From 15b97238f3a5a0e5a76838e3326fff6da86b56d2 Mon Sep 17 00:00:00 2001 From: Alex Rudyy Date: Fri, 17 May 2013 15:31:44 +0000 Subject: QPID-4858: Prevent silent use of insecure HTTP connector when HTTP protocol with SSL transport was requested. Remove separate HTTPS protocol and use HTTP protocol with SSL transport for consistency with all other protocol types. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1483866 13f79535-47bb-0310-9956-ffa450edef68 --- .../qpid/server/configuration/store/ManagementModeStoreHandler.java | 1 - .../broker/src/main/java/org/apache/qpid/server/model/Protocol.java | 1 - .../main/java/org/apache/qpid/server/model/adapter/PortAdapter.java | 6 ------ .../main/java/org/apache/qpid/server/model/adapter/PortFactory.java | 4 ++-- 4 files changed, 2 insertions(+), 10 deletions(-) (limited to 'java/broker') diff --git a/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java b/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java index 574fe1ae2c..639f3cd5c4 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java +++ b/java/broker/src/main/java/org/apache/qpid/server/configuration/store/ManagementModeStoreHandler.java @@ -298,7 +298,6 @@ public class ManagementModeStoreHandler implements ConfigurationEntryStore quiesce = managementModeRmiPortOverride > 0; break; case HTTP: - case HTTPS: quiesce = managementModeHttpPortOverride > 0; break; default: diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java b/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java index 6cd5eb23a4..e9d50fbc59 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/Protocol.java @@ -34,7 +34,6 @@ public enum Protocol AMQP_1_0(ProtocolType.AMQP), JMX_RMI(ProtocolType.JMX), HTTP(ProtocolType.HTTP), - HTTPS(ProtocolType.HTTP), RMI(ProtocolType.RMI); private final ProtocolType _protocolType; diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java index de6ae06b94..0547f961d0 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java @@ -411,7 +411,6 @@ public class PortAdapter extends AbstractAdapter implements Port || (wantClientCertificate != null && wantClientCertificate.booleanValue()); String keyStoreName = (String) merged.get(KEY_STORE); - boolean hasKeyStore = keyStoreName != null; if(keyStoreName != null) { if (_broker.findKeyStoreByName(keyStoreName) == null) @@ -454,11 +453,6 @@ public class PortAdapter extends AbstractAdapter implements Port } } - if (protocols != null && protocols.contains(Protocol.HTTPS) && !hasKeyStore) - { - throw new IllegalConfigurationException("Can't create port which requires SSL but has no key store configured."); - } - if (protocols != null && protocols.contains(Protocol.RMI) && usesSsl) { throw new IllegalConfigurationException("Can't create RMI Registry port which requires SSL."); diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java index 2efe189d73..8dc446e5b2 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java @@ -124,7 +124,7 @@ public class PortFactory } Protocol protocol = protocols.iterator().next(); - if(!broker.isManagementMode()) + if(!broker.isManagementMode() && protocol.getProtocolType() != ProtocolType.HTTP) { //ManagementMode needs this relaxed to allow its overriding management ports to be inserted. @@ -150,7 +150,7 @@ public class PortFactory } } - if(port.getTransports().contains(Transport.SSL) || port.getProtocols().contains(Protocol.HTTPS)) + if(port.getTransports().contains(Transport.SSL)) { if(port.getKeyStore() == null) { -- cgit v1.2.1