Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-3873 AMQP Broker Conn Encrypted Attrs 

Adds support for ENC(...) attribute values for user and password on
amqp-connection.
This commit is contained in:
Ryan Highley 2022-06-16 09:06:41 -05:00 committed by Bruscino Domenico Francesco
parent d199bf3c8c
commit 2123de415b
4 changed files with 130 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
View File

@ -2088,7 +2088,13 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
int retryInterval = getAttributeInteger(e, "retry-interval", 5000, Validators.GT_ZERO); int retryInterval = getAttributeInteger(e, "retry-interval", 5000, Validators.GT_ZERO);
int reconnectAttempts = getAttributeInteger(e, "reconnect-attempts", -1, Validators.MINUS_ONE_OR_GT_ZERO); int reconnectAttempts = getAttributeInteger(e, "reconnect-attempts", -1, Validators.MINUS_ONE_OR_GT_ZERO);
String user = getAttributeValue(e, "user"); String user = getAttributeValue(e, "user");
if (user != null && PasswordMaskingUtil.isEncMasked(user)) {
user = PasswordMaskingUtil.resolveMask(mainConfig.isMaskPassword(), user, mainConfig.getPasswordCodec());
}
String password = getAttributeValue(e, "password"); String password = getAttributeValue(e, "password");
if (password != null && PasswordMaskingUtil.isEncMasked(password)) {
password = PasswordMaskingUtil.resolveMask(mainConfig.isMaskPassword(), password, mainConfig.getPasswordCodec());
}
boolean autoStart = getBooleanAttribute(e, "auto-start", true); boolean autoStart = getBooleanAttribute(e, "auto-start", true);
getInteger(e, "local-bind-port", -1, Validators.MINUS_ONE_OR_GT_ZERO); getInteger(e, "local-bind-port", -1, Validators.MINUS_ONE_OR_GT_ZERO);

1
artemis-server/src/main/resources/schema/artemis-configuration.xsd
View File

@ -2117,6 +2117,7 @@
<xsd:sequence maxOccurs="unbounded"> <xsd:sequence maxOccurs="unbounded">
<xsd:element name="amqp-connection" type="amqp-connectionUriType"/> <xsd:element name="amqp-connection" type="amqp-connectionUriType"/>
</xsd:sequence> </xsd:sequence>
<xsd:attributeGroup ref="xml:specialAttrs"/>
</xsd:complexType> </xsd:complexType>
<xsd:complexType name="connectionRouterType"> <xsd:complexType name="connectionRouterType">

86
artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationBrokerConnectionEncryptedTest.java Normal file
View File

@ -0,0 +1,86 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.artemis.core.config.impl;
import java.util.List;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.config.FileDeploymentManager;
import org.apache.activemq.artemis.core.config.amqpBrokerConnectivity.AMQPBrokerConnectConfiguration;
import org.junit.Assert;
import org.junit.Test;
public class FileConfigurationBrokerConnectionEncryptedTest extends ConfigurationImplTest {
protected String getConfigurationName() {
return "ConfigurationTest-broker-connection-encrypted-config.xml";
}
@Override
@Test
public void testDefaults() {
// empty
}
@Test
public void testAMQPBrokerConfigEncryptedUserAndPassword() {
List<AMQPBrokerConnectConfiguration> brokerConnections = conf.getAMQPConnection();
Assert.assertNotNull("brokerConnections is null", brokerConnections);
Assert.assertFalse("brokerConnections is empty", brokerConnections.isEmpty());
boolean encTest = false;
boolean plainTest = false;
boolean emptyTest = false;
for (AMQPBrokerConnectConfiguration brokerConnection : brokerConnections) {
// Check each expected configuration is present
encTest = encTest || "enc-test".equals(brokerConnection.getName());
plainTest = plainTest || "plain-test".equals(brokerConnection.getName());
emptyTest = emptyTest || "empty-test".equals(brokerConnection.getName());
if ("empty-test".equals(brokerConnection.getName())) {
// Empty configuration should have null user and password
Assert.assertNull(brokerConnection.getUser());
Assert.assertNull(brokerConnection.getPassword());
} else {
// Both the encrypted and plain user and password use the same expected value
Assert.assertEquals("testuser", brokerConnection.getUser());
Assert.assertEquals("testpassword", brokerConnection.getPassword());
}
}
Assert.assertTrue("enc-test configuration is not present", encTest);
Assert.assertTrue("plain-test configuration is not present", plainTest);
Assert.assertTrue("empty-test configuration is not present", emptyTest);
}
@Override
protected Configuration createConfiguration() throws Exception {
FileConfiguration fc = new FileConfiguration();
FileDeploymentManager deploymentManager = new FileDeploymentManager(getConfigurationName());
deploymentManager.addDeployable(fc);
deploymentManager.readConfiguration();
return fc;
}
}

37
artemis-server/src/test/resources/ConfigurationTest-broker-connection-encrypted-config.xml Normal file
View File

@ -0,0 +1,37 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq ../../../../activemq-server/src/main/resources/schema/artemis-server.xsd">
<core xmlns="urn:activemq:core">
<broker-connections>
<!-- user="testuser" password="testpassword" -->
<amqp-connection uri="tcp://test1:111" name="enc-test" user="ENC(-5da23e449f1b4b24dd05b6572705eea3)" password="ENC(-4c07e66dc377c18d95220e791dd51e82)">
<mirror />
</amqp-connection>
<!-- user="testuser" password="testpassword" -->
<amqp-connection uri="tcp://test2:111" name="plain-test" user="testuser" password="testpassword">
<mirror />
</amqp-connection>
<amqp-connection uri="tcp://test2:111" name="empty-test">
<mirror />
</amqp-connection>
</broker-connections>
</core>
</configuration>