You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/06/21 10:43:29 UTC
svn commit: r1749485 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/security/ doc/
doc/java-broker/src/docbkx/management/managing/
Author: lquack
Date: Tue Jun 21 10:43:28 2016
New Revision: 1749485
URL: http://svn.apache.org/viewvc?rev=1749485&view=rev
Log:
QPID-7291: [Java Broker, Documentation] Add documentation for SiteSpecific and ManagedPeerCertificate TrustStores
merged from trunk with:
$ svn merge -c 1749349,1749482 ^/qpid/java/trunk
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStore.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
qpid/java/branches/6.0.x/doc/ (props changed)
qpid/java/branches/6.0.x/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jun 21 10:43:28 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729
657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732465,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743982,1744012-1744013,1744046,1744123,1744157,1744276,1744403,1745424,1745450,1746140,1746273,1747526,1748723,1748818,1749399
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729
657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732465,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743982,1744012-1744013,1744046,1744123,1744157,1744276,1744403,1745424,1745450,1746140,1746273,1747526,1748723,1748818,1749349,1749399,1749482
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java?rev=1749485&r1=1749484&r2=1749485&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java Tue Jun 21 10:43:28 2016
@@ -29,7 +29,7 @@ import javax.net.ssl.TrustManager;
@ManagedObject( defaultType = "FileTrustStore" )
public interface TrustStore<X extends TrustStore<X>> extends ConfiguredObject<X>
{
- @ManagedAttribute( defaultValue = "false" )
+ @ManagedAttribute( defaultValue = "false", description = "If true the Trust Store will expose its certificates as a special artificial message source.")
boolean isExposedAsMessageSource();
@ManagedAttribute( defaultValue = "[]" )
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStore.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStore.java?rev=1749485&r1=1749484&r2=1749485&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStore.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStore.java Tue Jun 21 10:43:28 2016
@@ -30,25 +30,28 @@ import org.apache.qpid.server.model.Mana
import org.apache.qpid.server.model.Param;
import org.apache.qpid.server.model.TrustStore;
-@ManagedObject( category = false, type = ManagedPeerCertificateTrustStore.TYPE_NAME)
+@ManagedObject(category = false, type = ManagedPeerCertificateTrustStore.TYPE_NAME,
+ description = "Stores multiple PEM or DER encoded certificates in the broker configuration which the Trust Store will trust for secure connections (e.g., HTTPS or AMQPS)")
public interface ManagedPeerCertificateTrustStore<X extends ManagedPeerCertificateTrustStore<X>> extends TrustStore<X>
{
String TYPE_NAME = "ManagedCertificateStore";
- @ManagedAttribute( defaultValue = "true" )
+ @ManagedAttribute(defaultValue = "true")
boolean isExposedAsMessageSource();
- @ManagedAttribute( oversize = true, defaultValue = "[]" )
+ @ManagedAttribute(oversize = true, defaultValue = "[]", description = "List of base64 encoded representations of the ASN.1 DER encoded certificates")
List<Certificate> getStoredCertificates();
- @ManagedOperation
- void addCertificate(@Param(name="certificate") Certificate certificate);
+ @ManagedOperation(description = "Add a given certificate to the Trust Store")
+ void addCertificate(@Param(name = "certificate", description = "PEM or base64 encoded DER certificate to be added to the Trust Store")
+ Certificate certificate);
- @DerivedAttribute
+ @DerivedAttribute(description = "List of details about the certificates like validity dates, SANs, issuer and subject names, etc.")
List<CertificateDetails> getCertificateDetails();
- @ManagedOperation
- void removeCertificates(@Param(name="certificates") List<CertificateDetails> certificates);
+ @ManagedOperation(description = "Remove given certificates from the Trust Store.")
+ void removeCertificates(@Param(name = "certificates", description = "List of certificate details to be removed. The details should take the form given by the certificateDetails attribute")
+ List<CertificateDetails> certificates);
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java?rev=1749485&r1=1749484&r2=1749485&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java Tue Jun 21 10:43:28 2016
@@ -26,35 +26,36 @@ import org.apache.qpid.server.model.Mana
import org.apache.qpid.server.model.ManagedOperation;
import org.apache.qpid.server.model.TrustStore;
-@ManagedObject( category = false, type = "SiteSpecificTrustStore" )
+@ManagedObject(category = false, type = "SiteSpecificTrustStore",
+ description = "Obtains a SSL/TLS certificate from a given URL which the Trust Store will trust for secure connections (e.g., HTTPS or AMQPS)")
public interface SiteSpecificTrustStore<X extends SiteSpecificTrustStore<X>> extends TrustStore<X>
{
String CERTIFICATE = "certificate";
- @ManagedAttribute(immutable = true)
+ @ManagedAttribute(immutable = true, description = "The URL from which to obtain the trusted certificate. This must include the protocol and port. Example: https://example.com:443")
String getSiteUrl();
- @DerivedAttribute(persist = true)
+ @DerivedAttribute(persist = true, description = "The X.509 certificate obtained from the given URL as base64 encoded representation of the ASN.1 DER encoding")
String getCertificate();
- @DerivedAttribute
+ @DerivedAttribute(description = "The distinguished name of the issuer of the certificate or null if no issuer information is present")
String getCertificateIssuer();
- @DerivedAttribute
+ @DerivedAttribute(description = "The distinguished name of the subject of the certificate or null if no subject information is present")
String getCertificateSubject();
- @DerivedAttribute
+ @DerivedAttribute(description = "The serial number of the certificate assigned by the CA or null if no serial number is present")
String getCertificateSerialNumber();
- @DerivedAttribute
+ @DerivedAttribute(description = "A (possibly truncated) hex encoded representation of the signature. The bytes are separated by spaces. null if no signature information is present")
String getCertificateSignature();
- @DerivedAttribute
+ @DerivedAttribute(description = "The start date of the validity of the certificate")
String getCertificateValidFromDate();
- @DerivedAttribute
+ @DerivedAttribute(description = "The end date of the validity of the certificate")
String getCertificateValidUntilDate();
- @ManagedOperation
+ @ManagedOperation(description = "Re-download the certificate from the URL")
void refreshCertificate();
}
Propchange: qpid/java/branches/6.0.x/doc/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jun 21 10:43:28 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java/doc:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java/doc:805429-821809
/qpid/branches/qpid-2935/qpid/java/doc:1061302-1072333
-/qpid/java/trunk/doc:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-
1729657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743759-1743916,1744250
+/qpid/java/trunk/doc:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-
1729657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743759-1743916,1744250,1749349,1749482
/qpid/trunk/qpid/doc:796646-796653
Modified: qpid/java/branches/6.0.x/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml?rev=1749485&r1=1749484&r2=1749485&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml (original)
+++ qpid/java/branches/6.0.x/doc/java-broker/src/docbkx/management/managing/Java-Broker-Management-Managing-Truststores.xml Tue Jun 21 10:43:28 2016
@@ -31,14 +31,18 @@
<para>The following truststore types are supported. <itemizedlist>
<listitem>
<para><emphasis>File Trust Store</emphasis>. This type accepts the standard JKS
- truststore format undertood by Java and Java tools such as <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="${oracleKeytool}">keytool</link>.</para>
+ truststore format understood by Java and Java tools such as <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="${oracleKeytool}">keytool</link>.</para>
</listitem>
<listitem>
- <para><emphasis>Non Java Trust Store</emphasis>. A non java keystore accepts key
- material in PEM and DER file formats. </para>
+ <para><emphasis>Non Java Trust Store</emphasis>. A non java trust store accepts key
+ material in PEM and DER file formats. Either a path to the certificate on the server can be specified using the file:// protocol or the certificate can be uploaded with the data:// protocol</para>
</listitem>
<listitem>
- <para>TODO</para>
+ <para><emphasis>Managed Certificate Store</emphasis>. This type accepts key
+ material in PEM and DER file formats. Contrary to the Non Java Trust Store this store allows the user to add multiple certificates and stores them in the broker configuration.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Site Specific Trust Store</emphasis>. This type will download a certificate from the provided SSL/TLS enabled URL. Note that you must specify both the protocol and the port. Example: https://example.com:443</para>
</listitem>
</itemizedlist>
</para>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org