Author: kwall
Date: Thu Jan 5 07:22:41 2017
New Revision: 1777426
URL: http://svn.apache.org/viewvc?rev=1777426&view=rev
Log:
QPID-7311: [Java Broker] [SiteSpecificTrustStore] Validate URL on creation
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java?rev=1777426&r1=1777425&r2=1777426&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStore.java
Thu Jan 5 07:22:41 2017
@@ -34,7 +34,7 @@ public interface SiteSpecificTrustStore<
{
String CERTIFICATE = "certificate";
- @ManagedAttribute(immutable = true, description = "The URL from which to
obtain the trusted certificate. This must include the protocol and port.
Example: https://example.com:443";)
+ @ManagedAttribute(immutable = true, description = "The URL from which to
obtain the trusted certificate. Example: https://example.com or
https://example.com:8443";)
String getSiteUrl();
@DerivedAttribute(persist = true, description = "The X.509 certificate
obtained from the given URL as base64 encoded representation of the ASN.1 DER
encoding")
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1777426&r1=1777425&r2=1777426&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Thu Jan 5 07:22:41 2017
@@ -22,6 +22,7 @@ package org.apache.qpid.server.security;
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
@@ -118,6 +119,26 @@ public class SiteSpecificTrustStoreImpl
}
@Override
+ protected void validateOnCreate()
+ {
+ super.validateOnCreate();
+
+ try
+ {
+ URL url = new URL(_siteUrl);
+
+ if (url.getHost() == null || (url.getPort() == -1 &&
url.getDefaultPort() == -1))
+ {
+ throw new IllegalConfigurationException(String.format("URL
'%s' does not provide a hostname and port number", _siteUrl));
+ }
+ }
+ catch (MalformedURLException e)
+ {
+ throw new IllegalConfigurationException(String.format("'%s' is not
a valid URL", _siteUrl));
+ }
+ }
+
+ @Override
public String getCertificate()
{
if (_x509Certificate != null)
@@ -156,7 +177,7 @@ public class SiteSpecificTrustStoreImpl
// verify that it is not in use
String storeName = getName();
- Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts());
+ Collection<Port<?>> ports = new ArrayList<>(_broker.getPorts());
for (Port port : ports)
{
Collection<TrustStore> trustStores = port.getTrustStores();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
