You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/07/30 09:50:57 UTC
[qpid-broker-j] 01/02: QPID-8455: [Broker-J] Use allow/deny list
terminology for existing attributes and context variables
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit f75463cfa1697a4824d19629d4fbf5ffde6ca1f5
Author: Dedeepya Tunga <de...@jpmchase.com>
AuthorDate: Fri Jul 17 18:34:45 2020 +0530
QPID-8455: [Broker-J] Use allow/deny list terminology for existing attributes and context variables
This closes #51
---
.../server/configuration/CommonProperties.java | 18 +++----
.../java/org/apache/qpid/server/model/Broker.java | 20 +++----
.../java/org/apache/qpid/server/model/Port.java | 10 ++--
.../qpid/server/model/port/AbstractPort.java | 32 +++++------
.../manager/SimpleLDAPAuthenticationManager.java | 8 +--
.../SimpleLDAPAuthenticationManagerImpl.java | 40 +++++++-------
.../oauth2/OAuth2AuthenticationProvider.java | 8 +--
.../oauth2/OAuth2AuthenticationProviderImpl.java | 40 +++++++-------
.../CloudFoundryOAuth2IdentityResolverService.java | 8 +--
.../facebook/FacebookIdentityResolverService.java | 8 +--
.../GitHubOAuth2IdentityResolverService.java | 8 +--
.../GoogleOAuth2IdentityResolverService.java | 8 +--
.../KeycloakOAuth2IdentityResolverService.java | 8 +--
...MicrosoftLiveOAuth2IdentityResolverService.java | 8 +--
...oudFoundryDashboardManagementGroupProvider.java | 8 +--
...oundryDashboardManagementGroupProviderImpl.java | 48 ++++++++---------
.../NonBlockingConnectionTLSDelegate.java | 6 +--
.../transport/network/security/ssl/SSLUtil.java | 62 +++++++++++-----------
...uiteAndProtocolRestrictingSSLSocketFactory.java | 48 ++++++++---------
.../apache/qpid/server/util/ConnectionBuilder.java | 40 +++++++-------
.../manager/oauth2/OAuth2MockEndpointHolder.java | 28 +++++-----
.../server/transport/TCPandSSLTransportTest.java | 8 +--
.../network/security/ssl/SSLUtilTest.java | 48 ++++++++---------
.../server/management/plugin/HttpManagement.java | 12 ++---
.../transport/websocket/WebSocketProvider.java | 12 ++---
.../apache/qpid/systests/ConnectionBuilder.java | 4 +-
.../systests/QpidJmsClient0xConnectionBuilder.java | 8 +--
.../systests/QpidJmsClientConnectionBuilder.java | 6 +--
...ava => ObjectMessageClassAllowlistingTest.java} | 50 ++++++++---------
.../qpid/systests/admin/SpawnBrokerAdmin.java | 37 +++++++------
.../qpid/systests/admin/SpawnBrokerAdminTest.java | 16 ++++--
31 files changed, 339 insertions(+), 326 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java b/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
index 600f985..f9517fe 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/configuration/CommonProperties.java
@@ -54,15 +54,15 @@ public class CommonProperties
public static final String IO_NETWORK_TRANSPORT_TIMEOUT_PROP_NAME = "qpid.io_network_transport_timeout";
public static final int IO_NETWORK_TRANSPORT_TIMEOUT_DEFAULT = 60000;
- public static final String QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST = "qpid.security.tls.protocolWhiteList";
- public static final String QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT = "TLSv1\\.[0-9]+";
- public static final String QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST = "qpid.security.tls.protocolBlackList";
- public static final String QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT = "TLSv1\\.[0-1]";
-
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST = "qpid.security.tls.cipherSuiteWhiteList";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST_DEFAULT = "";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST = "qpid.security.tls.cipherSuiteBlackList";
- public static final String QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST_DEFAULT = "";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST = "qpid.security.tls.protocolAllowList";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT = "TLSv1\\.[0-9]+";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_DENY_LIST = "qpid.security.tls.protocolDenyList";
+ public static final String QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT = "TLSv1\\.[0-1]";
+
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST = "qpid.security.tls.cipherSuiteAllowList";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST_DEFAULT = "";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST = "qpid.security.tls.cipherSuiteDenyList";
+ public static final String QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST_DEFAULT = "";
private static final String MANIFEST_HEADER_IMPLEMENTATION_BUILD = "Implementation-Build";
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java b/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
index 4e45159..53bd58f 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java
@@ -107,19 +107,19 @@ public interface Broker<X extends Broker<X>> extends ConfiguredObject<X>, EventL
@ManagedContextDefault(name = BROKER_MSG_AUTH)
boolean DEFAULT_BROKER_MSG_AUTH = false;
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST)
- String DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST =
- "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST)
+ String DEFAULT_SECURITY_TLS_PROTOCOL_ALLOW_LIST =
+ "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST)
- String DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST =
- "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST)
+ String DEFAULT_SECURITY_TLS_PROTOCOL_DENY_LIST =
+ "[\"" + CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT.replace("\\", "\\\\") + "\"]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST)
- String DEFAULT_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST = "[]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST)
+ String DEFAULT_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST = "[]";
- @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST)
- String DEFAULT_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST = "[]";
+ @ManagedContextDefault(name = CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST)
+ String DEFAULT_SECURITY_TLS_CIPHER_SUITE_DENY_LIST = "[]";
@ManagedContextDefault(name = QPID_DOCUMENTATION_URL)
String DEFAULT_DOCUMENTATION_URL = "http://qpid.apache.org/releases/qpid-broker-j-${qpid.version}/book/";
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
index 510d4d5..892bd78 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
@@ -31,7 +31,7 @@ import com.google.common.util.concurrent.ListenableFuture;
import org.apache.qpid.server.configuration.CommonProperties;
import org.apache.qpid.server.security.SubjectCreator;
-@ManagedContextDependency({CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST})
+@ManagedContextDependency({CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST})
@ManagedObject( description = Port.CLASS_DESCRIPTION, amqpName = "org.apache.qpid.Port")
public interface Port<X extends Port<X>> extends ConfiguredObject<X>
{
@@ -91,16 +91,16 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
Collection<TrustStore> getTrustStores();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
@ManagedAttribute(defaultValue = "*",
description = "The network interface this port binds to expressed as an IP address or a"
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
index a5fb3d2..6946120 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
@@ -83,11 +83,11 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
@ManagedAttributeField
private String _bindingAddress;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsProtocolAllowList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
public AbstractPort(Map<String, Object> attributes,
Container<?> container)
@@ -109,10 +109,10 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
protected void onOpen()
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
}
@Override
@@ -423,27 +423,27 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
@Override
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
index fe650f7..8229b49 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
@@ -105,15 +105,15 @@ public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticat
String getLoginConfigScope();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
index 46846a5..a575532 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
@@ -146,11 +146,11 @@ public class SimpleLDAPAuthenticationManagerImpl
@ManagedAttributeField
private String _loginConfigScope;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private AuthenticationResultCacher _authenticationResultCacher;
@@ -189,10 +189,10 @@ public class SimpleLDAPAuthenticationManagerImpl
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
Integer cacheMaxSize = getContextValue(Integer.class, AUTHENTICATION_CACHE_MAX_SIZE);
Long cacheExpirationTime = getContextValue(Long.class, AUTHENTICATION_CACHE_EXPIRATION_TIME);
@@ -577,10 +577,10 @@ public class SimpleLDAPAuthenticationManagerImpl
}
SSLSocketFactory sslSocketFactory = new CipherSuiteAndProtocolRestrictingSSLSocketFactory(sslContext.getSocketFactory(),
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList,
- _tlsProtocolWhiteList,
- _tlsProtocolBlackList);
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList,
+ _tlsProtocolAllowList,
+ _tlsProtocolDenyList);
Class<? extends AbstractLDAPSSLSocketFactory> clazz = LDAPSSLSocketFactoryGenerator.createSubClass(clazzName,
sslSocketFactory);
LOGGER.debug("Connection to Directory will use custom SSL socket factory : {}", clazz);
@@ -761,27 +761,27 @@ public class SimpleLDAPAuthenticationManagerImpl
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
private void closeSafely(InitialDirContext ctx)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
index 9cbbcdf..42341a1 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
@@ -103,16 +103,16 @@ public interface OAuth2AuthenticationProvider<T extends OAuth2AuthenticationProv
String getDefaultScope();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
int getConnectTimeout();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
index 6854bd5..094dbd8 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
@@ -106,11 +106,11 @@ public class OAuth2AuthenticationProviderImpl
private OAuth2IdentityResolverService _identityResolverService;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private int _connectTimeout;
private int _readTimeout;
@@ -130,10 +130,10 @@ public class OAuth2AuthenticationProviderImpl
super.onOpen();
String type = getIdentityResolverType();
_identityResolverService = new QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(type);
- _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
_connectTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_READ_TIMEOUT);
@@ -259,10 +259,10 @@ public class OAuth2AuthenticationProviderImpl
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(getTlsCipherSuiteDenyList());
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
@@ -496,27 +496,27 @@ public class OAuth2AuthenticationProviderImpl
return identityResolverService == null ? null : identityResolverService.getDefaultScope(this); }
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
@Override
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
index ae9e724..d64c93c 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
@@ -95,10 +95,10 @@ public class CloudFoundryOAuth2IdentityResolverService implements OAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
index 3a1c8bd..11f1aea 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
@@ -98,10 +98,10 @@ public class FacebookIdentityResolverService implements OAuth2IdentityResolverSe
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
index e086ae6..afb3aea 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
@@ -104,10 +104,10 @@ public class GitHubOAuth2IdentityResolverService implements OAuth2IdentityResolv
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
index 03613d3..cb29f73 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
@@ -108,10 +108,10 @@ public class GoogleOAuth2IdentityResolverService implements OAuth2IdentityResolv
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
index 51a9bc6..6b4582d 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/keycloak/KeycloakOAuth2IdentityResolverService.java
@@ -108,10 +108,10 @@ public class KeycloakOAuth2IdentityResolverService implements OAuth2IdentityReso
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
index d2ce9c7..93a7940 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
@@ -96,10 +96,10 @@ public class MicrosoftLiveOAuth2IdentityResolverService implements OAuth2Identit
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
- .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
- .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
- .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
+ connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList())
+ .setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList())
+ .setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList())
+ .setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
index fd1c5a0..7291cbe 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProvider.java
@@ -52,11 +52,11 @@ public interface CloudFoundryDashboardManagementGroupProvider<X extends CloudFou
Map<String, String> getServiceToManagementGroupMapping();
@DerivedAttribute
- List<String> getTlsProtocolWhiteList();
+ List<String> getTlsProtocolAllowList();
@DerivedAttribute
- List<String> getTlsProtocolBlackList();
+ List<String> getTlsProtocolDenyList();
@DerivedAttribute
- List<String> getTlsCipherSuiteWhiteList();
+ List<String> getTlsCipherSuiteAllowList();
@DerivedAttribute
- List<String> getTlsCipherSuiteBlackList();
+ List<String> getTlsCipherSuiteDenyList();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
index 0e551d1..b26a397 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/group/cloudfoundry/CloudFoundryDashboardManagementGroupProviderImpl.java
@@ -20,10 +20,10 @@
*/
package org.apache.qpid.server.security.group.cloudfoundry;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST;
+import static org.apache.qpid.server.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -87,10 +87,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
@ManagedAttributeField
private Map<String, String> _serviceToManagementGroupMapping;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
private int _connectTimeout;
private int _readTimeout;
@@ -104,10 +104,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
public void onOpen()
{
super.onOpen();
- _tlsProtocolWhiteList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- _tlsProtocolBlackList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- _tlsCipherSuiteWhiteList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- _tlsCipherSuiteBlackList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ _tlsProtocolAllowList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST);
+ _tlsProtocolDenyList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_DENY_LIST);
+ _tlsCipherSuiteAllowList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST);
+ _tlsCipherSuiteDenyList = getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST);
_connectTimeout = getContextValue(Integer.class, QPID_GROUPPROVIDER_CLOUDFOUNDRY_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class, QPID_GROUPPROVIDER_CLOUDFOUNDRY_READ_TIMEOUT);
}
@@ -207,10 +207,10 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(_tlsProtocolWhiteList)
- .setTlsProtocolBlackList(_tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(_tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(_tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolAllowList(_tlsProtocolAllowList)
+ .setTlsProtocolDenyList(_tlsProtocolDenyList)
+ .setTlsCipherSuiteAllowList(_tlsCipherSuiteAllowList)
+ .setTlsCipherSuiteDenyList(_tlsCipherSuiteDenyList);
LOGGER.debug("About to call CloudFoundryDashboardManagementEndpoint '{}'", cloudFoundryEndpoint);
connection = connectionBuilder.build();
@@ -288,27 +288,27 @@ public class CloudFoundryDashboardManagementGroupProviderImpl extends AbstractCo
}
@Override
- public List<String> getTlsProtocolWhiteList()
+ public List<String> getTlsProtocolAllowList()
{
- return _tlsProtocolWhiteList;
+ return _tlsProtocolAllowList;
}
@Override
- public List<String> getTlsProtocolBlackList()
+ public List<String> getTlsProtocolDenyList()
{
- return _tlsProtocolBlackList;
+ return _tlsProtocolDenyList;
}
@Override
- public List<String> getTlsCipherSuiteWhiteList()
+ public List<String> getTlsCipherSuiteAllowList()
{
- return _tlsCipherSuiteWhiteList;
+ return _tlsCipherSuiteAllowList;
}
@Override
- public List<String> getTlsCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteDenyList()
{
- return _tlsCipherSuiteBlackList;
+ return _tlsCipherSuiteDenyList;
}
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
index 3e52716..747e0c4 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
@@ -349,9 +349,9 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
- SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
- if(port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolAllowList(), port.getTlsProtocolDenyList());
+ SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteAllowList(), port.getTlsCipherSuiteDenyList());
+ if(port.getTlsCipherSuiteAllowList() != null && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index dd581ca..1baec00 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -648,84 +648,84 @@ public class SSLUtil
}
public static void updateEnabledTlsProtocols(final SSLEngine engine,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
String[] filteredProtocols = filterEnabledProtocols(engine.getEnabledProtocols(),
engine.getSupportedProtocols(),
- protocolWhiteList,
- protocolBlackList);
+ protocolAllowList,
+ protocolDenyList);
engine.setEnabledProtocols(filteredProtocols);
}
public static void updateEnabledTlsProtocols(final SSLSocket socket,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
String[] filteredProtocols = filterEnabledProtocols(socket.getEnabledProtocols(),
socket.getSupportedProtocols(),
- protocolWhiteList,
- protocolBlackList);
+ protocolAllowList,
+ protocolDenyList);
socket.setEnabledProtocols(filteredProtocols);
}
public static String[] filterEnabledProtocols(final String[] enabledProtocols,
final String[] supportedProtocols,
- final List<String> protocolWhiteList,
- final List<String> protocolBlackList)
+ final List<String> protocolAllowList,
+ final List<String> protocolDenyList)
{
- return filterEntries(enabledProtocols, supportedProtocols, protocolWhiteList, protocolBlackList);
+ return filterEntries(enabledProtocols, supportedProtocols, protocolAllowList, protocolDenyList);
}
public static String[] filterEnabledCipherSuites(final String[] enabledCipherSuites,
final String[] supportedCipherSuites,
- final List<String> cipherSuiteWhiteList,
- final List<String> cipherSuiteBlackList)
+ final List<String> cipherSuiteAllowList,
+ final List<String> cipherSuiteDenyList)
{
- return filterEntries(enabledCipherSuites, supportedCipherSuites, cipherSuiteWhiteList, cipherSuiteBlackList);
+ return filterEntries(enabledCipherSuites, supportedCipherSuites, cipherSuiteAllowList, cipherSuiteDenyList);
}
public static void updateEnabledCipherSuites(final SSLEngine engine,
- final List<String> cipherSuitesWhiteList,
- final List<String> cipherSuitesBlackList)
+ final List<String> cipherSuitesAllowList,
+ final List<String> cipherSuitesDenyList)
{
String[] filteredCipherSuites = filterEntries(engine.getEnabledCipherSuites(),
engine.getSupportedCipherSuites(),
- cipherSuitesWhiteList,
- cipherSuitesBlackList);
+ cipherSuitesAllowList,
+ cipherSuitesDenyList);
engine.setEnabledCipherSuites(filteredCipherSuites);
}
public static void updateEnabledCipherSuites(final SSLSocket socket,
- final List<String> cipherSuitesWhiteList,
- final List<String> cipherSuitesBlackList)
+ final List<String> cipherSuitesAllowList,
+ final List<String> cipherSuitesDenyList)
{
String[] filteredCipherSuites = filterEntries(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites(),
- cipherSuitesWhiteList,
- cipherSuitesBlackList);
+ cipherSuitesAllowList,
+ cipherSuitesDenyList);
socket.setEnabledCipherSuites(filteredCipherSuites);
}
static String[] filterEntries(final String[] enabledEntries,
final String[] supportedEntries,
- final List<String> whiteList,
- final List<String> blackList)
+ final List<String> allowList,
+ final List<String> denyList)
{
List<String> filteredList;
- if (whiteList != null && !whiteList.isEmpty())
+ if (allowList != null && !allowList.isEmpty())
{
filteredList = new ArrayList<>();
List<String> supportedList = new ArrayList<>(Arrays.asList(supportedEntries));
- // the outer loop must be over the white list to preserve its order
- for (String whiteListedRegEx : whiteList)
+ // the outer loop must be over the allow list to preserve its order
+ for (String allowListedRegEx : allowList)
{
Iterator<String> supportedIter = supportedList.iterator();
while (supportedIter.hasNext())
{
String supportedEntry = supportedIter.next();
- if (supportedEntry.matches(whiteListedRegEx))
+ if (supportedEntry.matches(allowListedRegEx))
{
filteredList.add(supportedEntry);
supportedIter.remove();
@@ -738,14 +738,14 @@ public class SSLUtil
filteredList = new ArrayList<>(Arrays.asList(enabledEntries));
}
- if (blackList != null && !blackList.isEmpty())
+ if (denyList != null && !denyList.isEmpty())
{
- for (String blackListedRegEx : blackList)
+ for (String denyListedRegEx : denyList)
{
Iterator<String> entriesIter = filteredList.iterator();
while (entriesIter.hasNext())
{
- if (entriesIter.next().matches(blackListedRegEx))
+ if (entriesIter.next().matches(denyListedRegEx))
{
entriesIter.remove();
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java b/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
index cbe5431..72abcc4 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/util/CipherSuiteAndProtocolRestrictingSSLSocketFactory.java
@@ -36,22 +36,22 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocketFactory
{
private final SSLSocketFactory _wrappedSocketFactory;
- private final List<String> _tlsCipherSuiteWhiteList;
- private final List<String> _tlsCipherSuiteBlackList;
- private final List<String> _tlsProtocolWhiteList;
- private final List<String> _tlsProtocolBlackList;
+ private final List<String> _tlsCipherSuiteAllowList;
+ private final List<String> _tlsCipherSuiteDenyList;
+ private final List<String> _tlsProtocolAllowList;
+ private final List<String> _tlsProtocolDenyList;
public CipherSuiteAndProtocolRestrictingSSLSocketFactory(final SSLSocketFactory wrappedSocketFactory,
- final List<String> tlsCipherSuiteWhiteList,
- final List<String> tlsCipherSuiteBlackList,
- final List<String> tlsProtocolWhiteList,
- final List<String> tlsProtocolBlackList)
+ final List<String> tlsCipherSuiteAllowList,
+ final List<String> tlsCipherSuiteDenyList,
+ final List<String> tlsProtocolAllowList,
+ final List<String> tlsProtocolDenyList)
{
_wrappedSocketFactory = wrappedSocketFactory;
- _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList == null ? null : new ArrayList<>(tlsCipherSuiteWhiteList);
- _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList == null ? null : new ArrayList<>(tlsCipherSuiteBlackList);
- _tlsProtocolWhiteList = tlsProtocolWhiteList == null ? null : new ArrayList<>(tlsProtocolWhiteList);
- _tlsProtocolBlackList = tlsProtocolBlackList == null ? null : new ArrayList<>(tlsProtocolBlackList);
+ _tlsCipherSuiteAllowList = tlsCipherSuiteAllowList == null ? null : new ArrayList<>(tlsCipherSuiteAllowList);
+ _tlsCipherSuiteDenyList = tlsCipherSuiteDenyList == null ? null : new ArrayList<>(tlsCipherSuiteDenyList);
+ _tlsProtocolAllowList = tlsProtocolAllowList == null ? null : new ArrayList<>(tlsProtocolAllowList);
+ _tlsProtocolDenyList = tlsProtocolDenyList == null ? null : new ArrayList<>(tlsProtocolDenyList);
}
@Override
@@ -59,8 +59,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
{
return SSLUtil.filterEnabledCipherSuites(_wrappedSocketFactory.getDefaultCipherSuites(),
_wrappedSocketFactory.getSupportedCipherSuites(),
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList);
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList);
}
@Override
@@ -74,8 +74,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
throws IOException
{
final SSLSocket newSocket = (SSLSocket) _wrappedSocketFactory.createSocket(socket, host, port, autoClose);
- SSLUtil.updateEnabledCipherSuites(newSocket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(newSocket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(newSocket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(newSocket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return newSocket;
}
@@ -83,8 +83,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
public Socket createSocket(final String host, final int port) throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -93,8 +93,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port, localhost, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -102,8 +102,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
public Socket createSocket(final InetAddress host, final int port) throws IOException
{
final SSLSocket socket = (SSLSocket) _wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
@@ -115,8 +115,8 @@ public class CipherSuiteAndProtocolRestrictingSSLSocketFactory extends SSLSocket
{
final SSLSocket socket =
(SSLSocket) _wrappedSocketFactory.createSocket(address, port, localAddress, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList, _tlsProtocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(socket, _tlsCipherSuiteAllowList, _tlsCipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolAllowList, _tlsProtocolDenyList);
return socket;
}
}
diff --git a/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java b/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
index a418e76..bef39eb 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
@@ -48,10 +48,10 @@ public class ConnectionBuilder
private int _connectTimeout;
private int _readTimeout;
private TrustManager[] _trustMangers;
- private List<String> _tlsProtocolWhiteList;
- private List<String> _tlsProtocolBlackList;
- private List<String> _tlsCipherSuiteWhiteList;
- private List<String> _tlsCipherSuiteBlackList;
+ private List<String> _tlsProtocolAllowList;
+ private List<String> _tlsProtocolDenyList;
+ private List<String> _tlsCipherSuiteAllowList;
+ private List<String> _tlsCipherSuiteDenyList;
public ConnectionBuilder(final URL url)
@@ -77,27 +77,27 @@ public class ConnectionBuilder
return this;
}
- public ConnectionBuilder setTlsProtocolWhiteList(final List<String> tlsProtocolWhiteList)
+ public ConnectionBuilder setTlsProtocolAllowList(final List<String> tlsProtocolAllowList)
{
- _tlsProtocolWhiteList = tlsProtocolWhiteList;
+ _tlsProtocolAllowList = tlsProtocolAllowList;
return this;
}
- public ConnectionBuilder setTlsProtocolBlackList(final List<String> tlsProtocolBlackList)
+ public ConnectionBuilder setTlsProtocolDenyList(final List<String> tlsProtocolDenyList)
{
- _tlsProtocolBlackList = tlsProtocolBlackList;
+ _tlsProtocolDenyList = tlsProtocolDenyList;
return this;
}
- public ConnectionBuilder setTlsCipherSuiteWhiteList(final List<String> tlsCipherSuiteWhiteList)
+ public ConnectionBuilder setTlsCipherSuiteAllowList(final List<String> tlsCipherSuiteAllowList)
{
- _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList;
+ _tlsCipherSuiteAllowList = tlsCipherSuiteAllowList;
return this;
}
- public ConnectionBuilder setTlsCipherSuiteBlackList(final List<String> tlsCipherSuiteBlackList)
+ public ConnectionBuilder setTlsCipherSuiteDenyList(final List<String> tlsCipherSuiteDenyList)
{
- _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList;
+ _tlsCipherSuiteDenyList = tlsCipherSuiteDenyList;
return this;
}
@@ -153,18 +153,18 @@ public class ConnectionBuilder
});
}
- if ((_tlsProtocolWhiteList != null && !_tlsProtocolWhiteList.isEmpty()) ||
- (_tlsProtocolBlackList != null && !_tlsProtocolBlackList.isEmpty()) ||
- (_tlsCipherSuiteWhiteList != null && !_tlsCipherSuiteWhiteList.isEmpty()) ||
- (_tlsCipherSuiteBlackList != null && !_tlsCipherSuiteBlackList.isEmpty()))
+ if ((_tlsProtocolAllowList != null && !_tlsProtocolAllowList.isEmpty()) ||
+ (_tlsProtocolDenyList != null && !_tlsProtocolDenyList.isEmpty()) ||
+ (_tlsCipherSuiteAllowList != null && !_tlsCipherSuiteAllowList.isEmpty()) ||
+ (_tlsCipherSuiteDenyList != null && !_tlsCipherSuiteDenyList.isEmpty()))
{
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
SSLSocketFactory originalSocketFactory = httpsConnection.getSSLSocketFactory();
httpsConnection.setSSLSocketFactory(new CipherSuiteAndProtocolRestrictingSSLSocketFactory(originalSocketFactory,
- _tlsCipherSuiteWhiteList,
- _tlsCipherSuiteBlackList,
- _tlsProtocolWhiteList,
- _tlsProtocolBlackList));
+ _tlsCipherSuiteAllowList,
+ _tlsCipherSuiteDenyList,
+ _tlsProtocolAllowList,
+ _tlsProtocolDenyList));
}
return connection;
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
index f4e2cc6..43f13c0 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
@@ -63,18 +63,18 @@ class OAuth2MockEndpointHolder
final String keyStoreType) throws IOException
{
_endpoints = endpoints;
- final List<String> protocolWhiteList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT);
- final List<String> protocolBlackList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT);
- final List<String> cipherSuiteWhiteList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST,
- CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST_DEFAULT);
- final List<String> cipherSuiteBlackList =
- getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST,
- CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST_DEFAULT);
+ final List<String> protocolAllowList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST,
+ CommonProperties.QPID_SECURITY_TLS_PROTOCOL_ALLOW_LIST_DEFAULT);
+ final List<String> protocolDenyList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST,
+ CommonProperties.QPID_SECURITY_TLS_PROTOCOL_DENY_LIST_DEFAULT);
+ final List<String> cipherSuiteAllowList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST,
+ CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_ALLOW_LIST_DEFAULT);
+ final List<String> cipherSuiteDenyList =
+ getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST,
+ CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_DENY_LIST_DEFAULT);
_server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server()
@@ -83,8 +83,8 @@ class OAuth2MockEndpointHolder
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- SSLUtil.updateEnabledCipherSuites(sslEngine, cipherSuiteWhiteList, cipherSuiteBlackList);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, protocolWhiteList, protocolBlackList);
+ SSLUtil.updateEnabledCipherSuites(sslEngine, cipherSuiteAllowList, cipherSuiteDenyList);
+ SSLUtil.updateEnabledTlsProtocols(sslEngine, protocolAllowList, protocolDenyList);
}
};
sslContextFactory.setKeyStorePassword(keyStorePassword);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
index e7726c0..8e24610 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
@@ -274,10 +274,10 @@ public class TCPandSSLTransportTest extends UnitTestBase
when(port.getProtocolHandshakeTimeout()).thenReturn(AmqpPort.DEFAULT_PROTOCOL_HANDSHAKE_TIMEOUT);
ObjectMapper mapper = new ObjectMapper();
JavaType type = mapper.getTypeFactory().constructCollectionType(List.class, String.class);
- List<String> whiteList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST, type);
- List<String> blackList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST, type);
- when(port.getTlsProtocolBlackList()).thenReturn(blackList);
- when(port.getTlsProtocolWhiteList()).thenReturn(whiteList);
+ List<String> allowList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_ALLOW_LIST, type);
+ List<String> denyList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_DENY_LIST, type);
+ when(port.getTlsProtocolDenyList()).thenReturn(denyList);
+ when(port.getTlsProtocolAllowList()).thenReturn(allowList);
final Broker broker = mock(Broker.class);
when(broker.getEventLogger()).thenReturn(mock(EventLogger.class));
when(port.getParent()).thenReturn(broker);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 81d928a..9b97cdb 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -61,34 +61,34 @@ public class SSLUtilTest extends UnitTestBase
{
String[] enabled = {};
String[] supported = {};
- List<String> whiteList = Arrays.asList();
- List<String> blackList = Arrays.asList();
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ List<String> allowList = Arrays.asList();
+ List<String> denyList = Arrays.asList();
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertEquals("filtered list is not empty", (long) 0, (long) result.length);
}
@Test
- public void testFilterEntries_whiteListNotEmpty_blackListEmpty()
+ public void testFilterEntries_allowListNotEmpty_denyListEmpty()
{
- List<String> whiteList = Arrays.asList("TLSv1\\.[0-9]+");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("TLSv1\\.[0-9]+");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_whiteListEmpty_blackListNotEmpty()
+ public void testFilterEntries_allowListEmpty_denyListNotEmpty()
{
- List<String> whiteList = Arrays.asList();
- List<String> blackList = Arrays.asList("TLSv1\\.[0-9]+");
+ List<String> allowList = Arrays.asList();
+ List<String> denyList = Arrays.asList("TLSv1\\.[0-9]+");
String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLS"};
String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@@ -96,44 +96,44 @@ public class SSLUtilTest extends UnitTestBase
@Test
public void testFilterEntries_respectOrder()
{
- List<String> whiteList = Arrays.asList("b", "c", "a");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("b", "c", "a");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"x"};
String[] expected = {"b", "c", "a"};
String[] supported = {"x", "c", "a", "xx", "b", "xxx"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
// change order to make sure order was not correct by coincidence
- whiteList = Arrays.asList("c", "b", "a");
+ allowList = Arrays.asList("c", "b", "a");
expected = new String[]{"c", "b", "a"};
- result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_blackListAppliesToWhiteList()
+ public void testFilterEntries_denyListAppliesToAllowList()
{
- List<String> whiteList = Arrays.asList("a", "b");
- List<String> blackList = Arrays.asList("a");
+ List<String> allowList = Arrays.asList("a", "b");
+ List<String> denyList = Arrays.asList("a");
String[] enabled = {"a", "b", "c"};
String[] expected = {"b"};
String[] supported = {"a", "b", "c", "x"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
@Test
- public void testFilterEntries_whiteListIgnoresEnabled()
+ public void testFilterEntries_allowListIgnoresEnabled()
{
- List<String> whiteList = Arrays.asList("b");
- List<String> blackList = Collections.emptyList();
+ List<String> allowList = Arrays.asList("b");
+ List<String> denyList = Collections.emptyList();
String[] enabled = {"a"};
String[] expected = {"b"};
String[] supported = {"a", "b", "x"};
- String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
+ String[] result = SSLUtil.filterEntries(enabled, supported, allowList, denyList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 987975f..2025cf2 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -674,19 +674,19 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- if (port.getTlsCipherSuiteWhiteList() != null
- && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ if (port.getTlsCipherSuiteAllowList() != null
+ && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
SSLUtil.updateEnabledCipherSuites(sslEngine,
- port.getTlsCipherSuiteWhiteList(),
- port.getTlsCipherSuiteBlackList());
+ port.getTlsCipherSuiteAllowList(),
+ port.getTlsCipherSuiteDenyList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
- port.getTlsProtocolWhiteList(),
- port.getTlsProtocolBlackList());
+ port.getTlsProtocolAllowList(),
+ port.getTlsProtocolDenyList());
}
};
factory.setSslContext(createSslContext(port));
diff --git a/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java b/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
index 7806851..810cc95 100644
--- a/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
+++ b/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
@@ -258,14 +258,14 @@ class WebSocketProvider implements AcceptingTransport
{
super.customize(sslEngine);
SSLUtil.updateEnabledCipherSuites(sslEngine,
- port.getTlsCipherSuiteWhiteList(),
- port.getTlsCipherSuiteBlackList());
+ port.getTlsCipherSuiteAllowList(),
+ port.getTlsCipherSuiteDenyList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
- port.getTlsProtocolWhiteList(),
- port.getTlsProtocolBlackList());
+ port.getTlsProtocolAllowList(),
+ port.getTlsProtocolDenyList());
- if (port.getTlsCipherSuiteWhiteList() != null
- && !port.getTlsCipherSuiteWhiteList().isEmpty())
+ if (port.getTlsCipherSuiteAllowList() != null
+ && !port.getTlsCipherSuiteAllowList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
index 04cd4e1..b2c3e14 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
@@ -51,8 +51,8 @@ public interface ConnectionBuilder
ConnectionBuilder setOptions(Map<String, String> options);
ConnectionBuilder setPopulateJMSXUserID(boolean populateJMSXUserID);
ConnectionBuilder setMessageRedelivery(final boolean redelivery);
- ConnectionBuilder setDeserializationPolicyWhiteList(String whiteList);
- ConnectionBuilder setDeserializationPolicyBlackList(String blackList);
+ ConnectionBuilder setDeserializationPolicyAllowList(String allowList);
+ ConnectionBuilder setDeserializationPolicyDenyList(String denyList);
ConnectionBuilder setKeyStoreLocation(String keyStoreLocation);
ConnectionBuilder setKeyStorePassword(String keyStorePassword);
ConnectionBuilder setTrustStoreLocation(String trustStoreLocation);
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
index 3219582..c18a7bc 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
@@ -187,16 +187,16 @@ public class QpidJmsClient0xConnectionBuilder implements ConnectionBuilder
}
@Override
- public ConnectionBuilder setDeserializationPolicyWhiteList(final String whiteList)
+ public ConnectionBuilder setDeserializationPolicyAllowList(final String allowList)
{
- _options.put("objectMessageClassHierarchyWhiteList", whiteList);
+ _options.put("objectMessageClassHierarchyWhiteList", allowList);
return this;
}
@Override
- public ConnectionBuilder setDeserializationPolicyBlackList(final String blackList)
+ public ConnectionBuilder setDeserializationPolicyDenyList(final String denyList)
{
- _options.put("objectMessageClassHierarchyBlackList", blackList);
+ _options.put("objectMessageClassHierarchyBlackList", denyList);
return this;
}
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
index b7c0d6b..d75d006 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
@@ -203,14 +203,14 @@ public class QpidJmsClientConnectionBuilder implements ConnectionBuilder
}
@Override
- public ConnectionBuilder setDeserializationPolicyWhiteList(final String whiteList)
+ public ConnectionBuilder setDeserializationPolicyAllowList(final String allowList)
{
- _options.put("jms.deserializationPolicy.whiteList", whiteList);
+ _options.put("jms.deserializationPolicy.whiteList", allowList);
return this;
}
@Override
- public ConnectionBuilder setDeserializationPolicyBlackList(final String blackList)
+ public ConnectionBuilder setDeserializationPolicyDenyList(final String blackList)
{
_options.put("jms.deserializationPolicy.blackList", blackList);
return this;
diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
similarity index 84%
rename from systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java
rename to systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
index b468468..d032515 100644
--- a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassWhitelistingTest.java
+++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/message/ObjectMessageClassAllowlistingTest.java
@@ -42,7 +42,7 @@ import org.junit.Test;
import org.apache.qpid.systests.JmsTestBase;
-public class ObjectMessageClassWhitelistingTest extends JmsTestBase
+public class ObjectMessageClassAllowlistingTest extends JmsTestBase
{
private static final int TEST_VALUE = 37;
@@ -50,7 +50,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
public void testObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("*").build();
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("*").build();
try
{
c.start();
@@ -77,10 +77,10 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testNotWhiteListedByConnectionUrlObjectMessage() throws Exception
+ public void testNotAllowListedByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("org.apache.qpid").build();
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("org.apache.qpid").build();
try
{
c.start();
@@ -110,11 +110,11 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedClassByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
final Connection c =
- getConnectionBuilder().setDeserializationPolicyWhiteList("java.util.HashMap,java.lang").build();
+ getConnectionBuilder().setDeserializationPolicyAllowList("java.util.HashMap,java.lang").build();
try
{
c.start();
@@ -139,11 +139,11 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedClassByConnectionUrlObjectMessage() throws Exception
{
Queue destination = createQueue(getTestName());
- final Connection c = getConnectionBuilder().setDeserializationPolicyWhiteList("java")
- .setDeserializationPolicyBlackList("java.lang.Integer")
+ final Connection c = getConnectionBuilder().setDeserializationPolicyAllowList("java")
+ .setDeserializationPolicyDenyList("java.lang.Integer")
.build();
try
{
@@ -175,14 +175,14 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c =
- getConnectionBuilder().setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
+ getConnectionBuilder().setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
.build();
try
{
- doTestWhiteListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
+ doTestAllowListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
}
finally
{
@@ -191,15 +191,15 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedAnonymousClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getPackage().getName())
- .setDeserializationPolicyBlackList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getPackage().getName())
+ .setDeserializationPolicyDenyList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
.build();
try
{
- doTestBlackListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
+ doTestDenyListedEnclosedClassTest(c, createAnonymousObject(TEST_VALUE));
}
finally
{
@@ -208,14 +208,14 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testWhiteListedNestedClassByConnectionUrlObjectMessage() throws Exception
+ public void testAllowListedNestedClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.NestedClass.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.NestedClass.class.getCanonicalName())
.build();
try
{
- doTestWhiteListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
+ doTestAllowListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
}
finally
{
@@ -224,15 +224,15 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
@Test
- public void testBlackListedNestedClassByConnectionUrlObjectMessage() throws Exception
+ public void testDenyListedNestedClassByConnectionUrlObjectMessage() throws Exception
{
final Connection c = getConnectionBuilder()
- .setDeserializationPolicyWhiteList(ObjectMessageClassWhitelistingTest.class.getCanonicalName())
- .setDeserializationPolicyBlackList(NestedClass.class.getCanonicalName())
+ .setDeserializationPolicyAllowList(ObjectMessageClassAllowlistingTest.class.getCanonicalName())
+ .setDeserializationPolicyDenyList(NestedClass.class.getCanonicalName())
.build();
try
{
- doTestBlackListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
+ doTestDenyListedEnclosedClassTest(c, new NestedClass(TEST_VALUE));
}
finally
{
@@ -240,7 +240,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
}
}
- private void doTestWhiteListedEnclosedClassTest(Connection c, Serializable content) throws Exception
+ private void doTestAllowListedEnclosedClassTest(Connection c, Serializable content) throws Exception
{
Queue destination = createQueue(getTestName());
c.start();
@@ -260,7 +260,7 @@ public class ObjectMessageClassWhitelistingTest extends JmsTestBase
assertEquals("Received object has unexpected content", content, receivedObject);
}
- private void doTestBlackListedEnclosedClassTest(final Connection c, final Serializable content) throws Exception
+ private void doTestDenyListedEnclosedClassTest(final Connection c, final Serializable content) throws Exception
{
Queue destination = createQueue(getTestName());
c.start();
diff --git a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
index a70c3c9..deacb21 100644
--- a/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
+++ b/systests/qpid-systests-spawn-admin/src/main/java/org/apache/qpid/systests/admin/SpawnBrokerAdmin.java
@@ -596,15 +596,14 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
{
_currentWorkDirectory =
Files.createTempDirectory(String.format("qpid-work-%d-%s-%s-",
- _id,
- testClass.getSimpleName(),
- timestamp))
- .toString();
+ _id,
+ testClass.getSimpleName(),
+ timestamp))
+ .toString();
String readyLogPattern = "BRK-1004 : Qpid Broker Ready";
LOGGER.debug("Spawning broker working folder: {}", _currentWorkDirectory);
-
int startUpTime = Integer.getInteger(SYSTEST_PROPERTY_SPAWN_BROKER_STARTUP_TIME, 30000);
LOGGER.debug("Spawning broker permitted start-up time: {}", startUpTime);
@@ -752,8 +751,8 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
List<String> jvmArguments = new ArrayList<>();
jvmArguments.add("java");
- jvmArguments.add("-cp");
- jvmArguments.add(classpath);
+// jvmArguments.add("-cp");
+// jvmArguments.add(classpath);
jvmArguments.add("-Djava.io.tmpdir=" + escape(System.getProperty("java.io.tmpdir")));
jvmArguments.add("-Dlogback.configurationFile=default-broker-logback.xml");
jvmArguments.add("-Dqpid.tests.mms.messagestore.persistence=true");
@@ -791,7 +790,9 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
String[] cmd = jvmArguments.toArray(new String[jvmArguments.size()]);
LOGGER.debug("command line:" + String.join(" ", jvmArguments));
- return new ProcessBuilder(cmd);
+ ProcessBuilder ps = new ProcessBuilder(cmd);
+ ps.environment().put("CLASSPATH", classpath);
+ return ps;
}
private String escape(String value)
@@ -849,16 +850,18 @@ public class SpawnBrokerAdmin implements BrokerAdmin, Closeable
private void doWindowsKill()
{
- try
- {
-
- Process p;
- p = Runtime.getRuntime().exec(new String[]{"taskkill", "/PID", Integer.toString(_pid), "/T", "/F"});
- consumeAllOutput(p);
- }
- catch (IOException e)
+ if (_pid != null)
{
- LOGGER.error("Error whilst killing process " + _pid, e);
+ try
+ {
+ Process p;
+ p = Runtime.getRuntime().exec(new String[]{"taskkill", "/PID", Integer.toString(_pid), "/T", "/F"});
+ consumeAllOutput(p);
+ }
+ catch (IOException e)
+ {
+ LOGGER.error("Error whilst killing process " + _pid, e);
+ }
}
}
diff --git a/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java b/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
index d8e929b..d2694fe 100644
--- a/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
+++ b/systests/qpid-systests-spawn-admin/src/test/java/org/apache/qpid/systests/admin/SpawnBrokerAdminTest.java
@@ -34,10 +34,8 @@ import static org.junit.Assert.fail;
import static org.junit.Assume.assumeThat;
import java.io.File;
-import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
-import java.util.Arrays;
import javax.jms.Connection;
import javax.jms.DeliveryMode;
@@ -157,7 +155,8 @@ public class SpawnBrokerAdminTest extends UnitTestBase
@Test
public void afterTestClass() throws Exception
{
- try (SpawnBrokerAdmin admin = new SpawnBrokerAdmin())
+ SpawnBrokerAdmin admin = new SpawnBrokerAdmin();
+ try
{
admin.beforeTestClass(SpawnBrokerAdminTest.class);
admin.beforeTestMethod(SpawnBrokerAdminTest.class, getClass().getMethod("afterTestClass"));
@@ -180,6 +179,17 @@ public class SpawnBrokerAdminTest extends UnitTestBase
{
// pass
}
+ finally
+ {
+ admin = null;
+ }
+ }
+ finally
+ {
+ if (admin != null)
+ {
+ admin.close();
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org