Author: lquack
Date: Thu Jun 30 13:57:52 2016
New Revision: 1750798
URL: http://svn.apache.org/viewvc?rev=1750798&view=rev
Log:
QPID-7224: [Java Broker] Exposed TrustStores should include/exclude based on
VirtualHostNodes rather than VirtualHosts
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
Thu Jun 30 13:57:52 2016
@@ -32,15 +32,14 @@ public interface TrustStore<X extends Tr
@ManagedAttribute( defaultValue = "false", description = "If true the
Trust Store will expose its certificates as a special artificial message
source.")
boolean isExposedAsMessageSource();
- @ManagedAttribute( defaultValue = "[]" )
- List<VirtualHost> getIncludedVirtualHostMessageSources();
+ @ManagedAttribute( defaultValue = "[]", description = "If
'exposedAsMessageSource' is true, the trust store will expose its certificates
only to VirtualHostNodes in this list or if this list is empty to all
VirtualHostNodes who are not in the 'excludedVirtualHostNodeMessageSources'
list." )
+ List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources();
- @ManagedAttribute( defaultValue = "[]" )
- List<VirtualHost> getExcludedVirtualHostMessageSources();
+ @ManagedAttribute( defaultValue = "[]", description = "If
'exposedAsMessageSource' is true and 'includedVirtualHostNodeMessageSources' is
empty, the trust store will expose its certificates only to VirtualHostNodes
who are not in this list." )
+ List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources();
+ TrustManager[] getTrustManagers() throws GeneralSecurityException;
- public TrustManager[] getTrustManagers() throws GeneralSecurityException;
-
- public Certificate[] getCertificates() throws GeneralSecurityException;
+ Certificate[] getCertificates() throws GeneralSecurityException;
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
Thu Jun 30 13:57:52 2016
@@ -22,6 +22,7 @@ package org.apache.qpid.server.plugin;
import org.apache.qpid.server.message.MessageNode;
import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
public interface SystemNodeCreator extends Pluggable
{
@@ -31,7 +32,7 @@ public interface SystemNodeCreator exten
void removeSystemNode(MessageNode node);
void removeSystemNode(String name);
-
+ VirtualHostNode<?> getVirtualHostNode();
VirtualHost<?> getVirtualHost();
boolean hasSystemNode(String name);
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -57,7 +57,7 @@ import org.apache.qpid.server.model.Port
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
@@ -84,9 +84,9 @@ public class FileTrustStoreImpl extends
@ManagedAttributeField
private boolean _exposedAsMessageSource;
@ManagedAttributeField
- private List<VirtualHost> _includedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
@ManagedAttributeField
- private List<VirtualHost> _excludedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
static
{
@@ -378,14 +378,14 @@ public class FileTrustStoreImpl extends
}
@Override
- public List<VirtualHost> getIncludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
{
- return _includedVirtualHostMessageSources;
+ return _includedVirtualHostNodeMessageSources;
}
@Override
- public List<VirtualHost> getExcludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
{
- return _excludedVirtualHostMessageSources;
+ return _excludedVirtualHostNodeMessageSources;
}
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -64,7 +64,7 @@ import org.apache.qpid.server.model.Port
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import
org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
@@ -81,9 +81,9 @@ public class ManagedPeerCertificateTrust
@ManagedAttributeField
private boolean _exposedAsMessageSource;
@ManagedAttributeField
- private List<VirtualHost> _includedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
@ManagedAttributeField
- private List<VirtualHost> _excludedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
private volatile TrustManager[] _trustManagers = new TrustManager[0];
@@ -247,15 +247,15 @@ public class ManagedPeerCertificateTrust
}
@Override
- public List<VirtualHost> getIncludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
{
- return _includedVirtualHostMessageSources;
+ return _includedVirtualHostNodeMessageSources;
}
@Override
- public List<VirtualHost> getExcludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
{
- return _excludedVirtualHostMessageSources;
+ return _excludedVirtualHostNodeMessageSources;
}
@Override
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -61,7 +61,7 @@ import org.apache.qpid.server.model.Port
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -80,9 +80,9 @@ public class NonJavaTrustStoreImpl
@ManagedAttributeField
private boolean _exposedAsMessageSource;
@ManagedAttributeField
- private List<VirtualHost> _includedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
@ManagedAttributeField
- private List<VirtualHost> _excludedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
private volatile TrustManager[] _trustManagers = new TrustManager[0];
@@ -333,14 +333,14 @@ public class NonJavaTrustStoreImpl
}
@Override
- public List<VirtualHost> getIncludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
{
- return _includedVirtualHostMessageSources;
+ return _includedVirtualHostNodeMessageSources;
}
@Override
- public List<VirtualHost> getExcludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
{
- return _excludedVirtualHostMessageSources;
+ return _excludedVirtualHostNodeMessageSources;
}
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -62,7 +62,7 @@ import org.apache.qpid.server.model.Port
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.transport.util.Functions;
@@ -81,9 +81,9 @@ public class SiteSpecificTrustStoreImpl
@ManagedAttributeField
private boolean _exposedAsMessageSource;
@ManagedAttributeField
- private List<VirtualHost> _includedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
@ManagedAttributeField
- private List<VirtualHost> _excludedVirtualHostMessageSources;
+ private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
private volatile TrustManager[] _trustManagers = new TrustManager[0];
@@ -295,15 +295,15 @@ public class SiteSpecificTrustStoreImpl
}
@Override
- public List<VirtualHost> getIncludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
{
- return _includedVirtualHostMessageSources;
+ return _includedVirtualHostNodeMessageSources;
}
@Override
- public List<VirtualHost> getExcludedVirtualHostMessageSources()
+ public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
{
- return _excludedVirtualHostMessageSources;
+ return _excludedVirtualHostNodeMessageSources;
}
@Override
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
Thu Jun 30 13:57:52 2016
@@ -114,19 +114,19 @@ public class TrustStoreMessageSourceCrea
}
- private boolean isTrustStoreExposedAsMessageSource(VirtualHost<?>
virtualHost, final TrustStore trustStore)
+ private boolean isTrustStoreExposedAsMessageSource(VirtualHostNode<?>
virtualHostNode, final TrustStore trustStore)
{
return trustStore.getState() == State.ACTIVE &&
trustStore.isExposedAsMessageSource()
- &&
(trustStore.getIncludedVirtualHostMessageSources().contains(virtualHost)
- ||
(trustStore.getIncludedVirtualHostMessageSources().isEmpty()
- &&
!trustStore.getExcludedVirtualHostMessageSources().contains(virtualHost)));
+ &&
(trustStore.getIncludedVirtualHostNodeMessageSources().contains(virtualHostNode)
+ ||
(trustStore.getIncludedVirtualHostNodeMessageSources().isEmpty()
+ &&
!trustStore.getExcludedVirtualHostNodeMessageSources().contains(virtualHostNode)));
}
private void updateTrustStoreSourceRegistration(SystemNodeRegistry
registry, TrustStore<?> trustStore)
{
final String sourceName =
TrustStoreMessageSource.getSourceNameFromTrustStore(trustStore);
- if(isTrustStoreExposedAsMessageSource(registry.getVirtualHost(),
trustStore) )
+ if (isTrustStoreExposedAsMessageSource(registry.getVirtualHostNode(),
trustStore))
{
if(!registry.hasSystemNode(sourceName))
{
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
Thu Jun 30 13:57:52 2016
@@ -25,6 +25,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -480,6 +481,10 @@ public class BrokerStoreUpgraderAndRecov
getNextUpgrader().configuredObject(record);
}
+ else if (record.getType().equals("TrustStore"))
+ {
+ upgradeTrustStore(record);
+ }
else
{
Map<String, Object> attributes = record.getAttributes();
@@ -510,6 +515,41 @@ public class BrokerStoreUpgraderAndRecov
}
}
+ private void upgradeTrustStore(ConfiguredObjectRecord record)
+ {
+ Map<String, Object> updatedAttributes = new
LinkedHashMap<>(record.getAttributes());
+ if
(updatedAttributes.containsKey("includedVirtualHostMessageSources")
+ ||
updatedAttributes.containsKey("excludedVirtualHostMessageSources"))
+ {
+ if
(updatedAttributes.containsKey("includedVirtualHostMessageSources"))
+ {
+ LOGGER.warn("Detected 'includedVirtualHostMessageSources'
attribute during upgrade."
+ + " Starting with version 6.1 this attribute
has been replaced with"
+ + " 'includedVirtualHostNodeMessageSources'.
The upgrade is automatic but"
+ + " assumes that the VirtualHostNode has the
same name as the VirtualHost."
+ + " Assumed name: '{}'",
updatedAttributes.get("includedVirtualHostMessageSources"));
+
updatedAttributes.put("includedVirtualHostNodeMessageSources",
+
updatedAttributes.get("includedVirtualHostMessageSources"));
+
updatedAttributes.remove("includedVirtualHostMessageSources");
+
+ }
+ if
(updatedAttributes.containsKey("excludedVirtualHostMessageSources"))
+ {
+ LOGGER.warn("Detected 'excludedVirtualHostMessageSources'
attribute during upgrade."
+ + " Starting with version 6.1 this attribute
has been replaced with"
+ + " 'excludedVirtualHostNodeMessageSources'.
The upgrade is automatic but"
+ + " assumes that the VirtualHostNode has the
same name as the VirtualHost."
+ + " Assumed name: '{}'",
updatedAttributes.get("excludedVirtualHostMessageSources"));
+
updatedAttributes.put("excludedVirtualHostNodeMessageSources",
+
updatedAttributes.get("excludedVirtualHostMessageSources"));
+
updatedAttributes.remove("excludedVirtualHostMessageSources");
+ }
+ record = new ConfiguredObjectRecordImpl(record.getId(),
record.getType(), updatedAttributes, record.getParents());
+ getUpdateMap().put(record.getId(), record);
+ getNextUpgrader().configuredObject(record);
+ }
+ }
+
@Override
public void complete()
{
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
Thu Jun 30 13:57:52 2016
@@ -1300,6 +1300,12 @@ public abstract class AbstractVirtualHos
}
@Override
+ public VirtualHostNode<?> getVirtualHostNode()
+ {
+ return AbstractVirtualHost.this.getParent(VirtualHostNode.class);
+ }
+
+ @Override
public VirtualHost<?> getVirtualHost()
{
return AbstractVirtualHost.this;
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
Thu Jun 30 13:57:52 2016
@@ -21,6 +21,8 @@
package org.apache.qpid.systest.messageencryption;
import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -33,6 +35,7 @@ import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
+import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.client.message.JMSBytesMessage;
import org.apache.qpid.client.message.JMSTextMessage;
import org.apache.qpid.server.model.TrustStore;
@@ -43,6 +46,8 @@ public class MessageEncryptionTest exten
{
public static final String TEST_MESSAGE_TEXT = "test message";
+ public static final String EXCLUDED_VIRTUAL_HOST_NODE_NAME =
"excludedVirtualHostNode";
+ public static final String INCLUDED_VIRTUAL_HOST_NODE_NAME =
"includedVirtualHostNode";
@Override
public void setUp() throws Exception
@@ -213,6 +218,89 @@ public class MessageEncryptionTest exten
}
}
+ public void testBrokerStoreProviderWithExcludedVirtualHostNode() throws
Exception
+ {
+ if(isStrongEncryptionEnabled() && !isCppBroker())
+ {
+ createTestVirtualHostNode(EXCLUDED_VIRTUAL_HOST_NODE_NAME);
+ addPeerStoreToBroker(Collections.<String,
Object>singletonMap("excludedVirtualHostNodeMessageSources",
+
EXCLUDED_VIRTUAL_HOST_NODE_NAME));
+ super.setUp();
+
+ String connectionUrlString = "amqp://guest:guest@clientId/" +
EXCLUDED_VIRTUAL_HOST_NODE_NAME
+ + "?brokerlist='tcp://localhost:" +
getDefaultAmqpPort() + "'"
+ +
"&encryption_remote_trust_store='$certificates%5c/peerstore'";
+ final AMQConnectionURL connectionUrl = new
AMQConnectionURL(connectionUrlString);
+ Connection producerConnection = getConnection(connectionUrl);
+
+ Queue queue = getTestQueue();
+ final Session prodSession =
producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+
"[email protected],ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ try
+ {
+ producer.send(message);
+ fail("Should not be able to send message");
+ }
+ catch (JMSException e)
+ {
+ assertTrue("Wrong exception cause: " + e.getCause(),
e.getCause() instanceof CertificateException);
+ }
+ }
+ }
+
+ public void testBrokerStoreProviderWithIncludedVirtualHostNode() throws
Exception
+ {
+ if(isStrongEncryptionEnabled() && !isCppBroker())
+ {
+ createTestVirtualHostNode(INCLUDED_VIRTUAL_HOST_NODE_NAME);
+ final Map<String, Object> additionalPeerStoreAttributes = new
HashMap<>();
+
additionalPeerStoreAttributes.put("includedVirtualHostNodeMessageSources",
INCLUDED_VIRTUAL_HOST_NODE_NAME);
+ // this is deliberate to test that the include list takes
precedence
+
additionalPeerStoreAttributes.put("excludedVirtualHostNodeMessageSources",
INCLUDED_VIRTUAL_HOST_NODE_NAME);
+ addPeerStoreToBroker(additionalPeerStoreAttributes);
+ super.setUp();
+
+ String connectionUrlString;
+
+ connectionUrlString = "amqp://guest:guest@clientId/" +
INCLUDED_VIRTUAL_HOST_NODE_NAME
+ + "?brokerlist='tcp://localhost:" +
getDefaultAmqpPort() + "'"
+ +
"&encryption_remote_trust_store='$certificates%5c/peerstore'";
+ final AMQConnectionURL connectionUrl = new
AMQConnectionURL(connectionUrlString);
+ Connection successfulProducerConnection =
getConnection(connectionUrl);
+
+ Connection failingProducerConnection =
getConnectionWithOptions(Collections.singletonMap("encryption_remote_trust_store",
+
"$certificates%5c/peerstore"));
+
+ Queue queue = getTestQueue();
+ final Session successfulSession =
successfulProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer successfulProducer =
successfulSession.createProducer(queue);
+ final Session failingSession =
failingProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer failingProducer =
failingSession.createProducer(queue);
+
+ Message message =
successfulSession.createTextMessage(TEST_MESSAGE_TEXT);
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+
"[email protected],ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ try
+ {
+ failingProducer.send(message);
+ fail("Should not be able to send message");
+ }
+ catch (JMSException e)
+ {
+ assertTrue("Wrong exception cause: " + e.getCause(),
e.getCause() instanceof CertificateException);
+ }
+
+ successfulProducer.send(message);
+ }
+ }
public void testUnknownRecipient() throws Exception
{
@@ -297,15 +385,19 @@ public class MessageEncryptionTest exten
private void addPeerStoreToBroker()
{
+ addPeerStoreToBroker(Collections.<String, Object>emptyMap());
+ }
+
+ private void addPeerStoreToBroker(Map<String, Object> additionalAttributes)
+ {
Map<String, Object> peerStoreAttributes = new HashMap<>();
peerStoreAttributes.put("name" , "peerstore");
peerStoreAttributes.put("storeUrl" ,
"${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_peerstore.jks");
peerStoreAttributes.put("password" , "password");
peerStoreAttributes.put("type", "FileTrustStore");
peerStoreAttributes.put("exposedAsMessageSource", true);
+ peerStoreAttributes.putAll(additionalAttributes);
getDefaultBrokerConfiguration().addObjectConfiguration(TrustStore.class,
peerStoreAttributes);
-
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
