Example 1 with OpenSSLConfCmd
use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.
the class OpenSSLContext method applyConf.
private boolean applyConf(OpenSSLConf conf) throws Exception {
boolean result = true;
// SSLConf.assign(confCtx, sslCtx);
SSL_CONF_CTX_set_ssl_ctx(state.confCtx, state.sslCtx);
OpenSSLConfCmd cmd;
String name;
String value;
int rc;
for (OpenSSLConfCmd command : conf.getCommands()) {
cmd = command;
name = cmd.getName();
value = cmd.getValue();
if (name == null) {
log.error(sm.getString("opensslconf.noCommandName", value));
result = false;
continue;
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.applyCommand", name, value));
}
try (var scope = ResourceScope.newConfinedScope()) {
// rc = SSLConf.apply(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
noOcspCheck = Boolean.valueOf(value);
rc = 1;
} else {
var allocator = SegmentAllocator.ofScope(scope);
rc = SSL_CONF_cmd(state.confCtx, CLinker.toCString(name, scope), CLinker.toCString(value, scope));
long errCode = ERR_get_error();
if (rc <= 0 || errCode != 0) {
var buf = allocator.allocateArray(CLinker.C_CHAR, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("opensslconf.commandError", name, value, CLinker.toJavaString(buf)));
rc = 0;
}
}
} catch (Exception e) {
log.error(sm.getString("opensslconf.applyFailed"));
return false;
}
if (rc <= 0) {
log.error(sm.getString("opensslconf.failedCommand", name, value, Integer.toString(rc)));
result = false;
} else if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.resultCommand", name, value, Integer.toString(rc)));
}
}
// rc = SSLConf.finish(confCtx);
rc = SSL_CONF_CTX_finish(state.confCtx);
if (rc <= 0) {
log.error(sm.getString("opensslconf.finishFailed", Integer.toString(rc)));
result = false;
}
if (!result) {
log.error(sm.getString("opensslconf.applyFailed"));
}
return result;
}
Also used :
OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)
AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
Example 2 with OpenSSLConfCmd
use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.
the class TestSSLHostConfig method testSerialization.
@Test
public void testSerialization() throws IOException, ClassNotFoundException {
// Dummy OpenSSL command name/value pair
String name = "foo";
String value = "bar";
// Set up the object
SSLHostConfig sslHostConfig = new SSLHostConfig();
OpenSSLConf openSSLConf = new OpenSSLConf();
OpenSSLConfCmd openSSLConfCmd = new OpenSSLConfCmd();
openSSLConfCmd.setName(name);
openSSLConfCmd.setValue(value);
openSSLConf.addCmd(openSSLConfCmd);
sslHostConfig.setOpenSslConf(openSSLConf);
// Serialize
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(sslHostConfig);
oos.close();
// Deserialize
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bais);
SSLHostConfig output = (SSLHostConfig) ois.readObject();
// Check values
List<OpenSSLConfCmd> commands = output.getOpenSslConf().getCommands();
Assert.assertEquals(1, commands.size());
OpenSSLConfCmd command = commands.get(0);
Assert.assertEquals(name, command.getName());
Assert.assertEquals(value, command.getValue());
}
Also used :
OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)
ByteArrayInputStream(java.io.ByteArrayInputStream)
OpenSSLConf(org.apache.tomcat.util.net.openssl.OpenSSLConf)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ObjectOutputStream(java.io.ObjectOutputStream)
ObjectInputStream(java.io.ObjectInputStream)
Test(org.junit.Test)
Example 3 with OpenSSLConfCmd
use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.
the class OpenSSLConfSF method storeChildren.
/**
* Store nested OpenSSLConfCmd elements.
* {@inheritDoc}
*/
@Override
public void storeChildren(PrintWriter aWriter, int indent, Object aOpenSSLConf, StoreDescription parentDesc) throws Exception {
if (aOpenSSLConf instanceof OpenSSLConf) {
OpenSSLConf openSslConf = (OpenSSLConf) aOpenSSLConf;
// Store nested <OpenSSLConfCmd> elements
OpenSSLConfCmd[] openSSLConfCmds = openSslConf.getCommands().toArray(new OpenSSLConfCmd[0]);
storeElementArray(aWriter, indent + 2, openSSLConfCmds);
}
}
Also used :
OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)
OpenSSLConf(org.apache.tomcat.util.net.openssl.OpenSSLConf)
Example 4 with OpenSSLConfCmd
use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.
the class OpenSSLContext method checkConf.
private boolean checkConf(OpenSSLConf conf) throws Exception {
boolean result = true;
OpenSSLConfCmd cmd;
String name;
String value;
int rc;
for (OpenSSLConfCmd command : conf.getCommands()) {
cmd = command;
name = cmd.getName();
value = cmd.getValue();
if (name == null) {
log.error(sm.getString("opensslconf.noCommandName", value));
result = false;
continue;
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.checkCommand", name, value));
}
try (var scope = ResourceScope.newConfinedScope()) {
// rc = SSLConf.check(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
rc = 1;
} else {
var allocator = SegmentAllocator.ofScope(scope);
int code = SSL_CONF_cmd_value_type(state.confCtx, CLinker.toCString(name, scope));
rc = 1;
long errCode = ERR_get_error();
if (errCode != 0) {
var buf = allocator.allocateArray(CLinker.C_CHAR, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("opensslconf.checkFailed", CLinker.toJavaString(buf)));
rc = 0;
}
if (code == SSL_CONF_TYPE_UNKNOWN()) {
log.error(sm.getString("opensslconf.typeUnknown", name));
rc = 0;
}
if (code == SSL_CONF_TYPE_FILE()) {
// Check file
File file = new File(value);
if (!file.isFile() && !file.canRead()) {
log.error(sm.getString("opensslconf.badFile", name, value));
rc = 0;
}
}
if (code == SSL_CONF_TYPE_DIR()) {
// Check dir
File file = new File(value);
if (!file.isDirectory()) {
log.error(sm.getString("opensslconf.badDirectory", name, value));
rc = 0;
}
}
}
} catch (Exception e) {
log.error(sm.getString("opensslconf.checkFailed", e.getLocalizedMessage()));
return false;
}
if (rc <= 0) {
log.error(sm.getString("opensslconf.failedCommand", name, value, Integer.toString(rc)));
result = false;
} else if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.resultCommand", name, value, Integer.toString(rc)));
}
}
if (!result) {
log.error(sm.getString("opensslconf.checkFailed"));
}
return result;
}
Also used :
OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)
File(java.io.File)
AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
Aggregations
OpenSSLConfCmd (org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)4
CertificateException (java.security.cert.CertificateException)2
SSLException (javax.net.ssl.SSLException)2
AbstractEndpoint (org.apache.tomcat.util.net.AbstractEndpoint)2
OpenSSLConf (org.apache.tomcat.util.net.openssl.OpenSSLConf)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
File (java.io.File)1
ObjectInputStream (java.io.ObjectInputStream)1
ObjectOutputStream (java.io.ObjectOutputStream)1
Test (org.junit.Test)1
