Author: rgodfrey
Date: Mon Jun 22 13:07:29 2015
New Revision: 1686858
URL: http://svn.apache.org/r1686858
Log:
QPID-6604 : [Java Broker] Add auto-generating self signed certificate keystore
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java
(with props)
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
(with props)
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js
(with props)
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js
(with props)
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/add.html
- copied, changed from r1686817,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/show.html
- copied, changed from r1686817,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/show.html
Modified:
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ConfiguredObjectFactoryGenerator.java
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ManagedObjectFactoryConstructor.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/metadata.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/widgetconfigurer.js
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Modified:
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ConfiguredObjectFactoryGenerator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ConfiguredObjectFactoryGenerator.java?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ConfiguredObjectFactoryGenerator.java
(original)
+++
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ConfiguredObjectFactoryGenerator.java
Mon Jun 22 13:07:29 2015
@@ -96,7 +96,8 @@ public class ConfiguredObjectFactoryGene
String factorySimpleName = classElement.getSimpleName().toString() +
"Factory";
String objectSimpleName = classElement.getSimpleName().toString();
processingEnv.getMessager().printMessage(Diagnostic.Kind.NOTE,
"Generating factory file for " + classElement.getQualifiedName().toString());
-
+ final ManagedObjectFactoryConstructor annotation =
+
constructorElement.getAnnotation(ManagedObjectFactoryConstructor.class);
PackageElement packageElement = (PackageElement)
classElement.getEnclosingElement();
try
@@ -120,9 +121,17 @@ public class ConfiguredObjectFactoryGene
pw.println("import
org.apache.qpid.server.model.AbstractConfiguredObjectTypeFactory;");
pw.println("import
org.apache.qpid.server.model.ConfiguredObject;");
pw.println("import
org.apache.qpid.server.plugin.PluggableService;");
+ if(annotation.conditionallyAvailable())
+ {
+ pw.println("import
org.apache.qpid.server.plugin.ConditionallyAvailable;");
+ }
pw.println();
pw.println("@PluggableService");
pw.println("public final class " + factorySimpleName + " extends
AbstractConfiguredObjectTypeFactory<"+ objectSimpleName +">");
+ if(annotation.conditionallyAvailable())
+ {
+ pw.println(" implements ConditionallyAvailable");
+ }
pw.println("{");
pw.println(" public " + factorySimpleName + "()");
pw.println(" {");
@@ -148,6 +157,16 @@ public class ConfiguredObjectFactoryGene
}
pw.println(");");
pw.println(" }");
+ if(annotation.conditionallyAvailable())
+ {
+ pw.println();
+ pw.println(" @Override");
+ pw.println(" public boolean isAvailable()");
+ pw.println(" {");
+ pw.println(" return " + objectSimpleName +
".isAvailable();");
+ pw.println(" }");
+
+ }
pw.println("}");
Modified:
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ManagedObjectFactoryConstructor.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ManagedObjectFactoryConstructor.java?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ManagedObjectFactoryConstructor.java
(original)
+++
qpid/java/trunk/broker-codegen/src/main/java/org/apache/qpid/server/model/ManagedObjectFactoryConstructor.java
Mon Jun 22 13:07:29 2015
@@ -29,4 +29,5 @@ import java.lang.annotation.Target;
@Target(ElementType.CONSTRUCTOR)
public @interface ManagedObjectFactoryConstructor
{
+ boolean conditionallyAvailable() default false;
}
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java?rev=1686858&view=auto
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java
(added)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java
Mon Jun 22 13:07:29 2015
@@ -0,0 +1,50 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security;
+
+import org.apache.qpid.server.model.DerivedAttribute;
+import org.apache.qpid.server.model.KeyStore;
+import org.apache.qpid.server.model.ManagedAttribute;
+import org.apache.qpid.server.model.ManagedObject;
+
+@ManagedObject( category = false, type = "AutoGeneratedSelfSigned" )
+public interface AutoGeneratedSelfSignedKeyStore<X extends
AutoGeneratedSelfSignedKeyStore<X>> extends KeyStore<X>
+{
+ String ENCODED_CERTIFICATE = "encodedCertificate";
+ String ENCODED_PRIVATE_KEY = "encodedPrivateKey";
+
+ @ManagedAttribute(defaultValue="RSA", immutable = true)
+ String getKeyAlgorithm();
+
+ @ManagedAttribute(defaultValue="SHA1WithRSA", immutable = true)
+ String getSignatureAlgorithm();
+
+ @ManagedAttribute(defaultValue="2048", immutable = true)
+ int getKeyLength();
+
+ @ManagedAttribute(defaultValue="12", immutable = true)
+ int getDurationInMonths();
+
+ @DerivedAttribute(persist = true)
+ String getEncodedCertificate();
+ @DerivedAttribute(persist = true, secure = true)
+ String getEncodedPrivateKey();
+}
Propchange:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStore.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java?rev=1686858&view=auto
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
(added)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
Mon Jun 22 13:07:29 2015
@@ -0,0 +1,394 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.net.InterfaceAddress;
+import java.net.NetworkInterface;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.xml.bind.DatatypeConverter;
+
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.model.AbstractConfiguredObject;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.IntegrityViolationException;
+import org.apache.qpid.server.model.ManagedAttributeField;
+import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
+import org.apache.qpid.transport.network.security.ssl.SSLUtil;
+
+public class AutoGeneratedSelfSignedKeyStoreImpl
+ extends AbstractConfiguredObject<AutoGeneratedSelfSignedKeyStoreImpl>
+ implements
AutoGeneratedSelfSignedKeyStore<AutoGeneratedSelfSignedKeyStoreImpl>
+{
+
+ private static final SecureRandom RANDOM = new SecureRandom();
+
+
+ private static Constructor<?> CONSTRUCTOR;
+ private static Method GENERATE_METHOD;
+ private static Method GET_PRIVATE_KEY_METHOD;
+ private static Method GET_SELF_CERTIFICATE_METHOD;
+ private static Constructor<?> X500_NAME_CONSTRUCTOR;
+ private static Constructor<?> DNS_NAME_CONSTRUCTOR;
+ private static Constructor<?> IP_ADDR_NAME_CONSTRUCTOR;
+ private static Constructor<?> GENERAL_NAMES_CONSTRUCTOR;
+ private static Constructor<?> GENERAL_NAME_CONSTRUCTOR;
+ private static Method ADD_NAME_TO_NAMES_METHOD;
+ private static Constructor<?> ALT_NAMES_CONSTRUCTOR;
+ private static Constructor<?> CERTIFICATE_EXTENSIONS_CONSTRUCTOR;
+ private static Method SET_EXTENSION_METHOD;
+ private static Method EXTENSION_GET_NAME_METHOD;
+
+ private final Broker<?> _broker;
+
+ @ManagedAttributeField
+ private String _keyAlgorithm;
+ @ManagedAttributeField
+ private String _signatureAlgorithm;
+ @ManagedAttributeField
+ private int _keyLength;
+ @ManagedAttributeField
+ private int _durationInMonths;
+
+ private PrivateKey _privateKey;
+ private X509Certificate _certificate;
+ private KeyManager[] _keyManagers;
+
+
+ private boolean _generated;
+ private boolean _created;
+
+
+ @ManagedObjectFactoryConstructor(conditionallyAvailable = true)
+ public AutoGeneratedSelfSignedKeyStoreImpl(final Map<String, Object>
attributes, Broker<?> broker)
+ {
+ super(parentsMap(broker), attributes);
+ _broker = broker;
+ }
+
+ @Override
+ public KeyManager[] getKeyManagers() throws GeneralSecurityException
+ {
+ return _keyManagers;
+ }
+
+ @Override
+ public String getKeyAlgorithm()
+ {
+ return _keyAlgorithm;
+ }
+
+ @Override
+ public String getSignatureAlgorithm()
+ {
+ return _signatureAlgorithm;
+ }
+
+ @Override
+ public int getKeyLength()
+ {
+ return _keyLength;
+ }
+
+ @Override
+ public int getDurationInMonths()
+ {
+ return _durationInMonths;
+ }
+
+ @Override
+ public String getEncodedCertificate()
+ {
+ try
+ {
+ return
DatatypeConverter.printBase64Binary(_certificate.getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new IllegalConfigurationException("Cannot encode
certificate", e);
+ }
+ }
+
+ @Override
+ public String getEncodedPrivateKey()
+ {
+ return DatatypeConverter.printBase64Binary(_privateKey.getEncoded());
+ }
+
+ @Override
+ protected void postResolve()
+ {
+ super.postResolve();
+ if(getActualAttributes().containsKey(ENCODED_PRIVATE_KEY) &&
getActualAttributes().containsKey(ENCODED_CERTIFICATE))
+ {
+ loadPrivateKeyAndCertificate();
+ }
+ else
+ {
+ generatePrivateKeyAndCertificate();
+ }
+ generateKeyManagers();
+
+ }
+
+ private void loadPrivateKeyAndCertificate()
+ {
+ byte[] privateKeyEncoded =
DatatypeConverter.parseBase64Binary((String)
getActualAttributes().get(ENCODED_PRIVATE_KEY));
+ byte[] certificateEncoded =
DatatypeConverter.parseBase64Binary((String) getActualAttributes().get(
+ ENCODED_CERTIFICATE));
+
+
+ try(ByteArrayInputStream input = new
ByteArrayInputStream(certificateEncoded))
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ _certificate = (X509Certificate) cf.generateCertificate(input);
+ }
+ catch (CertificateException | IOException e)
+ {
+ throw new IllegalConfigurationException("Could not decode
certificate", e);
+ }
+
+ try
+ {
+ _privateKey = SSLUtil.readPrivateKey(privateKeyEncoded,
_keyAlgorithm);
+ }
+ catch (NoSuchAlgorithmException | InvalidKeySpecException e)
+ {
+ throw new IllegalConfigurationException("Could not decode private
key", e);
+ }
+ }
+
+ @Override
+ protected void onCreate()
+ {
+ super.onCreate();
+ _created = true;
+ }
+
+ @StateTransition(currentState = { State.UNINITIALIZED, State.STOPPED,
State.ERRORED}, desiredState = State.ACTIVE)
+ protected ListenableFuture<Void> activate()
+ {
+ if(_generated && !_created)
+ {
+
+ final Object encodedCertificate = getEncodedCertificate();
+ attributeSet(ENCODED_CERTIFICATE, encodedCertificate,
encodedCertificate);
+
+ final Object encodedPrivateKey = getEncodedPrivateKey();
+ attributeSet(ENCODED_PRIVATE_KEY, encodedPrivateKey,
encodedPrivateKey);
+
+ _generated = false;
+ }
+ setState(State.ACTIVE);
+
+ return Futures.immediateFuture(null);
+ }
+
+ @StateTransition(currentState = {State.UNINITIALIZED, State.ACTIVE,
State.ERRORED}, desiredState = State.DELETED)
+ protected ListenableFuture<Void> doDelete()
+ {
+ // verify that it is not in use
+ String storeName = getName();
+
+ Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
+ for (Port port : ports)
+ {
+ if (port.getKeyStore() == this)
+ {
+ throw new IntegrityViolationException("Key store '"
+ + storeName
+ + "' can't be deleted as
it is in use by a port:"
+ + port.getName());
+ }
+ }
+ deleted();
+ setState(State.DELETED);
+ return Futures.immediateFuture(null);
+ }
+
+ private void generatePrivateKeyAndCertificate()
+ {
+ try
+ {
+ Object certAndKeyGen = CONSTRUCTOR.newInstance(_keyAlgorithm,
_signatureAlgorithm);
+ GENERATE_METHOD.invoke(certAndKeyGen, _keyLength);
+ _privateKey = (PrivateKey)
GET_PRIVATE_KEY_METHOD.invoke(certAndKeyGen);
+
+ Object generalNames = GENERAL_NAMES_CONSTRUCTOR.newInstance();
+
+ Set<InetAddress> addresses = new HashSet<>();
+ for (NetworkInterface networkInterface :
Collections.list(NetworkInterface.getNetworkInterfaces()))
+ {
+ for (InterfaceAddress inetAddress :
networkInterface.getInterfaceAddresses())
+ {
+ addresses.add(inetAddress.getAddress());
+ }
+ }
+
+ Set<String> dnsNames = new HashSet<>();
+
+ for(InetAddress address : addresses)
+ {
+
+ String hostName = address.getHostName();
+ if (hostName != null)
+ {
+ dnsNames.add(hostName);
+ }
+ String canonicalHostName = address.getCanonicalHostName();
+ if (canonicalHostName != null)
+ {
+ dnsNames.add(canonicalHostName);
+ }
+ }
+ System.err.println(dnsNames);
+ for(String dnsName : dnsNames)
+ {
+ if(dnsName.matches("[\\w&&[^\\d]][\\w\\d.-]*"))
+ {
+ ADD_NAME_TO_NAMES_METHOD.invoke(generalNames,
+
GENERAL_NAME_CONSTRUCTOR.newInstance(DNS_NAME_CONSTRUCTOR.newInstance(
+ dnsName)));
+ }
+ }
+
+ for(InetAddress inetAddress : addresses)
+ {
+ ADD_NAME_TO_NAMES_METHOD.invoke(generalNames,
GENERAL_NAME_CONSTRUCTOR.newInstance(IP_ADDR_NAME_CONSTRUCTOR.newInstance(inetAddress.getHostAddress())));
+ }
+ Object altNamesExtension =
ALT_NAMES_CONSTRUCTOR.newInstance(generalNames);
+ Object certificateExtensions =
CERTIFICATE_EXTENSIONS_CONSTRUCTOR.newInstance();
+ SET_EXTENSION_METHOD.invoke(certificateExtensions,
EXTENSION_GET_NAME_METHOD.invoke(altNamesExtension), altNamesExtension);
+
+ long startTime = System.currentTimeMillis();
+ Calendar calendar = Calendar.getInstance();
+ calendar.setTimeInMillis(startTime);
+ calendar.add(Calendar.MONTH, _durationInMonths);
+ long duration = (calendar.getTimeInMillis() - startTime)/1000;
+
+ _certificate = (X509Certificate)
GET_SELF_CERTIFICATE_METHOD.invoke(certAndKeyGen,
X500_NAME_CONSTRUCTOR.newInstance("CN=Qpid"), new Date(startTime), duration,
certificateExtensions);
+
+ _generated = true;
+
+ }
+ catch (InstantiationException | IllegalAccessException |
InvocationTargetException | IOException e)
+ {
+ throw new IllegalConfigurationException("Unable to construct
keystore", e);
+ }
+ }
+
+ private void generateKeyManagers()
+ {
+ try
+ {
+ X509Certificate[] certs = new X509Certificate[] { _certificate };
+
+
+ java.security.KeyStore inMemoryKeyStore =
java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+
+ byte[] bytes = new byte[64];
+ char[] chars = new char[64];
+ RANDOM.nextBytes(bytes);
+
StandardCharsets.US_ASCII.decode(ByteBuffer.wrap(bytes)).get(chars);
+ inMemoryKeyStore.load(null, chars);
+ inMemoryKeyStore.setKeyEntry("1", _privateKey, chars, certs);
+
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(inMemoryKeyStore, chars);
+ _keyManagers = kmf.getKeyManagers();
+
+ }
+ catch (IOException | GeneralSecurityException e)
+ {
+ throw new IllegalConfigurationException("Cannot load private key
or certificate(s): " + e, e);
+ }
+ }
+
+
+
+ static boolean isAvailable()
+ {
+ try
+ {
+ final Class<?> certAndKeyGenClass =
Class.forName("sun.security.x509.CertAndKeyGen");
+ final Class<?> x500NameClass =
Class.forName("sun.security.x509.X500Name");
+ final Class<?> certificateExtensionsClass =
Class.forName("sun.security.x509.CertificateExtensions");
+ final Class<?> generalNamesClass =
Class.forName("sun.security.x509.GeneralNames");
+ final Class<?> generalNameClass =
Class.forName("sun.security.x509.GeneralName");
+ final Class<?> extensionClass =
Class.forName("sun.security.x509.SubjectAlternativeNameExtension");
+
+ CONSTRUCTOR = certAndKeyGenClass.getConstructor(String.class,
String.class);
+ GENERATE_METHOD = certAndKeyGenClass.getMethod("generate",
Integer.TYPE);
+ GET_PRIVATE_KEY_METHOD =
certAndKeyGenClass.getMethod("getPrivateKey");
+ GET_SELF_CERTIFICATE_METHOD =
certAndKeyGenClass.getMethod("getSelfCertificate", x500NameClass, Date.class,
Long.TYPE,
+
certificateExtensionsClass);
+ X500_NAME_CONSTRUCTOR = x500NameClass.getConstructor(String.class);
+ DNS_NAME_CONSTRUCTOR =
Class.forName("sun.security.x509.DNSName").getConstructor(String.class);
+ IP_ADDR_NAME_CONSTRUCTOR =
Class.forName("sun.security.x509.IPAddressName").getConstructor(String.class);
+ GENERAL_NAMES_CONSTRUCTOR = generalNamesClass.getConstructor();
+ GENERAL_NAME_CONSTRUCTOR =
generalNameClass.getConstructor(Class.forName("sun.security.x509.GeneralNameInterface"));
+ ADD_NAME_TO_NAMES_METHOD = generalNamesClass.getMethod("add",
generalNameClass);
+ ALT_NAMES_CONSTRUCTOR =
extensionClass.getConstructor(generalNamesClass);
+ CERTIFICATE_EXTENSIONS_CONSTRUCTOR =
certificateExtensionsClass.getConstructor();
+ SET_EXTENSION_METHOD = certificateExtensionsClass.getMethod("set",
String.class, Object.class);
+ EXTENSION_GET_NAME_METHOD = extensionClass.getMethod("getName");
+
+ return true;
+ }
+ catch (ClassNotFoundException | LinkageError | NoSuchMethodException e)
+ {
+ return false;
+ }
+
+ }
+}
Propchange:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/metadata.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/metadata.js?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/metadata.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/metadata.js
Mon Jun 22 13:07:29 2015
@@ -41,7 +41,16 @@ define(["dojo/_base/array", "dojox/lang/
return attributesForName ? attributesForName["defaultValue"] :
undefined;
};
- Metadata.prototype.getTypesForCategory = function (category)
+ Metadata.prototype.isImmutable = function (category, type, attributeName)
+ {
+ var metaDataForInstance = this.getMetaData(category, type);
+ var attributesForType = metaDataForInstance["attributes"];
+ var attributesForName = attributesForType[attributeName];
+ return attributesForName ? attributesForName["immutable"] :
undefined;
+ };
+
+
+ Metadata.prototype.getTypesForCategory = function (category)
{
return fobject.keys(this.metadata[category]);
};
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
Mon Jun 22 13:07:29 2015
@@ -529,6 +529,16 @@ define(["dojo/_base/xhr",
});
}
+ util.disableWidgetsForImmutableFields = function(domRoot, category,
type, meta)
+ {
+ var widgets = util.findAllWidgets(domRoot);
+ array.forEach(widgets,
+ function (widget)
+ {
+ widgetconfigurer.disableIfImmutable(widget, category,
type, meta);
+ });
+ }
+
util.getFormWidgetValues = function (form, initialData)
{
var values = {};
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/widgetconfigurer.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/widgetconfigurer.js?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/widgetconfigurer.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/common/widgetconfigurer.js
Mon Jun 22 13:07:29 2015
@@ -144,6 +144,17 @@ define(["dojo/_base/xhr",
{
this._processWidgetValue(widget, category, type, data, meta);
}
+ },
+ disableIfImmutable: function (widget, category, type, meta)
+ {
+ var widgetName = widget.name;
+ if (widgetName) {
+ var immutable = meta.isImmutable(category, type, widgetName);
+ if(immutable) {
+ widget.attr( "disabled", "disabled" );
+ }
+
+ }
}
};
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js?rev=1686858&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js
Mon Jun 22 13:07:29 2015
@@ -0,0 +1,89 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+define(["dojo/dom",
+ "dojo/query",
+ "dojo/_base/array",
+ "dijit/registry",
+ "qpid/common/util",
+ "dojo/parser",
+ "dojo/text!store/autogeneratedselfsigned/add.html",
+ "dojo/domReady!"],
+ function (dom, query, array, registry, util, parser, template)
+ {
+ var addKeyStore =
+ {
+ show: function(data)
+ {
+ var that=this;
+ this.metadata = data.metadata;
+ this.containerNode = data.containerNode;
+ data.containerNode.innerHTML = template;
+ parser.parse(this.containerNode).then(function(instances)
+ {
+ if (data.effectiveData)
+ {
+ that.update(data.effectiveData);
+ }
+
+ util.applyMetadataToWidgets(data.containerNode,
"KeyStore", "AutoGeneratedSelfSigned", data.metadata);
+ if (data.effectiveData)
+ {
+
util.disableWidgetsForImmutableFields(data.containerNode, "KeyStore",
"AutoGeneratedSelfSigned", data.metadata);
+ }
+ });
+ },
+ update: function(effectiveData)
+ {
+ var attributes = this.metadata.getMetaData("KeyStore",
"AutoGeneratedSelfSigned").attributes;
+ var widgets = registry.findWidgets(this.containerNode);
+ array.forEach(widgets, function(item)
+ {
+ var name = item.id.replace("addStore.","");
+ if (name in attributes )
+ {
+ var attribute = attributes[name];
+ var value = effectiveData[name];
+ if (value)
+ {
+ if (attribute.secure)
+ {
+ if (!/^\*+/.test(value) )
+ {
+ item.set("value", value);
+ }
+ else
+ {
+ item.set("required", false);
+ }
+ }
+ else
+ {
+ item.set("value", value);
+ }
+ }
+ }
+ });
+ }
+ };
+
+ return addKeyStore;
+ }
+);
Propchange:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/add.js
------------------------------------------------------------------------------
svn:eol-style = native
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js?rev=1686858&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js
Mon Jun 22 13:07:29 2015
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["qpid/common/util", "dojo/domReady!"],
+ function (util)
+ {
+
+ function AutoGeneratedSelfSignedKeyStoreProvider(data)
+ {
+ this.fields = [];
+ var attributes =
data.parent.management.metadata.getMetaData("KeyStore",
"AutoGeneratedSelfSigned").attributes;
+ for(var name in attributes)
+ {
+ this.fields.push(name);
+ }
+ util.buildUI(data.containerNode, data.parent,
"store/autogeneratedselfsigned/show.html", this.fields, this);
+ }
+
+ AutoGeneratedSelfSignedKeyStoreProvider.prototype.update = function(data)
+ {
+ util.updateUI(data, this.fields, this);
+ }
+
+ return AutoGeneratedSelfSignedKeyStoreProvider;
+ }
+);
Propchange:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/autogeneratedselfsigned/show.js
------------------------------------------------------------------------------
svn:eol-style = native
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/add.html
(from r1686817,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/add.html?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/add.html&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html&r1=1686817&r2=1686858&rev=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/add.html
Mon Jun 22 13:07:29 2015
@@ -20,67 +20,54 @@
<div>
<div id="addStore.oldBrowserWarning" class="infoMessage hidden
clear"></div>
<div class="clear">
- <div id="addStore.serverPathLabel" class="formLabel-labelCell
tableContainer-labelCell">Server path or upload*:</div>
- <div class="formLabel-controlCell tableContainer-valueCell">
- <input type="text" id="addStore.storeUrl"
- data-dojo-type="qpid/common/ResourceWidget"
- data-dojo-props="
- name: 'storeUrl',
- placeHolder: 'key store file server path',
- required: true,
- promptMessage: 'Location of the key store file
on the server',
- title: 'Enter the key store file path'" />
- </div>
<div class="clear">
- <div class="formLabel-labelCell
tableContainer-labelCell">Password*:</div>
+ <div class="formLabel-labelCell tableContainer-labelCell">Key
Algorithm:</div>
<div class="formLabel-controlCell tableContainer-valueCell">
- <input type="password" id="addStore.password"
+ <input type="text" id="addStore.keyAlgorithm"
data-dojo-type="dijit/form/ValidationTextBox"
data-dojo-props="
- name: 'password',
- placeHolder: 'store password',
- required: true,
- promptMessage: 'password for store',
- title: 'Enter a password for the store'" />
+ name: 'keyAlgorithm',
+ placeHolder: 'key algorithm',
+ promptMessage: 'Algortihm for the private key,
e.g. RSA',
+ title: 'Enter an algortihm for the private key'"
/>
</div>
</div>
<div class="clear">
- <div class="formLabel-labelCell
tableContainer-labelCell">Certificate alias:</div>
+ <div class="formLabel-labelCell tableContainer-labelCell
clear">Signature algorithm:</div>
<div class="formLabel-controlCell tableContainer-valueCell">
- <input type="text" id="addStore.certificateAlias"
+ <input type="text" id="addStore.signatureAlgorithm"
data-dojo-type="dijit/form/ValidationTextBox"
data-dojo-props="
- name: 'certificateAlias',
- placeHolder: 'certificate alias',
- promptMessage: 'Used to identify one certificate
in a store that has many',
- title: 'Enter an alias to identify one
certificate in a store with many'" />
+ name: 'signatureAlgorithm',
+ placeHolder: 'signature algorithm',
+ promptMessage: 'Name of the signature algorithm
known to Java',
+ title: 'Enter the signature algorithm known to
Java'" />
</div>
</div>
<div class="clear">
- <div class="formLabel-labelCell tableContainer-labelCell
clear">Key manager factory algorithm:</div>
+ <div class="formLabel-labelCell tableContainer-labelCell
clear">Signature algorithm:</div>
<div class="formLabel-controlCell tableContainer-valueCell">
- <input type="text" id="addStore.keyManagerFactoryAlgorithm"
+ <input type="text" id="addStore.keyLength"
data-dojo-type="dijit/form/ValidationTextBox"
data-dojo-props="
- name: 'keyManagerFactoryAlgorithm',
- placeHolder: 'key manager factory algorithm',
- promptMessage: 'Name of the key manager
algorithm known to Java',
- title: 'Enter the key manager algorithm known to
Java'" />
+ name: 'keyLength',
+ placeHolder: 'Key Length',
+ promptMessage: 'Length of the key in bits',
+ title: 'Enter the desired key bit length'" />
</div>
</div>
<div class="clear">
- <div class="formLabel-labelCell tableContainer-labelCell">Java key
store type:</div>
+ <div class="formLabel-labelCell tableContainer-labelCell
clear">Signature algorithm:</div>
<div class="formLabel-controlCell tableContainer-valueCell">
- <input type="text" id="addStore.keyStoreType"
+ <input type="text" id="addStore.durationInMonths"
data-dojo-type="dijit/form/ValidationTextBox"
data-dojo-props="
- name: 'keyStoreType',
- placeHolder: 'java key store type',
- promptMessage: 'Name of the store type known to
Java',
- title: 'Enter the store type known to Java'" />
+ name: 'durationInMonths',
+ placeHolder: 'duration (in months)',
+ promptMessage: 'The duration of the validity of
certificate',
+ title: 'Enter the duration of the validity o
fthe certificate (in months)'" />
</div>
</div>
-
</div>
</div>
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/show.html
(from r1686817,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/show.html)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/show.html?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/show.html&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/show.html&r1=1686817&r2=1686858&rev=1686858&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/filekeystore/show.html
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/store/autogeneratedselfsigned/show.html
Mon Jun 22 13:07:29 2015
@@ -19,20 +19,20 @@
<div>
<div class="clear">
- <div class="formLabel-labelCell">Path:</div>
- <div ><span class="path" ></span></div>
+ <div class="formLabel-labelCell">Key Algorithm:</div>
+ <div ><span class="keyAlgorithm" ></span></div>
</div>
<div class="clear">
- <div class="formLabel-labelCell">Certificate alias:</div>
- <div><span class="certificateAlias" ></span></div>
+ <div class="formLabel-labelCell">Signature Algorithm:</div>
+ <div><span class="signatureAlgorithm" ></span></div>
</div>
<div class="clear">
- <div class="formLabel-labelCell">Java key store type:</div>
- <div><span class="keyStoreType" ></span></div>
+ <div class="formLabel-labelCell">Key Length:</div>
+ <div><span class="keyLength" ></span></div>
</div>
<div class="clear">
- <div class="formLabel-labelCell">Key manager factory algorithm:</div>
- <div><span class="keyManagerFactoryAlgorithm" ></span></div>
+ <div class="formLabel-labelCell">Duration (months):</div>
+ <div><span class="durationInMonths" ></span></div>
</div>
<div class="clear"></div>
</div>
Modified:
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1686858&r1=1686857&r2=1686858&view=diff
==============================================================================
---
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
(original)
+++
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Mon Jun 22 13:07:29 2015
@@ -38,6 +38,7 @@ import java.nio.charset.StandardCharsets
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
@@ -367,18 +368,24 @@ public class SSLUtil
content =
DatatypeConverter.parseBase64Binary(keyBuilder.toString());
}
}
+ return readPrivateKey(content, "RSA");
+ }
+
+ public static PrivateKey readPrivateKey(final byte[] content, final String
algorithm)
+ throws NoSuchAlgorithmException, InvalidKeySpecException
+ {
PrivateKey key;
try
{
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(content);
- KeyFactory kf = KeyFactory.getInstance("RSA");
+ KeyFactory kf = KeyFactory.getInstance(algorithm);
key = kf.generatePrivate(keySpec);
}
catch(InvalidKeySpecException e)
{
// not in PCKS#8 format - try parsing as PKCS#1
RSAPrivateCrtKeySpec keySpec = getRSAKeySpec(content);
- KeyFactory kf = KeyFactory.getInstance("RSA");
+ KeyFactory kf = KeyFactory.getInstance(algorithm);
try
{
key = kf.generatePrivate(keySpec);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
