Author: csutherl Date: Wed Jan 24 19:45:00 2018 New Revision: 1822150 URL: http://svn.apache.org/viewvc?rev=1822150&view=rev Log: Fixed https://bz.apache.org/bugzilla/show_bug.cgi?id=62032 Fix NullPointerException when certificateFile is not defined on an SSLHostConfig and unify the behavior when a certificateFile is defined but the file does not exist for both JKS and PEM file types.
I also fixed one TODO in SSLHostConfig and changed how the IllegalArgumentException is thrown in AbstractJsseEndpoint so that it's message is consistent with other logging messages. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed Jan 24 19:45:00 2018 @@ -111,7 +111,7 @@ public abstract class AbstractJsseEndpoi sslContext = sslUtil.createSSLContext(negotiableProtocols); sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null); } catch (Exception e) { - throw new IllegalArgumentException(e); + throw new IllegalArgumentException(e.getMessage(), e); } SSLSessionContext sessionContext = sslContext.getServerSessionContext(); Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Wed Jan 24 19:45:00 2018 @@ -146,6 +146,7 @@ sslHostConfig.prefix_missing=The protoco sslHostConfigCertificate.mismatch=The property [{0}] was set on the SSLHostConfigCertificate named [{1}] and is for certificate storage type [{2}] but the certificate is being used with a storage of type [{3}] sslHostConfig.opensslconf.null=Attempt to set null OpenSSLConf ignored sslHostConfig.opensslconf.alreadyset=Attempt to set another OpenSSLConf ignored +sslHostConfig.fileNotFound=Configured file [{0}] does not exist sslImplementation.cnfe= Unable to create SSLImplementation for class [{0}] Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Wed Jan 24 19:45:00 2018 @@ -17,6 +17,7 @@ package org.apache.tomcat.util.net; import java.io.File; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.Serializable; import java.security.KeyStore; @@ -824,7 +825,7 @@ public class SSLHostConfig implements Se // --------------------------------------------------------- Support methods - public static String adjustRelativePath(String path) { + public static String adjustRelativePath(String path) throws FileNotFoundException { // Empty or null path can't point to anything useful. The assumption is // that the value is deliberately empty / null so leave it that way. if (path == null || path.length() == 0) { @@ -837,8 +838,7 @@ public class SSLHostConfig implements Se f = new File(newPath); } if (!f.exists()) { - // TODO i18n, sm - log.warn("configured file:["+newPath+"] does not exist."); + throw new FileNotFoundException(sm.getString("sslHostConfig.fileNotFound", newPath)); } return newPath; } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Wed Jan 24 19:45:00 2018 @@ -138,8 +138,6 @@ public abstract class SSLUtilBase implem } ks.load(istream, storePass); } catch (FileNotFoundException fnfe) { - log.error(sm.getString("jsse.keystore_load_failed", type, path, - fnfe.getMessage()), fnfe); throw fnfe; } catch (IOException ioe) { // May be expected when working with a trust store Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Wed Jan 24 19:45:00 2018 @@ -199,6 +199,10 @@ public class JSSEUtil extends SSLUtilBas char[] keyPassArray = keyPass.toCharArray(); if (ks == null) { + if (certificate.getCertificateFile() == null) { + throw new IOException(sm.getString("jsse.noCertFile")); + } + PEMFile privateKeyFile = new PEMFile(SSLHostConfig.adjustRelativePath (certificate.getCertificateKeyFile() != null ? certificate.getCertificateKeyFile() : certificate.getCertificateFile()), keyPass); Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties Wed Jan 24 19:45:00 2018 @@ -25,6 +25,7 @@ jsse.noDefaultProtocols=Unable to determ jsse.noKeys=No aliases for private keys found in key store jsse.exceptionOnClose=Failure to close socket. jsse.pemParseError=Unable to parse the key from [{0}] +jsse.noCertFile=SSLHostConfig attribute certificateFile must be defined when using an SSL connector jsseSupport.clientCertError=Error trying to obtain a certificate from the client jseeSupport.certTranslationError=Error translating certificate [{0}] @@ -38,4 +39,4 @@ jsseUtil.invalidTrustCert=The certificat jsseUtil.noCrlSupport=The truststoreProvider [{0}] does not support the certificateRevocationFile configuration option jsseUtil.noVerificationDepth=The truststoreProvider [{0}] does not support the certificateVerificationDepth configuration option jsseUtil.trustedCertNotChecked=The validity dates of the trusted certificate with alias [{0}] were not checked as the certificate was of an unknown type -jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted \ No newline at end of file +jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1822150&r1=1822149&r2=1822150&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Jan 24 19:45:00 2018 @@ -73,6 +73,12 @@ <bug>62023</bug>: Log error reporting multiple SSLHostConfig elements when using the APR Connector instead of crashing Tomcat. (csutherl) </fix> + <fix> + <bug>62032</bug>: Fix NullPointerException when certificateFile is not + defined on an SSLHostConfig and unify the behavior when a + certificateFile is defined but the file does not exist for both + JKS and PEM file types. + </fix> </changelog> </subsection> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org