tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject svn commit: r1842950 - in /tomcat/trunk: java/org/apache/catalina/storeconfig/ webapps/docs/
Date Fri, 05 Oct 2018 17:29:22 GMT
Author: remm
Date: Fri Oct  5 17:29:22 2018
New Revision: 1842950

URL: http://svn.apache.org/viewvc?rev=1842950&view=rev
Log:
62803: Fix SSL connectors handling in storeconfig. The attribute duplication is indeed extreme.

Added:
    tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java   (with
props)
Modified:
    tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java
    tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
    tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java
    tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
    tomcat/trunk/webapps/docs/changelog.xml

Added: tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java?rev=1842950&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java (added)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java Fri Oct
 5 17:29:22 2018
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.storeconfig;
+
+import java.beans.PropertyDescriptor;
+
+import org.apache.tomcat.util.IntrospectionUtils;
+
+/**
+ * Store the Certificate attributes.
+ */
+public class CertificateStoreAppender extends StoreAppender {
+
+    @Override
+    protected Object checkAttribute(StoreDescription desc,
+            PropertyDescriptor descriptor, String attributeName, Object bean,
+            Object bean2) {
+        if (attributeName.equals("type")) {
+            return IntrospectionUtils.getProperty(bean, descriptor.getName());
+        } else {
+            return super.checkAttribute(desc, descriptor, attributeName, bean, bean2);
+        }
+    }
+
+}
\ No newline at end of file

Propchange: tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java Fri Oct  5 17:29:22
2018
@@ -41,9 +41,11 @@ public class ConnectorSF extends StoreFa
             // Store nested <UpgradeProtocol> elements
             UpgradeProtocol[] upgradeProtocols = connector.findUpgradeProtocols();
             storeElementArray(aWriter, indent, upgradeProtocols);
-            // Store nested <SSLHostConfig> elements
-            SSLHostConfig[] hostConfigs = connector.findSslHostConfigs();
-            storeElementArray(aWriter, indent, hostConfigs);
+            if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
+                // Store nested <SSLHostConfig> elements
+                SSLHostConfig[] hostConfigs = connector.findSslHostConfigs();
+                storeElementArray(aWriter, indent, hostConfigs);
+            }
         }
     }
 

Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java Fri Oct  5 17:29:22
2018
@@ -18,9 +18,11 @@
 package org.apache.catalina.storeconfig;
 
 import java.io.PrintWriter;
+import java.util.ArrayList;
 
 import org.apache.tomcat.util.net.SSLHostConfig;
 import org.apache.tomcat.util.net.SSLHostConfigCertificate;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
 import org.apache.tomcat.util.net.openssl.OpenSSLConf;
 
 /**
@@ -39,6 +41,16 @@ public class SSLHostConfigSF extends Sto
             SSLHostConfig sslHostConfig = (SSLHostConfig) aSSLHostConfig;
             // Store nested <SSLHostConfigCertificate> elements
             SSLHostConfigCertificate[] hostConfigsCertificates = sslHostConfig.getCertificates().toArray(new
SSLHostConfigCertificate[0]);
+            // Remove a possible default UNDEFINED certificate
+            if (hostConfigsCertificates.length > 1) {
+                ArrayList<SSLHostConfigCertificate> certificates = new ArrayList<>();
+                for (SSLHostConfigCertificate certificate : hostConfigsCertificates) {
+                    if (Type.UNDEFINED != certificate.getType()) {
+                        certificates.add(certificate);
+                    }
+                }
+                hostConfigsCertificates = certificates.toArray(new SSLHostConfigCertificate[0]);
+            }
             storeElementArray(aWriter, indent, hostConfigsCertificates);
             // Store nested <OpenSSLConf> element
             OpenSSLConf openSslConf = sslHostConfig.getOpenSslConf();

Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java Fri Oct  5 17:29:22
2018
@@ -230,29 +230,10 @@ public class StoreAppender {
         // Create blank instance
         Object bean2 = defaultInstance(bean);
         for (int i = 0; i < descriptors.length; i++) {
-            if (descriptors[i] instanceof IndexedPropertyDescriptor) {
-                continue; // Indexed properties are not persisted
+            Object value = checkAttribute(desc, descriptors[i], descriptors[i].getName(),
bean, bean2);
+            if (value != null) {
+                printAttribute(writer, indent, bean, desc, descriptors[i].getName(), bean2,
value);
             }
-            if (!isPersistable(descriptors[i].getPropertyType())
-                    || (descriptors[i].getReadMethod() == null)
-                    || (descriptors[i].getWriteMethod() == null)) {
-                continue; // Must be a read-write primitive or String
-            }
-            if (desc.isTransientAttribute(descriptors[i].getName())) {
-                continue; // Skip the specified exceptions
-            }
-            Object value = IntrospectionUtils.getProperty(bean, descriptors[i]
-                    .getName());
-            if (value == null) {
-                continue; // Null values are not persisted
-            }
-            Object value2 = IntrospectionUtils.getProperty(bean2,
-                    descriptors[i].getName());
-            if (value.equals(value2)) {
-                // The property has its default value
-                continue;
-            }
-            printAttribute(writer, indent, bean, desc, descriptors[i].getName(), bean2, value);
         }
 
         if (bean instanceof ResourceBase) {
@@ -273,6 +254,39 @@ public class StoreAppender {
     }
 
     /**
+     * Check if the attribute should be printed.
+     * @param desc RegistryDescriptor from this bean
+     * @param descriptor PropertyDescriptor from this bean property
+     * @param attributeName The attribute name to store
+     * @param bean The current bean
+     * @param bean2 A default instance of the bean for comparison
+     * @return null if the value should be skipped, the value to print otherwise
+     */
+    protected Object checkAttribute(StoreDescription desc, PropertyDescriptor descriptor,
String attributeName, Object bean, Object bean2) {
+        if (descriptor instanceof IndexedPropertyDescriptor) {
+            return null; // Indexed properties are not persisted
+        }
+        if (!isPersistable(descriptor.getPropertyType())
+                || (descriptor.getReadMethod() == null)
+                || (descriptor.getWriteMethod() == null)) {
+            return null; // Must be a read-write primitive or String
+        }
+        if (desc.isTransientAttribute(descriptor.getName())) {
+            return null; // Skip the specified exceptions
+        }
+        Object value = IntrospectionUtils.getProperty(bean, descriptor.getName());
+        if (value == null) {
+            return null; // Null values are not persisted
+        }
+        Object value2 = IntrospectionUtils.getProperty(bean2, descriptor.getName());
+        if (value.equals(value2)) {
+            // The property has its default value
+            return null;
+        }
+        return value;
+    }
+
+    /**
      * Store the specified of the specified JavaBean.
      *
      * @param writer PrintWriter to which we are storing
@@ -303,15 +317,7 @@ public class StoreAppender {
      */
     public boolean isPrintValue(Object bean, Object bean2, String attrName,
             StoreDescription desc) {
-        boolean printValue = false;
-
-        Object value = IntrospectionUtils.getProperty(bean, attrName);
-        if (value != null) {
-            Object value2 = IntrospectionUtils.getProperty(bean2, attrName);
-            printValue = !value.equals(value2);
-
-        }
-        return printValue;
+        return true;
     }
 
     /**

Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml Fri Oct  5 17:29:22
2018
@@ -102,6 +102,42 @@
         <TransientAttribute>URIEncoding</TransientAttribute>
         <TransientAttribute>maxProcessor</TransientAttribute>
         <TransientAttribute>minProcessor</TransientAttribute>
+        <!-- All attribute duplicated from the SSLHostConfig, may be removed in Tomcat
10 -->
+        <TransientAttribute>SSLProtocol</TransientAttribute>
+        <TransientAttribute>sslEnabledProtocols</TransientAttribute>
+        <TransientAttribute>SSLCipherSuite</TransientAttribute>
+        <TransientAttribute>ciphers</TransientAttribute>
+        <TransientAttribute>SSLCertificateChainFile</TransientAttribute>
+        <TransientAttribute>SSLCertificateFile</TransientAttribute>
+        <TransientAttribute>keyAlias</TransientAttribute>
+        <TransientAttribute>SSLCertificateKeyFile</TransientAttribute>
+        <TransientAttribute>keyPass</TransientAttribute>
+        <TransientAttribute>SSLPassword</TransientAttribute>
+        <TransientAttribute>keystoreFile</TransientAttribute>
+        <TransientAttribute>keystorePass</TransientAttribute>
+        <TransientAttribute>keystoreProvider</TransientAttribute>
+        <TransientAttribute>keystoreType</TransientAttribute>
+        <TransientAttribute>SSLCACertificateFile</TransientAttribute>
+        <TransientAttribute>SSLCACertificatePath</TransientAttribute>
+        <TransientAttribute>crlFile</TransientAttribute>
+        <TransientAttribute>SSLCARevocationFile</TransientAttribute>
+        <TransientAttribute>SSLCARevocationPath</TransientAttribute>
+        <TransientAttribute>SSLDisableCompression</TransientAttribute>
+        <TransientAttribute>SSLDisableSessionTickets</TransientAttribute>
+        <TransientAttribute>SSLDisableCompression</TransientAttribute>
+        <TransientAttribute>SSLHonorCipherOrder</TransientAttribute>
+        <TransientAttribute>useServerCipherSuitesOrder</TransientAttribute>
+        <TransientAttribute>algorithm</TransientAttribute>
+        <TransientAttribute>sslContext</TransientAttribute>
+        <TransientAttribute>sessionCacheSize</TransientAttribute>
+        <TransientAttribute>sessionTimeout</TransientAttribute>
+        <TransientAttribute>sslProtocol</TransientAttribute>
+        <TransientAttribute>trustManagerClassName</TransientAttribute>
+        <TransientAttribute>truststoreAlgorithm</TransientAttribute>
+        <TransientAttribute>truststoreFile</TransientAttribute>
+        <TransientAttribute>truststorePass</TransientAttribute>
+        <TransientAttribute>truststoreProvider</TransientAttribute>
+        <TransientAttribute>truststoreType</TransientAttribute>
      </Description>
      <Description
         tag="UpgradeProtocol"
@@ -120,6 +156,16 @@
         storeFactoryClass="org.apache.catalina.storeconfig.SSLHostConfigSF">
         <TransientAttribute>openSslContext</TransientAttribute>
         <TransientAttribute>openSslConfContext</TransientAttribute>
+        <!-- All attribute duplicated from the Certificate, may be removed in Tomcat 10
-->
+        <TransientAttribute>certificateChainFile</TransientAttribute>
+        <TransientAttribute>certificateFile</TransientAttribute>
+        <TransientAttribute>certificateKeyAlias</TransientAttribute>
+        <TransientAttribute>certificateKeyFile</TransientAttribute>
+        <TransientAttribute>certificateKeyPassword</TransientAttribute>
+        <TransientAttribute>certificateKeystoreFile</TransientAttribute>
+        <TransientAttribute>certificateKeystorePassword</TransientAttribute>
+        <TransientAttribute>certificateKeystoreProvider</TransientAttribute>
+        <TransientAttribute>certificateKeystoreType</TransientAttribute>
      </Description>
      <Description
         tag="Certificate"
@@ -127,7 +173,8 @@
         default="true"
         tagClass="org.apache.tomcat.util.net.SSLHostConfigCertificate"
         children="false"
-        storeFactoryClass="org.apache.catalina.storeconfig.StoreFactoryBase">
+        storeFactoryClass="org.apache.catalina.storeconfig.StoreFactoryBase"
+        storeAppenderClass="org.apache.catalina.storeconfig.CertificateStoreAppender">
      </Description>
      <Description
         tag="OpenSSLConf"

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Oct  5 17:29:22 2018
@@ -92,6 +92,10 @@
         Ensure that a canonical path is always used for the docBase of a Context
         to ensure consistent behaviour. (markt)
       </fix>
+      <fix>
+        <bug>62803</bug>: Fix SSL connector configuration processing
+        in storeconfig. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message