diff options
Diffstat (limited to 'qpid/java/broker-core')
9 files changed, 160 insertions, 88 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java new file mode 100644 index 0000000000..0871fbb0d9 --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.model.port; + +import java.util.Map; +import java.util.Set; + +import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ConfiguredObject; +import org.apache.qpid.server.model.ManagedAttributeField; + +abstract public class AbstractClientAuthCapablePortWithAuthProvider<X extends AbstractClientAuthCapablePortWithAuthProvider<X>> extends AbstractPortWithAuthProvider<X> + implements ClientAuthCapablePort<X> +{ + public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false"; + public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false"; + + @ManagedAttributeField + private boolean _needClientAuth; + + @ManagedAttributeField + private boolean _wantClientAuth; + + public AbstractClientAuthCapablePortWithAuthProvider(final Map<String, Object> attributes, + final Broker<?> broker) + { + super(attributes, broker); + } + + @Override + public boolean getNeedClientAuth() + { + return _needClientAuth; + } + + @Override + public boolean getWantClientAuth() + { + return _wantClientAuth; + } + + @Override + public void onValidate() + { + super.onValidate(); + boolean useClientAuth = getNeedClientAuth() || getWantClientAuth(); + + if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty())) + { + throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured."); + } + + boolean useTLSTransport = isUsingTLSTransport(); + if(useClientAuth && !useTLSTransport) + { + throw new IllegalConfigurationException( + "Can't create port which requests SSL client certificates but doesn't use SSL transport."); + } + } + + @Override + protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes) + { + super.validateChange(proxyForValidation, changedAttributes); + ClientAuthCapablePort<?> updated = (ClientAuthCapablePort<?>)proxyForValidation; + + boolean requiresCertificate = updated.getNeedClientAuth() || updated.getWantClientAuth(); + + boolean usesSsl = isUsingTLSTransport(updated.getTransports()); + if (usesSsl) + { + if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate) + { + throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured."); + } + } + else + { + if (requiresCertificate) + { + throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport."); + } + } + } +} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java index c90215f141..30b97e9e01 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java @@ -149,7 +149,7 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo { super.onValidate(); - boolean useTLSTransport = getTransports().contains(Transport.SSL) || getTransports().contains(Transport.WSS); + boolean useTLSTransport = isUsingTLSTransport(); if(useTLSTransport && getKeyStore() == null) { @@ -175,6 +175,28 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo } } + protected final boolean isUsingTLSTransport() + { + return isUsingTLSTransport(getTransports()); + } + + protected final boolean isUsingTLSTransport(final Collection<Transport> transports) + { + boolean usesTLS = false; + if(transports != null) + { + for (Transport transport : transports) + { + if (transport.isSecure()) + { + usesTLS = true; + break; + } + } + } + return usesTLS; + } + @Override protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes) { @@ -215,7 +237,7 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo Collection<Protocol> protocols = updated.getProtocols(); - boolean usesSsl = transports != null && transports.contains(Transport.SSL); + boolean usesSsl = isUsingTLSTransport(transports); if (usesSsl) { if (updated.getKeyStore() == null) diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java index a959709657..87d5889727 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java @@ -21,46 +21,22 @@ package org.apache.qpid.server.model.port; import java.util.Map; -import java.util.Set; -import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.ManagedAttributeField; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Transport; abstract public class AbstractPortWithAuthProvider<X extends AbstractPortWithAuthProvider<X>> extends AbstractPort<X> { - public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false"; - public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false"; - @ManagedAttributeField private AuthenticationProvider _authenticationProvider; - @ManagedAttributeField - private boolean _needClientAuth; - - @ManagedAttributeField - private boolean _wantClientAuth; - public AbstractPortWithAuthProvider(final Map<String, Object> attributes, final Broker<?> broker) { super(attributes, broker); } - public boolean getNeedClientAuth() - { - return _needClientAuth; - } - - public boolean getWantClientAuth() - { - return _wantClientAuth; - } - public AuthenticationProvider getAuthenticationProvider() { Broker<?> broker = getParent(Broker.class); @@ -70,55 +46,4 @@ abstract public class AbstractPortWithAuthProvider<X extends AbstractPortWithAut } return _authenticationProvider; } - - @Override - public void onValidate() - { - super.onValidate(); - boolean useClientAuth = getNeedClientAuth() || getWantClientAuth(); - - if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty())) - { - throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured."); - } - - boolean useTLSTransport = getTransports().contains(Transport.SSL) || getTransports().contains(Transport.WSS); - if(useClientAuth && !useTLSTransport) - { - throw new IllegalConfigurationException( - "Can't create port which requests SSL client certificates but doesn't use SSL transport."); - } - - } - - - @Override - protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes) - { - super.validateChange(proxyForValidation, changedAttributes); - Port<?> updated = (Port<?>)proxyForValidation; - - boolean needClientCertificate = (Boolean) updated.getAttribute(NEED_CLIENT_AUTH); - boolean wantClientCertificate = (Boolean) updated.getAttribute(WANT_CLIENT_AUTH); - boolean requiresCertificate = needClientCertificate || wantClientCertificate; - - boolean usesSsl = updated.getTransports().contains(Transport.SSL); - if (usesSsl) - { - if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate) - { - throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured."); - } - } - else - { - if (requiresCertificate) - { - throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport."); - } - } - - - - } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java index 5c74beb5b7..f7eeca354a 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java @@ -32,7 +32,7 @@ import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.virtualhost.VirtualHostImpl; @ManagedObject( category = false, type = "AMQP") -public interface AmqpPort<X extends AmqpPort<X>> extends Port<X> +public interface AmqpPort<X extends AmqpPort<X>> extends ClientAuthCapablePort<X> { String DEFAULT_AMQP_SEND_BUFFER_SIZE = "262144"; String DEFAULT_AMQP_RECEIVE_BUFFER_SIZE = "262144"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java index 9a0ea3548e..fe7d419c78 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java @@ -57,7 +57,7 @@ import org.apache.qpid.server.util.ServerScopedRuntimeException; import org.apache.qpid.server.virtualhost.VirtualHostImpl; import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager; -public class AmqpPortImpl extends AbstractPortWithAuthProvider<AmqpPortImpl> implements AmqpPort<AmqpPortImpl> +public class AmqpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<AmqpPortImpl> implements AmqpPort<AmqpPortImpl> { public static final String DEFAULT_BINDING_ADDRESS = "*"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java new file mode 100644 index 0000000000..4500b1510e --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.qpid.server.model.port; + +import org.apache.qpid.server.model.Port; + + +public interface ClientAuthCapablePort<X extends Port<X>> extends Port<X> +{ + boolean getNeedClientAuth(); + + boolean getWantClientAuth(); +} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java index d8c87fb123..7c77389a83 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java @@ -30,9 +30,8 @@ import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.Transport; @ManagedObject( category = false, type = "HTTP") -public interface HttpPort<X extends HttpPort<X>> extends Port<X> +public interface HttpPort<X extends HttpPort<X>> extends ClientAuthCapablePort<X> { - String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false"; String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java index 80e79a68ca..1774f16ab6 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java @@ -20,17 +20,14 @@ */ package org.apache.qpid.server.model.port; -import java.util.Collections; import java.util.Map; -import java.util.Set; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.ManagedAttributeField; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; -import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.State; -public class HttpPortImpl extends AbstractPortWithAuthProvider<HttpPortImpl> implements HttpPort<HttpPortImpl> +public class HttpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<HttpPortImpl> implements HttpPort<HttpPortImpl> { private PortManager _portManager; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/JmxPortImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/JmxPortImpl.java index a235613c29..3e21db23c6 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/JmxPortImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/JmxPortImpl.java @@ -20,13 +20,10 @@ */ package org.apache.qpid.server.model.port; -import java.util.Collections; import java.util.Map; -import java.util.Set; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; -import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.State; public class JmxPortImpl extends AbstractPortWithAuthProvider<JmxPortImpl> implements JmxPort<JmxPortImpl> |