qd_error_t qd_dispatch_configure_router(qd_dispatch_t *qd, qd_entity_t *entity)
{
qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity, "routerId", 0));
QD_ERROR_RET();
if (! qd->router_id) {
qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity, "id", 0));
QD_ERROR_RET();
}
assert(qd->router_id);
qd->router_mode = qd_entity_get_long(entity, "mode");
QD_ERROR_RET();
qd->thread_count = qd_entity_opt_long(entity, "workerThreads", 4);
QD_ERROR_RET();
if (! qd->sasl_config_path) {
qd->sasl_config_path = qd_entity_opt_string(entity, "saslConfigPath", 0);
QD_ERROR_RET();
}
if (! qd->sasl_config_name) {
qd->sasl_config_name = qd_entity_opt_string(entity, "saslConfigName", "qdrouterd");
QD_ERROR_RET();
}
char *dump_file = qd_entity_opt_string(entity, "debugDump", 0);
QD_ERROR_RET();
if (dump_file) {
qd_alloc_debug_dump(dump_file);
QD_ERROR_RET();
free(dump_file);
}
return QD_ERROR_NONE;
}
/**
* The Container Entity has been deprecated and will be removed in the future. Use the RouterEntity instead.
*/
qd_error_t qd_dispatch_configure_container(qd_dispatch_t *qd, qd_entity_t *entity)
{
// Add a log warning. Check to see if too early
qd->thread_count = qd_entity_opt_long(entity, "workerThreads", 4); QD_ERROR_RET();
qd->sasl_config_path = qd_entity_opt_string(entity, "saslConfigPath", 0); QD_ERROR_RET();
qd->sasl_config_name = qd_entity_opt_string(entity, "saslConfigName", 0); QD_ERROR_RET();
char *dump_file = qd_entity_opt_string(entity, "debugDump", 0); QD_ERROR_RET();
if (dump_file) {
qd_alloc_debug_dump(dump_file); QD_ERROR_RET();
free(dump_file);
}
return QD_ERROR_NONE;
}
qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd_entity_t *entity)
{
qd_error_clear();
qd_connection_manager_t *cm = qd->connection_manager;
qd_config_ssl_profile_t *ssl_profile = NEW(qd_config_ssl_profile_t);
DEQ_ITEM_INIT(ssl_profile);
DEQ_INSERT_TAIL(cm->config_ssl_profiles, ssl_profile);
ssl_profile->name = qd_entity_opt_string(entity, "name", 0); CHECK();
ssl_profile->ssl_certificate_file = qd_entity_opt_string(entity, "certFile", 0); CHECK();
ssl_profile->ssl_private_key_file = qd_entity_opt_string(entity, "keyFile", 0); CHECK();
ssl_profile->ssl_password = qd_entity_opt_string(entity, "password", 0); CHECK();
ssl_profile->ssl_trusted_certificate_db = qd_entity_opt_string(entity, "certDb", 0); CHECK();
ssl_profile->ssl_trusted_certificates = qd_entity_opt_string(entity, "trustedCerts", 0); CHECK();
ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
ssl_profile->ssl_display_name_file = qd_entity_opt_string(entity, "displayNameFile", 0); CHECK();
sys_atomic_init(&ssl_profile->ref_count, 0);
qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
return ssl_profile;
error:
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create ssl profile: %s", qd_error_message());
qd_config_ssl_profile_free(cm, ssl_profile);
return 0;
}
qd_listener_t *qd_dispatch_configure_listener(qd_dispatch_t *qd, qd_entity_t *entity)
{
qd_connection_manager_t *cm = qd->connection_manager;
qd_listener_t *li = qd_server_listener(qd->server);
if (!li || load_server_config(qd, &li->config, entity, true) != QD_ERROR_NONE) {
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create listener: %s", qd_error_message());
qd_listener_decref(li);
return 0;
}
char *fol = qd_entity_opt_string(entity, "failoverList", 0);
if (fol) {
li->config.failover_list = qd_failover_list(fol);
free(fol);
if (li->config.failover_list == 0) {
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create listener, bad failover list: %s",
qd_error_message());
qd_listener_decref(li);
return 0;
}
} else {
li->config.failover_list = 0;
}
DEQ_ITEM_INIT(li);
DEQ_INSERT_TAIL(cm->listeners, li);
log_config(cm->log_source, &li->config, "Listener");
return li;
}
/**
* Since both the host and the addr have defaults of 127.0.0.1, we will have to use the non-default wherever it is available.
*/
static void set_config_host(qd_server_config_t *config, qd_entity_t* entity)
{
config->host = qd_entity_opt_string(entity, "host", 0);
assert(config->host);
int hplen = strlen(config->host) + strlen(config->port) + 2;
config->host_port = malloc(hplen);
snprintf(config->host_port, hplen, "%s:%s", config->host, config->port);
}
/**
* Since both the host and the addr have defaults of 127.0.0.1, we will have to use the non-default wherever it is available.
*/
static void set_config_host(qd_server_config_t *config, qd_entity_t* entity)
{
char *host = qd_entity_opt_string(entity, "host", 0);
char *addr = qd_entity_opt_string(entity, "addr", 0);
if (strcmp(host, HOST_ADDR_DEFAULT) == 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
config->host = host;
}
else if (strcmp(host, addr) == 0) {
config->host = host;
}
else if (strcmp(host, HOST_ADDR_DEFAULT) == 0 && strcmp(addr, HOST_ADDR_DEFAULT) != 0) {
config->host = addr;
}
else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
config->host = host;
}
assert(config->host);
}
qd_config_sasl_plugin_t *qd_dispatch_configure_sasl_plugin(qd_dispatch_t *qd, qd_entity_t *entity)
{
qd_error_clear();
qd_connection_manager_t *cm = qd->connection_manager;
qd_config_sasl_plugin_t *sasl_plugin = NEW(qd_config_sasl_plugin_t);
DEQ_ITEM_INIT(sasl_plugin);
DEQ_INSERT_TAIL(cm->config_sasl_plugins, sasl_plugin);
sasl_plugin->name = qd_entity_opt_string(entity, "name", 0); CHECK();
sasl_plugin->auth_service = qd_entity_opt_string(entity, "authService", 0); CHECK();
sasl_plugin->sasl_init_hostname = qd_entity_opt_string(entity, "saslInitHostname", 0); CHECK();
sasl_plugin->auth_ssl_profile = qd_entity_opt_string(entity, "authSslProfile", 0); CHECK();
qd_log(cm->log_source, QD_LOG_INFO, "Created SASL plugin config with name %s", sasl_plugin->name);
return sasl_plugin;
error:
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create SASL plugin config: %s", qd_error_message());
config_sasl_plugin_free(cm, sasl_plugin);
return 0;
}
qd_error_t qd_entity_configure_policy(qd_policy_t *policy, qd_entity_t *entity)
{
policy->max_connection_limit = qd_entity_opt_long(entity, "maximumConnections", 0); CHECK();
if (policy->max_connection_limit < 0)
return qd_error(QD_ERROR_CONFIG, "maximumConnections must be >= 0");
policy->policyFolder =
qd_entity_opt_string(entity, "policyFolder", 0); CHECK();
policy->enableAccessRules = qd_entity_opt_bool(entity, "enableAccessRules", false); CHECK();
qd_log(policy->log_source, QD_LOG_INFO, "Policy configured maximumConnections: %d, policyFolder: '%s', access rules enabled: '%s'",
policy->max_connection_limit, policy->policyFolder, (policy->enableAccessRules ? "true" : "false"));
return QD_ERROR_NONE;
error:
if (policy->policyFolder)
free(policy->policyFolder);
qd_policy_free(policy);
return qd_error_code();
}
static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity)
{
qd_error_clear();
bool authenticatePeer = qd_entity_opt_bool(entity, "authenticatePeer", false); CHECK();
char *stripAnnotations = qd_entity_opt_string(entity, "stripAnnotations", 0); CHECK();
bool requireEncryption = qd_entity_opt_bool(entity, "requireEncryption", false); CHECK();
bool requireSsl = qd_entity_opt_bool(entity, "requireSsl", false); CHECK();
bool depRequirePeerAuth = qd_entity_opt_bool(entity, "requirePeerAuth", false); CHECK();
bool depAllowUnsecured = qd_entity_opt_bool(entity, "allowUnsecured", !requireSsl); CHECK();
memset(config, 0, sizeof(*config));
config->host = qd_entity_get_string(entity, "addr"); CHECK();
config->port = qd_entity_get_string(entity, "port"); CHECK();
config->name = qd_entity_opt_string(entity, "name", 0); CHECK();
config->role = qd_entity_get_string(entity, "role"); CHECK();
config->protocol_family = qd_entity_opt_string(entity, "protocolFamily", 0); CHECK();
config->max_frame_size = qd_entity_get_long(entity, "maxFrameSize"); CHECK();
config->idle_timeout_seconds = qd_entity_get_long(entity, "idleTimeoutSeconds"); CHECK();
config->sasl_username = qd_entity_opt_string(entity, "saslUsername", 0); CHECK();
config->sasl_password = qd_entity_opt_string(entity, "saslPassword", 0); CHECK();
config->sasl_mechanisms = qd_entity_opt_string(entity, "saslMechanisms", 0); CHECK();
config->ssl_enabled = has_attrs(entity, ssl_attributes, ssl_attributes_count);
config->link_capacity = qd_entity_opt_long(entity, "linkCapacity", 0); CHECK();
//
// Handle the defaults for link capacity.
//
if (config->link_capacity == 0) {
if (strcmp("inter-router", config->role) == 0)
config->link_capacity = 100000; // This is effectively infinite since session flow control will be more stringent.
else
config->link_capacity = 250;
}
//
// For now we are hardwiring this attribute to true. If there's an outcry from the
// user community, we can revisit this later.
//
config->allowInsecureAuthentication = true;
load_strip_annotations(config, stripAnnotations);
config->requireAuthentication = authenticatePeer || depRequirePeerAuth;
config->requireEncryption = requireEncryption || !depAllowUnsecured;
if (config->ssl_enabled) {
config->ssl_required = requireSsl || !depAllowUnsecured;
config->ssl_require_peer_authentication = config->sasl_mechanisms &&
strstr(config->sasl_mechanisms, "EXTERNAL") != 0;
config->ssl_certificate_file =
qd_entity_opt_string(entity, "certFile", 0); CHECK();
config->ssl_private_key_file =
qd_entity_opt_string(entity, "keyFile", 0); CHECK();
config->ssl_password =
qd_entity_opt_string(entity, "password", 0); CHECK();
config->ssl_trusted_certificate_db =
qd_entity_opt_string(entity, "certDb", 0); CHECK();
config->ssl_trusted_certificates =
qd_entity_opt_string(entity, "trustedCerts", 0); CHECK();
config->ssl_uid_format =
qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
config->ssl_display_name_file =
qd_entity_opt_string(entity, "displayNameFile", 0); CHECK();
}
free(stripAnnotations);
return QD_ERROR_NONE;
error:
qd_server_config_free(config);
return qd_error_code();
}
qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd_entity_t *entity)
{
qd_error_clear();
qd_connection_manager_t *cm = qd->connection_manager;
qd_config_ssl_profile_t *ssl_profile = NEW(qd_config_ssl_profile_t);
DEQ_ITEM_INIT(ssl_profile);
DEQ_INSERT_TAIL(cm->config_ssl_profiles, ssl_profile);
ssl_profile->name = qd_entity_opt_string(entity, "name", 0); CHECK();
ssl_profile->ssl_certificate_file = qd_entity_opt_string(entity, "certFile", 0); CHECK();
ssl_profile->ssl_private_key_file = qd_entity_opt_string(entity, "keyFile", 0); CHECK();
ssl_profile->ssl_password = qd_entity_opt_string(entity, "password", 0); CHECK();
if (!ssl_profile->ssl_password) {
// SSL password not provided. Check if passwordFile property is specified.
char *password_file = qd_entity_opt_string(entity, "passwordFile", 0); CHECK();
if (password_file) {
FILE *file = fopen(password_file, "r");
if (file) {
char buffer[200];
int c;
int i=0;
while (i < 200 - 1) {
c = fgetc(file);
if (c == EOF || c == '\n')
break;
buffer[i++] = c;
}
if (i != 0) {
buffer[i] = '\0';
free(ssl_profile->ssl_password);
ssl_profile->ssl_password = strdup(buffer);
}
fclose(file);
}
}
free(password_file);
}
ssl_profile->ciphers = qd_entity_opt_string(entity, "ciphers", 0); CHECK();
ssl_profile->ssl_trusted_certificate_db = qd_entity_opt_string(entity, "certDb", 0); CHECK();
ssl_profile->ssl_trusted_certificates = qd_entity_opt_string(entity, "trustedCerts", 0); CHECK();
ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
ssl_profile->ssl_display_name_file = qd_entity_opt_string(entity, "displayNameFile", 0); CHECK();
//
// Process the password to handle any modifications or lookups needed
//
qd_config_ssl_profile_process_password(ssl_profile); CHECK();
qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
return ssl_profile;
error:
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create ssl profile: %s", qd_error_message());
config_ssl_profile_free(cm, ssl_profile);
return 0;
}
static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, bool is_listener)
{
qd_error_clear();
bool authenticatePeer = qd_entity_opt_bool(entity, "authenticatePeer", false); CHECK();
bool verifyHostName = qd_entity_opt_bool(entity, "verifyHostName", true); CHECK();
bool requireEncryption = qd_entity_opt_bool(entity, "requireEncryption", false); CHECK();
bool requireSsl = qd_entity_opt_bool(entity, "requireSsl", false); CHECK();
memset(config, 0, sizeof(*config));
config->log_message = qd_entity_opt_string(entity, "logMessage", 0); CHECK();
config->log_bits = populate_log_message(config);
config->port = qd_entity_get_string(entity, "port"); CHECK();
config->name = qd_entity_opt_string(entity, "name", 0); CHECK();
config->role = qd_entity_get_string(entity, "role"); CHECK();
config->inter_router_cost = qd_entity_opt_long(entity, "cost", 1); CHECK();
config->protocol_family = qd_entity_opt_string(entity, "protocolFamily", 0); CHECK();
config->http = qd_entity_opt_bool(entity, "http", false); CHECK();
config->http_root = qd_entity_opt_string(entity, "httpRoot", false); CHECK();
config->http = config->http || config->http_root; /* httpRoot implies http */
config->max_frame_size = qd_entity_get_long(entity, "maxFrameSize"); CHECK();
config->max_sessions = qd_entity_get_long(entity, "maxSessions"); CHECK();
uint64_t ssn_frames = qd_entity_opt_long(entity, "maxSessionFrames", 0); CHECK();
config->idle_timeout_seconds = qd_entity_get_long(entity, "idleTimeoutSeconds"); CHECK();
if (is_listener) {
config->initial_handshake_timeout_seconds = qd_entity_get_long(entity, "initialHandshakeTimeoutSeconds"); CHECK();
}
config->sasl_username = qd_entity_opt_string(entity, "saslUsername", 0); CHECK();
config->sasl_password = qd_entity_opt_string(entity, "saslPassword", 0); CHECK();
config->sasl_mechanisms = qd_entity_opt_string(entity, "saslMechanisms", 0); CHECK();
config->ssl_profile = qd_entity_opt_string(entity, "sslProfile", 0); CHECK();
config->sasl_plugin = qd_entity_opt_string(entity, "saslPlugin", 0); CHECK();
config->link_capacity = qd_entity_opt_long(entity, "linkCapacity", 0); CHECK();
config->multi_tenant = qd_entity_opt_bool(entity, "multiTenant", false); CHECK();
set_config_host(config, entity);
//
// Handle the defaults for various settings
//
if (config->link_capacity == 0)
config->link_capacity = 250;
if (config->max_sessions == 0 || config->max_sessions > 32768)
// Proton disallows > 32768
config->max_sessions = 32768;
if (config->max_frame_size < QD_AMQP_MIN_MAX_FRAME_SIZE)
// Silently promote the minimum max-frame-size
// Proton will do this but the number is needed for the
// incoming capacity calculation.
config->max_frame_size = QD_AMQP_MIN_MAX_FRAME_SIZE;
//
// Given session frame count and max frame size compute session incoming_capacity
//
if (ssn_frames == 0)
config->incoming_capacity = (sizeof(size_t) < 8) ? 0x7FFFFFFFLL : 0x7FFFFFFFLL * config->max_frame_size;
else {
uint64_t mfs = (uint64_t) config->max_frame_size;
uint64_t trial_ic = ssn_frames * mfs;
uint64_t limit = (sizeof(size_t) < 8) ? (1ll << 31) - 1 : 0;
if (limit == 0 || trial_ic < limit) {
// Silently promote incoming capacity of zero to one
config->incoming_capacity =
(trial_ic < QD_AMQP_MIN_MAX_FRAME_SIZE ? QD_AMQP_MIN_MAX_FRAME_SIZE : trial_ic);
} else {
config->incoming_capacity = limit;
uint64_t computed_ssn_frames = limit / mfs;
qd_log(qd->connection_manager->log_source, QD_LOG_WARNING,
"Server configuation for I/O adapter entity name:'%s', host:'%s', port:'%s', "
"requested maxSessionFrames truncated from %"PRId64" to %"PRId64,
config->name, config->host, config->port, ssn_frames, computed_ssn_frames);
}
}
//
// For now we are hardwiring this attribute to true. If there's an outcry from the
// user community, we can revisit this later.
//
config->allowInsecureAuthentication = true;
config->verify_host_name = verifyHostName;
char *stripAnnotations = qd_entity_opt_string(entity, "stripAnnotations", 0);
load_strip_annotations(config, stripAnnotations);
free(stripAnnotations);
stripAnnotations = 0;
CHECK();
config->requireAuthentication = authenticatePeer;
config->requireEncryption = requireEncryption || requireSsl;
if (config->ssl_profile) {
config->ssl_required = requireSsl;
config->ssl_require_peer_authentication = config->sasl_mechanisms &&
strstr(config->sasl_mechanisms, "EXTERNAL") != 0;
qd_config_ssl_profile_t *ssl_profile =
qd_find_ssl_profile(qd->connection_manager, config->ssl_profile);
if (ssl_profile) {
config->ssl_certificate_file = SSTRDUP(ssl_profile->ssl_certificate_file);
config->ssl_private_key_file = SSTRDUP(ssl_profile->ssl_private_key_file);
config->ciphers = SSTRDUP(ssl_profile->ciphers);
config->ssl_password = SSTRDUP(ssl_profile->ssl_password);
config->ssl_trusted_certificate_db = SSTRDUP(ssl_profile->ssl_trusted_certificate_db);
config->ssl_trusted_certificates = SSTRDUP(ssl_profile->ssl_trusted_certificates);
config->ssl_uid_format = SSTRDUP(ssl_profile->ssl_uid_format);
config->ssl_display_name_file = SSTRDUP(ssl_profile->ssl_display_name_file);
}
}
if (config->sasl_plugin) {
qd_config_sasl_plugin_t *sasl_plugin =
qd_find_sasl_plugin(qd->connection_manager, config->sasl_plugin);
if (sasl_plugin) {
config->auth_service = SSTRDUP(sasl_plugin->auth_service);
config->sasl_init_hostname = SSTRDUP(sasl_plugin->sasl_init_hostname);
qd_log(qd->connection_manager->log_source, QD_LOG_INFO, "Using auth service %s from SASL Plugin %s", config->auth_service, config->sasl_plugin);
if (sasl_plugin->auth_ssl_profile) {
qd_config_ssl_profile_t *auth_ssl_profile =
qd_find_ssl_profile(qd->connection_manager, sasl_plugin->auth_ssl_profile);
config->auth_ssl_conf = pn_ssl_domain(PN_SSL_MODE_CLIENT);
if (auth_ssl_profile->ssl_certificate_file) {
if (pn_ssl_domain_set_credentials(config->auth_ssl_conf,
auth_ssl_profile->ssl_certificate_file,
auth_ssl_profile->ssl_private_key_file,
auth_ssl_profile->ssl_password)) {
qd_error(QD_ERROR_RUNTIME, "Cannot set SSL credentials for authentication service"); CHECK();
}
}
if (auth_ssl_profile->ssl_trusted_certificate_db) {
if (pn_ssl_domain_set_trusted_ca_db(config->auth_ssl_conf, auth_ssl_profile->ssl_trusted_certificate_db)) {
qd_error(QD_ERROR_RUNTIME, "Cannot set trusted SSL certificate db for authentication service" ); CHECK();
} else {
if (pn_ssl_domain_set_peer_authentication(config->auth_ssl_conf, PN_SSL_VERIFY_PEER, auth_ssl_profile->ssl_trusted_certificate_db)) {
qd_error(QD_ERROR_RUNTIME, "Cannot set SSL peer verification for authentication service"); CHECK();
}
}
}
if (auth_ssl_profile->ciphers) {
if (pn_ssl_domain_set_ciphers(config->auth_ssl_conf, auth_ssl_profile->ciphers)) {
return qd_error(QD_ERROR_RUNTIME, "Cannot set ciphers. The ciphers string might be invalid. Use openssl ciphers -v <ciphers> to validate");
}
}
}
} else {
qd_error(QD_ERROR_RUNTIME, "Cannot find sasl plugin %s", config->sasl_plugin); CHECK();
}
}
return QD_ERROR_NONE;
error:
qd_server_config_free(config);
return qd_error_code();
}
static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
{
qd_error_clear();
bool authenticatePeer = qd_entity_opt_bool(entity, "authenticatePeer", false); CHECK();
bool verifyHostName = qd_entity_opt_bool(entity, "verifyHostName", true); CHECK();
char *stripAnnotations = qd_entity_opt_string(entity, "stripAnnotations", 0); CHECK();
bool requireEncryption = qd_entity_opt_bool(entity, "requireEncryption", false); CHECK();
bool requireSsl = qd_entity_opt_bool(entity, "requireSsl", false); CHECK();
bool depRequirePeerAuth = qd_entity_opt_bool(entity, "requirePeerAuth", false); CHECK();
bool depAllowUnsecured = qd_entity_opt_bool(entity, "allowUnsecured", !requireSsl); CHECK();
memset(config, 0, sizeof(*config));
config->port = qd_entity_get_string(entity, "port"); CHECK();
config->name = qd_entity_opt_string(entity, "name", 0); CHECK();
config->role = qd_entity_get_string(entity, "role"); CHECK();
config->inter_router_cost = qd_entity_opt_long(entity, "cost", 1); CHECK();
config->protocol_family = qd_entity_opt_string(entity, "protocolFamily", 0); CHECK();
config->max_frame_size = qd_entity_get_long(entity, "maxFrameSize"); CHECK();
config->max_sessions = qd_entity_get_long(entity, "maxSessions"); CHECK();
uint64_t ssn_frames = qd_entity_get_long(entity, "maxSessionFrames"); CHECK();
config->idle_timeout_seconds = qd_entity_get_long(entity, "idleTimeoutSeconds"); CHECK();
config->sasl_username = qd_entity_opt_string(entity, "saslUsername", 0); CHECK();
config->sasl_password = qd_entity_opt_string(entity, "saslPassword", 0); CHECK();
config->sasl_mechanisms = qd_entity_opt_string(entity, "saslMechanisms", 0); CHECK();
config->ssl_profile = qd_entity_opt_string(entity, "sslProfile", 0); CHECK();
config->link_capacity = qd_entity_opt_long(entity, "linkCapacity", 0); CHECK();
set_config_host(config, entity);
//
// Handle the defaults for various settings
//
if (config->link_capacity == 0)
config->link_capacity = 250;
if (config->max_sessions == 0 || config->max_sessions > 32768)
// Proton disallows > 32768
config->max_sessions = 32768;
if (config->max_frame_size < QD_AMQP_MIN_MAX_FRAME_SIZE)
// Silently promote the minimum max-frame-size
// Proton will do this but the number is needed for the
// incoming capacity calculation.
config->max_frame_size = QD_AMQP_MIN_MAX_FRAME_SIZE;
//
// Given session frame count and max frame size compute session incoming_capacity
// Limit total capacity to 2^31-1.
//
uint64_t mfs = (uint64_t)config->max_frame_size;
uint64_t trial_ic = ssn_frames * mfs;
uint64_t limit = (1ll << 31) - 1;
if (trial_ic < limit) {
// Silently promote incoming capacity of zero to one
config->incoming_capacity =
(trial_ic < QD_AMQP_MIN_MAX_FRAME_SIZE ? QD_AMQP_MIN_MAX_FRAME_SIZE : trial_ic);
} else {
config->incoming_capacity = limit;
uint64_t computed_ssn_frames = limit / mfs;
qd_log(qd->connection_manager->log_source, QD_LOG_WARNING,
"Server configuation for I/O adapter entity name:'%s', host:'%s', port:'%s', "
"requested maxSessionFrames truncated from %llu to %llu",
config->name, config->host, config->port, ssn_frames, computed_ssn_frames);
}
//
// For now we are hardwiring this attribute to true. If there's an outcry from the
// user community, we can revisit this later.
//
config->allowInsecureAuthentication = true;
config->verify_host_name = verifyHostName;
load_strip_annotations(config, stripAnnotations);
config->requireAuthentication = authenticatePeer || depRequirePeerAuth;
config->requireEncryption = requireEncryption || !depAllowUnsecured;
if (config->ssl_profile) {
config->ssl_required = requireSsl || !depAllowUnsecured;
config->ssl_require_peer_authentication = config->sasl_mechanisms &&
strstr(config->sasl_mechanisms, "EXTERNAL") != 0;
*ssl_profile = qd_find_ssl_profile(qd->connection_manager, config->ssl_profile);
if (*ssl_profile) {
config->ssl_certificate_file = (*ssl_profile)->ssl_certificate_file;
config->ssl_private_key_file = (*ssl_profile)->ssl_private_key_file;
config->ssl_password = (*ssl_profile)->ssl_password;
config->ssl_trusted_certificate_db = (*ssl_profile)->ssl_trusted_certificate_db;
config->ssl_trusted_certificates = (*ssl_profile)->ssl_trusted_certificates;
config->ssl_uid_format = (*ssl_profile)->ssl_uid_format;
config->ssl_display_name_file = (*ssl_profile)->ssl_display_name_file;
}
sys_atomic_inc(&(*ssl_profile)->ref_count);
}
free(stripAnnotations);
return QD_ERROR_NONE;
error:
qd_server_config_free(config);
return qd_error_code();
}
