This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/main by this push: new dca5e9b QPID-8541: [Broker-J] Enhance Broker Rest API to include certificate alias dca5e9b is described below commit dca5e9b810f4e3eb72088044d624c72516f1f35d Author: Marek Laca <mk.l...@gmail.com> AuthorDate: Tue Jun 15 18:03:59 2021 +0200 QPID-8541: [Broker-J] Enhance Broker Rest API to include certificate alias This closes #95 --- .../qpid/server/security/CertificateDetails.java | 2 +- .../server/security/CertificateDetailsImpl.java | 20 +++++++++- .../qpid/server/security/FileKeyStoreImpl.java | 25 +++++++++--- .../qpid/server/security/FileTrustStoreImpl.java | 44 +++++++++++++--------- .../transport/network/security/ssl/SSLUtil.java | 12 +++--- .../qpid/management/store/CertificateGridWidget.js | 12 ++++-- 6 files changed, 80 insertions(+), 35 deletions(-) diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java index 41f9bfe..1ea0483 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetails.java @@ -37,5 +37,5 @@ public interface CertificateDetails extends ManagedAttributeValue List<String> getSubjectAltNames(); Date getValidFrom(); Date getValidUntil(); - + String getAlias(); } diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java index 8561b59..1592e07 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/CertificateDetailsImpl.java @@ -28,6 +28,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.List; +import java.util.Objects; import org.apache.qpid.server.model.ManagedAttributeValue; @@ -35,9 +36,18 @@ public class CertificateDetailsImpl implements CertificateDetails, ManagedAttrib { private final X509Certificate _x509cert; - public CertificateDetailsImpl(final X509Certificate x509cert) + private final String _alias; + + public CertificateDetailsImpl(X509Certificate x509cert) + { + this(x509cert, null); + } + + public CertificateDetailsImpl(X509Certificate x509cert, String alias) { - _x509cert = x509cert; + super(); + _x509cert = Objects.requireNonNull(x509cert); + _alias = alias; } @Override @@ -108,4 +118,10 @@ public class CertificateDetailsImpl implements CertificateDetails, ManagedAttrib { return _x509cert.getNotAfter(); } + + @Override + public String getAlias() + { + return _alias; + } } diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java index b6c6c1a..52df108 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java @@ -29,13 +29,16 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; +import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.Enumeration; +import java.util.List; import java.util.Map; import java.util.Set; +import java.util.stream.Collectors; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -80,7 +83,7 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme @ManagedAttributeField private String _password; - private volatile Collection<Certificate> _certificates; + private volatile Map<String, Certificate> _certificates = Collections.emptyMap(); static { @@ -132,16 +135,14 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme private void initialize() { - Collection<Certificate> result; try { - result = Collections.unmodifiableCollection(SSLUtil.getCertificates(getInitializedKeyStore(this))); + _certificates = Collections.unmodifiableMap(SSLUtil.getCertificates(getInitializedKeyStore(this))); } catch (GeneralSecurityException | IOException e) { throw new IllegalConfigurationException(String.format("Cannot instantiate keystore '%s'", getName()), e); } - _certificates = result; } @Override @@ -401,10 +402,22 @@ public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> impleme } @Override + public List<CertificateDetails> getCertificateDetails() + { + if (_certificates.isEmpty()) + { + return Collections.emptyList(); + } + return _certificates.entrySet().stream() + .filter(entry -> entry.getValue() instanceof X509Certificate) + .map(entry -> new CertificateDetailsImpl((X509Certificate) entry.getValue(), entry.getKey())) + .collect(Collectors.toList()); + } + + @Override protected Collection<Certificate> getCertificates() { - final Collection<Certificate> certificates = _certificates; - return certificates == null ? Collections.emptyList() : certificates; + return _certificates.values(); } private boolean containsPrivateKey(final java.security.KeyStore keyStore) throws KeyStoreException diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java index 161c8d4..e2f7342 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java @@ -20,9 +20,7 @@ */ package org.apache.qpid.server.security; -import java.io.File; import java.io.IOException; -import java.net.MalformedURLException; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; @@ -30,12 +28,16 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.Enumeration; +import java.util.List; import java.util.Map; import java.util.Set; +import java.util.stream.Collectors; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -74,7 +76,8 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i private volatile String _password; private volatile TrustManager[] _trustManagers; - private volatile Certificate[] _certificates; + + private volatile Map<String, Certificate> _certificates = Collections.emptyMap(); static { @@ -255,8 +258,20 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i @Override public Certificate[] getCertificates() { - Certificate[] certificates = _certificates; - return certificates == null ? new Certificate[0] : Arrays.copyOf(certificates, certificates.length); + return _certificates.values().toArray(new Certificate[0]); + } + + @Override + public List<CertificateDetails> getCertificateDetails() + { + if (_certificates.isEmpty()) + { + return Collections.emptyList(); + } + return _certificates.entrySet().stream() + .filter(entry -> entry.getValue() instanceof X509Certificate) + .map(entry -> new CertificateDetailsImpl((X509Certificate) entry.getValue(), entry.getKey())) + .collect(Collectors.toList()); } @SuppressWarnings(value = "unused") @@ -274,18 +289,20 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i protected void initialize() { + final TrustManager[] trustManagers; + final Map<String, Certificate> certificates; try { - KeyStore ts = initializeKeyStore(this); - TrustManager[] trustManagers = createTrustManagers(ts); - Certificate[] certificates = createCertificates(ts); - _trustManagers = trustManagers; - _certificates = certificates; + final KeyStore ts = initializeKeyStore(this); + trustManagers = createTrustManagers(ts); + certificates = Collections.unmodifiableMap(SSLUtil.getCertificates(ts)); } catch (Exception e) { throw new IllegalConfigurationException(String.format("Cannot instantiate trust store '%s'", getName()), e); } + _trustManagers = trustManagers; + _certificates = certificates; } private TrustManager[] createTrustManagers(final KeyStore ts) throws KeyStoreException @@ -335,11 +352,4 @@ public class FileTrustStoreImpl extends AbstractTrustStore<FileTrustStoreImpl> i return trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]); } } - - private Certificate[] createCertificates(final KeyStore ts) throws KeyStoreException - { - final Collection<Certificate> certificates = SSLUtil.getCertificates(ts); - - return certificates.toArray(new Certificate[certificates.size()]); - } } diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java index dc31b20..b11a9e6 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java @@ -56,8 +56,10 @@ import java.util.Arrays; import java.util.Collection; import java.util.Date; import java.util.Enumeration; +import java.util.HashMap; import java.util.Iterator; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; @@ -1051,16 +1053,16 @@ public class SSLUtil } - public static Collection<Certificate> getCertificates(final KeyStore ks) throws KeyStoreException + public static Map<String, Certificate> getCertificates(final KeyStore ks) throws KeyStoreException { - List<Certificate> certificates = new ArrayList<>(); - Enumeration<String> aliases = ks.aliases(); + final Map<String ,Certificate> certificates = new HashMap<>(); + final Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { - String alias = aliases.nextElement(); + final String alias = aliases.nextElement(); if (ks.isCertificateEntry(alias)) { - certificates.add(ks.getCertificate(alias)); + certificates.put(alias, ks.getCertificate(alias)); } } return certificates; diff --git a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js index d64e1f4..fb369d2 100644 --- a/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js +++ b/broker-plugins/management-http/src/main/java/resources/js/qpid/management/store/CertificateGridWidget.js @@ -88,11 +88,11 @@ define(["dojo/_base/declare", new UpdatableStore([], this.certificatesGridContainer, [{ name: "Subject Name", field: "subjectName", - width: "25%" + width: "22%" }, { name: "Issuer Name", field: "issuerName", - width: "25%" + width: "22%" }, { name: "Serial #", field: "serialNumber", @@ -100,13 +100,17 @@ define(["dojo/_base/declare", }, { name: "Valid From", field: "validFrom", - width: "20%", + width: "15%", formatter: lang.hitch(this, this._formatDate) }, { name: "Valid Until", field: "validUntil", - width: "20%", + width: "15%", formatter: lang.hitch(this, this._formatDate) + }, { + name: "Alias", + field: "alias", + width: "16%" }], null, gridProperties, EnhancedGrid); if (window.FileReader) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org