Author: lquack
Date: Tue Feb 16 14:21:00 2016
New Revision: 1730691
URL: http://svn.apache.org/viewvc?rev=1730691&view=rev
Log:
QPID-7056: [Java Broker] backport commit that was left out by mistake
This commit remove enabled/disabled cipherSuites/protocol context variables in
favour of white/black list and renames the context variables
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 16 14:21:00 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730578,1730585,1730651
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651
/qpid/trunk/qpid:796646-796653
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
Tue Feb 16 14:21:00 2016
@@ -41,22 +41,6 @@ public interface OAuth2AuthenticationPro
@ManagedContextDefault(name = AUTHENTICATION_OAUTH2_READ_TIMEOUT)
int DEFAULT_AUTHENTICATION_OAUTH2_READ_TIMEOUT = 60000;
- String AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS =
"qpid.authentication.oauth2.enabledTlsProtocols";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS)
- String DEFAULT_ENABLED_TLS_PROTOCOLS = "[]";
-
- String AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS =
"qpid.authentication.oauth2.disabledTlsProtocols";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS)
- String DEFAULT_DISABLED_TLS_PROTOCOLS = "[]";
-
- String AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES =
"qpid.authentication.oauth2.enabledCipherSuites";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES)
- String DEFAULT_ENABLED_CIPHER_SUITES = "[]";
-
- String AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES =
"qpid.authentication.oauth2.disabledCipherSuites";
- @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES)
- String DEFAULT_DISABLED_CIPHER_SUITES = "[]";
-
@ManagedAttribute( description = "Redirect URI to obtain authorization
code grant", mandatory = true, defaultValue =
"${this:defaultAuthorizationEndpointURI}")
URI getAuthorizationEndpointURI();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Tue Feb 16 14:21:00 2016
@@ -19,6 +19,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -251,10 +255,10 @@ public class OAuth2AuthenticationProvide
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
-
connectionBuilder.setEnabledTlsProtocols(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS))
- .setDisabledTlsProtocols(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS))
- .setEnabledCipherSuites(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES))
- .setDisabledCipherSuites(getContextValue(List.class,
LIST_OF_STRINGS, AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES));
+
connectionBuilder.setTlsProtocolWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST))
+ .setTlsProtocolBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST))
+ .setTlsCipherSuiteWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST))
+ .setTlsCipherSuiteBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST));
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
Tue Feb 16 14:21:00 2016
@@ -20,6 +20,10 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2.cloudfoundry;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -42,6 +46,7 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.plugin.PluggableService;
@@ -51,7 +56,6 @@ import org.apache.qpid.server.security.a
import
org.apache.qpid.server.security.auth.manager.oauth2.OAuth2IdentityResolverService;
import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2Utils;
import org.apache.qpid.server.util.ConnectionBuilder;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
@PluggableService
@@ -85,14 +89,14 @@ public class CloudFoundryOAuth2IdentityR
String clientSecret = authenticationProvider.getClientSecret();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(checkTokenEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -107,10 +111,10 @@ public class CloudFoundryOAuth2IdentityR
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'",
checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
Tue Feb 16 14:21:00 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.facebook;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -86,14 +90,14 @@ public class FacebookIdentityResolverSer
TrustStore<?> trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -108,10 +112,10 @@ public class FacebookIdentityResolverSer
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
Tue Feb 16 14:21:00 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.github;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -92,14 +96,14 @@ public class GitHubOAuth2IdentityResolve
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -114,10 +118,10 @@ public class GitHubOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
Tue Feb 16 14:21:00 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.google;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -96,14 +100,14 @@ public class GoogleOAuth2IdentityResolve
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -118,10 +122,10 @@ public class GoogleOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
Tue Feb 16 14:21:00 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.security.auth.manager.oauth2.microsoftlive;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
+import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
import java.io.IOException;
@@ -84,14 +88,14 @@ public class MicrosoftLiveOAuth2Identity
TrustStore trustStore = authenticationProvider.getTrustStore();
int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> enabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_TLS_PROTOCOLS);
- List<String> disabledTlsProtocols =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_TLS_PROTOCOLS);
- List<String> enabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_ENABLED_CIPHER_SUITES);
- List<String> disabledCipherSuites =
- authenticationProvider.getContextValue(List.class,
LIST_OF_STRINGS,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_DISABLED_CIPHER_SUITES);
+ List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
+
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
@@ -106,10 +110,10 @@ public class MicrosoftLiveOAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setEnabledTlsProtocols(enabledTlsProtocols)
- .setDisabledTlsProtocols(disabledTlsProtocols)
- .setEnabledCipherSuites(enabledCipherSuites)
- .setDisabledCipherSuites(disabledCipherSuites);
+ connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
+ .setTlsProtocolBlackList(tlsProtocolBlackList)
+ .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
+ .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
URL:
http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java?rev=1730691&r1=1730690&r2=1730691&view=diff
==============================================================================
---
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
(original)
+++
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/util/ConnectionBuilder.java
Tue Feb 16 14:21:00 2016
@@ -53,10 +53,10 @@ public class ConnectionBuilder
private int _connectTimeout;
private int _readTimeout;
private TrustManager[] _trustMangers;
- private List<String> _enabledTlsProtocols;
- private List<String> _disabledTlsProtocols;
- private List<String> _enabledCipherSuites;
- private List<String> _disabledCipherSuites;
+ private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
public ConnectionBuilder(final URL url)
@@ -82,27 +82,27 @@ public class ConnectionBuilder
return this;
}
- public ConnectionBuilder setEnabledTlsProtocols(final List<String>
enabledTlsProtocols)
+ public ConnectionBuilder setTlsProtocolWhiteList(final List<String>
tlsProtocolWhiteList)
{
- _enabledTlsProtocols = enabledTlsProtocols;
+ _tlsProtocolWhiteList = tlsProtocolWhiteList;
return this;
}
- public ConnectionBuilder setDisabledTlsProtocols(final List<String>
disabledTlsProtocols)
+ public ConnectionBuilder setTlsProtocolBlackList(final List<String>
tlsProtocolBlackList)
{
- _disabledTlsProtocols = disabledTlsProtocols;
+ _tlsProtocolBlackList = tlsProtocolBlackList;
return this;
}
- public ConnectionBuilder setEnabledCipherSuites(final List<String>
enabledCipherSuites)
+ public ConnectionBuilder setTlsCipherSuiteWhiteList(final List<String>
tlsCipherSuiteWhiteList)
{
- _enabledCipherSuites = enabledCipherSuites;
+ _tlsCipherSuiteWhiteList = tlsCipherSuiteWhiteList;
return this;
}
- public ConnectionBuilder setDisabledCipherSuites(final List<String>
disabledCipherSuites)
+ public ConnectionBuilder setTlsCipherSuiteBlackList(final List<String>
tlsCipherSuiteBlackList)
{
- _disabledCipherSuites = disabledCipherSuites;
+ _tlsCipherSuiteBlackList = tlsCipherSuiteBlackList;
return this;
}
@@ -158,10 +158,10 @@ public class ConnectionBuilder
});
}
- if ((_enabledTlsProtocols != null && !_enabledTlsProtocols.isEmpty())
||
- (_disabledTlsProtocols != null &&
!_disabledTlsProtocols.isEmpty()) ||
- (_enabledCipherSuites != null && !_enabledCipherSuites.isEmpty())
||
- (_disabledCipherSuites != null &&
!_disabledCipherSuites.isEmpty()))
+ if ((_tlsProtocolWhiteList != null &&
!_tlsProtocolWhiteList.isEmpty()) ||
+ (_tlsProtocolBlackList != null &&
!_tlsProtocolBlackList.isEmpty()) ||
+ (_tlsCipherSuiteWhiteList != null &&
!_tlsCipherSuiteWhiteList.isEmpty()) ||
+ (_tlsCipherSuiteBlackList != null &&
!_tlsCipherSuiteBlackList.isEmpty()))
{
HttpsURLConnection httpsConnection = (HttpsURLConnection)
connection;
SSLSocketFactory originalSocketFactory =
httpsConnection.getSSLSocketFactory();
@@ -182,17 +182,10 @@ public class ConnectionBuilder
@Override
public String[] getDefaultCipherSuites()
{
- final List<String> defaultCipherSuites =
Arrays.asList(_wrappedSocketFactory.getDefaultCipherSuites());
- if (_enabledCipherSuites != null &&
!_enabledCipherSuites.isEmpty())
- {
- defaultCipherSuites.retainAll(_enabledCipherSuites);
- }
-
- if (_disabledCipherSuites != null &&
!_disabledCipherSuites.isEmpty())
- {
- defaultCipherSuites.removeAll(_disabledCipherSuites);
- }
- return defaultCipherSuites.toArray(new
String[defaultCipherSuites.size()]);
+ return
SSLUtil.filterEnabledCipherSuites(_wrappedSocketFactory.getDefaultCipherSuites(),
+
_wrappedSocketFactory.getSupportedCipherSuites(),
+ _tlsCipherSuiteWhiteList,
+ _tlsCipherSuiteBlackList);
}
@Override
@@ -212,8 +205,8 @@ public class ConnectionBuilder
public Socket createSocket(final String host, final int port) throws
IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -222,8 +215,8 @@ public class ConnectionBuilder
throws IOException, UnknownHostException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port, localhost, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -231,8 +224,8 @@ public class ConnectionBuilder
public Socket createSocket(final InetAddress host, final int port)
throws IOException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(host, port);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
@@ -243,8 +236,8 @@ public class ConnectionBuilder
final int localPort) throws IOException
{
final SSLSocket socket = (SSLSocket)
_wrappedSocketFactory.createSocket(address, port, localAddress, localPort);
- SSLUtil.updateEnabledCipherSuites(socket, _enabledCipherSuites,
_disabledCipherSuites);
- SSLUtil.updateEnabledTlsProtocols(socket, _enabledTlsProtocols,
_disabledTlsProtocols);
+ SSLUtil.updateEnabledCipherSuites(socket,
_tlsCipherSuiteWhiteList, _tlsCipherSuiteBlackList);
+ SSLUtil.updateEnabledTlsProtocols(socket, _tlsProtocolWhiteList,
_tlsProtocolBlackList);
return socket;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
