Example 1 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class VirtualHostNameAndLevelLogInclusionRuleImplTest method testLoggerNameChangeNotAllowed.
public void testLoggerNameChangeNotAllowed() {
VirtualHostNameAndLevelLogInclusionRule<?> rule = createRule("org.apache.qpid", LogLevel.INFO);
LoggerNameAndLevelFilter filter = (LoggerNameAndLevelFilter) rule.asFilter();
assertEquals("Unexpected logger name", "org.apache.qpid", filter.getLoggerName());
try {
rule.setAttributes(Collections.<String, Object>singletonMap(BrokerNameAndLevelLogInclusionRule.LOGGER_NAME, "org.apache.qpid.foo"));
fail("IllegalConfigurationException is expected to throw on attempt to change logger name");
} catch (IllegalConfigurationException e) {
// pass
}
assertEquals("Unexpected logger name", "org.apache.qpid", filter.getLoggerName());
}
Also used :
LoggerNameAndLevelFilter(org.apache.qpid.server.logging.logback.LoggerNameAndLevelFilter)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
Example 2 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class HttpManagement method getSslContextFactory.
private SslContextFactory getSslContextFactory(final HttpPort<?> port) {
KeyStore keyStore = port.getKeyStore();
if (keyStore == null) {
throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
}
boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
Collection<TrustStore> trustStores = port.getTrustStores();
if (needClientCert && trustStores.isEmpty()) {
throw new IllegalConfigurationException(String.format("Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined", this.getName()));
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, port.getName());
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (port.getTLSSessionCacheSize() > 0) {
serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
}
if (port.getTLSSessionTimeout() > 0) {
serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
}
SslContextFactory factory = new SslContextFactory() {
@Override
public void customize(final SSLEngine sslEngine) {
super.customize(sslEngine);
if (port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty()) {
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
}
};
factory.setSslContext(sslContext);
if (port.getNeedClientAuth()) {
factory.setNeedClientAuth(true);
} else if (port.getWantClientAuth()) {
factory.setWantClientAuth(true);
}
return factory;
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLSessionContext(javax.net.ssl.SSLSessionContext)
SSLParameters(javax.net.ssl.SSLParameters)
SSLEngine(javax.net.ssl.SSLEngine)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
TrustStore(org.apache.qpid.server.model.TrustStore)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(org.apache.qpid.server.model.KeyStore)
Example 3 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class NonJavaTrustStoreImpl method updateTrustManagers.
@SuppressWarnings("unused")
private void updateTrustManagers() {
try {
if (_certificatesUrl != null) {
X509Certificate[] certs = SSLUtil.readCertificates(getUrlFromString(_certificatesUrl));
java.security.KeyStore inMemoryKeyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
inMemoryKeyStore.load(null, null);
int i = 1;
for (Certificate cert : certs) {
inMemoryKeyStore.setCertificateEntry(String.valueOf(i++), cert);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(inMemoryKeyStore);
_trustManagers = tmf.getTrustManagers();
_certificates = certs;
}
} catch (IOException | GeneralSecurityException e) {
throw new IllegalConfigurationException("Cannot load certificate(s) :" + e, e);
}
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 4 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class AclFileParser method parseAcl.
private static void parseAcl(Integer number, List<String> args, final RuleSetCreator ruleSetCreator, final int line) {
if (args.size() < 3) {
throw new IllegalConfigurationException(String.format(NOT_ENOUGH_ACL_MSG, line));
}
String text = args.get(0);
RuleOutcome outcome;
try {
outcome = RuleOutcome.valueOf(text.replace('-', '_').toUpperCase());
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Not a valid permission: " + text, e);
}
String identity = args.get(1);
LegacyOperation operation = LegacyOperation.valueOf(args.get(2).toUpperCase());
if (number != null && !ruleSetCreator.isValidNumber(number)) {
throw new IllegalConfigurationException(String.format(BAD_ACL_RULE_NUMBER_MSG, line));
}
if (args.size() == 3) {
ruleSetCreator.addRule(number, identity, outcome, operation);
} else {
ObjectType object = ObjectType.valueOf(args.get(3).toUpperCase());
AclRulePredicates predicates = toRulePredicates(args.subList(4, args.size()), line);
ruleSetCreator.addRule(number, identity, outcome, operation, object, predicates);
}
}
Also used :
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
RuleOutcome(org.apache.qpid.server.security.access.plugins.RuleOutcome)
Example 5 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class AclFileParser method parse.
public static RuleSet parse(final Reader configReader, EventLoggerProvider eventLogger) {
RuleSetCreator ruleSetCreator = new RuleSetCreator();
int line = 0;
try (Reader fileReader = configReader) {
LOGGER.debug("About to load ACL file");
StreamTokenizer tokenizer = new StreamTokenizer(new BufferedReader(fileReader));
// setup the tokenizer
tokenizer.resetSyntax();
// single line comments
tokenizer.commentChar(COMMENT);
// return EOL as a token
tokenizer.eolIsSignificant(true);
// equals is a token
tokenizer.ordinaryChar('=');
// continuation character (when followed by EOL)
tokenizer.ordinaryChar(CONTINUATION);
// double quote
tokenizer.quoteChar('"');
// single quote
tokenizer.quoteChar('\'');
// whitespace (to be ignored) TODO properly
tokenizer.whitespaceChars('\u0000', '\u0020');
// unquoted token characters [a-z]
tokenizer.wordChars('a', 'z');
// [A-Z]
tokenizer.wordChars('A', 'Z');
// [0-9]
tokenizer.wordChars('0', '9');
// underscore
tokenizer.wordChars('_', '_');
// dash
tokenizer.wordChars('-', '-');
// dot
tokenizer.wordChars('.', '.');
// star
tokenizer.wordChars('*', '*');
// at
tokenizer.wordChars('@', '@');
// colon
tokenizer.wordChars(':', ':');
// parse the acl file lines
Stack<String> stack = new Stack<>();
int current;
do {
current = tokenizer.nextToken();
line = tokenizer.lineno() - 1;
switch(current) {
case StreamTokenizer.TT_EOF:
case StreamTokenizer.TT_EOL:
if (stack.isEmpty()) {
// blank line
break;
}
// pull out the first token from the bottom of the stack and check arguments exist
String first = stack.firstElement();
stack.removeElementAt(0);
if (stack.isEmpty()) {
throw new IllegalConfigurationException(String.format(NOT_ENOUGH_TOKENS_MSG, line));
}
// check for and parse optional initial number for ACL lines
Integer number = null;
if (first != null && first.matches("\\d+")) {
// set the acl number and get the next element
number = Integer.valueOf(first);
first = stack.firstElement();
stack.removeElementAt(0);
}
if (ACL.equalsIgnoreCase(first)) {
parseAcl(number, stack, ruleSetCreator, line);
} else if (number == null) {
if ("GROUP".equalsIgnoreCase(first)) {
throw new IllegalConfigurationException(String.format("GROUP keyword not supported at " + "line %d. Groups should defined " + "via a Group Provider, not in " + "the ACL file.", line));
} else if (CONFIG.equalsIgnoreCase(first)) {
parseConfig(stack, ruleSetCreator, line);
} else {
throw new IllegalConfigurationException(String.format(UNRECOGNISED_INITIAL_MSG, first, line));
}
} else {
throw new IllegalConfigurationException(String.format(NUMBER_NOT_ALLOWED_MSG, first, line));
}
// reset stack, start next line
stack.clear();
break;
case StreamTokenizer.TT_NUMBER:
stack.push(Integer.toString(Double.valueOf(tokenizer.nval).intValue()));
break;
case StreamTokenizer.TT_WORD:
// token
stack.push(tokenizer.sval);
break;
default:
if (tokenizer.ttype == CONTINUATION) {
int next = tokenizer.nextToken();
line = tokenizer.lineno() - 1;
if (next == StreamTokenizer.TT_EOL) {
// continue reading next line
break;
}
// invalid location for continuation character (add one to line because we ate the EOL)
throw new IllegalConfigurationException(String.format(PREMATURE_CONTINUATION_MSG, line + 1));
} else if (tokenizer.ttype == '\'' || tokenizer.ttype == '"') {
// quoted token
stack.push(tokenizer.sval);
} else {
// single character
stack.push(Character.toString((char) tokenizer.ttype));
}
}
} while (current != StreamTokenizer.TT_EOF);
if (!stack.isEmpty()) {
throw new IllegalConfigurationException(String.format(PREMATURE_EOF_MSG, line));
}
} catch (IllegalArgumentException iae) {
throw new IllegalConfigurationException(String.format(PARSE_TOKEN_FAILED_MSG, line), iae);
} catch (IOException ioe) {
throw new IllegalConfigurationException(CANNOT_LOAD_MSG, ioe);
}
return ruleSetCreator.createRuleSet(eventLogger);
}
Also used :
BufferedReader(java.io.BufferedReader)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
Reader(java.io.Reader)
InputStreamReader(java.io.InputStreamReader)
BufferedReader(java.io.BufferedReader)
IOException(java.io.IOException)
StreamTokenizer(java.io.StreamTokenizer)
Stack(java.util.Stack)
Aggregations
IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)115
IOException (java.io.IOException)35
HashMap (java.util.HashMap)30
Test (org.junit.Test)29
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)22
File (java.io.File)16
GeneralSecurityException (java.security.GeneralSecurityException)12
UUID (java.util.UUID)12
ConfiguredObjectRecord (org.apache.qpid.server.store.ConfiguredObjectRecord)12
AbstractConfiguredObject (org.apache.qpid.server.model.AbstractConfiguredObject)10
X509Certificate (java.security.cert.X509Certificate)9
ArrayList (java.util.ArrayList)9
Reader (java.io.Reader)7
Path (java.nio.file.Path)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
LinkedHashMap (java.util.LinkedHashMap)7
Map (java.util.Map)7
AccessControlException (java.security.AccessControlException)6
Certificate (java.security.cert.Certificate)6
SSLContext (javax.net.ssl.SSLContext)6
