qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lqu...@apache.org
Subject svn commit: r1750798 - in /qpid/java/trunk: broker-core/src/main/java/org/apache/qpid/server/model/ broker-core/src/main/java/org/apache/qpid/server/plugin/ broker-core/src/main/java/org/apache/qpid/server/security/ broker-core/src/main/java/org/apache...
Date Thu, 30 Jun 2016 13:57:52 GMT
Author: lquack
Date: Thu Jun 30 13:57:52 2016
New Revision: 1750798

URL: http://svn.apache.org/viewvc?rev=1750798&view=rev
Log:
QPID-7224: [Java Broker] Exposed TrustStores should include/exclude based on VirtualHostNodes
rather than VirtualHosts

Modified:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
    qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java
Thu Jun 30 13:57:52 2016
@@ -32,15 +32,14 @@ public interface TrustStore<X extends Tr
     @ManagedAttribute( defaultValue = "false", description = "If true the Trust Store will
expose its certificates as a special artificial message source.")
     boolean isExposedAsMessageSource();
 
-    @ManagedAttribute( defaultValue = "[]" )
-    List<VirtualHost> getIncludedVirtualHostMessageSources();
+    @ManagedAttribute( defaultValue = "[]", description = "If 'exposedAsMessageSource' is
true, the trust store will expose its certificates only to VirtualHostNodes in this list or
if this list is empty to all VirtualHostNodes who are not in the 'excludedVirtualHostNodeMessageSources'
list." )
+    List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources();
 
-    @ManagedAttribute( defaultValue = "[]" )
-    List<VirtualHost> getExcludedVirtualHostMessageSources();
+    @ManagedAttribute( defaultValue = "[]", description = "If 'exposedAsMessageSource' is
true and 'includedVirtualHostNodeMessageSources' is empty, the trust store will expose its
certificates only to VirtualHostNodes who are not in this list." )
+    List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources();
 
+    TrustManager[] getTrustManagers() throws GeneralSecurityException;
 
-    public TrustManager[] getTrustManagers() throws GeneralSecurityException;
-
-    public Certificate[] getCertificates() throws GeneralSecurityException;
+    Certificate[] getCertificates() throws GeneralSecurityException;
 
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/plugin/SystemNodeCreator.java
Thu Jun 30 13:57:52 2016
@@ -22,6 +22,7 @@ package org.apache.qpid.server.plugin;
 
 import org.apache.qpid.server.message.MessageNode;
 import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 
 public interface SystemNodeCreator extends Pluggable
 {
@@ -31,7 +32,7 @@ public interface SystemNodeCreator exten
         void removeSystemNode(MessageNode node);
         void removeSystemNode(String name);
 
-
+        VirtualHostNode<?> getVirtualHostNode();
         VirtualHost<?> getVirtualHost();
 
         boolean hasSystemNode(String name);

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -57,7 +57,7 @@ import org.apache.qpid.server.model.Port
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
@@ -84,9 +84,9 @@ public class FileTrustStoreImpl extends
     @ManagedAttributeField
     private boolean _exposedAsMessageSource;
     @ManagedAttributeField
-    private List<VirtualHost> _includedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
     @ManagedAttributeField
-    private List<VirtualHost> _excludedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
 
     static
     {
@@ -378,14 +378,14 @@ public class FileTrustStoreImpl extends
     }
 
     @Override
-    public List<VirtualHost> getIncludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
     {
-        return _includedVirtualHostMessageSources;
+        return _includedVirtualHostNodeMessageSources;
     }
 
     @Override
-    public List<VirtualHost> getExcludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
     {
-        return _excludedVirtualHostMessageSources;
+        return _excludedVirtualHostNodeMessageSources;
     }
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/ManagedPeerCertificateTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -64,7 +64,7 @@ import org.apache.qpid.server.model.Port
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
 import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
@@ -81,9 +81,9 @@ public class ManagedPeerCertificateTrust
     @ManagedAttributeField
     private boolean _exposedAsMessageSource;
     @ManagedAttributeField
-    private List<VirtualHost> _includedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
     @ManagedAttributeField
-    private List<VirtualHost> _excludedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
 
     private volatile TrustManager[] _trustManagers = new TrustManager[0];
 
@@ -247,15 +247,15 @@ public class ManagedPeerCertificateTrust
     }
 
     @Override
-    public List<VirtualHost> getIncludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
     {
-        return _includedVirtualHostMessageSources;
+        return _includedVirtualHostNodeMessageSources;
     }
 
     @Override
-    public List<VirtualHost> getExcludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
     {
-        return _excludedVirtualHostMessageSources;
+        return _excludedVirtualHostNodeMessageSources;
     }
 
     @Override

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -61,7 +61,7 @@ import org.apache.qpid.server.model.Port
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -80,9 +80,9 @@ public class NonJavaTrustStoreImpl
     @ManagedAttributeField
     private boolean _exposedAsMessageSource;
     @ManagedAttributeField
-    private List<VirtualHost> _includedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
     @ManagedAttributeField
-    private List<VirtualHost> _excludedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
 
     private volatile TrustManager[] _trustManagers = new TrustManager[0];
 
@@ -333,14 +333,14 @@ public class NonJavaTrustStoreImpl
     }
 
     @Override
-    public List<VirtualHost> getIncludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
     {
-        return _includedVirtualHostMessageSources;
+        return _includedVirtualHostNodeMessageSources;
     }
 
     @Override
-    public List<VirtualHost> getExcludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
     {
-        return _excludedVirtualHostMessageSources;
+        return _excludedVirtualHostNodeMessageSources;
     }
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Thu Jun 30 13:57:52 2016
@@ -62,7 +62,7 @@ import org.apache.qpid.server.model.Port
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.transport.network.security.ssl.SSLUtil;
 import org.apache.qpid.transport.util.Functions;
@@ -81,9 +81,9 @@ public class SiteSpecificTrustStoreImpl
     @ManagedAttributeField
     private boolean _exposedAsMessageSource;
     @ManagedAttributeField
-    private List<VirtualHost> _includedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _includedVirtualHostNodeMessageSources;
     @ManagedAttributeField
-    private List<VirtualHost> _excludedVirtualHostMessageSources;
+    private List<VirtualHostNode<?>> _excludedVirtualHostNodeMessageSources;
 
     private volatile TrustManager[] _trustManagers = new TrustManager[0];
 
@@ -295,15 +295,15 @@ public class SiteSpecificTrustStoreImpl
     }
 
     @Override
-    public List<VirtualHost> getIncludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getIncludedVirtualHostNodeMessageSources()
     {
-        return _includedVirtualHostMessageSources;
+        return _includedVirtualHostNodeMessageSources;
     }
 
     @Override
-    public List<VirtualHost> getExcludedVirtualHostMessageSources()
+    public List<VirtualHostNode<?>> getExcludedVirtualHostNodeMessageSources()
     {
-        return _excludedVirtualHostMessageSources;
+        return _excludedVirtualHostNodeMessageSources;
     }
 
     @Override

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/TrustStoreMessageSourceCreator.java
Thu Jun 30 13:57:52 2016
@@ -114,19 +114,19 @@ public class TrustStoreMessageSourceCrea
     }
 
 
-    private boolean isTrustStoreExposedAsMessageSource(VirtualHost<?> virtualHost,
final TrustStore trustStore)
+    private boolean isTrustStoreExposedAsMessageSource(VirtualHostNode<?> virtualHostNode,
final TrustStore trustStore)
     {
         return trustStore.getState() == State.ACTIVE && trustStore.isExposedAsMessageSource()
-               && (trustStore.getIncludedVirtualHostMessageSources().contains(virtualHost)
-                   || (trustStore.getIncludedVirtualHostMessageSources().isEmpty()
-                       && !trustStore.getExcludedVirtualHostMessageSources().contains(virtualHost)));
+               && (trustStore.getIncludedVirtualHostNodeMessageSources().contains(virtualHostNode)
+                   || (trustStore.getIncludedVirtualHostNodeMessageSources().isEmpty()
+                       && !trustStore.getExcludedVirtualHostNodeMessageSources().contains(virtualHostNode)));
     }
 
 
     private void updateTrustStoreSourceRegistration(SystemNodeRegistry registry, TrustStore<?>
trustStore)
     {
         final String sourceName = TrustStoreMessageSource.getSourceNameFromTrustStore(trustStore);
-        if(isTrustStoreExposedAsMessageSource(registry.getVirtualHost(), trustStore) )
+        if (isTrustStoreExposedAsMessageSource(registry.getVirtualHostNode(), trustStore))
         {
             if(!registry.hasSystemNode(sourceName))
             {

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
Thu Jun 30 13:57:52 2016
@@ -25,6 +25,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -480,6 +481,10 @@ public class BrokerStoreUpgraderAndRecov
 
                 getNextUpgrader().configuredObject(record);
             }
+            else if (record.getType().equals("TrustStore"))
+            {
+                upgradeTrustStore(record);
+            }
             else
             {
                 Map<String, Object> attributes = record.getAttributes();
@@ -510,6 +515,41 @@ public class BrokerStoreUpgraderAndRecov
             }
         }
 
+        private void upgradeTrustStore(ConfiguredObjectRecord record)
+        {
+            Map<String, Object> updatedAttributes = new LinkedHashMap<>(record.getAttributes());
+            if (updatedAttributes.containsKey("includedVirtualHostMessageSources")
+                || updatedAttributes.containsKey("excludedVirtualHostMessageSources"))
+            {
+                if (updatedAttributes.containsKey("includedVirtualHostMessageSources"))
+                {
+                    LOGGER.warn("Detected 'includedVirtualHostMessageSources' attribute during
upgrade."
+                                + " Starting with version 6.1 this attribute has been replaced
with"
+                                + " 'includedVirtualHostNodeMessageSources'. The upgrade
is automatic but"
+                                + " assumes that the VirtualHostNode has the same name as
the VirtualHost."
+                                + " Assumed name: '{}'", updatedAttributes.get("includedVirtualHostMessageSources"));
+                    updatedAttributes.put("includedVirtualHostNodeMessageSources",
+                                          updatedAttributes.get("includedVirtualHostMessageSources"));
+                    updatedAttributes.remove("includedVirtualHostMessageSources");
+
+                }
+                if (updatedAttributes.containsKey("excludedVirtualHostMessageSources"))
+                {
+                    LOGGER.warn("Detected 'excludedVirtualHostMessageSources' attribute during
upgrade."
+                                + " Starting with version 6.1 this attribute has been replaced
with"
+                                + " 'excludedVirtualHostNodeMessageSources'. The upgrade
is automatic but"
+                                + " assumes that the VirtualHostNode has the same name as
the VirtualHost."
+                                + " Assumed name: '{}'", updatedAttributes.get("excludedVirtualHostMessageSources"));
+                    updatedAttributes.put("excludedVirtualHostNodeMessageSources",
+                                          updatedAttributes.get("excludedVirtualHostMessageSources"));
+                    updatedAttributes.remove("excludedVirtualHostMessageSources");
+                }
+                record = new ConfiguredObjectRecordImpl(record.getId(), record.getType(),
updatedAttributes, record.getParents());
+                getUpdateMap().put(record.getId(), record);
+                getNextUpgrader().configuredObject(record);
+            }
+        }
+
         @Override
         public void complete()
         {

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
Thu Jun 30 13:57:52 2016
@@ -1300,6 +1300,12 @@ public abstract class AbstractVirtualHos
         }
 
         @Override
+        public VirtualHostNode<?> getVirtualHostNode()
+        {
+            return AbstractVirtualHost.this.getParent(VirtualHostNode.class);
+        }
+
+        @Override
         public VirtualHost<?> getVirtualHost()
         {
             return AbstractVirtualHost.this;

Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java?rev=1750798&r1=1750797&r2=1750798&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
(original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
Thu Jun 30 13:57:52 2016
@@ -21,6 +21,8 @@
 package org.apache.qpid.systest.messageencryption;
 
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -33,6 +35,7 @@ import javax.jms.MessageProducer;
 import javax.jms.Queue;
 import javax.jms.Session;
 
+import org.apache.qpid.client.AMQConnectionURL;
 import org.apache.qpid.client.message.JMSBytesMessage;
 import org.apache.qpid.client.message.JMSTextMessage;
 import org.apache.qpid.server.model.TrustStore;
@@ -43,6 +46,8 @@ public class MessageEncryptionTest exten
 {
 
     public static final String TEST_MESSAGE_TEXT = "test message";
+    public static final String EXCLUDED_VIRTUAL_HOST_NODE_NAME = "excludedVirtualHostNode";
+    public static final String INCLUDED_VIRTUAL_HOST_NODE_NAME = "includedVirtualHostNode";
 
     @Override
     public void setUp() throws Exception
@@ -213,6 +218,89 @@ public class MessageEncryptionTest exten
         }
     }
 
+    public void testBrokerStoreProviderWithExcludedVirtualHostNode() throws Exception
+    {
+        if(isStrongEncryptionEnabled() && !isCppBroker())
+        {
+            createTestVirtualHostNode(EXCLUDED_VIRTUAL_HOST_NODE_NAME);
+            addPeerStoreToBroker(Collections.<String, Object>singletonMap("excludedVirtualHostNodeMessageSources",
+                                                                          EXCLUDED_VIRTUAL_HOST_NODE_NAME));
+            super.setUp();
+
+            String connectionUrlString = "amqp://guest:guest@clientId/" + EXCLUDED_VIRTUAL_HOST_NODE_NAME
+                                         + "?brokerlist='tcp://localhost:" + getDefaultAmqpPort()
+ "'"
+                                         + "&encryption_remote_trust_store='$certificates%5c/peerstore'";
+            final AMQConnectionURL connectionUrl = new AMQConnectionURL(connectionUrlString);
+            Connection producerConnection = getConnection(connectionUrl);
+
+            Queue queue = getTestQueue();
+            final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+            final MessageProducer producer = prodSession.createProducer(queue);
+
+            Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+            message.setBooleanProperty("x-qpid-encrypt", true);
+            message.setStringProperty("x-qpid-encrypt-recipients",
+                                      "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+            try
+            {
+                producer.send(message);
+                fail("Should not be able to send message");
+            }
+            catch (JMSException e)
+            {
+                assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof
CertificateException);
+            }
+        }
+    }
+
+    public void testBrokerStoreProviderWithIncludedVirtualHostNode() throws Exception
+    {
+        if(isStrongEncryptionEnabled() && !isCppBroker())
+        {
+            createTestVirtualHostNode(INCLUDED_VIRTUAL_HOST_NODE_NAME);
+            final Map<String, Object> additionalPeerStoreAttributes = new HashMap<>();
+            additionalPeerStoreAttributes.put("includedVirtualHostNodeMessageSources", INCLUDED_VIRTUAL_HOST_NODE_NAME);
+            // this is deliberate to test that the include list takes precedence
+            additionalPeerStoreAttributes.put("excludedVirtualHostNodeMessageSources", INCLUDED_VIRTUAL_HOST_NODE_NAME);
+            addPeerStoreToBroker(additionalPeerStoreAttributes);
+            super.setUp();
+
+            String connectionUrlString;
+
+            connectionUrlString = "amqp://guest:guest@clientId/" + INCLUDED_VIRTUAL_HOST_NODE_NAME
+                                  + "?brokerlist='tcp://localhost:" + getDefaultAmqpPort()
+ "'"
+                                  + "&encryption_remote_trust_store='$certificates%5c/peerstore'";
+            final AMQConnectionURL connectionUrl = new AMQConnectionURL(connectionUrlString);
+            Connection successfulProducerConnection = getConnection(connectionUrl);
+
+            Connection failingProducerConnection = getConnectionWithOptions(Collections.singletonMap("encryption_remote_trust_store",
+                                                                                        
            "$certificates%5c/peerstore"));
+
+            Queue queue = getTestQueue();
+            final Session successfulSession = successfulProducerConnection.createSession(false,
Session.AUTO_ACKNOWLEDGE);
+            final MessageProducer successfulProducer = successfulSession.createProducer(queue);
+            final Session failingSession = failingProducerConnection.createSession(false,
Session.AUTO_ACKNOWLEDGE);
+            final MessageProducer failingProducer = failingSession.createProducer(queue);
+
+            Message message = successfulSession.createTextMessage(TEST_MESSAGE_TEXT);
+            message.setBooleanProperty("x-qpid-encrypt", true);
+            message.setStringProperty("x-qpid-encrypt-recipients",
+                                      "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+            try
+            {
+                failingProducer.send(message);
+                fail("Should not be able to send message");
+            }
+            catch (JMSException e)
+            {
+                assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof
CertificateException);
+            }
+
+            successfulProducer.send(message);
+        }
+    }
 
     public void testUnknownRecipient() throws Exception
     {
@@ -297,15 +385,19 @@ public class MessageEncryptionTest exten
 
     private void addPeerStoreToBroker()
     {
+        addPeerStoreToBroker(Collections.<String, Object>emptyMap());
+    }
+
+    private void addPeerStoreToBroker(Map<String, Object> additionalAttributes)
+    {
         Map<String, Object> peerStoreAttributes = new HashMap<>();
         peerStoreAttributes.put("name" , "peerstore");
         peerStoreAttributes.put("storeUrl" , "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_peerstore.jks");
         peerStoreAttributes.put("password" , "password");
         peerStoreAttributes.put("type", "FileTrustStore");
         peerStoreAttributes.put("exposedAsMessageSource", true);
+        peerStoreAttributes.putAll(additionalAttributes);
         getDefaultBrokerConfiguration().addObjectConfiguration(TrustStore.class, peerStoreAttributes);
-
-
     }
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message