Author: lquack
Date: Mon Feb 15 16:54:49 2016
New Revision: 1730567
URL: http://svn.apache.org/viewvc?rev=1730567&view=rev
Log:
QPID-7056: [Java Broker] Use the "qpid.security.ssl.*" context variables for
OAuth2AuthenticationProvider
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
Mon Feb 15 16:54:49 2016
@@ -41,22 +41,6 @@ public interface OAuth2AuthenticationPro
@ManagedContextDefault(name = AUTHENTICATION_OAUTH2_READ_TIMEOUT)
int DEFAULT_AUTHENTICATION_OAUTH2_READ_TIMEOUT = 60000;
- String AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS =
"qpid.authentication.oauth2.enabledTlsProtocols";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS)
- String DEFAULT_ENABLED_TLS_PROTOCOLS = "[]";
-
- String AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS =
"qpid.authentication.oauth2.disabledTlsProtocols";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS)
- String DEFAULT_DISABLED_TLS_PROTOCOLS = "[]";
-
- String AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES =
"qpid.authentication.oauth2.enabledCipherSuites";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES)
- String DEFAULT_ENABLED_CIPHER_SUITES = "[]";
-
- String AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES =
"qpid.authentication.oauth2.disabledCipherSuites";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES)
- String DEFAULT_DISABLED_CIPHER_SUITES = "[]";
-
@ManagedAttribute( description = "Redirect URI to obtain authorization
code grant", mandatory = true, defaultValue =
"${this:defaultAuthorizationEndpointURI}")
URI getAuthorizationEndpointURI();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Mon Feb 15 16:54:49 2016
@@ -19,6 +19,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -251,10 +255,10 @@ public class OAuth2AuthenticationProvide
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
-
connectionBuilder.setEnabledTlsProtocols(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS))
- .setDisabledTlsProtocols(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS))
- .setEnabledCipherSuites(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES))
- .setDisabledCipherSuites(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES));
+
connectionBuilder.setTlsProtocolWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST))
+ .setTlsProtocolBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST))
+ .setTlsCipherSuiteWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST))
+ .setTlsCipherSuiteBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST));
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
Mon Feb 15 16:54:49 2016
@@ -20,6 +20,10 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2.cloudfoundry;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -42,6 +46,7 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.plugin.PluggableService;
@@ -51,7 +56,6 @@ import org.apache.qpid.server.security.a
import
org.apache.qpid.server.security.auth.manager.oauth2.OAuth2IdentityResolverService;
import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2Utils;
import org.apache.qpid.server.util.ConnectionBuilder;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
@PluggableService
@@ -85,14 +89,14 @@ public class CloudFoundryOAuth2IdentityR
String clientSecret = authenticationProvider.getClientSecret();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(checkTokenEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -107,10 +111,10 @@ public class CloudFoundryOAuth2IdentityR
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'",
checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
Mon Feb 15 16:54:49 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.facebook;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -86,14 +90,14 @@ public class FacebookIdentityResolverSer
TrustStore<?> trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -108,10 +112,10 @@ public class FacebookIdentityResolverSer
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
Mon Feb 15 16:54:49 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.github;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -92,14 +96,14 @@ public class GitHubOAuth2IdentityResolve
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -114,10 +118,10 @@ public class GitHubOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
Mon Feb 15 16:54:49 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.google;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -96,14 +100,14 @@ public class GoogleOAuth2IdentityResolve
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -118,10 +122,10 @@ public class GoogleOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
Mon Feb 15 16:54:49 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.microsoftlive;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -84,14 +88,14 @@ public class MicrosoftLiveOAuth2Identity
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -106,10 +110,10 @@ public class MicrosoftLiveOAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java?rev=1730567&r1=1730566&r2=1730567&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
Mon Feb 15 16:54:49 2016
@@ -53,10 +53,10 @@ public class ConnectionBuilder
private int _connectTimeout;
private int _readTimeout;
private TrustManager[] _trustMangers;
- private List<String> _enabledTlsProtocols;
- private List<String> _disabledTlsProtocols;
- private List<String> _enabledCipherSuites;
- private List<String> _disabledCipherSuites;
+ private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
public ConnectionBuilder(final URL url)
@@ -82,27 +82,27 @@ public class ConnectionBuilder
return this;
}
- public ConnectionBuilder setEnabledTlsProtocols(final List<String>
enabledTlsProtocols)
+ public ConnectionBuilder setTlsProtocolWhiteList(final List<String>
tlsProtocolWhiteList)
{
- _enabledTlsProtocols = enabledTlsProtocols;
+ _tlsProtocolWhiteList = tlsProtocolWhiteList;
return this;
}
- public ConnectionBuilder setDisabledTlsProtocols(final List<String>
disabledTlsProtocols)
+ public ConnectionBuilder setTlsProtocolBlackList(final List<String>
tlsProtocolBlackList)
{
- _disabledTlsProtocols = disabledTlsProtocols;
+ _tlsProtocolBlackList = tlsProtocolBlackList;
return this;
}
- public ConnectionBuilder setEnabledCipherSuites(final List<String>
enabledCipherSuites)
+ public ConnectionBuilder setTlsCipherSuiteWhiteList(final List<String>
tlsCipherSuiteWhiteList)
{
- _enabledCipherSuites = enabledCipherSuites;
+ _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList;
return this;
}
- public ConnectionBuilder setDisabledCipherSuites(final List<String>
disabledCipherSuites)
+ public ConnectionBuilder setTlsCipherSuiteBlackList(final List<String>
tlsCipherSuiteBlackList)
{
- _disabledCipherSuites = disabledCipherSuites;
+ _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList;
return this;
}
@@ -158,10 +158,10 @@ public class ConnectionBuilder
});
}
- if ((_enabledTlsProtocols != null && !_enabledTlsProtocols.isEmpty())
||
- (_disabledTlsProtocols != null &&
!_disabledTlsProtocols.isEmpty()) ||
- (_enabledCipherSuites != null && !_enabledCipherSuites.isEmpty())
||
- (_disabledCipherSuites != null &&
!_disabledCipherSuites.isEmpty()))
+ if ((_tlsProtocolWhiteList != null &&
!_tlsProtocolWhiteList.isEmpty()) ||
+ (_tlsProtocolBlackList != null &&
!_tlsProtocolBlackList.isEmpty()) ||
+ (_tlsCipherSuiteWhiteList != null &&
!_tlsCipherSuiteWhiteList.isEmpty()) ||
+ (_tlsCipherSuiteBlackList != null &&
!_tlsCipherSuiteBlackList.isEmpty()))
{
HttpsURLConnection httpsConnection = (HttpsURLConnection)
connection;
SSLSocketFactory originalSocketFactory =
httpsConnection.getSSLSocketFactory();
@@ -182,17 +182,10 @@ public class ConnectionBuilder
@Override
public String[] getDefaultCipherSuites()
{
- final List<String> defaultCipherSuites =
Arrays.asList(_wrappedSocketFactory.getDefaultCipherSuites());
- if (_enabledCipherSuites != null &&
!_enabledCipherSuites.isEmpty())
- {
- defaultCipherSuites.retainAll(_enabledCipherSuites);
- }
-
- if (_disabledCipherSuites != null &&
!_disabledCipherSuites.isEmpty())
- {
- defaultCipherSuites.removeAll(_disabledCipherSuites);
- }
- return defaultCipherSuites.toArray(new
String[defaultCipherSuites.size()]);
+ return
SSLUtil.filterEnabledCipherSuites(_wrappedSocketFactory.getDefaultCipherSuites(),
+
_wrappedSocketFactory.getSupportedCipherSuites(),
+ _tlsCipherSuiteWhiteList,
+ _tlsCipherSuiteBlackList);
}
@Override
@@ -212,8 +205,8 @@ public class ConnectionBuilder
public Socket createSocket(final String host, final int port) throws
IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -222,8 +215,8 @@ public class ConnectionBuilder
throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port, localhost, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -231,8 +224,8 @@ public class ConnectionBuilder
public Socket createSocket(final InetAddress host, final int port)
throws IOException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -243,8 +236,8 @@ public class ConnectionBuilder
final int localPort) throws IOException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(address, port, localAddress, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
