[tomcat] branch main updated: Log basic information for each configured TLS cert when Tomcat starts

Thu, 19 Jan 2023 10:09:56 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 407869c47e Log basic information for each configured TLS cert when 
Tomcat starts
407869c47e is described below

commit 407869c47ea2fd4a0ceba08d5ea4233ec9c43201
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 18:08:10 2023 +0000

    Log basic information for each configured TLS cert when Tomcat starts
---
 .../apache/tomcat/util/net/AbstractEndpoint.java   | 26 ++++++++++++++++++++++
 .../apache/tomcat/util/net/LocalStrings.properties |  1 +
 java/org/apache/tomcat/util/net/SSLUtilBase.java   |  4 +++-
 webapps/docs/changelog.xml                         |  8 +++++++
 4 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 4e3b692ad1..86dbf9a98c 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -407,11 +407,37 @@ public abstract class AbstractEndpoint<S,U> {
                 throw new IllegalArgumentException(e.getMessage(), e);
             }
 
+            logCertificate(certificate);
             certificate.setSslContext(sslContext);
         }
     }
 
 
+    protected void logCertificate(SSLHostConfigCertificate certificate) {
+        SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
+
+        String certificateSource = certificate.getCertificateKeystoreFile();
+        if (certificateSource == null) {
+            certificateSource = certificate.getCertificateKeyFile();
+        }
+
+        String keyAlias = certificate.getCertificateKeyAlias();
+        if (keyAlias == null) {
+            keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
+        }
+
+        String trustStoreSource = sslHostConfig.getTruststoreFile();
+        if (trustStoreSource == null) {
+            trustStoreSource = sslHostConfig.getCaCertificateFile();
+        }
+        if (trustStoreSource == null) {
+            trustStoreSource = sslHostConfig.getCaCertificatePath();
+        }
+
+        getLog().info(sm.getString("endpoint.tls.info", getName(), 
sslHostConfig.getHostName(), certificate.getType(),
+                certificateSource, keyAlias, trustStoreSource));
+    }
+
     protected SSLEngine createSSLEngine(String sniHostName, List<Cipher> 
clientRequestedCiphers,
             List<String> clientRequestedApplicationProtocols) {
         SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties 
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 847d01144a..dc7b9b9361 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -114,6 +114,7 @@ endpoint.setAttribute=Set [{0}] to [{1}]
 endpoint.setAttributeError=Unable to set attribute [{0}] to [{1}]
 endpoint.socketOptionsError=Error setting socket options
 endpoint.timeout.err=Error processing socket timeout
+endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type 
[{2}] configured from [{3}] using alias [{4}] and with trust store [{5}]
 endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this 
endpoint
 endpoint.warn.executorShutdown=The executor associated with thread pool [{0}] 
has not fully shutdown. Some application threads may still be running.
 endpoint.warn.incorrectConnectionCount=Incorrect connection count, multiple 
calls to socket.close for the same socket.
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java 
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index 76b485654f..d6dc329278 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -71,6 +71,8 @@ public abstract class SSLUtilBase implements SSLUtil {
     private static final Log log = LogFactory.getLog(SSLUtilBase.class);
     private static final StringManager sm = 
StringManager.getManager(SSLUtilBase.class);
 
+    protected static final String DEFAULT_KEY_ALIAS = "tomcat";
+
     protected final SSLHostConfig sslHostConfig;
     protected final SSLHostConfigCertificate certificate;
 
@@ -324,7 +326,7 @@ public abstract class SSLUtilBase implements SSLUtil {
             }
 
             if (keyAlias == null) {
-                keyAlias = "tomcat";
+                keyAlias = DEFAULT_KEY_ALIAS;
             }
 
             // Switch to in-memory key store
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b89a5756ed..7570715faa 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -127,6 +127,14 @@
       </add>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <add>
+        Log basic information for each configured TLS certificate when Tomcat
+        starts. (markt)
+      </add>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to