QPID-4691: Fix validation and UI for setting of keystore/truststore/peerstore dependant attributes on broker and ports

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1463626 13f79535-47bb-0310-9956-ffa450edef68
author: Alex Rudyy <orudyy@apache.org> 2013-04-02 16:59:18 +0000
committer: Alex Rudyy <orudyy@apache.org> 2013-04-02 16:59:18 +0000
commit: 88f4165312120d1b516aea6ad8a70adfbe434207 (patch)
tree: 24bdd713d077d322ecf20970f38dd2726d08bd66 /qpid/java/broker/src
parent: 5f04bb068edd8a26f57162b693fa32b10c793fa8 (diff)
download: qpid-python-88f4165312120d1b516aea6ad8a70adfbe434207.tar.gz
3 files changed, 78 insertions, 4 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
index 8ff0b6d9e1..e57c8c2d16 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
@@ -381,4 +381,9 @@ abstract class AbstractAdapter implements ConfiguredObject
     {
         // allowed by default
     }
+
+    protected Map<String, Object> getDefaultAttributes()
+    {
+        return _defaultAttributes;
+    }
 }
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
index b6a2bbac71..ec5a0402b4 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
@@ -1182,9 +1182,14 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             String passwordAttribute, String aliasAttribute)
     {
         String keyStoreFile = (String) convertedAttributes.get(pathAttribute);
-        if (keyStoreFile != null)
+        String password = (String) convertedAttributes.get(passwordAttribute);
+        String alias = aliasAttribute!= null? (String) convertedAttributes.get(aliasAttribute) : null;
+        if (keyStoreFile != null || password != null || alias != null)
         {
-            String password = (String) convertedAttributes.get(passwordAttribute);
+            if (keyStoreFile == null)
+            {
+                keyStoreFile  = (String) getActualAttributes().get(pathAttribute);
+            }
             if (password == null)
             {
                 password = (String) getActualAttributes().get(passwordAttribute);
@@ -1200,7 +1205,10 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             }
             if (aliasAttribute != null)
             {
-                String alias = (String) convertedAttributes.get(aliasAttribute);
+                if (alias == null)
+                {
+                    alias  = (String) getActualAttributes().get(aliasAttribute);
+                }
                 if (alias != null)
                 {
                     Certificate cert = null;
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
index ba10816a35..59a2a50a24 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
@@ -48,6 +48,7 @@ import org.apache.qpid.server.model.VirtualHostAlias;
 import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.MapValueConverter;
 import org.apache.qpid.server.util.ParameterizedTypeImpl;
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.configuration.updater.TaskExecutor;
 
 public class PortAdapter extends AbstractAdapter implements Port
@@ -362,7 +363,67 @@ public class PortAdapter extends AbstractAdapter implements Port
         {
             throw new IllegalStateException("Cannot change attributes for an active port outside of Management Mode");
         }
-        super.changeAttributes(MapValueConverter.convert(attributes, ATTRIBUTE_TYPES));
+        Map<String, Object> converted = MapValueConverter.convert(attributes, ATTRIBUTE_TYPES);
+
+        Map<String, Object> merged =  new HashMap<String, Object>(getDefaultAttributes());
+        merged.putAll(getActualAttributes());
+        merged.putAll(converted);
+
+        @SuppressWarnings("unchecked")
+        Collection<Transport> transports = (Collection<Transport>)merged.get(TRANSPORTS);
+        @SuppressWarnings("unchecked")
+        Collection<Protocol> protocols = (Collection<Protocol>)merged.get(PROTOCOLS);
+        Boolean needClientCertificate = (Boolean)merged.get(NEED_CLIENT_AUTH);
+        Boolean wantClientCertificate = (Boolean)merged.get(WANT_CLIENT_AUTH);
+        boolean requiresCertificate = (needClientCertificate != null && needClientCertificate.booleanValue())
+                || (wantClientCertificate != null && wantClientCertificate.booleanValue());
+
+        if (transports != null && transports.contains(Transport.SSL))
+        {
+            if (_broker.getKeyStores().isEmpty())
+            {
+                throw new IllegalConfigurationException("Can't create port which requires SSL as the broker has no keystore configured.");
+            }
+
+            if (_broker.getTrustStores().isEmpty() && requiresCertificate)
+            {
+                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates as the broker has no trust/peer stores configured.");
+            }
+        }
+        else
+        {
+            if (requiresCertificate)
+            {
+                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+            }
+        }
+
+        if (protocols != null && protocols.contains(Protocol.HTTPS) && _broker.getKeyStores().isEmpty())
+        {
+            throw new IllegalConfigurationException("Can't create port which requires SSL as the broker has no keystore configured.");
+        }
+
+        String authenticationProviderName = (String)merged.get(AUTHENTICATION_PROVIDER);
+        if (authenticationProviderName != null)
+        {
+            Collection<AuthenticationProvider> providers = _broker.getAuthenticationProviders();
+            AuthenticationProvider provider = null;
+            for (AuthenticationProvider p : providers)
+            {
+                if (p.getName().equals(authenticationProviderName))
+                {
+                    provider = p;
+                    break;
+                }
+            }
+
+            if (provider == null)
+            {
+                throw new IllegalConfigurationException("Cannot find authentication provider with name '"
+                        + authenticationProviderName + "'");
+            }
+        }
+        super.changeAttributes(converted);
     }
 
     @Override
author	Alex Rudyy <orudyy@apache.org>	2013-04-02 16:59:18 +0000
committer	Alex Rudyy <orudyy@apache.org>	2013-04-02 16:59:18 +0000
commit	88f4165312120d1b516aea6ad8a70adfbe434207 (patch)
tree	24bdd713d077d322ecf20970f38dd2726d08bd66 /qpid/java/broker/src
parent	5f04bb068edd8a26f57162b693fa32b10c793fa8 (diff)
download	qpid-python-88f4165312120d1b516aea6ad8a70adfbe434207.tar.gz