QPID-6345 : Allow enabled cipher suites to be configured

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1655457 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 47 insertions, 4 deletions

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
index 24528b9a4e..7318a58640 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
@@ -60,6 +60,18 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
     @ManagedAttribute
     Collection<TrustStore> getTrustStores();
 
+    @ManagedContextDefault(name = "qpid.port.enabledCipherSuites" )
+    String DEFAULT_ENABLED_CIPHER_SUITES="[]";
+
+    @ManagedAttribute( defaultValue = "${qpid.port.enabledCipherSuites}")
+    Collection<String> getEnabledCipherSuites();
+
+    @ManagedContextDefault(name = "qpid.port.disabledCipherSuites" )
+    String DEFAULT_DISABLED_CIPHER_SUITES="[]";
+
+    @ManagedAttribute( defaultValue = "${qpid.port.disabledCipherSuites}")
+    Collection<String> getDisabledCipherSuites();
+
     Collection<Connection> getConnections();
 
     void start();
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
index 6d8e65cd17..21827ffe58 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
@@ -66,6 +66,12 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
     @ManagedAttributeField
     private Set<Protocol> _protocols;
 
+    @ManagedAttributeField
+    private Collection<String> _enabledCipherSuites;
+
+    @ManagedAttributeField
+    private Collection<String> _disabledCipherSuites;
+
     public AbstractPort(Map<String, Object> attributes,
                         Broker<?> broker)
     {
@@ -278,6 +284,18 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
     }
 
     @Override
+    public Collection<String> getEnabledCipherSuites()
+    {
+        return _enabledCipherSuites;
+    }
+
+    @Override
+    public Collection<String> getDisabledCipherSuites()
+    {
+        return _disabledCipherSuites;
+    }
+
+    @Override
     public KeyStore getKeyStore()
     {
         return _keyStore;
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngine.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngine.java
index dd5e01ebc5..49c0812f4a 100755
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngine.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngine.java
@@ -502,6 +502,7 @@ public class MultiVersionProtocolEngine implements ServerProtocolEngine
             _engine = _sslContext.createSSLEngine();
             _engine.setUseClientMode(false);
             SSLUtil.removeSSLv3Support(_engine);
+            SSLUtil.updateEnabledCipherSuites(_engine, _port.getEnabledCipherSuites(), _port.getDisabledCipherSuites());
 
             if(_needClientAuth)
             {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
index b1f6b84b72..8f7a267771 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
@@ -23,12 +23,12 @@ package org.apache.qpid.server.transport;
 import static org.apache.qpid.transport.ConnectionSettings.WILDCARD_ADDRESS;
 
 import java.net.InetSocketAddress;
+import java.util.Collection;
 import java.util.Set;
 
 import javax.net.ssl.SSLContext;
 
 import org.apache.qpid.server.model.Broker;
-import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.Protocol;
 import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.port.AmqpPort;
@@ -115,25 +115,37 @@ class TCPandSSLTransport implements AcceptingTransport
         }
 
         @Override
+        public Collection<String> getEnabledCipherSuites()
+        {
+            return _port.getEnabledCipherSuites();
+        }
+
+        @Override
+        public Collection<String> getDisabledCipherSuites()
+        {
+            return _port.getDisabledCipherSuites();
+        }
+
+        @Override
         public boolean needClientAuth()
         {
             return _port.getNeedClientAuth();
         }
 
         @Override
-        public Boolean getTcpNoDelay()
+        public boolean getTcpNoDelay()
         {
             return _port.isTcpNoDelay();
         }
 
         @Override
-        public Integer getSendBufferSize()
+        public int getSendBufferSize()
         {
             return _port.getSendBufferSize();
         }
 
         @Override
-        public Integer getReceiveBufferSize()
+        public int getReceiveBufferSize()
         {
             return _port.getReceiveBufferSize();
         }