qpid-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	oru...@apache.org
Subject	[qpid-broker-j] branch 7.1.x updated: QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client
Date	Wed, 09 Dec 2020 00:01:27 GMT
This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git The following commit(s) were added to refs/heads/7.1.x by this push: new 91d0578 QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client 91d0578 is described below commit 91d0578e03580a1cc509b92f3a7a9533e49a59ff Author: aw924 <daniil.kirilyuk@deutsche-boerse.com> AuthorDate: Tue Dec 8 16:31:13 2020 +0100 QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client This closes #74 --- .../NonBlockingConnectionTLSDelegate.java \| 2 +- .../transport/network/security/ssl/SSLUtil.java \| 28 +++++++++++++++++++++- .../org/apache/qpid/server/transport/SNITest.java \| 9 ++++++- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java index 3e52716..c1eb6de 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java @@ -102,7 +102,7 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe { _parent.setSelectedHost(hostName); SSLParameters sslParameters = _sslEngine.getSSLParameters(); - sslParameters.setServerNames(Collections.singletonList(new SNIHostName(hostName))); + sslParameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(hostName))); _sslEngine.setSSLParameters(sslParameters); } _hostChecked = true; diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java index 01c11d3..7543083 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java @@ -75,6 +75,8 @@ import javax.net.ssl.StandardConstants; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; + +import org.apache.qpid.server.util.ConnectionScopedRuntimeException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -880,7 +882,7 @@ public class SSLUtil if (code == StandardConstants.SNI_HOST_NAME) { - return new SNIHostName(encoded).getAsciiName(); + return createSNIHostName(encoded).getAsciiName(); } extensionDataRemaining -= serverNameLength + 3; } @@ -1048,6 +1050,30 @@ public class SSLUtil return certificates; } + public static SNIHostName createSNIHostName(String hostName) + { + try + { + return new SNIHostName(hostName); + } + catch (IllegalArgumentException e) + { + throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from string '" + hostName + "'", e); + } + } + + public static SNIHostName createSNIHostName(byte[] hostName) + { + try + { + return new SNIHostName(hostName); + } + catch (IllegalArgumentException e) + { + throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from byte array '" + new String(hostName) + "'", e); + } + } + public interface KeyCertPair { PrivateKey getPrivateKey(); diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java index 8039e5a..0be0a48 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java @@ -44,6 +44,7 @@ import javax.net.ssl.X509TrustManager; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.qpid.server.util.ConnectionScopedRuntimeException; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -188,6 +189,12 @@ public class SNITest extends UnitTestBase performTest(false, "fooinvalid", "foo", _fooInvalid); } + @Test(expected = ConnectionScopedRuntimeException.class) + public void testInvalidHostname() throws Exception + { + performTest(false, "fooinvalid", "_foo", _fooInvalid); + } + private void performTest(final boolean useMatching, final String defaultAlias, @@ -228,7 +235,7 @@ public class SNITest extends UnitTestBase SSLParameters parameters = socket.getSSLParameters(); if (sniHostName != null) { - parameters.setServerNames(Collections.singletonList(new SNIHostName(sniHostName))); + parameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(sniHostName))); } socket.setSSLParameters(parameters); InetSocketAddress address = new InetSocketAddress("localhost", _boundPort); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org
Mime	Unnamed text/plain (inline, 8-Bit, 5942 bytes)
	View raw message