Author: rgodfrey
Date: Wed Jun 17 23:08:58 2015
New Revision: 1686121
URL: http://svn.apache.org/r1686121
Log:
QPID-6598 : [Java Broker] Allow configuration encryption provider to be updated
dynamically
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java?rev=1686121&r1=1686120&r2=1686121&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
Wed Jun 17 23:08:58 2015
@@ -1037,6 +1037,17 @@ public abstract class AbstractConfigured
protected void setEncrypter(final ConfigurationSecretEncrypter encrypter)
{
_encrypter = encrypter;
+ applyToChildren(new Action<ConfiguredObject<?>>()
+ {
+ @Override
+ public void performAction(final ConfiguredObject<?> object)
+ {
+ if(object instanceof AbstractConfiguredObject)
+ {
+ ((AbstractConfiguredObject)object).setEncrypter(encrypter);
+ }
+ }
+ });
}
protected void onResolve()
@@ -2107,6 +2118,59 @@ public abstract class AbstractConfigured
}
}
+ protected void forceUpdateAllSecureAttributes()
+ {
+ applyToChildren(new Action<ConfiguredObject<?>>()
+ {
+ @Override
+ public void performAction(final ConfiguredObject<?> object)
+ {
+ if (object instanceof AbstractConfiguredObject)
+ {
+ ((AbstractConfiguredObject)
object).forceUpdateAllSecureAttributes();
+ }
+ }
+ });
+ doUpdateSecureAttributes();
+ }
+
+ private void doUpdateSecureAttributes()
+ {
+ Map<String,Object> secureAttributeValues = getSecureAttributeValues();
+ if(!secureAttributeValues.isEmpty())
+ {
+ bulkChangeStart();
+ for (Map.Entry<String, Object> attribute :
secureAttributeValues.entrySet())
+ {
+ synchronized (_changeListeners)
+ {
+ List<ConfigurationChangeListener> copy =
+ new ArrayList<>(_changeListeners);
+ for (ConfigurationChangeListener listener : copy)
+ {
+ listener.attributeSet(this, attribute.getKey(),
attribute.getValue(), attribute.getValue());
+ }
+ }
+
+ }
+ bulkChangeEnd();
+ }
+ }
+
+ private Map<String,Object> getSecureAttributeValues()
+ {
+ Map<String,Object> secureAttributeValues = new HashMap<>();
+ for (Map.Entry<String, ConfiguredObjectAttribute<?, ?>> attribute :
_attributeTypes.entrySet())
+ {
+ if (attribute.getValue().isSecure() &&
_attributes.containsKey(attribute.getKey()))
+ {
+ secureAttributeValues.put(attribute.getKey(),
_attributes.get(attribute.getKey()));
+ }
+ }
+ return secureAttributeValues;
+ }
+
+
private void bulkChangeStart()
{
synchronized (_changeListeners)
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1686121&r1=1686120&r2=1686121&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
Wed Jun 17 23:08:58 2015
@@ -104,7 +104,8 @@ public class BrokerAdapter extends Abstr
private boolean _statisticsReportingResetEnabled;
@ManagedAttributeField
private boolean _messageCompressionEnabled;
- @ManagedAttributeField
+
+ @ManagedAttributeField(afterSet = "postEncrypterProviderSet")
private String _confidentialConfigurationEncryptionProvider;
private final boolean _virtualHostPropertiesNodeEnabled;
@@ -131,30 +132,36 @@ public class BrokerAdapter extends Abstr
QpidServiceLoader qpidServiceLoader = new QpidServiceLoader();
final Set<String> systemNodeCreatorTypes =
qpidServiceLoader.getInstancesByType(SystemNodeCreator.class).keySet();
_virtualHostPropertiesNodeEnabled =
systemNodeCreatorTypes.contains(VirtualHostPropertiesNodeCreator.TYPE);
+
if(attributes.containsKey(CONFIDENTIAL_CONFIGURATION_ENCRYPTION_PROVIDER))
+ {
+ final String encryptionProviderType =
String.valueOf(attributes.get(CONFIDENTIAL_CONFIGURATION_ENCRYPTION_PROVIDER));
+ updateEncrypter(encryptionProviderType);
+ }
_messagesDelivered = new StatisticsCounter("messages-delivered");
_dataDelivered = new StatisticsCounter("bytes-delivered");
_messagesReceived = new StatisticsCounter("messages-received");
_dataReceived = new StatisticsCounter("bytes-received");
}
- @Override
- protected void postResolve()
+ private void updateEncrypter(final String encryptionProviderType)
{
- super.postResolve();
- if(_confidentialConfigurationEncryptionProvider != null)
+ if(encryptionProviderType != null &&
!"".equals(encryptionProviderType.trim()))
{
-
PluggableFactoryLoader<ConfigurationSecretEncrypterFactory>
factoryLoader =
new
PluggableFactoryLoader<>(ConfigurationSecretEncrypterFactory.class);
- ConfigurationSecretEncrypterFactory factory =
factoryLoader.get(_confidentialConfigurationEncryptionProvider);
- if(factory == null)
+ ConfigurationSecretEncrypterFactory factory =
factoryLoader.get(encryptionProviderType);
+ if (factory == null)
{
- throw new IllegalConfigurationException("Unknown Configuration
Secret Encryption method " + _confidentialConfigurationEncryptionProvider);
+ throw new IllegalConfigurationException("Unknown Configuration
Secret Encryption method "
+ +
encryptionProviderType);
}
setEncrypter(factory.createEncrypter(this));
}
-
+ else
+ {
+ setEncrypter(null);
+ }
}
@Override
@@ -844,4 +851,11 @@ public class BrokerAdapter extends Abstr
{
return _managementModeAuthenticationProvider;
}
+
+ @SuppressWarnings("unused")
+ private void postEncrypterProviderSet()
+ {
+ updateEncrypter(_confidentialConfigurationEncryptionProvider);
+ forceUpdateAllSecureAttributes();
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
