QPID-6068: [Java Broker] Introduce ClientAuthCapablePort into Port hierarchy to avoid validation in terms of getAttributes.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1622747 13f79535-47bb-0310-9956-ffa450edef68

8 files changed, 145 insertions, 80 deletions

diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java
new file mode 100644
index 0000000000..73413e7b8d
--- /dev/null
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.server.model.port;
+
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.ManagedAttributeField;
+import org.apache.qpid.server.model.Transport;
+
+abstract public class AbstractClientAuthCapablePortWithAuthProvider<X extends AbstractClientAuthCapablePortWithAuthProvider<X>> extends AbstractPortWithAuthProvider<X>
+        implements ClientAuthCapablePort<X>
+{
+    public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
+    public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";
+
+    @ManagedAttributeField
+    private boolean _needClientAuth;
+
+    @ManagedAttributeField
+    private boolean _wantClientAuth;
+
+    public AbstractClientAuthCapablePortWithAuthProvider(final Map<String, Object> attributes,
+                                                         final Broker<?> broker)
+    {
+        super(attributes, broker);
+    }
+
+    @Override
+    public boolean getNeedClientAuth()
+    {
+        return _needClientAuth;
+    }
+
+    @Override
+    public boolean getWantClientAuth()
+    {
+        return _wantClientAuth;
+    }
+
+    @Override
+    public void onValidate()
+    {
+        super.onValidate();
+        boolean useClientAuth = getNeedClientAuth() || getWantClientAuth();
+
+        if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty()))
+        {
+            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
+        }
+
+        boolean useTLSTransport = getTransports().contains(Transport.SSL) || getTransports().contains(Transport.WSS);
+        if(useClientAuth && !useTLSTransport)
+        {
+            throw new IllegalConfigurationException(
+                    "Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+        }
+    }
+
+    @Override
+    protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
+    {
+        super.validateChange(proxyForValidation, changedAttributes);
+        ClientAuthCapablePort<?> updated = (ClientAuthCapablePort<?>)proxyForValidation;
+
+        boolean requiresCertificate = updated.getNeedClientAuth() || updated.getWantClientAuth();
+
+        boolean usesSsl = updated.getTransports().contains(Transport.SSL);
+        if (usesSsl)
+        {
+            if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate)
+            {
+                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
+            }
+        }
+        else
+        {
+            if (requiresCertificate)
+            {
+                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+            }
+        }
+    }
+}
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
index 4932c02573..87d5889727 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
@@ -21,46 +21,22 @@
 package org.apache.qpid.server.model.port;
 
 import java.util.Map;
-import java.util.Set;
 
-import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.model.AuthenticationProvider;
 import org.apache.qpid.server.model.Broker;
-import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.ManagedAttributeField;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Transport;
 
 abstract public class AbstractPortWithAuthProvider<X extends AbstractPortWithAuthProvider<X>> extends AbstractPort<X>
 {
-    public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
-    public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";
-
     @ManagedAttributeField
     private AuthenticationProvider _authenticationProvider;
 
-    @ManagedAttributeField
-    private boolean _needClientAuth;
-
-    @ManagedAttributeField
-    private boolean _wantClientAuth;
-
     public AbstractPortWithAuthProvider(final Map<String, Object> attributes,
                                         final Broker<?> broker)
     {
         super(attributes, broker);
     }
 
-    public boolean getNeedClientAuth()
-    {
-        return _needClientAuth;
-    }
-
-    public boolean getWantClientAuth()
-    {
-        return _wantClientAuth;
-    }
-
     public AuthenticationProvider getAuthenticationProvider()
     {
         Broker<?> broker = getParent(Broker.class);
@@ -70,50 +46,4 @@ abstract public class AbstractPortWithAuthProvider<X extends AbstractPortWithAut
         }
         return _authenticationProvider;
     }
-
-    @Override
-    public void onValidate()
-    {
-        super.onValidate();
-        boolean useClientAuth = getNeedClientAuth() || getWantClientAuth();
-
-        if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty()))
-        {
-            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
-        }
-
-        boolean useTLSTransport = getTransports().contains(Transport.SSL) || getTransports().contains(Transport.WSS);
-        if(useClientAuth && !useTLSTransport)
-        {
-            throw new IllegalConfigurationException(
-                    "Can't create port which requests SSL client certificates but doesn't use SSL transport.");
-        }
-    }
-
-    @Override
-    protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
-    {
-        super.validateChange(proxyForValidation, changedAttributes);
-        Port<?> updated = (Port<?>)proxyForValidation;
-
-        boolean needClientCertificate = updated.getAttribute(NEED_CLIENT_AUTH) == null ? false : (Boolean) updated.getAttribute(NEED_CLIENT_AUTH);
-        boolean wantClientCertificate = updated.getAttribute(WANT_CLIENT_AUTH) == null ? false : (Boolean) updated.getAttribute(WANT_CLIENT_AUTH);
-        boolean requiresCertificate = needClientCertificate || wantClientCertificate;
-
-        boolean usesSsl = updated.getTransports().contains(Transport.SSL);
-        if (usesSsl)
-        {
-            if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate)
-            {
-                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
-            }
-        }
-        else
-        {
-            if (requiresCertificate)
-            {
-                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
-            }
-        }
-    }
 }
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
index 5c74beb5b7..f7eeca354a 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
@@ -32,7 +32,7 @@ import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.virtualhost.VirtualHostImpl;
 
 @ManagedObject( category = false, type = "AMQP")
-public interface AmqpPort<X extends AmqpPort<X>> extends Port<X>
+public interface AmqpPort<X extends AmqpPort<X>> extends ClientAuthCapablePort<X>
 {
     String DEFAULT_AMQP_SEND_BUFFER_SIZE = "262144";
     String DEFAULT_AMQP_RECEIVE_BUFFER_SIZE = "262144";
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
index 9a0ea3548e..fe7d419c78 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
@@ -57,7 +57,7 @@ import org.apache.qpid.server.util.ServerScopedRuntimeException;
 import org.apache.qpid.server.virtualhost.VirtualHostImpl;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
 
-public class AmqpPortImpl extends AbstractPortWithAuthProvider<AmqpPortImpl> implements AmqpPort<AmqpPortImpl>
+public class AmqpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<AmqpPortImpl> implements AmqpPort<AmqpPortImpl>
 {
 
     public static final String DEFAULT_BINDING_ADDRESS = "*";
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java
new file mode 100644
index 0000000000..4500b1510e
--- /dev/null
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.qpid.server.model.port;
+
+import org.apache.qpid.server.model.Port;
+
+
+public interface ClientAuthCapablePort<X extends Port<X>> extends Port<X>
+{
+    boolean getNeedClientAuth();
+
+    boolean getWantClientAuth();
+}
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
index d8c87fb123..7c77389a83 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
@@ -30,9 +30,8 @@ import org.apache.qpid.server.model.Protocol;
 import org.apache.qpid.server.model.Transport;
 
 @ManagedObject( category = false, type = "HTTP")
-public interface HttpPort<X extends HttpPort<X>> extends Port<X>
+public interface HttpPort<X extends HttpPort<X>> extends ClientAuthCapablePort<X>
 {
-
     String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
     String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";
 
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
index 80e79a68ca..1774f16ab6 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
@@ -20,17 +20,14 @@
  */
 package org.apache.qpid.server.model.port;
 
-import java.util.Collections;
 import java.util.Map;
-import java.util.Set;
 
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
-import org.apache.qpid.server.model.Protocol;
 import org.apache.qpid.server.model.State;
 
-public class HttpPortImpl extends AbstractPortWithAuthProvider<HttpPortImpl> implements HttpPort<HttpPortImpl>
+public class HttpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<HttpPortImpl> implements HttpPort<HttpPortImpl>
 {
     private PortManager _portManager;
 
diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
index 88425a6bab..43ccdfff70 100644
--- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
+++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
@@ -90,6 +90,12 @@ define(["dojo/_base/xhr",
 
         };
 
+        addPort._isSecure = function(currentTransport)
+        {
+          return currentTransport == "SSL" || (lang.isArray(currentTransport) && array.indexOf(currentTransport, "SSL")>=0)
+            || currentTransport == "WSS" || (lang.isArray(currentTransport) && array.indexOf(currentTransport, "WSS")>=0);
+        }
+
         addPort._convertToPort = function(formValues)
             {
                 var newPort = {};
@@ -155,7 +161,7 @@ define(["dojo/_base/xhr",
 
                     var initialTransport = transportWidget.initialValue;
                     var currentTransport = transportWidget.value;
-                    if (currentTransport == "SSL" || (lang.isArray(currentTransport) && array.indexOf(currentTransport, "SSL")>=0))
+                    if (addPort._isSecure(currentTransport))
                     {
                       newPort.needClientAuth = needClientAuth.checked;
                       newPort.wantClientAuth = wantClientAuth.checked
@@ -191,7 +197,7 @@ define(["dojo/_base/xhr",
                 var clientAuthPanel = dojo.byId("formAddPort:fieldsClientAuth");
                 var transportSSLPanelNode = dom.byId("formAddPort:fieldsTransportSSL");
 
-                if (transportType == "SSL" || (lang.isArray(transportType) && array.indexOf(transportType, "SSL")>=0))
+                if (addPort._isSecure(transportType))
                 {
                     var typeMetaData = metadata.getMetaData("Port", portType);
                     var clientAuth = "needClientAuth" in typeMetaData.attributes || "wantClientAuth" in typeMetaData.attributes;