Author: orudyy
Date: Fri May 17 15:31:44 2013
New Revision: 1483866
URL: http://svn.apache.org/r1483866
Log:
QPID-4858: Prevent silent use of insecure HTTP connector when HTTP protocol
with SSL transport was requested.
Remove separate HTTPS protocol and use HTTP protocol with SSL transport for
consistency with all other protocol types.
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
Fri May 17 15:31:44 2013
@@ -64,6 +64,7 @@ import org.apache.qpid.server.model.Prot
import org.apache.qpid.server.model.Queue;
import org.apache.qpid.server.model.Session;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHost;
@@ -206,11 +207,6 @@ public class HttpManagement extends Abst
return (Integer)getAttribute(TIME_OUT);
}
- private boolean isManagementHttp(Port port)
- {
- return port.getProtocols().contains(Protocol.HTTP) ||
port.getProtocols().contains(Protocol.HTTPS);
- }
-
@SuppressWarnings("unchecked")
private Server createServer(Collection<Port> ports)
{
@@ -227,15 +223,15 @@ public class HttpManagement extends Abst
{
continue;
}
- final Collection<Protocol> protocols = port.getProtocols();
+
Connector connector = null;
- //TODO: what to do if protocol HTTP and transport SSL?
- if (protocols.contains(Protocol.HTTP))
+ Collection<Transport> transports = port.getTransports();
+ if (!transports.contains(Transport.SSL))
{
connector = new SelectChannelConnector();
}
- else if (protocols.contains(Protocol.HTTPS))
+ else if (transports.contains(Transport.SSL))
{
KeyStore keyStore = port.getKeyStore();
if (keyStore == null)
@@ -253,7 +249,7 @@ public class HttpManagement extends Abst
}
else
{
- throw new IllegalArgumentException("Unexpected protocol " +
protocols);
+ throw new IllegalArgumentException("Unexpected transport on
port " + port.getName() + ":" + transports);
}
lastPort = port.getPort();
connector.setPort(port.getPort());
@@ -365,7 +361,7 @@ public class HttpManagement extends Abst
Collection<Port> httpPorts = new HashSet<Port>();
for (Port port : ports)
{
- if (isManagementHttp(port))
+ if (port.getProtocols().contains(Protocol.HTTP))
{
httpPorts.add(port);
}
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
Fri May 17 15:31:44 2013
@@ -66,9 +66,8 @@
</div>
<div id="formAddPort:fieldsHTTP">
<select id="formAddPort.protocolsHTTP" name="protocols"
data-dojo-type="dijit.form.FilteringSelect"
- data-dojo-props="name: 'protocols', value: '', label:
'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied">
+ data-dojo-props="name: 'protocols', value: 'HTTP', label:
'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied">
<option value="HTTP">HTTP</option>
- <option value="HTTPS">HTTPS</option>
</select>
</div>
<div id="formAddPort:transport" >
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
Fri May 17 15:31:44 2013
@@ -239,17 +239,6 @@ define(["dojo/_base/xhr",
}
disableTransportWidget = true;
}
- else if (newValue == "HTTP" &&
registry.byId("formAddPort.protocolsHTTP").value == "HTTPS")
- {
- if (transportWidget.value != "SSL")
- {
- transportWidget.set("value", "SSL");
-
- // changing of transport widget value
will cause the call to toggleSslWidgets
- toggleSsl = false;
- }
- disableTransportWidget = true;
- }
if (toggleSsl)
{
toggleSslWidgets(newValue,
transportWidget.value);
@@ -290,15 +279,6 @@ define(["dojo/_base/xhr",
registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI);
});
-
registry.byId("formAddPort.protocolsHTTP").on("change", function(newValue){
- var isHTTPS = newValue == "HTTPS";
- var transportWidget =
registry.byId("formAddPort.transports");
- if (isHTTPS && transportWidget.value != "SSL")
{
- transportWidget.set("value", "SSL");
- }
- transportWidget.set("disabled", isHTTPS);
- });
-
theForm.on("submit", function(e) {
event.stop(e);
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java
Fri May 17 15:31:44 2013
@@ -298,7 +298,6 @@ public class ManagementModeStoreHandler
quiesce = managementModeRmiPortOverride > 0;
break;
case HTTP:
- case HTTPS:
quiesce = managementModeHttpPortOverride > 0;
break;
default:
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java
Fri May 17 15:31:44 2013
@@ -34,7 +34,6 @@ public enum Protocol
AMQP_1_0(ProtocolType.AMQP),
JMX_RMI(ProtocolType.JMX),
HTTP(ProtocolType.HTTP),
- HTTPS(ProtocolType.HTTP),
RMI(ProtocolType.RMI);
private final ProtocolType _protocolType;
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
Fri May 17 15:31:44 2013
@@ -411,7 +411,6 @@ public class PortAdapter extends Abstrac
|| (wantClientCertificate != null &&
wantClientCertificate.booleanValue());
String keyStoreName = (String) merged.get(KEY_STORE);
- boolean hasKeyStore = keyStoreName != null;
if(keyStoreName != null)
{
if (_broker.findKeyStoreByName(keyStoreName) == null)
@@ -454,11 +453,6 @@ public class PortAdapter extends Abstrac
}
}
- if (protocols != null && protocols.contains(Protocol.HTTPS) &&
!hasKeyStore)
- {
- throw new IllegalConfigurationException("Can't create port which
requires SSL but has no key store configured.");
- }
-
if (protocols != null && protocols.contains(Protocol.RMI) && usesSsl)
{
throw new IllegalConfigurationException("Can't create RMI Registry
port which requires SSL.");
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
Fri May 17 15:31:44 2013
@@ -124,7 +124,7 @@ public class PortFactory
}
Protocol protocol = protocols.iterator().next();
- if(!broker.isManagementMode())
+ if(!broker.isManagementMode() && protocol.getProtocolType() !=
ProtocolType.HTTP)
{
//ManagementMode needs this relaxed to allow its overriding
management ports to be inserted.
@@ -150,7 +150,7 @@ public class PortFactory
}
}
- if(port.getTransports().contains(Transport.SSL) ||
port.getProtocols().contains(Protocol.HTTPS))
+ if(port.getTransports().contains(Transport.SSL))
{
if(port.getKeyStore() == null)
{
Modified:
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
(original)
+++
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
Fri May 17 15:31:44 2013
@@ -33,6 +33,7 @@ import org.apache.commons.configuration.
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.model.Transport;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
public class BasicAuthRestTest extends QpidRestTestCase
@@ -58,9 +59,8 @@ public class BasicAuthRestTest extends Q
getRestTestHelper().setUseSsl(useSsl);
if (useSsl)
{
-
getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT,
Port.PROTOCOLS, Collections.singleton(Protocol.HTTPS));
+
getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT,
Port.TRANSPORTS, Collections.singleton(Transport.SSL));
getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT,
Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
-
}
super.customizeConfiguration();
}
Modified:
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java?rev=1483866&r1=1483865&r2=1483866&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
(original)
+++
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
Fri May 17 15:31:44 2013
@@ -52,7 +52,7 @@ public class BrokerRestHttpsTest extends
super.customizeConfiguration();
getRestTestHelper().setUseSsl(true);
Map<String, Object> newAttributes = new HashMap<String, Object>();
- newAttributes.put(Port.PROTOCOLS,
Collections.singleton(Protocol.HTTPS));
+ newAttributes.put(Port.PROTOCOLS,
Collections.singleton(Protocol.HTTP));
newAttributes.put(Port.TRANSPORTS,
Collections.singleton(Transport.SSL));
newAttributes.put(Port.KEY_STORE,
TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
getBrokerConfiguration().setObjectAttributes(TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT,newAttributes);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
