && !_tlsProtocolBlackList.isEmpty()) ||
- (_tlsCipherSuiteWhiteList != null && !_tlsCipherSuiteWhiteList.isEmpty()) ||
- (_tlsCipherSuiteBlackList != null && !_tlsCipherSuiteBlackList.isEmpty()))
+ if ((_tlsProtocolAllowList != null && !_tlsProtocolAllowList.isEmpty()) ||
+ (_tlsProtocolDenyList != null && !_tlsProtocolDenyList.isEmpty()) ||
+ (_tlsCipherSuiteAllowList != null && !_tlsCipherSuiteAllowList.isEmpty()) ||
+ (_tlsCipherSuiteDenyList != null && !_tlsCipherSuiteDenyList.isEmpty()))
{
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
SSLSocketFactory originalSocketFactory = httpsConnection.getSSLSocketFactory();
httpsConnection.setSSLSocketFactory(new CipherSuiteAndProtocolRestrictingSSLSocketFactory(originalSocketFactory,
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList,
- _tlsProtocolWhiteList,
- _tlsProtocolBlackList));
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList,
+ _tlsProtocolAllowList,
+ _tlsProtocolDenyList));
}
return connection;
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
index f4e2cc6..43f13c0 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
@@ -63,18 +63,18 @@ class OAuth2MockEndpointHolder
final String keyStoreType) throws IOException
{
_endpoints = endpoints;
- final List<String> protocolWhiteList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT);
- final List<String> protocolBlackList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT);
- final List<String> cipherSuiteWhiteList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST,
- CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST_DEFAULT);
- final List<String> cipherSuiteBlackList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST,
- CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST_DEFAULT);
+ final List<String> protocolAllowList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST,
+ CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT);
+ final List<String> protocolDenyList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST,
+ CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT);
+ final List<String> cipherSuiteAllowList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST,
+ CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST_DEFAULT);
+ final List<String> cipherSuiteDenyList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST,
+ CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST_DEFAULT);
_server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server()
@@ -83,8 +83,8 @@ class OAuth2MockEndpointHolder
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- SSLUtil.updateEnabledCipherSuites(sslEngine, cipherSuiteWhiteList, cipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, protocolWhiteList, protocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(sslEngine, cipherSuiteAllowList, cipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(sslEngine, protocolAllowList, protocolDenyList);
}
};
sslContextFactory.setKeyStorePassword(keyStorePassword);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
index e7726c0..8e24610 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
@@ -274,10 +274,10 @@ public class TCPandSSLTransportTest extends UnitTestBase
when(port.getProtocolHandshakeTimeout()).thenReturn(AmqpPort.DEFAULT_PROTOCOL_HANDSHAKE_TIMEOUT);
ObjectMapper mapper = new ObjectMapper();
JavaType type = mapper.getTypeFactory().constructCollectionType(List.class, String.class);
- List<String> whiteList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST, type);
- List<String> blackList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST, type);
- when(port.getTlsProtocolBlackList()).thenReturn(blackList);
- when(port.getTlsProtocolWhiteList()).thenReturn(whiteList);
+ List<String> allowList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_ALLOW_LIST, type);
+ List<String> denyList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_DENY_LIST, type);
+ when(port.getTlsProtocolDenyList()).thenReturn(denyList);
+ when(port.getTlsProtocolAllowList()).thenReturn(allowList);
final Broker broker = mock(Broker.class);
when(broker.getEventLogger()).thenReturn(mock(EventLogger.class));
when(port.getParent()).thenReturn(broker);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 81d928a..9b97cdb 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -61,34 +61,34 @@ public class SSLUtilTest extends UnitTestBase
{
String[] enabled = {};
String[] supported = {};
- List<String> whiteList = Arrays.asList();
- List<String> blackList = Arrays.asList();
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ List<String> allowList = Arrays.asList();
+ List<String> denyList = Arrays.asList();
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertEquals("filtered list is not empty", (long) 0, (long) result.length);
}
@Test
- public void testFilterEntries_whiteListNotEmpty_blackListEmpty()
+ public void testFilterEntries_allowListNotEmpty_denyListEmpty()
{
- List<String> whiteList = Arrays.asList("TLSv1\\.[0-9]+");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("TLSv1\\.[0-9]+");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_whiteListEmpty_blackListNotEmpty()
+ public void testFilterEntries_allowListEmpty_denyListNotEmpty()
{
- List<String> whiteList = Arrays.asList();
- List<String> blackList = Arrays.asList("TLSv1\\.[0-9]+");
+ List<String> allowList = Arrays.asList();
+ List<String> denyList = Arrays.asList("TLSv1\\.[0-9]+");
String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLS"};
String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@@ -96,44 +96,44 @@ public class SSLUtilTest extends UnitTestBase
@Test
public void testFilterEntries_respectOrder()
{
- List<String> whiteList = Arrays.asList("b", "c", "a");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("b", "c", "a");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"x"};
String[] expected = {"b", "c", "a"};
String[] supported = {"x", "c", "a", "xx", "b", "xxx"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
// change order to make sure order was not correct by coincidence
- whiteList = Arrays.asList("c", "b", "a");
+ allowList = Arrays.asList("c", "b", "a");
expected = new String[]{"c", "b", "a"};
- result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_blackListAppliesToWhiteList()
+ public void testFilterEntries_denyListAppliesToAllowList()
{
- List<String> whiteList = Arrays.asList("a", "b");
- List<String> blackList = Arrays.asList("a");
+ List<String> allowList = Arrays.asList("a", "b");
+ List<String> denyList = Arrays.asList("a");
String[] enabled = {"a", "b", "c"};
String[] expected = {"b"};
String[] supported = {"a", "b", "c", "x"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_whiteListIgnoresEnabled()
+ public void testFilterEntries_allowListIgnoresEnabled()
{
- List<String> whiteList = Arrays.asList("b");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("b");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"a"};
String[] expected = {"b"};
String[] supported = {"a", "b", "x"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 987975f..2025cf2 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -674,19 +674,19 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- if (port.getTlsCipherSuiteWhiteList() != null
- && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ if (port.getTlsCipherSuiteAllowList() != null
+ && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
SSLUtil.updateEnabledCipherSuites(sslEngine,
- port.getTlsCipherSuiteWhiteList(),
- port.getTlsCipherSuiteBlackList());
+ port.getTlsCipherSuiteAllowList(),
+ port.getTlsCipherSuiteDenyList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
- port.getTlsProtocolWhiteList(),
- port.getTlsProtocolBlackList());
+ port.getTlsProtocolAllowList(),
+ port.getTlsProtocolDenyList());
}
};
factory.setSslContext(createSslContext(port));
diff --git a/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java b/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
index 7806851..810cc95 100644
--- a/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
+++ b/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
@@ -258,14 +258,14 @@ class WebSocketProvider implements AcceptingTransport
{
super.customize(sslEngine);
SSLUtil.updateEnabledCipherSuites(sslEngine,
- port.getTlsCipherSuiteWhiteList(),
- port.getTlsCipherSuiteBlackList());
+ port.getTlsCipherSuiteAllowList(),
+ port.getTlsCipherSuiteDenyList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
- port.getTlsProtocolWhiteList(),
- port.getTlsProtocolBlackList());
+ port.getTlsProtocolAllowList(),
+ port.getTlsProtocolDenyList());
- if (port.getTlsCipherSuiteWhiteList() != null
- && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ if (port.getTlsCipherSuiteAllowList() != null
+ && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
index 04cd4e1..b2c3e14 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
@@ -51,8 +51,8 @@ public interface ConnectionBuilder
ConnectionBuilder setOptions(Map<String, String> options);
ConnectionBuilder setPopulateJMSXUserID(boolean populateJMSXUserID);
ConnectionBuilder setMessageRedelivery(final boolean redelivery);
- ConnectionBuilder setDeserializationPolicyWhiteList(String whiteList);
- ConnectionBuilder setDeserializationPolicyBlackList(String blackList);
+ ConnectionBuilder setDeserializationPolicyAllowList(String allowList);
+ ConnectionBuilder setDeserializationPolicyDenyList(String denyList);
ConnectionBuilder setKeyStoreLocation(String keyStoreLocation);
ConnectionBuilder setKeyStorePassword(String keyStorePassword);
ConnectionBuilder setTrustStoreLocation(String trustStoreLocation);
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
index 3219582..c18a7bc 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
@@ -187,16 +187,16 @@ public class QpidJmsClient0xConnectionBuilder implements ConnectionBuilder
}
@Override
- public ConnectionBuilder setDeserializationPolicyWhiteList(final String whiteList)
+ public ConnectionBuilder setDeserializationPolicyAllowList(final String allowList)
{
- _options.put("objectMessageClassHierarchyWhiteList", whiteList);
+ _options.put("objectMessageClassHierarchyWhiteList", allowList);
return this;
}
@Override
- public ConnectionBuilder setDeserializationPolicyBlackList(final String blackList)
+ public ConnectionBuilder setDeserializationPolicyDenyList(final String denyList)
{
- _options.put("objectMessageClassHierarchyBlackList", blackList);
+ _options.put("objectMessageClassHierarchyBlackList", denyList);
return this;
}
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
index b7c0d6b..d75d006 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
@@ -203,14 +203,14 @@ public class QpidJmsClientConnectionBuilder implements ConnectionBuilder
}
@Override
- public ConnectionBuilder setDeserializationPolicyWhiteList(final String whiteList)
+ public ConnectionBuilder setDeserializationPolicyAllowList(final String allowList)
{
- _options.put("jms.deserializationPolicy.whiteList", whiteList);
+ _options.put("jms.deserializationPolicy.whiteList", allowList);
return this;
}
@Override
- public ConnectionBuilder setDeserializationPolicyBlackList(final String blackList)
+ public ConnectionBuilder setDeserializationPolicyDenyList(final String blackList)
{
_options.put("jms.deserializationPolicy.blackList", blackList);
return this;
diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
similarity index 84%
rename from systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java
rename to systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
index b468468..d032515 100644
--- a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java
+++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
@@ -42,7 +42,7 @@ import org.junit.Test;
import org.apache.qpid.systests.JmsTestBase;
-public class ObjectMessageClassWhitelistingTest extends JmsTestBase
+public class ObjectMessageClassAllowlistingTest extends JmsTestBase
{
private static final int TEST_VALUE = 37;
@@ -50,7 +50,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
public void testObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("*").build();
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("*").build();
try
{
c.start();
@@ -77,10 +77,10 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testNotWhiteListedByConnectionUrlObjectMessage() throws Exception
+ public void testNotAllowListedByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("org.apache.qpid").build();
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("org.apache.qpid").build();
try
{
c.start();
@@ -110,11 +110,11 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedClassByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
final Connection c =
- getConnectionBuilder().setDeserializationPolicyWhiteList("java.util.HashMap,java.lang").build();
+ getConnectionBuilder().setDeserializationPolicyAllowList("java.util.HashMap,java.lang").build();
try
{
c.start();
@@ -139,11 +139,11 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedClassByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("java")
- .setDeserializationPolicyBlackList("java.lang.Integer")
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("java")
+ .setDeserializationPolicyDenyList("java.lang.Integer")
.build();
try
{
@@ -175,14 +175,14 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c =
- getConnectionBuilder().setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
+ getConnectionBuilder().setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
.build();
try
{
- doTestWhiteListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
+ doTestAllowListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
}
finally
{
@@ -191,15 +191,15 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getPackage().getName())
- .setDeserializationPolicyBlackList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getPackage().getName())
+ .setDeserializationPolicyDenyList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
.build();
try
{
- doTestBlackListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
+ doTestDenyListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
}
finally
{
@@ -208,14 +208,14 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedNestedClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedNestedClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.NestedClass.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.NestedClass.class.getCanonicalName())
.build();
try
{
- doTestWhiteListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
+ doTestAllowListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
}
finally
{
@@ -224,15 +224,15 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedNestedClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedNestedClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
- .setDeserializationPolicyBlackList(NestedClass.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
+ .setDeserializationPolicyDenyList(NestedClass.class.getCanonicalName())
.build();
try
{
- doTestBlackListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
+ doTestDenyListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
}
finally
{
@@ -240,7 +240,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
}
- private void doTestWhiteListedEnclosedClassTest(Connection c, Serializable content) throws Exception
+ private void doTestAllowListedEnclosedClassTest(Connection c, Serializable content) throws Exception
{
Queue destination = createQueue(getTestName());
c.start();
@@ -260,7 +260,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
assertEquals("Received object has unexpected content", content, receivedObject);
}
- private void doTestBlackListedEnclosedClassTest(final Connection c, final Serializable content) throws Exception
+ private void doTestDenyListedEnclosedClassTest(final Connection c, final Serializable content) throws Exception
{
Queue destination = createQueue(getTestName());
c.start();
diff --git a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
index a70c3c9..deacb21 100644
--- a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
+++ b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
@@ -596,15 +596,14 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
{
_currentWorkDirectory =
Files.createTempDirectory(String.format("qpid-work-%d-%s-%s-",
- _id,
- testClass.getSimpleName(),
- timestamp))
- .toString();
+ _id,
+ testClass.getSimpleName(),
+ timestamp))
+ .toString();
String readyLogPattern = "BRK-1004 : Qpid Broker Ready";
LOGGER.debug("Spawning broker working folder: {}", _currentWorkDirectory);
-
int startUpTime = Integer.getInteger(SYSTEST_PROPERTY_SPAWN_BROKER_STARTUP_TIME, 30000);
LOGGER.debug("Spawning broker permitted start-up time: {}", startUpTime);
@@ -752,8 +751,8 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
List<String> jvmArguments = new ArrayList<>();
jvmArguments.add("java");
- jvmArguments.add("-cp");
- jvmArguments.add(classpath);
+// jvmArguments.add("-cp");
+// jvmArguments.add(classpath);
jvmArguments.add("-Djava.io.tmpdir=" + escape(System.getProperty("java.io.tmpdir")));
jvmArguments.add("-Dlogback.configurationFile=default-broker-logback.xml");
jvmArguments.add("-Dqpid.tests.mms.messagestore.persistence=true");
@@ -791,7 +790,9 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
String[] cmd = jvmArguments.toArray(new String[jvmArguments.size()]);
LOGGER.debug("command line:" + String.join(" ", jvmArguments));
- return new ProcessBuilder(cmd);
+ ProcessBuilder ps = new ProcessBuilder(cmd);
+ ps.environment().put("CLASSPATH", classpath);
+ return ps;
}
private String escape(String value)
@@ -849,16 +850,18 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
private void doWindowsKill()
{
- try
- {
-
- Process p;
- p = Runtime.getRuntime().exec(new String[]{"taskkill", "/PID", Integer.toString(_pid), "/T", "/F"});
- consumeAllOutput(p);
- }
- catch (IOException e)
+ if (_pid != null)
{
- LOGGER.error("Error whilst killing process " + _pid, e);
+ try
+ {
+ Process p;
+ p = Runtime.getRuntime().exec(new String[]{"taskkill", "/PID", Integer.toString(_pid), "/T", "/F"});
+ consumeAllOutput(p);
+ }
+ catch (IOException e)
+ {
+ LOGGER.error("Error whilst killing process " + _pid, e);
+ }
}
}
diff --git a/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java b/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
index d8e929b..d2694fe 100644
--- a/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
+++ b/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
@@ -34,10 +34,8 @@ import static org.junit.Assert.fail;
import static org.junit.Assume.assumeThat;
import java.io.File;
-import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
-import java.util.Arrays;
import javax.jms.Connection;
import javax.jms.DeliveryMode;
@@ -157,7 +155,8 @@ public class SpawnBrokerAdminTest extends UnitTestBase
@Test
public void afterTestClass() throws Exception
{
- try (SpawnBrokerAdmin admin = new SpawnBrokerAdmin())
+ SpawnBrokerAdmin admin = new SpawnBrokerAdmin();
+ try
{
admin.beforeTestClass(SpawnBrokerAdminTest.class);
admin.beforeTestMethod(SpawnBrokerAdminTest.class, getClass().getMethod("afterTestClass"));
@@ -180,6 +179,17 @@ public class SpawnBrokerAdminTest extends UnitTestBase
{
// pass
}
+ finally
+ {
+ admin = null;
+ }
+ }
+ finally
+ {
+ if (admin != null)
+ {
+ admin.close();
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org