This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch bz-64110 in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f98f1164a77a49e785e7beb7325e89c38a8a2f4d Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Dec 3 19:06:06 2020 +0000 Action review comments --- java/org/apache/catalina/util/TLSUtil.java | 21 +++++++++++++-------- .../apache/tomcat/util/net/LocalStrings.properties | 1 + .../apache/tomcat/util/net/SecureNio2Channel.java | 4 ++-- .../apache/tomcat/util/net/SecureNioChannel.java | 2 +- .../tomcat/util/net/TLSClientHelloExtractor.java | 10 +++++----- 5 files changed, 22 insertions(+), 16 deletions(-) diff --git a/java/org/apache/catalina/util/TLSUtil.java b/java/org/apache/catalina/util/TLSUtil.java index 37ae78c..7f895dd 100644 --- a/java/org/apache/catalina/util/TLSUtil.java +++ b/java/org/apache/catalina/util/TLSUtil.java @@ -33,13 +33,18 @@ public class TLSUtil { * information, otherwise {@code false} */ public static boolean isTLSRequestAttribute(String name) { - return Globals.CERTIFICATES_ATTR.equals(name) || - Globals.CIPHER_SUITE_ATTR.equals(name) || - Globals.KEY_SIZE_ATTR.equals(name) || - Globals.SSL_SESSION_ID_ATTR.equals(name) || - Globals.SSL_SESSION_MGR_ATTR.equals(name) || - SSLSupport.PROTOCOL_VERSION_KEY.equals(name) || - SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) || - SSLSupport.REQUESTED_CIPHERS_KEY.equals(name); + switch (name) { + case Globals.CERTIFICATES_ATTR: + case Globals.CIPHER_SUITE_ATTR: + case Globals.KEY_SIZE_ATTR: + case Globals.SSL_SESSION_ID_ATTR: + case Globals.SSL_SESSION_MGR_ATTR: + case SSLSupport.PROTOCOL_VERSION_KEY: + case SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY: + case SSLSupport.REQUESTED_CIPHERS_KEY: + return true; + default: + return false; + } } } diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties b/java/org/apache/tomcat/util/net/LocalStrings.properties index 1de8916..a6bb669 100644 --- a/java/org/apache/tomcat/util/net/LocalStrings.properties +++ b/java/org/apache/tomcat/util/net/LocalStrings.properties @@ -146,6 +146,7 @@ nioBlockingSelector.selectError=Error selecting key sniExtractor.clientHelloInvalid=The ClientHello message was not correctly formatted sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single TLS record so no SNI information could be extracted +sniExtractor.tooEarly=It is illegal to call this method before the client hello has been parsed socket.apr.clientAbort=The client aborted the connection. socket.apr.closed=The socket [{0}] associated with this connection has been closed. diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java index cbe3f8b..611038e 100644 --- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java +++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java @@ -65,7 +65,7 @@ public class SecureNio2Channel extends Nio2Channel { protected SSLEngine sslEngine; - protected boolean sniComplete = false; + protected volatile boolean sniComplete = false; private volatile boolean handshakeComplete = false; private volatile HandshakeStatus handshakeStatus; //gets set by handshake @@ -73,7 +73,7 @@ public class SecureNio2Channel extends Nio2Channel { protected boolean closed; protected boolean closing; - private Map<String,List<String>> additionalTlsAttributes = new HashMap<>(); + private final Map<String,List<String>> additionalTlsAttributes = new HashMap<>(); private volatile boolean unwrapBeforeRead; private final CompletionHandler<Integer, SocketWrapperBase<Nio2Channel>> handshakeReadCompletionHandler; diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java index 6e1fe14..1ac2061 100644 --- a/java/org/apache/tomcat/util/net/SecureNioChannel.java +++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java @@ -71,7 +71,7 @@ public class SecureNioChannel extends NioChannel { protected boolean closed = false; protected boolean closing = false; - private Map<String,List<String>> additionalTlsAttributes = new HashMap<>(); + private final Map<String,List<String>> additionalTlsAttributes = new HashMap<>(); public SecureNioChannel(SocketBufferHandler bufHandler, NioEndpoint endpoint) { super(bufHandler); diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java index cb8436e..21a5924 100644 --- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java +++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java @@ -200,7 +200,7 @@ public class TLSClientHelloExtractor { if (result == ExtractorResult.COMPLETE) { return sniValue; } else { - throw new IllegalStateException(); + throw new IllegalStateException(sm.getString("sniExtractor.tooEarly")); } } @@ -209,7 +209,7 @@ public class TLSClientHelloExtractor { if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) { return clientRequestedCiphers; } else { - throw new IllegalStateException(); + throw new IllegalStateException(sm.getString("sniExtractor.tooEarly")); } } @@ -218,7 +218,7 @@ public class TLSClientHelloExtractor { if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) { return clientRequestedCipherNames; } else { - throw new IllegalStateException(); + throw new IllegalStateException(sm.getString("sniExtractor.tooEarly")); } } @@ -227,7 +227,7 @@ public class TLSClientHelloExtractor { if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) { return clientRequestedApplicationProtocols; } else { - throw new IllegalStateException(); + throw new IllegalStateException(sm.getString("sniExtractor.tooEarly")); } } @@ -236,7 +236,7 @@ public class TLSClientHelloExtractor { if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) { return clientRequestedProtocols; } else { - throw new IllegalStateException(); + throw new IllegalStateException(sm.getString("sniExtractor.tooEarly")); } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org