diff options
| author | Alex Rudyy <orudyy@apache.org> | 2015-02-05 22:53:16 +0000 |
|---|---|---|
| committer | Alex Rudyy <orudyy@apache.org> | 2015-02-05 22:53:16 +0000 |
| commit | 0f1feb11d7cbbe40de10a680eb22b28918608615 (patch) | |
| tree | c26efb56e1cfcead60de40531c922b5e186ef2cb /qpid/java | |
| parent | d3f445a199c0ed050bd4fa4bc00f331111a7a64d (diff) | |
| download | qpid-python-0f1feb11d7cbbe40de10a680eb22b28918608615.tar.gz | |
QPID-6364: Add a secure attribute 'storeUrl' into Keystore for specifying store content location and make attribute 'path' derived. Rename Trsuststore attribute 'path' into 'storeUrl' for consistency.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1657708 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java')
15 files changed, 157 insertions, 93 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStore.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStore.java index 899e98fa22..775571574f 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStore.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStore.java @@ -22,6 +22,7 @@ package org.apache.qpid.server.security; import javax.net.ssl.KeyManagerFactory; +import org.apache.qpid.server.model.DerivedAttribute; import org.apache.qpid.server.model.KeyStore; import org.apache.qpid.server.model.ManagedAttribute; import org.apache.qpid.server.model.ManagedContextDefault; @@ -35,7 +36,8 @@ public interface FileKeyStore<X extends FileKeyStore<X>> extends KeyStore<X> String CERTIFICATE_ALIAS = "certificateAlias"; String KEY_STORE_TYPE = "keyStoreType"; String PASSWORD = "password"; - String PATH = "path"; + String STORE_URL = "storeUrl"; + @ManagedContextDefault(name = "keyStoreFile.keyStoreType") RuntimeDefault<String> DEFAULT_KEYSTORE_TYPE = new RuntimeDefault<String>() @@ -60,7 +62,10 @@ public interface FileKeyStore<X extends FileKeyStore<X>> extends KeyStore<X> @ManagedAttribute(defaultValue = "${this:path}") String getDescription(); - @ManagedAttribute( mandatory = true) + @ManagedAttribute( mandatory = true, secure = true) + String getStoreUrl(); + + @DerivedAttribute String getPath(); @ManagedAttribute diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java index 31a4b473ed..7bed1bcd7d 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java @@ -68,7 +68,8 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> private String _certificateAlias; @ManagedAttributeField private String _keyManagerFactoryAlgorithm; - @ManagedAttributeField + @ManagedAttributeField(afterSet = "postSetStoreUrl") + private String _storeUrl; private String _path; @ManagedAttributeField private String _password; @@ -162,7 +163,7 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> java.security.KeyStore keyStore; try { - URL url = getUrlFromString(fileKeyStore.getPath()); + URL url = getUrlFromString(fileKeyStore.getStoreUrl()); String password = fileKeyStore.getPassword(); String keyStoreType = fileKeyStore.getKeyStoreType(); keyStore = SSLUtil.getInitializedKeyStore(url, password, keyStoreType); @@ -173,11 +174,11 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> final String message; if (e instanceof IOException && e.getCause() != null && e.getCause() instanceof UnrecoverableKeyException) { - message = "Check key store password. Cannot instantiate key store from '" + fileKeyStore.getPath() + "'."; + message = "Check key store password. Cannot instantiate key store from '" + fileKeyStore.getStoreUrl() + "'."; } else { - message = "Cannot instantiate key store from '" + fileKeyStore.getPath() + "'."; + message = "Cannot instantiate key store from '" + fileKeyStore.getStoreUrl() + "'."; } throw new IllegalConfigurationException(message, e); @@ -198,7 +199,7 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> if (cert == null) { throw new IllegalConfigurationException("Cannot find a certificate with alias '" + fileKeyStore.getCertificateAlias() - + "' in key store : " + fileKeyStore.getPath()); + + "' in key store : " + fileKeyStore.getStoreUrl()); } } @@ -219,6 +220,12 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> } @Override + public String getStoreUrl() + { + return _storeUrl; + } + + @Override public String getPath() { return _path; @@ -258,7 +265,7 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> try { - URL url = getUrlFromString(_path); + URL url = getUrlFromString(_storeUrl); if (_certificateAlias != null) { return new KeyManager[] { @@ -301,4 +308,18 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> } return url; } + + @SuppressWarnings(value = "unused") + private void postSetStoreUrl() + { + try + { + new URL(_storeUrl); + _path = null; + } + catch (MalformedURLException e) + { + _path = _storeUrl; + } + } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStore.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStore.java index 86d7d5e4b8..f876831724 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStore.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStore.java @@ -22,6 +22,7 @@ package org.apache.qpid.server.security; import javax.net.ssl.KeyManagerFactory; +import org.apache.qpid.server.model.DerivedAttribute; import org.apache.qpid.server.model.ManagedAttribute; import org.apache.qpid.server.model.ManagedContextDefault; import org.apache.qpid.server.model.ManagedObject; @@ -35,7 +36,7 @@ public interface FileTrustStore<X extends FileTrustStore<X>> extends TrustStore< String PEERS_ONLY = "peersOnly"; String TRUST_STORE_TYPE = "trustStoreType"; String PASSWORD = "password"; - String PATH = "path"; + String STORE_URL = "storeUrl"; @ManagedContextDefault(name = "trustStoreFile.trustStoreType") RuntimeDefault<String> DEFAULT_TRUSTSTORE_TYPE = new RuntimeDefault<String>() @@ -58,10 +59,13 @@ public interface FileTrustStore<X extends FileTrustStore<X>> extends TrustStore< }; - @ManagedAttribute(defaultValue = "${this:path}") + @ManagedAttribute(defaultValue = "${this:storeUrl}") String getDescription(); @ManagedAttribute( mandatory = true ) + String getStoreUrl(); + + @DerivedAttribute String getPath(); @ManagedAttribute( defaultValue = "${trustStoreFile.trustManagerFactoryAlgorithm}") diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java index 66ae6fdb35..78f9a5184b 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java @@ -64,7 +64,8 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI private String _trustStoreType; @ManagedAttributeField private String _trustManagerFactoryAlgorithm; - @ManagedAttributeField + @ManagedAttributeField(afterSet = "postSetStoreUrl") + private String _storeUrl; private String _path; @ManagedAttributeField private boolean _peersOnly; @@ -193,7 +194,7 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI { try { - URL trustStoreUrl = getUrlFromString(trustStore.getPath()); + URL trustStoreUrl = getUrlFromString(trustStore.getStoreUrl()); SSLUtil.getInitializedKeyStore(trustStoreUrl, trustStore.getPassword(), trustStore.getTrustStoreType()); } catch (Exception e) @@ -201,11 +202,11 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI final String message; if (e instanceof IOException && e.getCause() != null && e.getCause() instanceof UnrecoverableKeyException) { - message = "Check trust store password. Cannot instantiate trust store from '" + trustStore.getPath() + "'."; + message = "Check trust store password. Cannot instantiate trust store from '" + trustStore.getStoreUrl() + "'."; } else { - message = "Cannot instantiate trust store from '" + trustStore.getPath() + "'."; + message = "Cannot instantiate trust store from '" + trustStore.getStoreUrl() + "'."; } throw new IllegalConfigurationException(message, e); @@ -222,6 +223,12 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI } @Override + public String getStoreUrl() + { + return _storeUrl; + } + + @Override public String getPath() { return _path; @@ -263,7 +270,7 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI try { - URL trustStoreUrl = getUrlFromString(_path); + URL trustStoreUrl = getUrlFromString(_storeUrl); KeyStore ts = SSLUtil.getInitializedKeyStore(trustStoreUrl, trustStorePassword, trustStoreType); final TrustManagerFactory tmf = TrustManagerFactory @@ -328,4 +335,17 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI return url; } + @SuppressWarnings(value = "unused") + private void postSetStoreUrl() + { + try + { + new URL(_storeUrl); + _path = null; + } + catch (MalformedURLException e) + { + _path = _storeUrl; + } + } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java index a2d8d21d58..08612825de 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java @@ -245,10 +245,28 @@ public class BrokerStoreUpgraderAndRecoverer { record = upgradeRootRecord(record); } + else if("KeyStore".equals(record.getType())) + { + record = upgradeKeyStore(record); + } + else if("TrustStore".equals(record.getType())) + { + record = upgradeKeyStore(record); + } getNextUpgrader().configuredObject(record); } + private ConfiguredObjectRecord upgradeKeyStore(ConfiguredObjectRecord record) + { + Map<String, Object> attributes = new HashMap<>(record.getAttributes()); + Object path = attributes.remove("path"); + attributes.put("storeUrl", path); + record = new ConfiguredObjectRecordImpl(record.getId(), record.getType(), attributes, record.getParents()); + getUpdateMap().put(record.getId(), record); + return record; + } + private boolean isAmqpPort(final Map<String, Object> attributes) { Object type = attributes.get(ConfiguredObject.TYPE); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java index 0e45582d7c..0a2e122d16 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java @@ -69,7 +69,7 @@ public class FileKeyStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -84,7 +84,7 @@ public class FileKeyStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS); @@ -100,7 +100,7 @@ public class FileKeyStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, "wrong"); try @@ -119,7 +119,7 @@ public class FileKeyStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); @@ -141,7 +141,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, trustStoreAsDataUrl); + attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -158,7 +158,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, trustStoreAsDataUrl); + attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS); @@ -177,7 +177,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.PASSWORD, "wrong"); - attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl); + attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); try { @@ -198,7 +198,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); - attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl); + attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); try { @@ -220,7 +220,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); - attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl); + attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); try @@ -242,7 +242,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -283,7 +283,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -299,7 +299,7 @@ public class FileKeyStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java index d965549cdd..72c8926f85 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java @@ -73,7 +73,7 @@ public class FileTrustStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = @@ -89,7 +89,7 @@ public class FileTrustStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, "wrong"); try @@ -108,7 +108,7 @@ public class FileTrustStoreTest extends QpidTestCase { Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.BROKER_PEERSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_PEERSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_PEERSTORE_PASSWORD); attributes.put(FileTrustStore.PEERS_ONLY, true); @@ -129,7 +129,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl); + attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = @@ -148,7 +148,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.PASSWORD, "wrong"); - attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl); + attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); try { @@ -169,7 +169,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); - attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl); + attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); try { @@ -191,18 +191,18 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = (FileTrustStoreImpl) _factory.create(TrustStore.class, attributes, _broker); - assertEquals("Unexpected path value before change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getPath()); + assertEquals("Unexpected path value before change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl()); try { Map<String,Object> unacceptableAttributes = new HashMap<>(); - unacceptableAttributes.put(FileTrustStore.PATH, "/not/a/truststore"); + unacceptableAttributes.put(FileTrustStore.STORE_URL, "/not/a/truststore"); fileTrustStore.setAttributes(unacceptableAttributes); fail("Exception not thrown"); @@ -213,17 +213,17 @@ public class FileTrustStoreTest extends QpidTestCase assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store")); } - assertEquals("Unexpected path value after failed change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getPath()); + assertEquals("Unexpected path value after failed change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl()); Map<String,Object> changedAttributes = new HashMap<>(); - changedAttributes.put(FileTrustStore.PATH, TestSSLConstants.BROKER_TRUSTSTORE); + changedAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_TRUSTSTORE); changedAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD); fileTrustStore.setAttributes(changedAttributes); assertEquals("Unexpected path value after change that is expected to be successful", TestSSLConstants.BROKER_TRUSTSTORE, - fileTrustStore.getPath()); + fileTrustStore.getStoreUrl()); } public void testDeleteTrustStore_Success() throws Exception @@ -233,7 +233,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = @@ -250,7 +250,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = @@ -281,7 +281,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String,Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); FileTrustStoreImpl fileTrustStore = diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html index 2356accbd4..676ae4007b 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filekeystore/add.html @@ -22,10 +22,10 @@ <div class="clear"> <div id="addStore.serverPathLabel" class="formLabel-labelCell tableContainer-labelCell">Server path or upload*:</div> <div class="formLabel-controlCell tableContainer-valueCell"> - <input type="text" id="addStore.path" + <input type="text" id="addStore.storeUrl" data-dojo-type="qpid/common/ResourceWidget" data-dojo-props=" - name: 'path', + name: 'storeUrl', placeHolder: 'key store file server path', required: true, promptMessage: 'Location of the key store file on the server', diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/add.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/add.html index 4fbf9f953a..15b1692300 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/add.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/add.html @@ -22,10 +22,10 @@ <div class="clear"> <div id="addStore.serverPathLabel" class="formLabel-labelCell tableContainer-labelCell">Server path or upload*:</div> <div class="formLabel-controlCell tableContainer-valueCell"> - <input type="text" id="addStore.path" + <input type="text" id="addStore.storeUrl" data-dojo-type="qpid/common/ResourceWidget" data-dojo-props=" - name: 'path', + name: 'storeUrl', placeHolder: 'trust store file server path', required: true, promptMessage: 'Location of the trust store file on the server', diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/show.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/show.html index 1c3744b83c..99190d1f90 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/show.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/store/filetruststore/show.html @@ -19,8 +19,8 @@ <div> <div class="clear"> - <div class="formLabel-labelCell">Path:</div> - <div ><span class="path" ></span></div> + <div class="formLabel-labelCell">Store Url:</div> + <div ><span class="storeUrl" ></span></div> </div> <div class="clear"> <div class="formLabel-labelCell">Peers only:</div> diff --git a/qpid/java/systests/etc/config-systests.json b/qpid/java/systests/etc/config-systests.json index fa5e7f7724..8103f4568c 100644 --- a/qpid/java/systests/etc/config-systests.json +++ b/qpid/java/systests/etc/config-systests.json @@ -29,12 +29,12 @@ } ], "keystores" : [ { "name" : "systestsKeyStore", - "path" : "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_keystore.jks", + "storeUrl" : "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_keystore.jks", "password" : "password" } ], "truststores" : [ { "name" : "systestsTrustStore", - "path" : "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_truststore.jks", + "storeUrl" : "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_truststore.jks", "password" : "password" } ], "ports" : [ { diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java index 5522187ee5..e855a721ee 100644 --- a/qpid/java/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java +++ b/qpid/java/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java @@ -203,7 +203,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase //add the peersOnly store to the config Map<String, Object> sslTrustStoreAttributes = new HashMap<String, Object>(); sslTrustStoreAttributes.put(TrustStore.NAME, peerStoreName); - sslTrustStoreAttributes.put(FileTrustStore.PATH, BROKER_PEERSTORE); + sslTrustStoreAttributes.put(FileTrustStore.STORE_URL, BROKER_PEERSTORE); sslTrustStoreAttributes.put(FileTrustStore.PASSWORD, BROKER_PEERSTORE_PASSWORD); sslTrustStoreAttributes.put(FileTrustStore.PEERS_ONLY, true); getBrokerConfiguration().addObjectConfiguration(TrustStore.class, sslTrustStoreAttributes); diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java index 03b0a7a304..772f86edf4 100644 --- a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java +++ b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java @@ -52,8 +52,12 @@ public class KeyStoreRestTest extends QpidRestTestCase List<Map<String, Object>> keyStores = assertNumberOfKeyStores(1); Map<String, Object> keystore = keyStores.get(0); - assertKeyStoreAttributes(keystore, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE, - QPID_HOME + "/../" + TestSSLConstants.BROKER_KEYSTORE, null); + + assertEquals("Unexpected name", TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE, keystore.get(KeyStore.NAME)); + assertEquals("unexpected path to key store", AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.STORE_URL)); + assertEquals("unexpected (dummy) password of default systests key store", AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.PASSWORD)); + assertEquals("unexpected type of default systests key store", java.security.KeyStore.getDefaultType(), keystore.get(FileKeyStore.KEY_STORE_TYPE)); + assertFalse("should not be a certificateAlias attribute", keystore.containsKey(FileKeyStore.CERTIFICATE_ALIAS)); } public void testCreate() throws Exception @@ -67,10 +71,14 @@ public class KeyStoreRestTest extends QpidRestTestCase createKeyStore(name, certAlias, TestSSLConstants.KEYSTORE, TestSSLConstants.KEYSTORE_PASSWORD); assertNumberOfKeyStores(2); - List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("keystore/" + name); + List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("keystore/" + name + "?actuals=true"); assertNotNull("details cannot be null", keyStores); - assertKeyStoreAttributes(keyStores.get(0), name, TestSSLConstants.KEYSTORE, certAlias); + Map<String, Object> keystore = keyStores.get(0); + assertEquals("Unexpected name", name, keystore.get(KeyStore.NAME)); + assertEquals("unexpected path to key store", TestSSLConstants.KEYSTORE, keystore.get(FileKeyStore.STORE_URL)); + assertEquals("unexpected password", TestSSLConstants.KEYSTORE_PASSWORD, keystore.get(FileKeyStore.PASSWORD)); + assertEquals("unexpected alias", certAlias, keystore.get(FileKeyStore.CERTIFICATE_ALIAS)); } public void testCreateWithDataUrl() throws Exception @@ -85,10 +93,14 @@ public class KeyStoreRestTest extends QpidRestTestCase createKeyStore(name, null, dataUrlForKeyStore, TestSSLConstants.KEYSTORE_PASSWORD); assertNumberOfKeyStores(2); - List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("keystore/" + name); + List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("keystore/" + name + "?actuals=true"); assertNotNull("details cannot be null", keyStores); - assertKeyStoreAttributes(keyStores.get(0), name, dataUrlForKeyStore, null); + Map<String, Object> keystore = keyStores.get(0); + assertEquals("Unexpected name", name, keystore.get(KeyStore.NAME)); + assertEquals("unexpected data", dataUrlForKeyStore, keystore.get(FileKeyStore.STORE_URL)); + assertEquals("unexpected password", TestSSLConstants.KEYSTORE_PASSWORD, keystore.get(FileKeyStore.PASSWORD)); + assertEquals("unexpected alias", null, keystore.get(FileKeyStore.CERTIFICATE_ALIAS)); } public void testDelete() throws Exception @@ -104,15 +116,17 @@ public class KeyStoreRestTest extends QpidRestTestCase getRestTestHelper().submitRequest("keystore/" + name, "DELETE", HttpServletResponse.SC_OK); - List<Map<String, Object>> keyStore = getRestTestHelper().getJsonAsList("keystore/" + name); + List<Map<String, Object>> keyStore = getRestTestHelper().getJsonAsList("keystore/" + name + "?actuals=true"); assertNotNull("details should not be null", keyStore); assertTrue("details should be empty as the keystore no longer exists", keyStore.isEmpty()); //check only the default systests key store remains List<Map<String, Object>> keyStores = assertNumberOfKeyStores(1); Map<String, Object> keystore = keyStores.get(0); - assertKeyStoreAttributes(keystore, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE, - QPID_HOME + "/../" + TestSSLConstants.BROKER_KEYSTORE, null); + assertEquals("Unexpected name", TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE, keystore.get(KeyStore.NAME)); + assertEquals("unexpected path to key store", AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.STORE_URL)); + assertEquals("unexpected (dummy) password of default systests key store", AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.PASSWORD)); + assertFalse("should not be a certificateAlias attribute", keystore.containsKey(FileKeyStore.CERTIFICATE_ALIAS)); } public void testUpdate() throws Exception @@ -127,14 +141,18 @@ public class KeyStoreRestTest extends QpidRestTestCase Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(KeyStore.NAME, name); - attributes.put(FileKeyStore.PATH, TestSSLConstants.UNTRUSTED_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.UNTRUSTED_KEYSTORE); getRestTestHelper().submitRequest("keystore/" + name, "PUT", attributes, HttpServletResponse.SC_OK); - List<Map<String, Object>> keyStore = getRestTestHelper().getJsonAsList("keystore/" + name); - assertNotNull("details should not be null", keyStore); + List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("keystore/" + name + "?actuals=true"); + assertNotNull("details should not be null", keyStores); - assertKeyStoreAttributes(keyStore.get(0), name, TestSSLConstants.UNTRUSTED_KEYSTORE, null); + Map<String, Object> keystore = keyStores.get(0); + assertEquals("Unexpected name", name, keystore.get(KeyStore.NAME)); + assertEquals("unexpected data", TestSSLConstants.UNTRUSTED_KEYSTORE, keystore.get(FileKeyStore.STORE_URL)); + assertEquals("unexpected password", TestSSLConstants.KEYSTORE_PASSWORD, keystore.get(FileKeyStore.PASSWORD)); + assertEquals("unexpected alias", null, keystore.get(FileKeyStore.CERTIFICATE_ALIAS)); } @@ -151,7 +169,7 @@ public class KeyStoreRestTest extends QpidRestTestCase { Map<String, Object> keyStoreAttributes = new HashMap<>(); keyStoreAttributes.put(KeyStore.NAME, name); - keyStoreAttributes.put(FileKeyStore.PATH, keyStorePath); + keyStoreAttributes.put(FileKeyStore.STORE_URL, keyStorePath); keyStoreAttributes.put(FileKeyStore.PASSWORD, keystorePassword); if (certAlias != null) { @@ -161,26 +179,4 @@ public class KeyStoreRestTest extends QpidRestTestCase getRestTestHelper().submitRequest("keystore/" + name, "PUT", keyStoreAttributes, HttpServletResponse.SC_CREATED); } - private void assertKeyStoreAttributes(Map<String, Object> keystore, String name, String path, String certAlias) - { - assertEquals("default systests key store is missing", - name, keystore.get(KeyStore.NAME)); - assertEquals("unexpected path to key store", - path, keystore.get(FileKeyStore.PATH)); - assertEquals("unexpected (dummy) password of default systests key store", - AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.PASSWORD)); - assertEquals("unexpected type of default systests key store", - java.security.KeyStore.getDefaultType(), keystore.get(FileKeyStore.KEY_STORE_TYPE)); - if(certAlias == null) - { - assertFalse("should not be a certificateAlias attribute", - keystore.containsKey(FileKeyStore.CERTIFICATE_ALIAS)); - } - else - { - assertEquals("unexpected certificateAlias value", - certAlias, keystore.get(FileKeyStore.CERTIFICATE_ALIAS)); - - } - } } diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java index 6cca3fc12c..5919473676 100644 --- a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java +++ b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java @@ -127,7 +127,7 @@ public class TrustStoreRestTest extends QpidRestTestCase Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(TrustStore.NAME, name); - attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); getRestTestHelper().submitRequest("truststore/" + name , "PUT", attributes, HttpServletResponse.SC_OK); @@ -151,7 +151,7 @@ public class TrustStoreRestTest extends QpidRestTestCase Map<String, Object> trustStoreAttributes = new HashMap<String, Object>(); trustStoreAttributes.put(TrustStore.NAME, name); //deliberately using the client trust store to differentiate from the one we are already for broker - trustStoreAttributes.put(FileTrustStore.PATH, truststorePath); + trustStoreAttributes.put(FileTrustStore.STORE_URL, truststorePath); trustStoreAttributes.put(FileTrustStore.PASSWORD, truststorePassword); trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly); @@ -163,7 +163,7 @@ public class TrustStoreRestTest extends QpidRestTestCase assertEquals("default systests trust store is missing", name, truststore.get(TrustStore.NAME)); assertEquals("unexpected path to trust store", - path, truststore.get(FileTrustStore.PATH)); + path, truststore.get(FileTrustStore.STORE_URL)); assertEquals("unexpected (dummy) password of default systests trust store", AbstractConfiguredObject.SECURED_STRING_VALUE, truststore.get(FileTrustStore.PASSWORD)); assertEquals("unexpected type of default systests trust store", diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java index 86ebf11575..c05e95c4d4 100644 --- a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java +++ b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java @@ -183,7 +183,7 @@ public class BrokerACLTest extends QpidRestTestCase assertEquals("Setting of provider attribites should be allowed", 403, responseCode); Map<String, Object> provider = getRestTestHelper().getJsonAsSingletonList("authenticationprovider/" + providerName); - assertEquals("Unexpected PATH attribute value", + assertEquals("Unexpected STORE_URL attribute value", providerData.get(ExternalFileBasedAuthenticationManager.PATH), provider.get(ExternalFileBasedAuthenticationManager.PATH)); } @@ -922,7 +922,7 @@ public class BrokerACLTest extends QpidRestTestCase { Map<String, Object> keyStoreAttributes = new HashMap<String, Object>(); keyStoreAttributes.put(KeyStore.NAME, name); - keyStoreAttributes.put(FileKeyStore.PATH, TestSSLConstants.KEYSTORE); + keyStoreAttributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE); keyStoreAttributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD); keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias); @@ -933,7 +933,7 @@ public class BrokerACLTest extends QpidRestTestCase { Map<String, Object> trustStoreAttributes = new HashMap<String, Object>(); trustStoreAttributes.put(TrustStore.NAME, name); - trustStoreAttributes.put(FileTrustStore.PATH, TestSSLConstants.KEYSTORE); + trustStoreAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.KEYSTORE); trustStoreAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD); trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly); |