Add option to require that only encrypted connections be accepted.

git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@706321 13f79535-47bb-0310-9956-ffa450edef68
author: Gordon Sim <gsim@apache.org> 2008-10-20 15:29:46 +0000
committer: Gordon Sim <gsim@apache.org> 2008-10-20 15:29:46 +0000
commit: 6fcb7dcbd22956828de8aa52a58e66b9df5e7529 (patch)
tree: 9bdd91484def60b6872fa27c3122cc8477427e04 /cpp/src/qpid
parent: 7aae076e7c8289ea60a69fd54ea93deb4b7fcdfa (diff)
download: qpid-python-6fcb7dcbd22956828de8aa52a58e66b9df5e7529.tar.gz
3 files changed, 23 insertions, 11 deletions
diff --git a/cpp/src/qpid/broker/Broker.cpp b/cpp/src/qpid/broker/Broker.cpp
index 94c4449178..141961d949 100644
--- a/cpp/src/qpid/broker/Broker.cpp
+++ b/cpp/src/qpid/broker/Broker.cpp
@@ -87,7 +87,8 @@ Broker::Options::Options(const std::string& name) :
     replayFlushLimit(0),
     replayHardLimit(0),
     queueLimit(100*1048576/*100M default limit*/),
-    tcpNoDelay(false)
+    tcpNoDelay(false),
+    requireEncrypted(false)
 {
     int c = sys::SystemInfo::concurrency();
     workerThreads=c+1;
@@ -114,7 +115,8 @@ Broker::Options::Options(const std::string& name) :
         ("auth", optValue(auth, "yes|no"), "Enable authentication, if disabled all incoming connections will be trusted")
         ("realm", optValue(realm, "REALM"), "Use the given realm when performing authentication")
         ("default-queue-limit", optValue(queueLimit, "BYTES"), "Default maximum size for queues (in bytes)") 
-        ("tcp-nodelay", optValue(tcpNoDelay), "Set TCP_NODELAY on TCP connections");
+        ("tcp-nodelay", optValue(tcpNoDelay), "Set TCP_NODELAY on TCP connections")
+        ("require-encryption", optValue(requireEncrypted), "Only accept connections that are encrypted");
 }
 
 const std::string empty;
@@ -365,18 +367,18 @@ Manageable::status_t Broker::ManagementMethod (uint32_t methodId,
 }
 
 boost::shared_ptr<ProtocolFactory> Broker::getProtocolFactory(const std::string& name) const {
-    ProtocolFactoryMap::const_iterator i = protocolFactories.find(name);
+    ProtocolFactoryMap::const_iterator i 
+        = name.empty() ? protocolFactories.begin() : protocolFactories.find(name);
     if (i == protocolFactories.end()) return boost::shared_ptr<ProtocolFactory>();
     else return i->second;
 }
 
 uint16_t Broker::getPort(const std::string& name) const  {
-    boost::shared_ptr<ProtocolFactory> factory 
-        = getProtocolFactory(name.empty() ? TCP_TRANSPORT : name);
+    boost::shared_ptr<ProtocolFactory> factory = getProtocolFactory(name);
     if (factory) { 
         return factory->getPort();
     } else {
-        throw Exception(QPID_MSG("No such transport: " << name));
+        throw NoSuchTransportException(QPID_MSG("No such transport: '" << name << "'"));
     }
 }
 
@@ -432,7 +434,11 @@ std::vector<Url>
 Broker::getKnownBrokersImpl()
 {
   knownBrokers.clear();
-  knownBrokers.push_back ( qpid::Url::getIpAddressesUrl ( getPort() ) );
+  try {
+      knownBrokers.push_back ( qpid::Url::getIpAddressesUrl ( getPort(TCP_TRANSPORT) ) );
+  } catch (const NoSuchTransportException& e) {
+      QPID_LOG(error, "Could not send client known broker urls for cluster: " << e.what());
+  }
   return knownBrokers;
 }
 
diff --git a/cpp/src/qpid/broker/Broker.h b/cpp/src/qpid/broker/Broker.h
index 213bf63837..3d93823ffa 100644
--- a/cpp/src/qpid/broker/Broker.h
+++ b/cpp/src/qpid/broker/Broker.h
@@ -102,6 +102,7 @@ class Broker : public sys::Runnable, public Plugin::Target,
         size_t replayHardLimit;
         uint queueLimit;
         bool tcpNoDelay;
+        bool requireEncrypted;
     };
  
   private:
@@ -149,7 +150,7 @@ class Broker : public sys::Runnable, public Plugin::Target,
      * port, which will be different if the configured port is
      * 0.
      */
-    virtual uint16_t getPort(const std::string& name = TCP_TRANSPORT) const;
+    virtual uint16_t getPort(const std::string& name) const;
 
     /**
      * Run the broker. Implements Runnable::run() so the broker
diff --git a/cpp/src/qpid/sys/TCPIOPlugin.cpp b/cpp/src/qpid/sys/TCPIOPlugin.cpp
index 40edfa816f..c4bc99837e 100644
--- a/cpp/src/qpid/sys/TCPIOPlugin.cpp
+++ b/cpp/src/qpid/sys/TCPIOPlugin.cpp
@@ -65,9 +65,14 @@ static class TCPIOPlugin : public Plugin {
         // Only provide to a Broker
         if (broker) {
             const broker::Broker::Options& opts = broker->getOptions();
-            ProtocolFactory::shared_ptr protocol(new AsynchIOProtocolFactory(opts.port, opts.connectionBacklog, opts.tcpNoDelay));
-            QPID_LOG(info, "Listening on TCP port " << protocol->getPort());
-            broker->registerProtocolFactory("tcp", protocol);
+            if (opts.requireEncrypted) {
+                QPID_LOG(info, "Not accepting unencrypted connections on TCP");
+            } else {
+                ProtocolFactory::shared_ptr protocol(new AsynchIOProtocolFactory(opts.port, opts.connectionBacklog, 
+                                                                                 opts.tcpNoDelay));
+                QPID_LOG(info, "Listening on TCP port " << protocol->getPort());
+                broker->registerProtocolFactory("tcp", protocol);
+            }
         }
     }
 } tcpPlugin;
author	Gordon Sim <gsim@apache.org>	2008-10-20 15:29:46 +0000
committer	Gordon Sim <gsim@apache.org>	2008-10-20 15:29:46 +0000
commit	6fcb7dcbd22956828de8aa52a58e66b9df5e7529 (patch)
tree	9bdd91484def60b6872fa27c3122cc8477427e04 /cpp/src/qpid
parent	7aae076e7c8289ea60a69fd54ea93deb4b7fcdfa (diff)
download	qpid-python-6fcb7dcbd22956828de8aa52a58e66b9df5e7529.tar.gz