QPID-6364: [Java Broker] Keystore data url must be a secure attribute

Merged from trunk with command:

svn merge -c 1661165  https://svn.apache.org/repos/asf/qpid/trunk



git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/0.32@1661933 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 20 insertions, 5 deletions

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
index 3ec60604c3..74982acb4b 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
@@ -44,7 +44,6 @@ import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.atomic.AtomicReference;
-import java.util.regex.Pattern;
 
 import javax.security.auth.Subject;
 
@@ -1137,9 +1136,7 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
         if(attr != null && (attr.isAutomated() || attr.isDerived()))
         {
             Object value = attr.getValue((X)this);
-            Pattern secureValueFilter = attr.getSecureValueFilter();
-            if(value != null && attr.isSecure() && !SecurityManager.isSystemProcess() &&
-                    (secureValueFilter == null || secureValueFilter.matcher(value.toString()).matches()))
+            if(value != null && !SecurityManager.isSystemProcess() && attr.isSecureValue(value))
             {
                 return SECURE_VALUES.get(value.getClass());
             }
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java
index 4f15d612f9..94610a6cb5 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java
@@ -52,6 +52,23 @@ public abstract class ConfiguredObjectAttribute<C extends ConfiguredObject, T> e
 
     public abstract Pattern getSecureValueFilter();
 
+    public boolean isSecureValue(Object value)
+    {
+        if (isSecure())
+        {
+            Pattern filter = getSecureValueFilter();
+            if (filter == null)
+            {
+                return  true;
+            }
+            else
+            {
+                return filter.matcher(String.valueOf(value)).matches();
+            }
+        }
+        return false;
+    }
+
     public T convert(final Object value, C object)
     {
         final AttributeValueConverter<T> converter = getConverter();
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java
index d02b85df7f..0f1b7d03e9 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java
@@ -162,7 +162,7 @@ public class ConfiguredObjectToMapConverter
                             .getAttributeTypes(confObject.getClass())
                             .get(name);
 
-                    if (attribute.isSecure() && !(isSecureTransport && extractAsConfig))
+                    if (attribute.isSecureValue(value) && !(isSecureTransport && extractAsConfig))
                     {
                         // do not expose actual secure attribute value
                         // getAttribute() returns encoded value
diff --git a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java
index b3c9bd911f..5fb73c8ee4 100644
--- a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java
+++ b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java
@@ -313,6 +313,7 @@ public class ConfiguredObjectToMapConverterTest extends TestCase
         Map<String, ConfiguredObjectAttribute<?, ?>> attributeTypes = typeRegistry.getAttributeTypes(TestChild.class);
         ConfiguredObjectAttribute secureAttribute = mock(ConfiguredObjectAttribute.class);
         when(secureAttribute.isSecure()).thenReturn(true);
+        when(secureAttribute.isSecureValue(any())).thenReturn(true);
         when(attributeTypes.get(eq("secureAttribute"))).thenReturn(secureAttribute);
 
         TestChild mockChild = mock(TestChild.class);