You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2018/03/28 21:51:25 UTC
[1/2] qpid-broker-j git commit: QPID-8064: [Broker-J] Improve
validation for file keystore and file trust store
Repository: qpid-broker-j
Updated Branches:
refs/heads/master 7bc11b1aa -> 6cdcc25b9
QPID-8064: [Broker-J] Improve validation for file keystore and file trust store
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/3040a4fb
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/3040a4fb
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/3040a4fb
Branch: refs/heads/master
Commit: 3040a4fb9574a4ad55f1800a2eea133a8d6a6ca5
Parents: 7bc11b1
Author: Keith Wall <kw...@apache.org>
Authored: Mon Mar 26 13:48:43 2018 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Wed Mar 28 22:03:35 2018 +0100
----------------------------------------------------------------------
.../qpid/server/security/FileKeyStoreImpl.java | 60 ++++++++---
.../server/security/FileTrustStoreImpl.java | 37 ++++++-
.../security/ssl/QpidBestFitX509KeyManager.java | 2 +-
.../security/ssl/QpidPeersOnlyTrustManager.java | 6 +-
.../qpid/server/security/FileKeyStoreTest.java | 61 +++++++++++
.../server/security/FileTrustStoreTest.java | 104 ++++++++++++++++++-
.../test/resources/ssl/test_empty_keystore.jks | Bin 0 -> 88 bytes
.../test/resources/ssl/test_nokey_keystore.jks | Bin 0 -> 32 bytes
.../ssl/test_symmetric_key_keystore.pkcs12 | Bin 0 -> 3949 bytes
.../qpid/test/utils/TestSSLConstants.java | 2 +-
10 files changed, 251 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
index 0912e0f..2b3f450 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
@@ -32,6 +32,7 @@ import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
+import java.util.Enumeration;
import java.util.Map;
import java.util.Set;
@@ -147,24 +148,42 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
throw new IllegalConfigurationException(message, e);
}
- if (fileKeyStore.getCertificateAlias() != null)
+ try
{
- Certificate cert;
- try
- {
- cert = keyStore.getCertificate(fileKeyStore.getCertificateAlias());
- }
- catch (KeyStoreException e)
+ final String certAlias = fileKeyStore.getCertificateAlias();
+ if (certAlias != null)
{
- // key store should be initialized above
- throw new ServerScopedRuntimeException("Key store has not been initialized", e);
+ Certificate cert = keyStore.getCertificate(certAlias);
+
+ if (cert == null)
+ {
+ throw new IllegalConfigurationException(String.format(
+ "Cannot find a certificate with alias '%s' in key store : %s",
+ certAlias,
+ fileKeyStore.getStoreUrl()));
+ }
+
+ if (keyStore.isCertificateEntry(certAlias))
+ {
+ throw new IllegalConfigurationException(String.format(
+ "Alias '%s' in key store : %s does not identify a key.",
+ certAlias,
+ fileKeyStore.getStoreUrl()));
+
+ }
}
- if (cert == null)
+
+ if (!containsPrivateKey(keyStore))
{
- throw new IllegalConfigurationException("Cannot find a certificate with alias '" + fileKeyStore.getCertificateAlias()
- + "' in key store : " + fileKeyStore.getStoreUrl());
+ throw new IllegalConfigurationException("Keystore must contain at least one private key.");
}
}
+ catch (KeyStoreException e)
+ {
+ // key store should be initialized above
+ throw new ServerScopedRuntimeException("Key store has not been initialized", e);
+ }
+
try
{
@@ -180,6 +199,7 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
{
throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
}
+
checkCertificateExpiry();
}
@@ -345,4 +365,20 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme
}
+ private boolean containsPrivateKey(final java.security.KeyStore keyStore) throws KeyStoreException
+ {
+ final Enumeration<String> aliasesEnum = keyStore.aliases();
+ boolean foundPrivateKey = false;
+ while (aliasesEnum.hasMoreElements())
+ {
+ String alias = aliasesEnum.nextElement();
+ if (keyStore.entryInstanceOf(alias, java.security.KeyStore.PrivateKeyEntry.class))
+ {
+ foundPrivateKey = true;
+ break;
+ }
+ }
+ return foundPrivateKey;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
index 7c2be97..e562653 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
@@ -55,6 +55,7 @@ import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.transport.network.security.ssl.QpidMultipleTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
+import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> implements FileTrustStore<FileTrustStoreImpl>
@@ -148,16 +149,19 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
private static void validateTrustStore(FileTrustStore trustStore)
{
+ KeyStore keyStore;
try
{
- initializeKeyStore(trustStore);
+ keyStore = initializeKeyStore(trustStore);
}
catch (Exception e)
{
final String message;
if (e instanceof IOException && e.getCause() != null && e.getCause() instanceof UnrecoverableKeyException)
{
- message = "Check trust store password. Cannot instantiate trust store from '" + trustStore.getStoreUrl() + "'.";
+ message = "Check trust store password. Cannot instantiate trust store from '"
+ + trustStore.getStoreUrl()
+ + "'.";
}
else
{
@@ -169,6 +173,29 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
try
{
+ final Enumeration<String> aliasesEnum = keyStore.aliases();
+ boolean certificateFound = false;
+ while (aliasesEnum.hasMoreElements())
+ {
+ String alias = aliasesEnum.nextElement();
+ if (keyStore.isCertificateEntry(alias))
+ {
+ certificateFound = true;
+ break;
+ }
+ }
+ if (!certificateFound)
+ {
+ throw new IllegalConfigurationException("Trust store must contain at least one certificate.");
+ }
+ }
+ catch (KeyStoreException e)
+ {
+ throw new ServerScopedRuntimeException("Trust store has not been initialized", e);
+ }
+
+ try
+ {
TrustManagerFactory.getInstance(trustStore.getTrustManagerFactoryAlgorithm());
}
catch (NoSuchAlgorithmException e)
@@ -338,7 +365,11 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i
Enumeration<String> aliases = ts.aliases();
while (aliases.hasMoreElements())
{
- certificates.add(ts.getCertificate(aliases.nextElement()));
+ String alias = aliases.nextElement();
+ if (ts.isCertificateEntry(alias))
+ {
+ certificates.add(ts.getCertificate(alias));
+ }
}
return certificates.toArray(new Certificate[certificates.size()]);
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidBestFitX509KeyManager.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidBestFitX509KeyManager.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidBestFitX509KeyManager.java
index 74f2738..3cb06ac 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidBestFitX509KeyManager.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidBestFitX509KeyManager.java
@@ -61,7 +61,7 @@ public class QpidBestFitX509KeyManager extends X509ExtendedKeyManager
List<String> aliases = new ArrayList<>();
for(String alias : Collections.list(ks.aliases()))
{
- if(ks.isKeyEntry(alias))
+ if(ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class))
{
aliases.add(alias);
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidPeersOnlyTrustManager.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidPeersOnlyTrustManager.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidPeersOnlyTrustManager.java
index 19cdd87..8b3deec 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidPeersOnlyTrustManager.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/QpidPeersOnlyTrustManager.java
@@ -48,7 +48,11 @@ public class QpidPeersOnlyTrustManager implements X509TrustManager
Enumeration<String> aliases = ts.aliases();
while (aliases.hasMoreElements())
{
- _trustedCerts.add(ts.getCertificate(aliases.nextElement()));
+ String alias = aliases.nextElement();
+ if (ts.isCertificateEntry(alias))
+ {
+ _trustedCerts.add(ts.getCertificate(alias));
+ }
}
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index 68c4f6f..2e01172 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -20,9 +20,11 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.server.security.FileTrustStoreTest.SYMMETRIC_KEY_KEYSTORE_RESOURCE;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import java.net.URL;
import java.util.HashMap;
import java.util.Map;
@@ -44,6 +46,8 @@ import org.apache.qpid.test.utils.TestSSLConstants;
public class FileKeyStoreTest extends QpidTestCase
{
+ static final String EMPTY_KEYSTORE_RESOURCE = "/ssl/test_empty_keystore.jks";
+
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -133,6 +137,26 @@ public class FileKeyStoreTest extends QpidTestCase
}
}
+ public void testCreateKeyStoreFromFile_NonKeyAlias() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "rootca");
+
+ try
+ {
+ _factory.create(KeyStore.class, attributes, _broker);
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message, message.contains("does not identify a key"));
+ }
+ }
+
public void testCreateKeyStoreFromDataUrl_Success() throws Exception
{
String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
@@ -233,6 +257,43 @@ public class FileKeyStoreTest extends QpidTestCase
}
}
+ public void testEmptyKeystoreRejected() throws Exception
+ {
+ final URL emptyKeystore = getClass().getResource(EMPTY_KEYSTORE_RESOURCE);
+ assertNotNull("Empty keystore not found", emptyKeystore);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, emptyKeystore);
+
+ try
+ {
+ _factory.create(KeyStore.class, attributes, _broker);
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message, message.contains("Keystore must contain at least one private key."));
+ }
+ }
+
+ public void testSymmetricKeysIgnored()
+ {
+ final URL keystoreUrl = getClass().getResource(SYMMETRIC_KEY_KEYSTORE_RESOURCE);
+ assertNotNull("Keystore not found", keystoreUrl);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, keystoreUrl);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12");
+
+ KeyStore keyStore = _factory.create(KeyStore.class, attributes, _broker);
+ assertNotNull(keyStore);
+ }
+
public void testUpdateKeyStore_Success() throws Exception
{
Map<String,Object> attributes = new HashMap<>();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index 934d6ed..4270cdb 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -20,16 +20,32 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.server.security.FileKeyStoreTest.EMPTY_KEYSTORE_RESOURCE;
+import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair;
+import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate;
+import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.getInitializedKeyStore;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.URL;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.Enumeration;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import javax.crypto.KeyGenerator;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
@@ -43,7 +59,6 @@ import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
-import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.QpidTestCase;
@@ -51,6 +66,9 @@ import org.apache.qpid.test.utils.TestSSLConstants;
public class FileTrustStoreTest extends QpidTestCase
{
+ static final String SYMMETRIC_KEY_KEYSTORE_RESOURCE = "/ssl/test_symmetric_key_keystore.pkcs12";
+ static final String KEYSTORE_RESOURCE = "/ssl/test_keystore.jks";
+
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -136,7 +154,7 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
+ KeyStore clientStore = getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
TestSSLConstants.KEYSTORE_PASSWORD,
KeyStore.getDefaultType());
String alias = clientStore.aliases().nextElement();
@@ -161,7 +179,7 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
+ KeyStore clientStore = getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
TestSSLConstants.KEYSTORE_PASSWORD,
KeyStore.getDefaultType());
String alias = clientStore.aliases().nextElement();
@@ -285,6 +303,86 @@ public class FileTrustStoreTest extends QpidTestCase
fileTrustStore.getStoreUrl());
}
+ public void testEmptyTrustStoreRejected()
+ {
+ final URL emptyKeystore = getClass().getResource(EMPTY_KEYSTORE_RESOURCE);
+ assertNotNull("Empty keystore not found", emptyKeystore);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileTrustStore");
+ attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, emptyKeystore);
+
+ try
+ {
+ _factory.create(TrustStore.class, attributes, _broker);
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message, message.contains("Trust store must contain at least one certificate."));
+ }
+ }
+
+ public void testSymmetricKeyEntryIgnored() throws Exception
+ {
+ final URL keystoreUrl = getClass().getResource(SYMMETRIC_KEY_KEYSTORE_RESOURCE);
+ assertNotNull("Symmetric key keystore not found", keystoreUrl);
+
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, getTestName());
+ attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, keystoreUrl);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
+
+ TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
+
+ Certificate[] certificates = trustStore.getCertificates();
+ assertEquals("Unexpected number of certificates",
+ getNumberOfCertificates(keystoreUrl, "PKCS12"),
+ certificates.length);
+ }
+
+ public void testPrivateKeyEntryIgnored() throws Exception
+ {
+ final URL keystoreUrl = getClass().getResource(KEYSTORE_RESOURCE);
+ assertNotNull("Keystore not found", keystoreUrl);
+
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, getTestName());
+ attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, keystoreUrl);
+
+ TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
+
+ Certificate[] certificates = trustStore.getCertificates();
+ assertEquals("Unexpected number of certificates",
+ getNumberOfCertificates(keystoreUrl, "jks"),
+ certificates.length);
+ }
+
+ private int getNumberOfCertificates(URL url, String type) throws Exception
+ {
+ KeyStore ks = KeyStore.getInstance(type);
+ try(InputStream is = url.openStream())
+ {
+ ks.load(is, TestSSLConstants.BROKER_KEYSTORE_PASSWORD.toCharArray());
+ }
+
+ int result = 0;
+ Enumeration<String> aliases = ks.aliases();
+ while (aliases.hasMoreElements())
+ {
+ String alias = aliases.nextElement();
+ if (ks.isCertificateEntry(alias))
+ {
+ result++;
+ }
+ }
+ return result;
+ }
+
private static String createDataUrlForFile(String filename)
{
byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/test/resources/ssl/test_empty_keystore.jks
----------------------------------------------------------------------
diff --git a/broker-core/src/test/resources/ssl/test_empty_keystore.jks b/broker-core/src/test/resources/ssl/test_empty_keystore.jks
new file mode 100644
index 0000000..ed88075
Binary files /dev/null and b/broker-core/src/test/resources/ssl/test_empty_keystore.jks differ
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/test/resources/ssl/test_nokey_keystore.jks
----------------------------------------------------------------------
diff --git a/broker-core/src/test/resources/ssl/test_nokey_keystore.jks b/broker-core/src/test/resources/ssl/test_nokey_keystore.jks
new file mode 100644
index 0000000..65d4b65
Binary files /dev/null and b/broker-core/src/test/resources/ssl/test_nokey_keystore.jks differ
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
----------------------------------------------------------------------
diff --git a/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
new file mode 100644
index 0000000..3c82f56
Binary files /dev/null and b/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 differ
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/3040a4fb/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
----------------------------------------------------------------------
diff --git a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
index 360ecc9..7b75c6f 100644
--- a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
+++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
@@ -33,7 +33,7 @@ public interface TestSSLConstants
String BROKER_KEYSTORE = "test-profiles/test_resources/ssl/java_broker_keystore.jks";
String BROKER_KEYSTORE_PASSWORD = "password";
- String BROKER_KEYSTORE_ALIAS = "rootca";
+ String BROKER_KEYSTORE_ALIAS = "java-broker";
String BROKER_PEERSTORE = "test-profiles/test_resources/ssl/java_broker_peerstore.jks";
String BROKER_PEERSTORE_PASSWORD = "password";
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-broker-j git commit: QPID-7925: [Broker-J] [WMC] Emit
'hide' event on hiding of load form
Posted by or...@apache.org.
QPID-7925: [Broker-J] [WMC] Emit 'hide' event on hiding of load form
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/6cdcc25b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/6cdcc25b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/6cdcc25b
Branch: refs/heads/master
Commit: 6cdcc25b9489f53bea64169e4b4386b72ef14ec5
Parents: 3040a4f
Author: Alex Rudyy <or...@apache.org>
Authored: Wed Mar 28 22:50:44 2018 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Wed Mar 28 22:50:44 2018 +0100
----------------------------------------------------------------------
.../js/qpid/management/accesscontrolprovider/RuleBased.js | 8 ++++----
.../management/accesscontrolprovider/rulebased/LoadForm.js | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/6cdcc25b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/RuleBased.js
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/RuleBased.js b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/RuleBased.js
index 10b3b83..8b32916 100644
--- a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/RuleBased.js
+++ b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/RuleBased.js
@@ -169,6 +169,9 @@ define(["dojo/_base/declare",
lang.hitch(this, function (LoadForm) {
this.loadForm = new LoadForm();
this.loadForm.on("load", lang.hitch(this, this.loadFromFile));
+ this.loadForm.on("hide", lang.hitch(this, function () {
+ this.loadButton.set("disabled", false);
+ }));
this.loadForm.show();
}));
}
@@ -186,10 +189,7 @@ define(["dojo/_base/declare",
lang.hitch(this, function(error){
util.xhrErrorHandler(error);
this.loadForm.reset();
- }))
- .always(lang.hitch(this, function () {
- this.loadButton.set("disabled", false);
- }));
+ }));
};
RuleBased.prototype.extractRules = function () {
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/6cdcc25b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/rulebased/LoadForm.js
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/rulebased/LoadForm.js b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/rulebased/LoadForm.js
index 3330ce4..36887b4 100644
--- a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/rulebased/LoadForm.js
+++ b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/rulebased/LoadForm.js
@@ -72,6 +72,9 @@ define(["dojo/_base/declare",
this.warning.innerHTML = "File upload requires a more recent browser with HTML5 support";
this.warning.className = this.warning.className.replace("hidden", "");
}
+ this.loadDialog.onHide = lang.hitch(this, function () {
+ this.emit("hide");
+ });
},
show: function()
{
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org