You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/02/16 18:06:44 UTC
svn commit: r1730717 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/model/port/
broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/
...
Author: kwall
Date: Tue Feb 16 17:06:44 2016
New Revision: 1730717
URL: http://svn.apache.org/viewvc?rev=1730717&view=rev
Log:
QPID-7056: [Java Broker] Expose TLS protocol/cipher suites as derived attributes only and materialise context vars once per lifecycle
Merged from trunk with command:
svn merge -c 1730712 ^/qpid/java/trunk
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java
qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 16 17:06:44 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730713
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java Tue Feb 16 17:06:44 2016
@@ -2844,14 +2844,15 @@ public abstract class AbstractConfigured
public Object invoke(final Object proxy, final Method method, final Object[] args) throws Throwable
{
- if(method.isAnnotationPresent(ManagedAttribute.class))
+ ConfiguredObjectAttribute attribute = getAttributeFromMethod(method);
+
+ if(attribute != null && attribute.isAutomated())
{
- ConfiguredObjectAttribute attribute = getAttributeFromMethod(method);
return getValue(attribute);
}
else if(method.getName().equals("getAttribute") && args != null && args.length == 1 && args[0] instanceof String)
{
- ConfiguredObjectAttribute attribute = _attributeTypes.get((String)args[0]);
+ attribute = _attributeTypes.get((String)args[0]);
if(attribute != null)
{
return getValue(attribute);
@@ -2865,6 +2866,10 @@ public abstract class AbstractConfigured
{
return Collections.unmodifiableMap(_attributes);
}
+ else if(method.getName().equals("toString") && (args == null || args.length == 0))
+ {
+ return "ValidationProxy{" + getCategoryClass().getSimpleName() + "/" + getType() + "}";
+ }
else
{
throw new UnsupportedOperationException(
@@ -2898,15 +2903,27 @@ public abstract class AbstractConfigured
private ConfiguredObjectAttribute getAttributeFromMethod(final Method method)
{
- for(ConfiguredObjectAttribute attribute : _attributeTypes.values())
+ if(!Modifier.isStatic(method.getModifiers()) && method.getParameterTypes().length==0)
{
- if((attribute instanceof ConfiguredObjectMethodAttribute) && ((ConfiguredObjectMethodAttribute)attribute).getGetter().getName().equals(method.getName())
- && !Modifier.isStatic(method.getModifiers()))
+ for(ConfiguredObjectAttribute attribute : _attributeTypes.values())
{
- return attribute;
+ if((attribute instanceof ConfiguredObjectMethodAttribute) && ((ConfiguredObjectMethodAttribute)attribute).getGetter().getName().equals(method.getName()))
+ {
+ return attribute;
+ }
}
}
- throw new ServerScopedRuntimeException("Unable to find attribute definition for method " + method.getName());
+ return null;
+ }
+
+ protected String getType()
+ {
+ return _configuredObject.getType();
+ }
+
+ protected Class<? extends ConfiguredObject> getCategoryClass()
+ {
+ return _configuredObject.getCategoryClass();
}
}
@@ -2915,6 +2932,7 @@ public abstract class AbstractConfigured
private final Class<? extends ConfiguredObject> _category;
private final Map<Class<? extends ConfiguredObject>, ConfiguredObject<?>> _parents;
private final ConfiguredObject<?> _parent ;
+ private Map<String, Object> _attributes;
AuthorisationProxyInvocationHandler(Map<String, Object> attributes,
Map<String, ConfiguredObjectAttribute<?, ?>> attributeTypes,
@@ -2926,6 +2944,7 @@ public abstract class AbstractConfigured
_parent = parent;
_category = categoryClass;
_parents = new HashMap<>();
+ _attributes = attributes;
if (parents != null)
{
for (ConfiguredObject<?> parentObject : parents)
@@ -2956,6 +2975,18 @@ public abstract class AbstractConfigured
{
return attribute.convert(value, _parent);
}
+
+ @Override
+ protected Class<? extends ConfiguredObject> getCategoryClass()
+ {
+ return _category;
+ }
+
+ @Override
+ protected String getType()
+ {
+ return String.valueOf(_attributes.get(ConfiguredObject.TYPE));
+ }
}
public final static class DuplicateIdException extends IllegalArgumentException
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/Port.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/Port.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/Port.java Tue Feb 16 17:06:44 2016
@@ -26,8 +26,6 @@ import java.util.Set;
import com.google.common.util.concurrent.ListenableFuture;
-import org.apache.qpid.configuration.CommonProperties;
-
@ManagedObject( description = Port.CLASS_DESCRIPTION )
public interface Port<X extends Port<X>> extends ConfiguredObject<X>
{
@@ -73,11 +71,17 @@ public interface Port<X extends Port<X>>
@ManagedAttribute
Collection<TrustStore> getTrustStores();
- @ManagedAttribute( defaultValue = "${" + CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST + "}")
- List<String> getCipherSuiteWhiteList();
+ @DerivedAttribute
+ List<String> getTlsProtocolWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolBlackList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteWhiteList();
- @ManagedAttribute( defaultValue = "${" + CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST + "}")
- List<String> getCipherSuiteBlackList();
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteBlackList();
Collection<Connection> getConnections();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java Tue Feb 16 17:06:44 2016
@@ -30,6 +30,8 @@ import java.util.Set;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
+
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.messages.PortMessages;
import org.apache.qpid.server.model.IntegrityViolationException;
@@ -49,6 +51,7 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.util.ParameterizedTypes;
abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractConfiguredObject<X> implements Port<X>
{
@@ -72,10 +75,11 @@ abstract public class AbstractPort<X ext
@ManagedAttributeField
private Set<Protocol> _protocols;
- @ManagedAttributeField
- private List<String> _cipherSuiteWhiteList;
- @ManagedAttributeField
- private List<String> _cipherSuiteBlackList;
+ private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolWhiteList;
+
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
public AbstractPort(Map<String, Object> attributes,
Broker<?> broker)
@@ -88,6 +92,16 @@ abstract public class AbstractPort<X ext
}
@Override
+ protected void onOpen()
+ {
+ super.onOpen();
+ _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ }
+
+ @Override
public void onValidate()
{
super.onValidate();
@@ -276,15 +290,27 @@ abstract public class AbstractPort<X ext
}
@Override
- public List<String> getCipherSuiteWhiteList()
+ public List<String> getTlsProtocolWhiteList()
+ {
+ return _tlsProtocolWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsProtocolBlackList()
+ {
+ return _tlsProtocolBlackList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteWhiteList()
{
- return _cipherSuiteWhiteList;
+ return _tlsCipherSuiteWhiteList;
}
@Override
- public List<String> getCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteBlackList()
{
- return _cipherSuiteBlackList;
+ return _tlsCipherSuiteBlackList;
}
@Override
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java Tue Feb 16 17:06:44 2016
@@ -90,4 +90,20 @@ public interface OAuth2AuthenticationPro
@DerivedAttribute( description = "Default OAuth access token scope passed to the authorization endpoint")
String getDefaultScope();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolBlackList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteBlackList();
+
+ int getConnectTimeout();
+
+ int getReadTimeout();
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java Tue Feb 16 17:06:44 2016
@@ -19,12 +19,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -50,6 +44,7 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
@@ -60,6 +55,7 @@ import org.apache.qpid.server.plugin.Qpi
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager;
import org.apache.qpid.server.util.ConnectionBuilder;
+import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
public class OAuth2AuthenticationProviderImpl
@@ -103,9 +99,17 @@ public class OAuth2AuthenticationProvide
private String _identityResolverType;
private OAuth2IdentityResolverService _identityResolverService;
+
+ private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolBlackList;
+
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
+
private int _connectTimeout;
private int _readTimeout;
+
@ManagedObjectFactoryConstructor
protected OAuth2AuthenticationProviderImpl(final Map<String, Object> attributes,
final Broker<?> broker)
@@ -119,6 +123,10 @@ public class OAuth2AuthenticationProvide
super.onOpen();
String type = getIdentityResolverType();
_identityResolverService = new QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(type);
+ _tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ _tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ _tlsCipherSuiteWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ _tlsCipherSuiteBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
_connectTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class, AUTHENTICATION_OAUTH2_READ_TIMEOUT);
}
@@ -255,10 +263,10 @@ public class OAuth2AuthenticationProvide
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST))
- .setTlsProtocolBlackList(getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST))
- .setTlsCipherSuiteWhiteList(getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST))
- .setTlsCipherSuiteBlackList(getContextValue(List.class, LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST));
+ connectionBuilder.setTlsProtocolWhiteList(getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(getTlsCipherSuiteBlackList());
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
@@ -437,6 +445,42 @@ public class OAuth2AuthenticationProvide
new QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(getIdentityResolverType());
return identityResolverService == null ? null : identityResolverService.getDefaultScope(this); }
+ @Override
+ public List<String> getTlsProtocolWhiteList()
+ {
+ return _tlsProtocolWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsProtocolBlackList()
+ {
+ return _tlsProtocolBlackList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteWhiteList()
+ {
+ return _tlsCipherSuiteWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteBlackList()
+ {
+ return _tlsCipherSuiteBlackList;
+ }
+
+ @Override
+ public int getConnectTimeout()
+ {
+ return _connectTimeout;
+ }
+
+ @Override
+ public int getReadTimeout()
+ {
+ return _readTimeout;
+ }
+
@SuppressWarnings("unused")
public static Collection<String> validIdentityResolvers()
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java Tue Feb 16 17:06:44 2016
@@ -20,12 +20,6 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2.cloudfoundry;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -36,7 +30,6 @@ import java.nio.charset.StandardCharsets
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Collections;
-import java.util.List;
import java.util.Map;
import javax.xml.bind.DatatypeConverter;
@@ -46,7 +39,6 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.plugin.PluggableService;
@@ -87,19 +79,10 @@ public class CloudFoundryOAuth2IdentityR
TrustStore trustStore = authenticationProvider.getTrustStore();
String clientId = authenticationProvider.getClientId();
String clientSecret = authenticationProvider.getClientSecret();
- int connectTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new ConnectionBuilder(checkTokenEndpoint);
- connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+ connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+ .setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -111,10 +94,10 @@ public class CloudFoundryOAuth2IdentityR
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java Tue Feb 16 17:06:44 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.facebook;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -87,20 +80,11 @@ public class FacebookIdentityResolverSer
String accessToken) throws IOException, IdentityResolverException
{
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI().toURL();
- TrustStore<?> trustStore = authenticationProvider.getTrustStore();
- int connectTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
- connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+ connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+ .setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -112,10 +96,10 @@ public class FacebookIdentityResolverSer
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java Tue Feb 16 17:06:44 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.github;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -94,19 +87,10 @@ public class GitHubOAuth2IdentityResolve
{
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
- connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+ connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+ .setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -118,10 +102,10 @@ public class GitHubOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java Tue Feb 16 17:06:44 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.google;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -98,19 +91,10 @@ public class GoogleOAuth2IdentityResolve
{
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
- connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+ connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+ .setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -122,10 +106,10 @@ public class GoogleOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java Tue Feb 16 17:06:44 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.microsoftlive;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -86,19 +79,10 @@ public class MicrosoftLiveOAuth2Identity
{
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout = authenticationProvider.getContextValue(Integer.class, OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList = authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
- QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
- connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+ connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+ .setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -110,10 +94,10 @@ public class MicrosoftLiveOAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+ connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java Tue Feb 16 17:06:44 2016
@@ -20,9 +20,7 @@
package org.apache.qpid.server.transport;
import org.apache.qpid.bytebuffer.QpidByteBuffer;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.model.port.AmqpPort;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
import org.slf4j.Logger;
@@ -319,12 +317,8 @@ public class NonBlockingConnectionTLSDel
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
- final List<String> tlsProtocolWhiteList = (List<String>) port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = (List<String>) port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, tlsProtocolWhiteList, tlsProtocolBlackList);
- SSLUtil.updateEnabledCipherSuites(sslEngine, port.getCipherSuiteWhiteList(), port.getCipherSuiteBlackList());
+ SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
+ SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
if(port.getNeedClientAuth())
{
Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java Tue Feb 16 17:06:44 2016
@@ -44,12 +44,10 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.test.utils.QpidTestCase;
public class TCPandSSLTransportTest extends QpidTestCase
@@ -128,8 +126,8 @@ public class TCPandSSLTransportTest exte
JavaType type = mapper.getTypeFactory().constructCollectionType(List.class, String.class);
List<String> whiteList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST, type);
List<String> blackList = mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST, type);
- when(port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST)).thenReturn(blackList);
- when(port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST)).thenReturn(whiteList);
+ when(port.getTlsProtocolBlackList()).thenReturn(blackList);
+ when(port.getTlsProtocolWhiteList()).thenReturn(whiteList);
TCPandSSLTransport transport = new TCPandSSLTransport(new HashSet<>(Arrays.asList(transports)),
port,
Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java Tue Feb 16 17:06:44 2016
@@ -45,7 +45,6 @@ import javax.servlet.http.HttpServletReq
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Connector;
@@ -71,7 +70,6 @@ import org.apache.qpid.server.management
import org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter;
import org.apache.qpid.server.management.plugin.filter.LoggingFilter;
import org.apache.qpid.server.management.plugin.filter.RedirectingAuthorisationFilter;
-import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet;
import org.apache.qpid.server.management.plugin.servlet.FileServlet;
import org.apache.qpid.server.management.plugin.servlet.RootServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.ApiDocsServlet;
@@ -89,7 +87,6 @@ import org.apache.qpid.server.model.*;
import org.apache.qpid.server.model.adapter.AbstractPluginAdapter;
import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.model.port.PortManager;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -377,22 +374,22 @@ public class HttpManagement extends Abst
{
throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
}
- final List<String> tlsProtocolWhiteList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
SslContextFactory factory = new SslContextFactory()
{
@Override
public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{
return SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
- tlsProtocolWhiteList, tlsProtocolBlackList);
+ port.getTlsProtocolWhiteList(),
+ port.getTlsProtocolBlackList());
}
@Override
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
return SSLUtil.filterEnabledCipherSuites(enabledCipherSuites, supportedCipherSuites,
- port.getCipherSuiteWhiteList(), port.getCipherSuiteBlackList());
+ port.getTlsCipherSuiteWhiteList(),
+ port.getTlsCipherSuiteBlackList());
}
};
Modified: qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java Tue Feb 16 17:06:44 2016
@@ -178,15 +178,11 @@ public class JMXManagedObjectRegistry im
//create the SSL RMI socket factories
csf = new SslRMIClientSocketFactory();
- final List<String> tlsProtocolWhiteList = (List<String>) _connectorPort.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = (List<String>) _connectorPort.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
- CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
ssf = new QpidSslRMIServerSocketFactory(sslContext,
- tlsProtocolWhiteList,
- tlsProtocolBlackList,
- _connectorPort.getCipherSuiteWhiteList(),
- _connectorPort.getCipherSuiteBlackList(),
+ _connectorPort.getTlsProtocolWhiteList(),
+ _connectorPort.getTlsProtocolBlackList(),
+ _connectorPort.getTlsCipherSuiteWhiteList(),
+ _connectorPort.getTlsCipherSuiteBlackList(),
setAllocatedConnectorPort);
}
else
Modified: qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1730717&r1=1730716&r2=1730717&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java Tue Feb 16 17:06:44 2016
@@ -53,7 +53,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.qpid.bytebuffer.QpidByteBuffer;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.transport.MultiVersionProtocolEngine;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
@@ -64,7 +63,6 @@ import org.apache.qpid.server.transport.
import org.apache.qpid.server.transport.ProtocolEngine;
import org.apache.qpid.server.transport.ServerNetworkConnection;
import org.apache.qpid.server.util.Action;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.ByteBufferSender;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -120,21 +118,22 @@ class WebSocketProvider implements Accep
}
else if (_transport == Transport.WSS)
{
- final List<String> tlsProtocolWhiteList = _port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = _port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
SslContextFactory factory = new SslContextFactory()
{
@Override
public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{
- return SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols, tlsProtocolWhiteList, tlsProtocolBlackList);
+ return SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
+ _port.getTlsProtocolWhiteList(),
+ _port.getTlsProtocolBlackList());
}
@Override
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
return SSLUtil.filterEnabledCipherSuites(enabledCipherSuites, supportedCipherSuites,
- _port.getCipherSuiteWhiteList(), _port.getCipherSuiteBlackList());
+ _port.getTlsCipherSuiteWhiteList(),
+ _port.getTlsCipherSuiteBlackList());
}
};
factory.setSslContext(_sslContext);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org