qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1736998 - in /qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security: AbstractKeyStore.java FileKeyStoreImpl.java NonJavaKeyStoreImpl.java
Date Tue, 29 Mar 2016 11:10:06 GMT
Author: rgodfrey
Date: Tue Mar 29 11:10:06 2016
New Revision: 1736998

URL: http://svn.apache.org/viewvc?rev=1736998&view=rev
Log:
QPID-6995 : Move duplicate code into base class, address comment from [~k-wall] regarding
exception handling

Modified:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AbstractKeyStore.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AbstractKeyStore.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AbstractKeyStore.java?rev=1736998&r1=1736997&r2=1736998&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AbstractKeyStore.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AbstractKeyStore.java
Tue Mar 29 11:10:06 2016
@@ -20,10 +20,18 @@
  */
 package org.apache.qpid.server.security;
 
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
 import java.util.Map;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -33,7 +41,9 @@ import org.apache.qpid.server.model.Abst
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfigurationChangeListener;
 import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.IntegrityViolationException;
 import org.apache.qpid.server.model.KeyStore;
+import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 
 public abstract class AbstractKeyStore<X extends AbstractKeyStore<X>>
@@ -41,7 +51,7 @@ public abstract class AbstractKeyStore<X
 {
     private static Logger LOGGER = LoggerFactory.getLogger(AbstractKeyStore.class);
 
-    private static final long ONE_DAY = 24l * 60l * 60l * 1000l;
+    protected static final long ONE_DAY = 24l * 60l * 60l * 1000l;
 
     private final Broker<?> _broker;
     private final EventLogger _eventLogger;
@@ -161,5 +171,64 @@ public abstract class AbstractKeyStore<X
         }
     }
 
+    protected final ListenableFuture<Void> deleteIfNotInUse()
+    {
+        // verify that it is not in use
+        String storeName = getName();
+
+        Collection<Port> ports = new ArrayList<Port>(getBroker().getPorts());
+        for (Port port : ports)
+        {
+            if (port.getKeyStore() == this)
+            {
+                throw new IntegrityViolationException("Key store '" + storeName + "' can't
be deleted as it is in use by a port:" + port.getName());
+            }
+        }
+        deleted();
+        setState(State.DELETED);
+        getEventLogger().message(KeyStoreMessages.DELETE(getName()));
+        return Futures.immediateFuture(null);
+    }
+
     protected abstract void checkCertificateExpiry();
+
+    protected void checkCertificatesExpiry(final long currentTime,
+                                           final Date expiryTestDate,
+                                           final X509Certificate[] chain)
+    {
+        if(chain != null)
+        {
+            for(X509Certificate cert : chain)
+            {
+                try
+                {
+                    cert.checkValidity(expiryTestDate);
+                }
+                catch(CertificateExpiredException e)
+                {
+                    long timeToExpiry = cert.getNotAfter().getTime() - currentTime;
+                    int days = Math.max(0,(int)(timeToExpiry / (ONE_DAY)));
+
+                    getEventLogger().message(KeyStoreMessages.EXPIRING(getName(), String.valueOf(days),
cert.getSubjectDN().toString()));
+                }
+                catch(CertificateNotYetValidException e)
+                {
+                    // ignore
+                }
+            }
+        }
+    }
+
+    protected final int getCertificateExpiryWarnPeriod()
+    {
+        try
+        {
+            return getContextValue(Integer.class, CERTIFICATE_EXPIRY_WARN_PERIOD);
+        }
+        catch (NullPointerException | IllegalArgumentException e)
+        {
+            LOGGER.warn("The value of the context variable '{}' for keystore {} cannot be
converted to an integer. The value {} will be used as a default", CERTIFICATE_EXPIRY_WARN_PERIOD,
getName(), DEFAULT_CERTIFICATE_EXPIRY_WARN_PERIOD);
+            return DEFAULT_CERTIFICATE_EXPIRY_WARN_PERIOD;
+        }
+    }
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java?rev=1736998&r1=1736997&r2=1736998&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
Tue Mar 29 11:10:06 2016
@@ -29,17 +29,11 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Map;
 import java.util.Set;
-import java.util.concurrent.ScheduledFuture;
-import java.util.concurrent.TimeUnit;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -47,21 +41,14 @@ import javax.net.ssl.X509KeyManager;
 
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
-import org.apache.qpid.server.logging.EventLogger;
-import org.apache.qpid.server.logging.messages.KeyStoreMessages;
 import org.apache.qpid.server.model.Broker;
-import org.apache.qpid.server.model.ConfigurationChangeListener;
 import org.apache.qpid.server.model.ConfiguredObject;
-import org.apache.qpid.server.model.IntegrityViolationException;
 import org.apache.qpid.server.model.KeyStore;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
-import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.util.ServerScopedRuntimeException;
@@ -72,7 +59,6 @@ import org.apache.qpid.transport.network
 @ManagedObject( category = false )
 public class FileKeyStoreImpl extends AbstractKeyStore<FileKeyStoreImpl> implements
FileKeyStore<FileKeyStoreImpl>
 {
-    private static final long ONE_DAY = 24l * 60l * 60l * 1000l;
 
     @ManagedAttributeField
     private String _type;
@@ -111,21 +97,7 @@ public class FileKeyStoreImpl extends Ab
     @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
     protected ListenableFuture<Void> doDelete()
     {
-        // verify that it is not in use
-        String storeName = getName();
-
-        Collection<Port> ports = new ArrayList<Port>(getBroker().getPorts());
-        for (Port port : ports)
-        {
-            if (port.getKeyStore() == this)
-            {
-                throw new IntegrityViolationException("Key store '" + storeName + "' can't
be deleted as it is in use by a port:" + port.getName());
-            }
-        }
-        deleted();
-        setState(State.DELETED);
-        getEventLogger().message(KeyStoreMessages.DELETE(getName()));
-        return Futures.immediateFuture(null);
+        return deleteIfNotInUse();
     }
 
     @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState =
State.ACTIVE)
@@ -318,72 +290,45 @@ public class FileKeyStoreImpl extends Ab
 
     protected void checkCertificateExpiry()
     {
-        try
+        int expiryWarning = getCertificateExpiryWarnPeriod();
+        if(expiryWarning > 0)
         {
+            long currentTime = System.currentTimeMillis();
+            Date expiryTestDate = new Date(currentTime + (ONE_DAY * (long)expiryWarning));
 
-            int expiryWarning = getContextValue(Integer.class, CERTIFICATE_EXPIRY_WARN_PERIOD);
-            if(expiryWarning > 0)
+            try
             {
-                long currentTime = System.currentTimeMillis();
-                Date expiryTestDate = new Date(currentTime + (ONE_DAY * (long)expiryWarning));
-
-                try
-                {
-                    URL url = getUrlFromString(_storeUrl);
-                    final java.security.KeyStore ks = SSLUtil.getInitializedKeyStore(url,
getPassword(), _keyStoreType);
+                URL url = getUrlFromString(_storeUrl);
+                final java.security.KeyStore ks = SSLUtil.getInitializedKeyStore(url, getPassword(),
_keyStoreType);
 
-                    char[] keyStoreCharPassword = getPassword() == null ? null : getPassword().toCharArray();
+                char[] keyStoreCharPassword = getPassword() == null ? null : getPassword().toCharArray();
 
-                    final KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
+                final KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
 
-                    kmf.init(ks, keyStoreCharPassword);
+                kmf.init(ks, keyStoreCharPassword);
 
 
-                    for (KeyManager km : kmf.getKeyManagers())
+                for (KeyManager km : kmf.getKeyManagers())
+                {
+                    if (km instanceof X509KeyManager)
                     {
-                        if (km instanceof X509KeyManager)
-                        {
-                            X509KeyManager x509KeyManager = (X509KeyManager) km;
-
-                            for(String alias : Collections.list(ks.aliases()))
-                            {
-                                final X509Certificate[] chain =
-                                        x509KeyManager.getCertificateChain(alias);
-                                if(chain != null)
-                                {
-                                    for(X509Certificate cert : chain)
-                                    {
-                                        try
-                                        {
-                                            cert.checkValidity(expiryTestDate);
-                                        }
-                                        catch(CertificateExpiredException e)
-                                        {
-                                            long timeToExpiry = cert.getNotAfter().getTime()
- currentTime;
-                                            int days = Math.max(0,(int)(timeToExpiry / (ONE_DAY)));
-
-                                            getEventLogger().message(KeyStoreMessages.EXPIRING(getName(),
String.valueOf(days), cert.getSubjectDN().toString()));
-                                        }
-                                        catch(CertificateNotYetValidException e)
-                                        {
-                                            // ignore
-                                        }
-                                    }
-                                }
-                            }
+                        X509KeyManager x509KeyManager = (X509KeyManager) km;
 
+                        for(String alias : Collections.list(ks.aliases()))
+                        {
+                            checkCertificatesExpiry(currentTime, expiryTestDate,
+                                                    x509KeyManager.getCertificateChain(alias));
                         }
+
                     }
                 }
-                catch (GeneralSecurityException | IOException e)
-                {
+            }
+            catch (GeneralSecurityException | IOException e)
+            {
 
-                }
             }
         }
-        catch(IllegalArgumentException | NullPointerException e)
-        {
-        }
+
     }
 
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java?rev=1736998&r1=1736997&r2=1736998&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
Tue Mar 29 11:10:06 2016
@@ -74,7 +74,6 @@ import org.apache.qpid.transport.network
 public class NonJavaKeyStoreImpl extends AbstractKeyStore<NonJavaKeyStoreImpl> implements
NonJavaKeyStore<NonJavaKeyStoreImpl>
 {
     private static final Logger LOGGER = LoggerFactory.getLogger(NonJavaKeyStoreImpl.class);
-    private static final long ONE_DAY = 24l * 60l * 60l * 1000l;
 
     @ManagedAttributeField( afterSet = "updateKeyManagers" )
     private String _privateKeyUrl;
@@ -180,24 +179,7 @@ public class NonJavaKeyStoreImpl extends
     @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
     protected ListenableFuture<Void> doDelete()
     {
-        // verify that it is not in use
-        String storeName = getName();
-
-        Collection<Port> ports = new ArrayList<Port>(getBroker().getPorts());
-        for (Port port : ports)
-        {
-            if (port.getKeyStore() == this)
-            {
-                throw new IntegrityViolationException("Key store '"
-                        + storeName
-                        + "' can't be deleted as it is in use by a port:"
-                        + port.getName());
-            }
-        }
-        deleted();
-        setState(State.DELETED);
-        getEventLogger().message(KeyStoreMessages.DELETE(getName()));
-        return Futures.immediateFuture(null);
+        return deleteIfNotInUse();
     }
 
     @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState =
State.ACTIVE)
@@ -300,36 +282,13 @@ public class NonJavaKeyStoreImpl extends
 
     private void checkCertificateExpiry(final X509Certificate... certificates)
     {
-        int expiryWarning = getContextValue(Integer.class, CERTIFICATE_EXPIRY_WARN_PERIOD);
+        int expiryWarning = getCertificateExpiryWarnPeriod();
         if(expiryWarning > 0)
         {
             long currentTime = System.currentTimeMillis();
             Date expiryTestDate = new Date(currentTime + (ONE_DAY * (long) expiryWarning));
 
-
-            if (certificates != null)
-            {
-                for (X509Certificate cert : certificates)
-                {
-                    try
-                    {
-                        cert.checkValidity(expiryTestDate);
-                    }
-                    catch (CertificateExpiredException e)
-                    {
-                        long timeToExpiry = cert.getNotAfter().getTime() - currentTime;
-                        int days = Math.max(0, (int) (timeToExpiry / (ONE_DAY)));
-
-                        getEventLogger().message(KeyStoreMessages.EXPIRING(getName(),
-                                                                           String.valueOf(days),
-                                                                           cert.getSubjectDN().toString()));
-                    }
-                    catch (CertificateNotYetValidException e)
-                    {
-                        // ignore
-                    }
-                }
-            }
+            checkCertificatesExpiry(currentTime, expiryTestDate, certificates);
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message