From cb30852d99869711e44c2763553345b7ac1f993e Mon Sep 17 00:00:00 2001
From: Alex Rudyy <orudyy@apache.org>
Date: Fri, 17 May 2013 15:31:44 +0000
Subject: QPID-4858: Prevent silent use of insecure HTTP connector when HTTP
 protocol with SSL transport was requested.

Remove separate HTTPS protocol and use HTTP protocol with SSL transport for consistency with all other protocol types.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1483866 13f79535-47bb-0310-9956-ffa450edef68
---
 .../server/management/plugin/HttpManagement.java     | 18 +++++++-----------
 .../src/main/java/resources/addPort.html             |  3 +--
 .../java/resources/js/qpid/management/addPort.js     | 20 --------------------
 3 files changed, 8 insertions(+), 33 deletions(-)

(limited to 'qpid/java/broker-plugins')

diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 8e99b8d65a..d87a1755da 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -64,6 +64,7 @@ import org.apache.qpid.server.model.Protocol;
 import org.apache.qpid.server.model.Queue;
 import org.apache.qpid.server.model.Session;
 import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.TrustStore;
 import org.apache.qpid.server.model.User;
 import org.apache.qpid.server.model.VirtualHost;
@@ -206,11 +207,6 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem
         return (Integer)getAttribute(TIME_OUT);
     }
 
-    private boolean isManagementHttp(Port port)
-    {
-        return port.getProtocols().contains(Protocol.HTTP) || port.getProtocols().contains(Protocol.HTTPS);
-    }
-
     @SuppressWarnings("unchecked")
     private Server createServer(Collection<Port> ports)
     {
@@ -227,15 +223,15 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem
             {
                 continue;
             }
-            final Collection<Protocol> protocols = port.getProtocols();
+
             Connector connector = null;
 
-            //TODO: what to do if protocol HTTP and transport SSL?
-            if (protocols.contains(Protocol.HTTP))
+            Collection<Transport> transports = port.getTransports();
+            if (!transports.contains(Transport.SSL))
             {
                 connector = new SelectChannelConnector();
             }
-            else if (protocols.contains(Protocol.HTTPS))
+            else if (transports.contains(Transport.SSL))
             {
                 KeyStore keyStore = port.getKeyStore();
                 if (keyStore == null)
@@ -253,7 +249,7 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem
             }
             else
             {
-                throw new IllegalArgumentException("Unexpected protocol " + protocols);
+                throw new IllegalArgumentException("Unexpected transport on port " + port.getName() + ":" + transports);
             }
             lastPort = port.getPort();
             connector.setPort(port.getPort());
@@ -365,7 +361,7 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem
         Collection<Port> httpPorts = new HashSet<Port>();
         for (Port port : ports)
         {
-            if (isManagementHttp(port))
+            if (port.getProtocols().contains(Protocol.HTTP))
             {
                 httpPorts.add(port);
             }
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
index 8fcc4e890b..59abbadf32 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
+++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
@@ -66,9 +66,8 @@
             </div>
             <div id="formAddPort:fieldsHTTP">
                 <select id="formAddPort.protocolsHTTP" name="protocols" data-dojo-type="dijit.form.FilteringSelect"
-                    data-dojo-props="name: 'protocols', value: '', label: 'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied">
+                    data-dojo-props="name: 'protocols', value: 'HTTP', label: 'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied">
                     <option value="HTTP">HTTP</option>
-                    <option value="HTTPS">HTTPS</option>
                 </select>
             </div>
             <div id="formAddPort:transport" >
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
index 705cffe7ff..0343d3393a 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
+++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
@@ -239,17 +239,6 @@ define(["dojo/_base/xhr",
                                     }
                                     disableTransportWidget = true;
                                 }
-                                else if (newValue == "HTTP" && registry.byId("formAddPort.protocolsHTTP").value == "HTTPS")
-                                {
-                                    if  (transportWidget.value != "SSL")
-                                    {
-                                      transportWidget.set("value", "SSL");
-
-                                      // changing of transport widget value will cause the call to toggleSslWidgets
-                                      toggleSsl = false;
-                                    }
-                                    disableTransportWidget = true;
-                                }
                                 if (toggleSsl)
                                 {
                                   toggleSslWidgets(newValue, transportWidget.value);
@@ -290,15 +279,6 @@ define(["dojo/_base/xhr",
                                 registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI);
                             });
 
-                            registry.byId("formAddPort.protocolsHTTP").on("change", function(newValue){
-                                var isHTTPS = newValue == "HTTPS";
-                                var transportWidget = registry.byId("formAddPort.transports");
-                                if (isHTTPS && transportWidget.value != "SSL") {
-                                    transportWidget.set("value", "SSL");
-                                }
-                                transportWidget.set("disabled", isHTTPS);
-                            });
-
                             theForm.on("submit", function(e) {
 
                                 event.stop(e);
-- 
cgit v1.2.1