Author: ieb Date: Thu Oct 10 09:37:56 2013 New Revision: 1530899 URL: http://svn.apache.org/r1530899 Log: SLING-3154 Add Topology Message Verification to the Discovery service.
whiteListDisabled was confusing, hmacEnabled is clearer. Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java?rev=1530899&r1=1530898&r2=1530899&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java Thu Oct 10 09:37:56 2013 @@ -97,10 +97,10 @@ public class Config { public static final String LEADER_ELECTION_REPOSITORY_DESCRIPTOR_NAME_KEY = "leaderElectionRepositoryDescriptor"; /** - * If set to true, the whitelist is disabled and the signing and encryption are enabled. + * If set to true, hmac is enabled and the white list is disabled. */ @Property(boolValue=false) - private static final String WHITELIST_DISABLED = "whiteListDisabled"; + private static final String HMAC_ENABLED = "hmacEnabled"; /** * If set to true, and the whitelist is disabled, messages will be encrypted. @@ -125,9 +125,9 @@ public class Config { private String leaderElectionRepositoryDescriptor ; /** - * True when the whitelist is disabled. + * True when the hmac is enabled and signing is disabled. */ - private boolean whiteListDisabled; + private boolean hmacEnabled; /** * the shared key. @@ -225,7 +225,7 @@ public class Config { logger.debug("configure: leaderElectionRepositoryDescriptor='{}'", this.leaderElectionRepositoryDescriptor); - whiteListDisabled = PropertiesUtil.toBoolean(properties.get(WHITELIST_DISABLED), true); + hmacEnabled = PropertiesUtil.toBoolean(properties.get(HMAC_ENABLED), true); encryptionEnabled = PropertiesUtil.toBoolean(properties.get(ENCRYPTION_ENABLED), false); sharedKey = PropertiesUtil.toString(properties.get(SHARED_KEY), null); keyInterval = PropertiesUtil.toLong(SHARED_KEY_INTERVAL, DEFAULT_SHARED_KEY_INTERVAL); @@ -321,18 +321,30 @@ public class Config { return leaderElectionRepositoryDescriptor; } - public boolean isWhiteListDisabled() { - return whiteListDisabled; + /** + * @return true if hmac is enabled. + */ + public boolean isHmacEnabled() { + return hmacEnabled; } + /** + * @return the shared key + */ public String getSharedKey() { return sharedKey; } + /** + * @return the interval of the shared key for hmac. + */ public long getKeyInterval() { return keyInterval; } + /** + * @return true if encryption is enabled. + */ public boolean isEncryptionEnabled() { return encryptionEnabled; } Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java?rev=1530899&r1=1530898&r2=1530899&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java Thu Oct 10 09:37:56 2013 @@ -77,7 +77,7 @@ public class TopologyConnectorServlet ex protected void activate(final ComponentContext context) { whitelist.clear(); - if (!config.isWhiteListDisabled()) { + if (!config.isHmacEnabled()) { String[] whitelistConfig = config.getTopologyConnectorWhitelist(); for (int i = 0; i < whitelistConfig.length; i++) { String aWhitelistEntry = whitelistConfig[i]; @@ -217,7 +217,7 @@ public class TopologyConnectorServlet ex /** Checks if the provided request's remote server is whitelisted **/ private boolean isWhitelisted(final SlingHttpServletRequest request) { - if (config.isWhiteListDisabled()) { + if (config.isHmacEnabled()) { return requestValidator.isTrusted(request); } else { if (whitelist.contains(request.getRemoteAddr())) { Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530899&r1=1530898&r2=1530899&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Thu Oct 10 09:37:56 2013 @@ -117,7 +117,7 @@ public class TopologyRequestValidator { public TopologyRequestValidator(Config config) { trustEnabled = false; encryptionEnabled = false; - if (config.isWhiteListDisabled()) { + if (config.isHmacEnabled()) { trustEnabled = true; sharedKey = config.getSharedKey(); interval = config.getKeyInterval(); Modified: sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java?rev=1530899&r1=1530898&r2=1530899&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java Thu Oct 10 09:37:56 2013 @@ -51,7 +51,7 @@ public class TopologyRequestValidatorTes public void before() throws SecurityException, IllegalArgumentException, NoSuchFieldException, IllegalAccessException { Config config= new Config(); setPrivate(config, "sharedKey", "testKey"); - setPrivate(config, "whiteListDisabled", true); + setPrivate(config, "hmacEnabled", true); setPrivate(config, "encryptionEnabled", true); setPrivate(config, "keyInterval", 3600*100*4); topologyRequestValidator = new TopologyRequestValidator(config);