You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2017/08/08 06:47:15 UTC
qpid-broker-j git commit: QPID-7867: [FileTrustStore] Avoid the
needless wrapping of a singleton TrustManager within a
QpidMultipleTrustManager
Repository: qpid-broker-j
Updated Branches:
refs/heads/master a4a175173 -> 8f512958a
QPID-7867: [FileTrustStore] Avoid the needless wrapping of a singleton TrustManager within a QpidMultipleTrustManager
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/8f512958
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/8f512958
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/8f512958
Branch: refs/heads/master
Commit: 8f512958a6121466262418b056b901ab7a73050f
Parents: a4a1751
Author: Keith Wall <ke...@gmail.com>
Authored: Mon Aug 7 22:08:40 2017 +0100
Committer: Keith Wall <ke...@gmail.com>
Committed: Tue Aug 8 07:46:44 2017 +0100
----------------------------------------------------------------------
.../server/security/FileTrustStoreImpl.java | 56 ++++++++++++--------
.../server/security/FileTrustStoreTest.java | 4 +-
2 files changed, 35 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8f512958/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
index 122445d..ee23d45 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
@@ -214,40 +214,50 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
final TrustManagerFactory tmf = TrustManagerFactory
.getInstance(trustManagerFactoryAlgorithm);
tmf.init(ts);
- final Collection<TrustManager> trustManagersCol = new ArrayList<>();
- final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
+
TrustManager[] delegateManagers = tmf.getTrustManagers();
- for (TrustManager tm : delegateManagers)
+ if (delegateManagers.length == 0)
+ {
+ throw new IllegalStateException("Truststore " + this + " defines no trust managers");
+ }
+ else if (delegateManagers.length == 1)
+ {
+ if (_peersOnly && delegateManagers[0] instanceof X509TrustManager)
+ {
+ return new TrustManager[] {new QpidPeersOnlyTrustManager(ts,
+ ((X509TrustManager) delegateManagers[0]))};
+ }
+ else
+ {
+ return delegateManagers;
+ }
+ }
+ else
{
- if (tm instanceof X509TrustManager)
+ final Collection<TrustManager> trustManagersCol = new ArrayList<>();
+ final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
+ for (TrustManager tm : delegateManagers)
{
- if (_peersOnly)
+ if (tm instanceof X509TrustManager)
{
- // truststore is supposed to trust only clients which peers certificates
- // are directly in the store. CA signing will not be considered.
- mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm));
+ if (_peersOnly)
+ {
+ mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ts, (X509TrustManager) tm));
+ }
+ else
+ {
+ mulTrustManager.addTrustManager((X509TrustManager) tm);
+ }
}
else
{
- mulTrustManager.addTrustManager((X509TrustManager) tm);
+ trustManagersCol.add(tm);
}
}
- else
+ if (! mulTrustManager.isEmpty())
{
- trustManagersCol.add(tm);
+ trustManagersCol.add(mulTrustManager);
}
- }
- if (! mulTrustManager.isEmpty())
- {
- trustManagersCol.add(mulTrustManager);
- }
-
- if (trustManagersCol.isEmpty())
- {
- throw new IllegalStateException("Truststore " + this + " defines no trust managers");
- }
- else
- {
return trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]);
}
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8f512958/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index ac8bdc9..16d8041 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -47,7 +47,7 @@ import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
-import org.apache.qpid.server.transport.network.security.ssl.QpidMultipleTrustManager;
+import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.server.util.FileUtils;
@@ -123,7 +123,7 @@ public class FileTrustStoreTest extends QpidTestCase
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
assertNotNull("Trust manager unexpected null", trustManagers[0]);
- assertTrue("Trust manager unexpected null", trustManagers[0] instanceof QpidMultipleTrustManager);
+ assertTrue("Trust manager unexpected null", trustManagers[0] instanceof QpidPeersOnlyTrustManager);
}
public void testUseOfExpiredTrustAnchorAllowed() throws Exception
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org