Author: kwall
Date: Tue Feb 16 16:55:08 2016
New Revision: 1730712
URL: http://svn.apache.org/viewvc?rev=1730712&view=rev
Log:
QPID-7056: [Java Broker] Expose TLS protocol/cipher suites as derived
attributes only and martialise context vars once per lifecycle
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/Port.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
Tue Feb 16 16:55:08 2016
@@ -26,8 +26,6 @@ import java.util.Set;
import com.google.common.util.concurrent.ListenableFuture;
-import org.apache.qpid.configuration.CommonProperties;
-
@ManagedObject( description = Port.CLASS_DESCRIPTION )
public interface Port<X extends Port<X>> extends ConfiguredObject<X>
{
@@ -73,11 +71,17 @@ public interface Port<X extends Port<X>>
@ManagedAttribute
Collection<TrustStore> getTrustStores();
- @ManagedAttribute( defaultValue = "${" +
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST + "}")
- List<String> getCipherSuiteWhiteList();
+ @DerivedAttribute
+ List<String> getTlsProtocolWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolBlackList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteWhiteList();
- @ManagedAttribute( defaultValue = "${" +
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST + "}")
- List<String> getCipherSuiteBlackList();
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteBlackList();
Collection<Connection> getConnections();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
Tue Feb 16 16:55:08 2016
@@ -30,6 +30,8 @@ import java.util.Set;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
+
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.messages.PortMessages;
import org.apache.qpid.server.model.IntegrityViolationException;
@@ -49,6 +51,7 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.util.ParameterizedTypes;
abstract public class AbstractPort<X extends AbstractPort<X>> extends
AbstractConfiguredObject<X> implements Port<X>
{
@@ -72,10 +75,11 @@ abstract public class AbstractPort<X ext
@ManagedAttributeField
private Set<Protocol> _protocols;
- @ManagedAttributeField
- private List<String> _cipherSuiteWhiteList;
- @ManagedAttributeField
- private List<String> _cipherSuiteBlackList;
+ private List<String> _tlsProtocolBlackList;
+ private List<String> _tlsProtocolWhiteList;
+
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
public AbstractPort(Map<String, Object> attributes,
Broker<?> broker)
@@ -88,6 +92,16 @@ abstract public class AbstractPort<X ext
}
@Override
+ protected void onOpen()
+ {
+ super.onOpen();
+ _tlsProtocolWhiteList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ _tlsProtocolBlackList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ _tlsCipherSuiteWhiteList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ _tlsCipherSuiteBlackList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ }
+
+ @Override
public void onValidate()
{
super.onValidate();
@@ -270,15 +284,27 @@ abstract public class AbstractPort<X ext
}
@Override
- public List<String> getCipherSuiteWhiteList()
+ public List<String> getTlsProtocolWhiteList()
+ {
+ return _tlsProtocolWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsProtocolBlackList()
+ {
+ return _tlsProtocolBlackList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteWhiteList()
{
- return _cipherSuiteWhiteList;
+ return _tlsCipherSuiteWhiteList;
}
@Override
- public List<String> getCipherSuiteBlackList()
+ public List<String> getTlsCipherSuiteBlackList()
{
- return _cipherSuiteBlackList;
+ return _tlsCipherSuiteBlackList;
}
@Override
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
Tue Feb 16 16:55:08 2016
@@ -90,4 +90,20 @@ public interface OAuth2AuthenticationPro
@DerivedAttribute( description = "Default OAuth access token scope passed
to the authorization endpoint")
String getDefaultScope();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsProtocolBlackList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteWhiteList();
+
+ @DerivedAttribute
+ List<String> getTlsCipherSuiteBlackList();
+
+ int getConnectTimeout();
+
+ int getReadTimeout();
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Tue Feb 16 16:55:08 2016
@@ -19,12 +19,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -50,6 +44,7 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
@@ -60,6 +55,7 @@ import org.apache.qpid.server.plugin.Qpi
import org.apache.qpid.server.security.auth.AuthenticationResult;
import
org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager;
import org.apache.qpid.server.util.ConnectionBuilder;
+import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
public class OAuth2AuthenticationProviderImpl
@@ -103,9 +99,17 @@ public class OAuth2AuthenticationProvide
private String _identityResolverType;
private OAuth2IdentityResolverService _identityResolverService;
+
+ private List<String> _tlsProtocolWhiteList;
+ private List<String> _tlsProtocolBlackList;
+
+ private List<String> _tlsCipherSuiteWhiteList;
+ private List<String> _tlsCipherSuiteBlackList;
+
private int _connectTimeout;
private int _readTimeout;
+
@ManagedObjectFactoryConstructor
protected OAuth2AuthenticationProviderImpl(final Map<String, Object>
attributes,
final Broker<?> broker)
@@ -119,6 +123,10 @@ public class OAuth2AuthenticationProvide
super.onOpen();
String type = getIdentityResolverType();
_identityResolverService = new
QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(type);
+ _tlsProtocolWhiteList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
+ _tlsProtocolBlackList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
+ _tlsCipherSuiteWhiteList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
+ _tlsCipherSuiteBlackList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
_connectTimeout = getContextValue(Integer.class,
AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
_readTimeout = getContextValue(Integer.class,
AUTHENTICATION_OAUTH2_READ_TIMEOUT);
}
@@ -255,10 +263,10 @@ public class OAuth2AuthenticationProvide
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
-
connectionBuilder.setTlsProtocolWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST))
- .setTlsProtocolBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST))
- .setTlsCipherSuiteWhiteList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST))
- .setTlsCipherSuiteBlackList(getContextValue(List.class,
LIST_OF_STRINGS, QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST));
+
connectionBuilder.setTlsProtocolWhiteList(getTlsProtocolWhiteList())
+ .setTlsProtocolBlackList(getTlsProtocolBlackList())
+ .setTlsCipherSuiteWhiteList(getTlsCipherSuiteWhiteList())
+ .setTlsCipherSuiteBlackList(getTlsCipherSuiteBlackList());
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = connectionBuilder.build();
@@ -437,6 +445,42 @@ public class OAuth2AuthenticationProvide
new
QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(getIdentityResolverType());
return identityResolverService == null ? null :
identityResolverService.getDefaultScope(this); }
+ @Override
+ public List<String> getTlsProtocolWhiteList()
+ {
+ return _tlsProtocolWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsProtocolBlackList()
+ {
+ return _tlsProtocolBlackList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteWhiteList()
+ {
+ return _tlsCipherSuiteWhiteList;
+ }
+
+ @Override
+ public List<String> getTlsCipherSuiteBlackList()
+ {
+ return _tlsCipherSuiteBlackList;
+ }
+
+ @Override
+ public int getConnectTimeout()
+ {
+ return _connectTimeout;
+ }
+
+ @Override
+ public int getReadTimeout()
+ {
+ return _readTimeout;
+ }
+
@SuppressWarnings("unused")
public static Collection<String> validIdentityResolvers()
{
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
Tue Feb 16 16:55:08 2016
@@ -20,12 +20,6 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2.cloudfoundry;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -36,7 +30,6 @@ import java.nio.charset.StandardCharsets
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Collections;
-import java.util.List;
import java.util.Map;
import javax.xml.bind.DatatypeConverter;
@@ -46,7 +39,6 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.plugin.PluggableService;
@@ -87,19 +79,10 @@ public class CloudFoundryOAuth2IdentityR
TrustStore trustStore = authenticationProvider.getTrustStore();
String clientId = authenticationProvider.getClientId();
String clientSecret = authenticationProvider.getClientSecret();
- int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(checkTokenEndpoint);
-
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+
.setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -111,10 +94,10 @@ public class CloudFoundryOAuth2IdentityR
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+
.setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+
.setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+
.setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'",
checkTokenEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
Tue Feb 16 16:55:08 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.facebook;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -87,20 +80,11 @@ public class FacebookIdentityResolverSer
String accessToken) throws IOException,
IdentityResolverException
{
URL userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI().toURL();
- TrustStore<?> trustStore = authenticationProvider.getTrustStore();
- int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
+ TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
-
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+
.setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -112,10 +96,10 @@ public class FacebookIdentityResolverSer
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+
.setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+
.setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+
.setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
Tue Feb 16 16:55:08 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.github;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -94,19 +87,10 @@ public class GitHubOAuth2IdentityResolve
{
URL userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
-
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+
.setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -118,10 +102,10 @@ public class GitHubOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+
.setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+
.setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+
.setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
Tue Feb 16 16:55:08 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.google;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -98,19 +91,10 @@ public class GoogleOAuth2IdentityResolve
{
URL userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
-
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+
.setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -122,10 +106,10 @@ public class GoogleOAuth2IdentityResolve
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+
.setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+
.setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+
.setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/microsoftlive/MicrosoftLiveOAuth2IdentityResolverService.java
Tue Feb 16 16:55:08 2016
@@ -21,12 +21,6 @@
package org.apache.qpid.server.security.auth.manager.oauth2.microsoftlive;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST;
-import static
org.apache.qpid.configuration.CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST;
-import static org.apache.qpid.server.util.ParameterizedTypes.LIST_OF_STRINGS;
-
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
@@ -36,7 +30,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.util.List;
import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -86,19 +79,10 @@ public class MicrosoftLiveOAuth2Identity
{
URL userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI().toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
- int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
- int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
- List<String> tlsProtocolWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- List<String> tlsProtocolBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- List<String> tlsCipherSuiteWhiteList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
- List<String> tlsCipherSuiteBlackList =
authenticationProvider.getContextValue(List.class, LIST_OF_STRINGS,
-
QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
ConnectionBuilder connectionBuilder = new
ConnectionBuilder(userInfoEndpoint);
-
connectionBuilder.setConnectTimeout(connectTimeout).setReadTimeout(readTimeout);
+
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout())
+
.setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null)
{
try
@@ -110,10 +94,10 @@ public class MicrosoftLiveOAuth2Identity
throw new ServerScopedRuntimeException("Cannot initialise
TLS", e);
}
}
- connectionBuilder.setTlsProtocolWhiteList(tlsProtocolWhiteList)
- .setTlsProtocolBlackList(tlsProtocolBlackList)
- .setTlsCipherSuiteWhiteList(tlsCipherSuiteWhiteList)
- .setTlsCipherSuiteBlackList(tlsCipherSuiteBlackList);
+
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList())
+
.setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList())
+
.setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList())
+
.setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
Tue Feb 16 16:55:08 2016
@@ -20,9 +20,7 @@
package org.apache.qpid.server.transport;
import org.apache.qpid.bytebuffer.QpidByteBuffer;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.model.port.AmqpPort;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
import org.slf4j.Logger;
@@ -319,12 +317,8 @@ public class NonBlockingConnectionTLSDel
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
- final List<String> tlsProtocolWhiteList = (List<String>)
port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
-
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = (List<String>)
port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
-
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
- SSLUtil.updateEnabledTlsProtocols(sslEngine, tlsProtocolWhiteList,
tlsProtocolBlackList);
- SSLUtil.updateEnabledCipherSuites(sslEngine,
port.getCipherSuiteWhiteList(), port.getCipherSuiteBlackList());
+ SSLUtil.updateEnabledTlsProtocols(sslEngine,
port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
+ SSLUtil.updateEnabledCipherSuites(sslEngine,
port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
if(port.getNeedClientAuth())
{
Modified:
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
(original)
+++
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
Tue Feb 16 16:55:08 2016
@@ -44,12 +44,10 @@ import com.fasterxml.jackson.databind.Ob
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.test.utils.QpidTestCase;
public class TCPandSSLTransportTest extends QpidTestCase
@@ -156,8 +154,8 @@ public class TCPandSSLTransportTest exte
JavaType type =
mapper.getTypeFactory().constructCollectionType(List.class, String.class);
List<String> whiteList =
mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_WHITE_LIST, type);
List<String> blackList =
mapper.readValue(Broker.DEFAULT_SECURITY_TLS_PROTOCOL_BLACK_LIST, type);
- when(port.getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST)).thenReturn(blackList);
- when(port.getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST)).thenReturn(whiteList);
+ when(port.getTlsProtocolBlackList()).thenReturn(blackList);
+ when(port.getTlsProtocolWhiteList()).thenReturn(whiteList);
TCPandSSLTransport transport = new TCPandSSLTransport(new
HashSet<>(Arrays.asList(transports)),
port,
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
Tue Feb 16 16:55:08 2016
@@ -45,7 +45,6 @@ import javax.servlet.http.HttpServletReq
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Connector;
@@ -71,7 +70,6 @@ import org.apache.qpid.server.management
import org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter;
import org.apache.qpid.server.management.plugin.filter.LoggingFilter;
import
org.apache.qpid.server.management.plugin.filter.RedirectingAuthorisationFilter;
-import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet;
import org.apache.qpid.server.management.plugin.servlet.FileServlet;
import org.apache.qpid.server.management.plugin.servlet.RootServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.ApiDocsServlet;
@@ -91,7 +89,6 @@ import org.apache.qpid.server.model.*;
import org.apache.qpid.server.model.adapter.AbstractPluginAdapter;
import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.model.port.PortManager;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -388,22 +385,22 @@ public class HttpManagement extends Abst
{
throw new IllegalConfigurationException("Key store is not
configured. Cannot start management on HTTPS port without keystore");
}
- final List<String> tlsProtocolWhiteList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList = getContextValue(List.class,
ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
SslContextFactory factory = new SslContextFactory()
{
@Override
public String[]
selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{
return
SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
-
tlsProtocolWhiteList, tlsProtocolBlackList);
+
port.getTlsProtocolWhiteList(),
+
port.getTlsProtocolBlackList());
}
@Override
public String[]
selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
return
SSLUtil.filterEnabledCipherSuites(enabledCipherSuites, supportedCipherSuites,
-
port.getCipherSuiteWhiteList(), port.getCipherSuiteBlackList());
+
port.getTlsCipherSuiteWhiteList(),
+
port.getTlsCipherSuiteBlackList());
}
};
Modified:
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1730712&r1=1730711&r2=1730712&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
(original)
+++
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Tue Feb 16 16:55:08 2016
@@ -53,7 +53,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.qpid.bytebuffer.QpidByteBuffer;
-import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.server.transport.MultiVersionProtocolEngine;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
@@ -64,7 +63,6 @@ import org.apache.qpid.server.transport.
import org.apache.qpid.server.transport.ProtocolEngine;
import org.apache.qpid.server.transport.ServerNetworkConnection;
import org.apache.qpid.server.util.Action;
-import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.ByteBufferSender;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -120,21 +118,22 @@ class WebSocketProvider implements Accep
}
else if (_transport == Transport.WSS)
{
- final List<String> tlsProtocolWhiteList =
_port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
- final List<String> tlsProtocolBlackList =
_port.getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS,
CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
SslContextFactory factory = new SslContextFactory()
{
@Override
public String[]
selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{
- return
SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
tlsProtocolWhiteList, tlsProtocolBlackList);
+ return
SSLUtil.filterEnabledProtocols(enabledProtocols, supportedProtocols,
+
_port.getTlsProtocolWhiteList(),
+
_port.getTlsProtocolBlackList());
}
@Override
public String[]
selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
return
SSLUtil.filterEnabledCipherSuites(enabledCipherSuites, supportedCipherSuites,
-
_port.getCipherSuiteWhiteList(), _port.getCipherSuiteBlackList());
+
_port.getTlsCipherSuiteWhiteList(),
+
_port.getTlsCipherSuiteBlackList());
}
};
factory.setSslContext(_sslContext);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
