Author: rgodfrey
Date: Fri Jun 19 15:26:43 2015
New Revision: 1686433
URL: http://svn.apache.org/r1686433
Log:
QPID-6598 : Remove the ability to attempt to utiltise the configuration
encryption if the necessary encryption policy is not installed
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java
(with props)
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/QpidServiceLoader.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java?rev=1686433&r1=1686432&r2=1686433&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
Fri Jun 19 15:26:43 2015
@@ -1034,7 +1034,7 @@ public abstract class AbstractConfigured
}
}
- protected void setEncrypter(final ConfigurationSecretEncrypter encrypter)
+ protected final void setEncrypter(final ConfigurationSecretEncrypter
encrypter)
{
_encrypter = encrypter;
applyToChildren(new Action<ConfiguredObject<?>>()
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java?rev=1686433&view=auto
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java
(added)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java
Fri Jun 19 15:26:43 2015
@@ -0,0 +1,26 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.plugin;
+
+public interface ConditionallyAvailable extends Pluggable
+{
+ boolean isAvailable();
+}
Propchange:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/ConditionallyAvailable.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/QpidServiceLoader.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/QpidServiceLoader.java?rev=1686433&r1=1686432&r2=1686433&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/QpidServiceLoader.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/QpidServiceLoader.java
Fri Jun 19 15:26:43 2015
@@ -71,7 +71,7 @@ public class QpidServiceLoader
while(serviceLoaderIterator.hasNext())
{
C next = serviceLoaderIterator.next();
- if(!isDisabled(clazz, next))
+ if(!isDisabled(clazz, next) && isAvailable(next))
{
serviceImplementations.add(next);
}
@@ -90,6 +90,11 @@ public class QpidServiceLoader
return serviceImplementations;
}
+ private <C extends Pluggable> boolean isAvailable(final C next)
+ {
+ return !(next instanceof ConditionallyAvailable) ||
((ConditionallyAvailable) next).isAvailable();
+ }
+
private <C extends Pluggable> boolean isDisabled(Class<C> clazz, final C
next)
{
return
Boolean.getBoolean("qpid.plugin.disabled:"+clazz.getSimpleName().toLowerCase()+"."+next.getType())
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java?rev=1686433&r1=1686432&r2=1686433&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
Fri Jun 19 15:26:43 2015
@@ -47,19 +47,26 @@ import java.util.ListIterator;
import java.util.Map;
import java.util.Set;
+import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import org.apache.qpid.server.BrokerOptions;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.plugin.ConditionallyAvailable;
import org.apache.qpid.server.plugin.ConfigurationSecretEncrypterFactory;
import org.apache.qpid.server.plugin.PluggableService;
@PluggableService
-public class AESKeyFileEncrypterFactory implements
ConfigurationSecretEncrypterFactory
+public class AESKeyFileEncrypterFactory implements
ConfigurationSecretEncrypterFactory, ConditionallyAvailable
{
+ private static final Logger LOGGER =
LoggerFactory.getLogger(AESKeyFileEncrypterFactory.class);
+
static final String ENCRYPTER_KEY_FILE = "encrypter.key.file";
private static final int AES_KEY_SIZE_BITS = 256;
@@ -70,6 +77,33 @@ public class AESKeyFileEncrypterFactory
static final String DEFAULT_KEYS_SUBDIR_NAME = ".keys";
+ private static final boolean IS_AVAILABLE;
+
+ static
+ {
+ boolean isAvailable;
+ try
+ {
+ final int allowedKeyLength =
Cipher.getMaxAllowedKeyLength(AES_ALGORITHM);
+ isAvailable = allowedKeyLength >=AES_KEY_SIZE_BITS;
+ if(!isAvailable)
+ {
+ LOGGER.warn("The " + TYPE + " configuration encryption
encryption mechanism is not available. "
+ + "Maximum available AES key length is " +
allowedKeyLength + " but " + AES_KEY_SIZE_BITS + " is required."
+ +"Ensure the full strength JCE policy has been
installed into your JVM.");
+ }
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ isAvailable = false;
+
+ LOGGER.error("The " + TYPE + " configuration encryption encryption
mechanism is not available. "
+ + "The " + AES_ALGORITHM + " algorithm is not
available within the JVM (despite it being a requirement).");
+ }
+
+ IS_AVAILABLE = isAvailable;
+ }
+
@Override
public ConfigurationSecretEncrypter createEncrypter(final
ConfiguredObject<?> object)
{
@@ -338,4 +372,10 @@ public class AESKeyFileEncrypterFactory
{
return TYPE;
}
+
+ @Override
+ public boolean isAvailable()
+ {
+ return IS_AVAILABLE;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
