Search in sources :

Example 1 with OpenSSLConfCmd

use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.

the class OpenSSLContext method applyConf.

private boolean applyConf(OpenSSLConf conf) throws Exception {
    boolean result = true;
    // SSLConf.assign(confCtx, sslCtx);
    SSL_CONF_CTX_set_ssl_ctx(state.confCtx, state.sslCtx);
    OpenSSLConfCmd cmd;
    String name;
    String value;
    int rc;
    for (OpenSSLConfCmd command : conf.getCommands()) {
        cmd = command;
        name = cmd.getName();
        value = cmd.getValue();
        if (name == null) {
            log.error(sm.getString("opensslconf.noCommandName", value));
            result = false;
            continue;
        }
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("opensslconf.applyCommand", name, value));
        }
        try (var scope = ResourceScope.newConfinedScope()) {
            // rc = SSLConf.apply(confCtx, name, value);
            if (name.equals("NO_OCSP_CHECK")) {
                noOcspCheck = Boolean.valueOf(value);
                rc = 1;
            } else {
                var allocator = SegmentAllocator.ofScope(scope);
                rc = SSL_CONF_cmd(state.confCtx, CLinker.toCString(name, scope), CLinker.toCString(value, scope));
                long errCode = ERR_get_error();
                if (rc <= 0 || errCode != 0) {
                    var buf = allocator.allocateArray(CLinker.C_CHAR, new byte[128]);
                    ERR_error_string(errCode, buf);
                    log.error(sm.getString("opensslconf.commandError", name, value, CLinker.toJavaString(buf)));
                    rc = 0;
                }
            }
        } catch (Exception e) {
            log.error(sm.getString("opensslconf.applyFailed"));
            return false;
        }
        if (rc <= 0) {
            log.error(sm.getString("opensslconf.failedCommand", name, value, Integer.toString(rc)));
            result = false;
        } else if (log.isDebugEnabled()) {
            log.debug(sm.getString("opensslconf.resultCommand", name, value, Integer.toString(rc)));
        }
    }
    // rc = SSLConf.finish(confCtx);
    rc = SSL_CONF_CTX_finish(state.confCtx);
    if (rc <= 0) {
        log.error(sm.getString("opensslconf.finishFailed", Integer.toString(rc)));
        result = false;
    }
    if (!result) {
        log.error(sm.getString("opensslconf.applyFailed"));
    }
    return result;
}
Also used : OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd) AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException)

Example 2 with OpenSSLConfCmd

use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.

the class TestSSLHostConfig method testSerialization.

@Test
public void testSerialization() throws IOException, ClassNotFoundException {
    // Dummy OpenSSL command name/value pair
    String name = "foo";
    String value = "bar";
    // Set up the object
    SSLHostConfig sslHostConfig = new SSLHostConfig();
    OpenSSLConf openSSLConf = new OpenSSLConf();
    OpenSSLConfCmd openSSLConfCmd = new OpenSSLConfCmd();
    openSSLConfCmd.setName(name);
    openSSLConfCmd.setValue(value);
    openSSLConf.addCmd(openSSLConfCmd);
    sslHostConfig.setOpenSslConf(openSSLConf);
    // Serialize
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(baos);
    oos.writeObject(sslHostConfig);
    oos.close();
    // Deserialize
    ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
    ObjectInputStream ois = new ObjectInputStream(bais);
    SSLHostConfig output = (SSLHostConfig) ois.readObject();
    // Check values
    List<OpenSSLConfCmd> commands = output.getOpenSslConf().getCommands();
    Assert.assertEquals(1, commands.size());
    OpenSSLConfCmd command = commands.get(0);
    Assert.assertEquals(name, command.getName());
    Assert.assertEquals(value, command.getValue());
}
Also used : OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd) ByteArrayInputStream(java.io.ByteArrayInputStream) OpenSSLConf(org.apache.tomcat.util.net.openssl.OpenSSLConf) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) ObjectInputStream(java.io.ObjectInputStream) Test(org.junit.Test)

Example 3 with OpenSSLConfCmd

use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.

the class OpenSSLConfSF method storeChildren.

/**
 * Store nested OpenSSLConfCmd elements.
 * {@inheritDoc}
 */
@Override
public void storeChildren(PrintWriter aWriter, int indent, Object aOpenSSLConf, StoreDescription parentDesc) throws Exception {
    if (aOpenSSLConf instanceof OpenSSLConf) {
        OpenSSLConf openSslConf = (OpenSSLConf) aOpenSSLConf;
        // Store nested <OpenSSLConfCmd> elements
        OpenSSLConfCmd[] openSSLConfCmds = openSslConf.getCommands().toArray(new OpenSSLConfCmd[0]);
        storeElementArray(aWriter, indent + 2, openSSLConfCmds);
    }
}
Also used : OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd) OpenSSLConf(org.apache.tomcat.util.net.openssl.OpenSSLConf)

Example 4 with OpenSSLConfCmd

use of org.apache.tomcat.util.net.openssl.OpenSSLConfCmd in project tomcat by apache.

the class OpenSSLContext method checkConf.

private boolean checkConf(OpenSSLConf conf) throws Exception {
    boolean result = true;
    OpenSSLConfCmd cmd;
    String name;
    String value;
    int rc;
    for (OpenSSLConfCmd command : conf.getCommands()) {
        cmd = command;
        name = cmd.getName();
        value = cmd.getValue();
        if (name == null) {
            log.error(sm.getString("opensslconf.noCommandName", value));
            result = false;
            continue;
        }
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("opensslconf.checkCommand", name, value));
        }
        try (var scope = ResourceScope.newConfinedScope()) {
            // rc = SSLConf.check(confCtx, name, value);
            if (name.equals("NO_OCSP_CHECK")) {
                rc = 1;
            } else {
                var allocator = SegmentAllocator.ofScope(scope);
                int code = SSL_CONF_cmd_value_type(state.confCtx, CLinker.toCString(name, scope));
                rc = 1;
                long errCode = ERR_get_error();
                if (errCode != 0) {
                    var buf = allocator.allocateArray(CLinker.C_CHAR, new byte[128]);
                    ERR_error_string(errCode, buf);
                    log.error(sm.getString("opensslconf.checkFailed", CLinker.toJavaString(buf)));
                    rc = 0;
                }
                if (code == SSL_CONF_TYPE_UNKNOWN()) {
                    log.error(sm.getString("opensslconf.typeUnknown", name));
                    rc = 0;
                }
                if (code == SSL_CONF_TYPE_FILE()) {
                    // Check file
                    File file = new File(value);
                    if (!file.isFile() && !file.canRead()) {
                        log.error(sm.getString("opensslconf.badFile", name, value));
                        rc = 0;
                    }
                }
                if (code == SSL_CONF_TYPE_DIR()) {
                    // Check dir
                    File file = new File(value);
                    if (!file.isDirectory()) {
                        log.error(sm.getString("opensslconf.badDirectory", name, value));
                        rc = 0;
                    }
                }
            }
        } catch (Exception e) {
            log.error(sm.getString("opensslconf.checkFailed", e.getLocalizedMessage()));
            return false;
        }
        if (rc <= 0) {
            log.error(sm.getString("opensslconf.failedCommand", name, value, Integer.toString(rc)));
            result = false;
        } else if (log.isDebugEnabled()) {
            log.debug(sm.getString("opensslconf.resultCommand", name, value, Integer.toString(rc)));
        }
    }
    if (!result) {
        log.error(sm.getString("opensslconf.checkFailed"));
    }
    return result;
}
Also used : OpenSSLConfCmd(org.apache.tomcat.util.net.openssl.OpenSSLConfCmd) File(java.io.File) AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException)

Aggregations

OpenSSLConfCmd (org.apache.tomcat.util.net.openssl.OpenSSLConfCmd)4 CertificateException (java.security.cert.CertificateException)2 SSLException (javax.net.ssl.SSLException)2 AbstractEndpoint (org.apache.tomcat.util.net.AbstractEndpoint)2 OpenSSLConf (org.apache.tomcat.util.net.openssl.OpenSSLConf)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1 ObjectInputStream (java.io.ObjectInputStream)1 ObjectOutputStream (java.io.ObjectOutputStream)1 Test (org.junit.Test)1