diff options
author | Robert Godfrey <rgodfrey@apache.org> | 2015-01-28 20:34:16 +0000 |
---|---|---|
committer | Robert Godfrey <rgodfrey@apache.org> | 2015-01-28 20:34:16 +0000 |
commit | 8aee348935e03db6b183a04a0a4525f4b2a9b7de (patch) | |
tree | 0f4ebb40c2acaa4e7d1459031db95ebc36090704 /qpid/java/broker-plugins | |
parent | ea88320c4b96064dea8ffb039a4ee63ae290b22d (diff) | |
download | qpid-python-8aee348935e03db6b183a04a0a4525f4b2a9b7de.tar.gz |
QPID-6345 : Allow enabled cipher suites to be configured
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1655457 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-plugins')
3 files changed, 23 insertions, 3 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index 7b3e06f7fe..75f4e59242 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -352,6 +352,17 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem } SslContextFactory factory = new SslContextFactory(); factory.addExcludeProtocols(SSLUtil.SSLV3_PROTOCOL); + + if(port.getDisabledCipherSuites() != null) + { + factory.addExcludeCipherSuites(port.getDisabledCipherSuites().toArray(new String[port.getDisabledCipherSuites().size()])); + } + + if(port.getEnabledCipherSuites() != null && !port.getEnabledCipherSuites().isEmpty()) + { + factory.setIncludeCipherSuites(port.getEnabledCipherSuites().toArray(new String[port.getEnabledCipherSuites().size()])); + } + boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth(); if (needClientCert && trustStores.isEmpty()) diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java index 78eba66158..8fc1ea1d8e 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java @@ -146,7 +146,7 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry //create the SSL RMI socket factories csf = new SslRMIClientSocketFactory(); - ssf = new QpidSslRMIServerSocketFactory(sslContext); + ssf = new QpidSslRMIServerSocketFactory(sslContext,_connectorPort.getEnabledCipherSuites(), _connectorPort.getDisabledCipherSuites()); } else { diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java index 5c15a40427..8af9d87672 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.net.InetSocketAddress; import java.net.ServerSocket; import java.net.Socket; +import java.util.Collection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; @@ -35,6 +36,8 @@ import org.apache.qpid.transport.network.security.ssl.SSLUtil; public class QpidSslRMIServerSocketFactory extends SslRMIServerSocketFactory { private final SSLContext _sslContext; + private final Collection<String> _enabledCipherSuites; + private final Collection<String> _disabledCipherSuites; /** * SslRMIServerSocketFactory which creates the ServerSocket using the @@ -43,9 +46,12 @@ public class QpidSslRMIServerSocketFactory extends SslRMIServerSocketFactory * key store. * * @param sslContext previously created sslContext using the desired key store. - * @throws NullPointerException if the provided {@link SSLContext} is null. + * @param enabledCipherSuites + *@param disabledCipherSuites @throws NullPointerException if the provided {@link SSLContext} is null. */ - public QpidSslRMIServerSocketFactory(SSLContext sslContext) throws NullPointerException + public QpidSslRMIServerSocketFactory(SSLContext sslContext, + final Collection<String> enabledCipherSuites, + final Collection<String> disabledCipherSuites) throws NullPointerException { super(); @@ -55,6 +61,8 @@ public class QpidSslRMIServerSocketFactory extends SslRMIServerSocketFactory } _sslContext = sslContext; + _enabledCipherSuites = enabledCipherSuites; + _disabledCipherSuites = disabledCipherSuites; //TODO: settings + implementation for SSL client auth, updating equals and hashCode appropriately. } @@ -77,6 +85,7 @@ public class QpidSslRMIServerSocketFactory extends SslRMIServerSocketFactory true); sslSocket.setUseClientMode(false); SSLUtil.removeSSLv3Support(sslSocket); + SSLUtil.updateEnabledCipherSuites(sslSocket, _enabledCipherSuites, _disabledCipherSuites); return sslSocket; } }; |