You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/02/26 18:08:01 UTC

svn commit: r1732526 - /qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java

Author: lquack
Date: Fri Feb 26 17:08:01 2016
New Revision: 1732526

URL: http://svn.apache.org/viewvc?rev=1732526&view=rev
Log:
QPID-7094: [Java Broker] In OAuth2MockEndpointHolder setup TLS protocols and cipher suites correctly

Modified:
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java?rev=1732526&r1=1732525&r2=1732526&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java Fri Feb 26 17:08:01 2016
@@ -22,6 +22,9 @@ package org.apache.qpid.server.security.
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 
 import javax.servlet.ServletException;
@@ -35,6 +38,11 @@ import org.eclipse.jetty.server.handler.
 import org.eclipse.jetty.server.ssl.SslSocketConnector;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
+import org.apache.qpid.configuration.CommonProperties;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.transport.network.security.ssl.SSLUtil;
+
 class OAuth2MockEndpointHolder
 {
     private static final String KEYSTORE_PASSWORD = "password";
@@ -44,8 +52,36 @@ class OAuth2MockEndpointHolder
 
     OAuth2MockEndpointHolder(final Map<String, OAuth2MockEndpoint> endpoints)
     {
+        final List<String> protocolWhiteList =
+                getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST,
+                                        CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT);
+        final List<String> protocolBlackList =
+                getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST,
+                                        CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT);
+        final List<String> cipherSuiteWhiteList =
+                getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST,
+                                        CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST_DEFAULT);
+        final List<String> cipherSuiteBlackList =
+                getSystemPropertyAsList(CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST,
+                                        CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST_DEFAULT);
+
         _server = new Server();
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory sslContextFactory = new SslContextFactory()
+                                              {
+                                                  @Override
+                                                  public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+                                                  {
+                                                      return SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
+                                                                                            protocolWhiteList, protocolBlackList);
+                                                  }
+
+                                                  @Override
+                                                  public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
+                                                  {
+                                                      return SSLUtil.filterEnabledCipherSuites(enabledCipherSuites, supportedCipherSuites,
+                                                                                               cipherSuiteWhiteList, cipherSuiteBlackList);
+                                                  }
+                                              };
         sslContextFactory.setKeyStorePassword(KEYSTORE_PASSWORD);
         InputStream keyStoreInputStream = getClass().getClassLoader().getResourceAsStream(KEYSTORE_RESOURCE);
         sslContextFactory.setKeyStoreInputStream(keyStoreInputStream);
@@ -96,4 +132,15 @@ class OAuth2MockEndpointHolder
     {
         return _connector.getLocalPort();
     }
+
+    private List<String> getSystemPropertyAsList(final String propertyName, final String defaultValue)
+    {
+        String listAsString = System.getProperty(propertyName, defaultValue);
+        List<String> listOfStrings = Collections.emptyList();
+        if(listAsString != null && !"".equals(listAsString))
+        {
+            listOfStrings = Arrays.asList(listAsString.split("\\s*,\\s*"));
+        }
+        return listOfStrings;
+    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org