You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/05/23 08:16:24 UTC
svn commit: r1745124 - in
/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server:
model/AbstractConfiguredObject.java model/adapter/BrokerAdapter.java
security/encryption/AESKeyFileEncrypter.java
Author: kwall
Date: Mon May 23 08:16:24 2016
New Revision: 1745124
URL: http://svn.apache.org/viewvc?rev=1745124&view=rev
Log:
QPID-7264: [Java Broker] Ensure secure derived attributes are encrypted too.
Also avoid a needless re-write configuration on Broker open when encryption feature is in use
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java?rev=1745124&r1=1745123&r2=1745124&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java Mon May 23 08:16:24 2016
@@ -1772,53 +1772,58 @@ public abstract class AbstractConfigured
@Override
public Map<String, Object> run()
{
- Map<String,Object> attributes = new LinkedHashMap<String, Object>();
+ Map<String,Object> attributes = new LinkedHashMap<>();
Map<String,Object> actualAttributes = getActualAttributes();
for(ConfiguredObjectAttribute<?,?> attr : _attributeTypes.values())
{
- if(attr.isPersisted())
+ if (attr.isPersisted() && !ID.equals(attr.getName()))
{
if(attr.isDerived())
{
- attributes.put(attr.getName(), getAttribute(attr.getName()));
+ Object value = getAttribute(attr.getName());
+ attributes.put(attr.getName(), toRecordedForm(attr, value));
}
else if(actualAttributes.containsKey(attr.getName()))
{
Object value = actualAttributes.get(attr.getName());
- if(value instanceof ConfiguredObject)
- {
- value = ((ConfiguredObject)value).getId();
- }
- if(attr.isSecure() && _encrypter != null && value != null)
- {
- if(value instanceof Collection || value instanceof Map)
- {
- ObjectMapper mapper = new ObjectMapper();
- try(StringWriter stringWriter = new StringWriter())
- {
- mapper.writeValue(stringWriter, value);
- value = _encrypter.encrypt(stringWriter.toString());
- }
- catch (IOException e)
- {
- throw new IllegalConfigurationException("Failure when encrypting a secret value", e);
- }
- }
- else
- {
- value = _encrypter.encrypt(value.toString());
- }
- }
- attributes.put(attr.getName(), value);
+ attributes.put(attr.getName(), toRecordedForm(attr, value));
}
}
}
- attributes.remove(ID);
return attributes;
}
});
}
+ public Object toRecordedForm(final ConfiguredObjectAttribute<?, ?> attr, Object value)
+ {
+ if(value instanceof ConfiguredObject)
+ {
+ value = ((ConfiguredObject)value).getId();
+ }
+ if(attr.isSecure() && _encrypter != null && value != null)
+ {
+ if(value instanceof Collection || value instanceof Map)
+ {
+ ObjectMapper mapper = new ObjectMapper();
+ try(StringWriter stringWriter = new StringWriter())
+ {
+ mapper.writeValue(stringWriter, value);
+ value = _encrypter.encrypt(stringWriter.toString());
+ }
+ catch (IOException e)
+ {
+ throw new IllegalConfigurationException("Failure when encrypting a secret value", e);
+ }
+ }
+ else
+ {
+ value = _encrypter.encrypt(value.toString());
+ }
+ }
+ return value;
+ }
+
@Override
public Map<String, UUID> getParents()
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1745124&r1=1745123&r2=1745124&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java Mon May 23 08:16:24 2016
@@ -40,6 +40,7 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
@@ -128,8 +129,9 @@ public class BrokerAdapter extends Abstr
@ManagedAttributeField
private int _housekeepingThreadCount;
- @ManagedAttributeField(afterSet = "postEncrypterProviderSet")
+ @ManagedAttributeField(beforeSet = "preEncrypterProviderSet", afterSet = "postEncrypterProviderSet")
private String _confidentialConfigurationEncryptionProvider;
+ private String _preConfidentialConfigurationEncryptionProvider;
private final boolean _virtualHostPropertiesNodeEnabled;
private Collection<BrokerLogger> _brokerLoggersToClose;
@@ -168,6 +170,7 @@ public class BrokerAdapter extends Abstr
final String encryptionProviderType = String.valueOf(attributes.get(CONFIDENTIAL_CONFIGURATION_ENCRYPTION_PROVIDER));
updateEncrypter(encryptionProviderType);
+ _confidentialConfigurationEncryptionProvider = encryptionProviderType;
}
_messagesDelivered = new StatisticsCounter("messages-delivered");
_dataDelivered = new StatisticsCounter("bytes-delivered");
@@ -939,10 +942,20 @@ public class BrokerAdapter extends Abstr
}
@SuppressWarnings("unused")
+ private void preEncrypterProviderSet()
+ {
+ _preConfidentialConfigurationEncryptionProvider = _confidentialConfigurationEncryptionProvider;
+ }
+
+ @SuppressWarnings("unused")
private void postEncrypterProviderSet()
{
- updateEncrypter(_confidentialConfigurationEncryptionProvider);
- forceUpdateAllSecureAttributes();
+ if (!Objects.equals(_preConfidentialConfigurationEncryptionProvider,
+ _confidentialConfigurationEncryptionProvider))
+ {
+ updateEncrypter(_confidentialConfigurationEncryptionProvider);
+ forceUpdateAllSecureAttributes();
+ }
}
@SuppressWarnings("unused")
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java?rev=1745124&r1=1745123&r2=1745124&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java Mon May 23 08:16:24 2016
@@ -103,7 +103,7 @@ class AESKeyFileEncrypter implements Con
}
catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e)
{
- throw new IllegalArgumentException("Unable to encrypt secret", e);
+ throw new IllegalArgumentException("Unable to decrypt secret", e);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org