From commits-return-50754-archive-asf-public=cust-asf.ponee.io@qpid.apache.org Tue Dec 8 21:14:04 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id 161F618064A for ; Tue, 8 Dec 2020 22:14:04 +0100 (CET) Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id 790F666FF2 for ; Tue, 8 Dec 2020 21:14:03 +0000 (UTC) Received: (qmail 75006 invoked by uid 500); 8 Dec 2020 21:14:02 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 74997 invoked by uid 99); 8 Dec 2020 21:14:02 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Dec 2020 21:14:02 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 9552281ADE; Tue, 8 Dec 2020 21:14:02 +0000 (UTC) Date: Tue, 08 Dec 2020 21:14:02 +0000 To: "commits@qpid.apache.org" Subject: [qpid-broker-j] branch master updated: QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <160746204253.23295.1994642865488229217@gitbox.apache.org> From: orudyy@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: qpid-broker-j X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: fbac750e3f6170acd9518216c6d4b23fafed4b8a X-Git-Newrev: 8ee2aeec3c33435ee392e887d02079eb8f2172d4 X-Git-Rev: 8ee2aeec3c33435ee392e887d02079eb8f2172d4 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git The following commit(s) were added to refs/heads/master by this push: new 8ee2aee QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client 8ee2aee is described below commit 8ee2aeec3c33435ee392e887d02079eb8f2172d4 Author: aw924 AuthorDate: Tue Dec 8 16:31:13 2020 +0100 QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client This closes #74 --- .../NonBlockingConnectionTLSDelegate.java | 2 +- .../transport/network/security/ssl/SSLUtil.java | 27 +++++++++++++++++++++- .../org/apache/qpid/server/transport/SNITest.java | 9 +++++++- 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java index 747e0c4..f8be138 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java @@ -102,7 +102,7 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe { _parent.setSelectedHost(hostName); SSLParameters sslParameters = _sslEngine.getSSLParameters(); - sslParameters.setServerNames(Collections.singletonList(new SNIHostName(hostName))); + sslParameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(hostName))); _sslEngine.setSSLParameters(sslParameters); } _hostChecked = true; diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java index 1baec00..dc31b20 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java @@ -75,6 +75,7 @@ import javax.net.ssl.StandardConstants; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; +import org.apache.qpid.server.util.ConnectionScopedRuntimeException; import org.apache.qpid.server.util.ServerScopedRuntimeException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -897,7 +898,7 @@ public class SSLUtil if (code == StandardConstants.SNI_HOST_NAME) { - return new SNIHostName(encoded).getAsciiName(); + return createSNIHostName(encoded).getAsciiName(); } extensionDataRemaining -= serverNameLength + 3; } @@ -1065,6 +1066,30 @@ public class SSLUtil return certificates; } + public static SNIHostName createSNIHostName(String hostName) + { + try + { + return new SNIHostName(hostName); + } + catch (IllegalArgumentException e) + { + throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from string '" + hostName + "'", e); + } + } + + public static SNIHostName createSNIHostName(byte[] hostName) + { + try + { + return new SNIHostName(hostName); + } + catch (IllegalArgumentException e) + { + throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from byte array '" + new String(hostName) + "'", e); + } + } + public interface KeyCertPair { PrivateKey getPrivateKey(); diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java index 6a08ee4..e567573 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java @@ -42,6 +42,7 @@ import javax.net.ssl.X509TrustManager; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.qpid.server.util.ConnectionScopedRuntimeException; import org.junit.After; import org.junit.Before; import org.junit.ClassRule; @@ -156,6 +157,12 @@ public class SNITest extends UnitTestBase performTest(false, "fooinvalid", "foo", _fooInvalid); } + @Test(expected = ConnectionScopedRuntimeException.class) + public void testInvalidHostname() throws Exception + { + performTest(false, "fooinvalid", "_foo", _fooInvalid); + } + private void performTest(final boolean useMatching, final String defaultAlias, @@ -194,7 +201,7 @@ public class SNITest extends UnitTestBase SSLParameters parameters = socket.getSSLParameters(); if (sniHostName != null) { - parameters.setServerNames(Collections.singletonList(new SNIHostName(sniHostName))); + parameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(sniHostName))); } socket.setSSLParameters(parameters); InetSocketAddress address = new InetSocketAddress("localhost", _boundPort); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org