svn commit: r1822150 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/

Wed, 24 Jan 2018 11:45:13 -0800 

Author: csutherl
Date: Wed Jan 24 19:45:00 2018
New Revision: 1822150

URL: http://svn.apache.org/viewvc?rev=1822150&view=rev
Log:
Fixed https://bz.apache.org/bugzilla/show_bug.cgi?id=62032
Fix NullPointerException when certificateFile is not defined on an 
SSLHostConfig and unify the behavior when a certificateFile is defined but the 
file does not exist for both JKS and PEM file types.

I also fixed one TODO in SSLHostConfig and changed how the 
IllegalArgumentException is thrown in AbstractJsseEndpoint so that it's message 
is consistent with other logging messages.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed 
Jan 24 19:45:00 2018
@@ -111,7 +111,7 @@ public abstract class AbstractJsseEndpoi
                 sslContext = sslUtil.createSSLContext(negotiableProtocols);
                 sslContext.init(sslUtil.getKeyManagers(), 
sslUtil.getTrustManagers(), null);
             } catch (Exception e) {
-                throw new IllegalArgumentException(e);
+                throw new IllegalArgumentException(e.getMessage(), e);
             }
 
             SSLSessionContext sessionContext = 
sslContext.getServerSessionContext();

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Wed 
Jan 24 19:45:00 2018
@@ -146,6 +146,7 @@ sslHostConfig.prefix_missing=The protoco
 sslHostConfigCertificate.mismatch=The property [{0}] was set on the 
SSLHostConfigCertificate named [{1}] and is for certificate storage type [{2}] 
but the certificate is being used with a storage of type [{3}]
 sslHostConfig.opensslconf.null=Attempt to set null OpenSSLConf ignored
 sslHostConfig.opensslconf.alreadyset=Attempt to set another OpenSSLConf ignored
+sslHostConfig.fileNotFound=Configured file [{0}] does not exist
 
 sslImplementation.cnfe= Unable to create SSLImplementation for class [{0}]
 

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Wed Jan 24 
19:45:00 2018
@@ -17,6 +17,7 @@
 package org.apache.tomcat.util.net;
 
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.Serializable;
 import java.security.KeyStore;
@@ -824,7 +825,7 @@ public class SSLHostConfig implements Se
 
     // --------------------------------------------------------- Support 
methods
 
-    public static String adjustRelativePath(String path) {
+    public static String adjustRelativePath(String path) throws 
FileNotFoundException {
         // Empty or null path can't point to anything useful. The assumption is
         // that the value is deliberately empty / null so leave it that way.
         if (path == null || path.length() == 0) {
@@ -837,8 +838,7 @@ public class SSLHostConfig implements Se
             f = new File(newPath);
         }
         if (!f.exists()) {
-            // TODO i18n, sm
-            log.warn("configured file:["+newPath+"] does not exist.");
+            throw new 
FileNotFoundException(sm.getString("sslHostConfig.fileNotFound", newPath));
         }
         return newPath;
     }

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Wed Jan 24 
19:45:00 2018
@@ -138,8 +138,6 @@ public abstract class SSLUtilBase implem
             }
             ks.load(istream, storePass);
         } catch (FileNotFoundException fnfe) {
-            log.error(sm.getString("jsse.keystore_load_failed", type, path,
-                    fnfe.getMessage()), fnfe);
             throw fnfe;
         } catch (IOException ioe) {
             // May be expected when working with a trust store

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Wed Jan 24 
19:45:00 2018
@@ -199,6 +199,10 @@ public class JSSEUtil extends SSLUtilBas
         char[] keyPassArray = keyPass.toCharArray();
 
         if (ks == null) {
+            if (certificate.getCertificateFile() == null) {
+                throw new IOException(sm.getString("jsse.noCertFile"));
+            }
+
             PEMFile privateKeyFile = new 
PEMFile(SSLHostConfig.adjustRelativePath
                     (certificate.getCertificateKeyFile() != null ? 
certificate.getCertificateKeyFile() : certificate.getCertificateFile()),
                     keyPass);

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties 
Wed Jan 24 19:45:00 2018
@@ -25,6 +25,7 @@ jsse.noDefaultProtocols=Unable to determ
 jsse.noKeys=No aliases for private keys found in key store
 jsse.exceptionOnClose=Failure to close socket.
 jsse.pemParseError=Unable to parse the key from [{0}]
+jsse.noCertFile=SSLHostConfig attribute certificateFile must be defined when 
using an SSL connector
 
 jsseSupport.clientCertError=Error trying to obtain a certificate from the 
client
 jseeSupport.certTranslationError=Error translating certificate [{0}]
@@ -38,4 +39,4 @@ jsseUtil.invalidTrustCert=The certificat
 jsseUtil.noCrlSupport=The truststoreProvider [{0}] does not support the 
certificateRevocationFile configuration option
 jsseUtil.noVerificationDepth=The truststoreProvider [{0}] does not support the 
certificateVerificationDepth configuration option
 jsseUtil.trustedCertNotChecked=The validity dates of the trusted certificate 
with alias [{0}] were not checked as the certificate was of an unknown type
-jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN 
[{1}] is not valid due to [{2}]. Certificates signed by this trusted 
certificate WILL be accepted
\ No newline at end of file
+jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN 
[{1}] is not valid due to [{2}]. Certificates signed by this trusted 
certificate WILL be accepted

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1822150&r1=1822149&r2=1822150&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jan 24 19:45:00 2018
@@ -73,6 +73,12 @@
         <bug>62023</bug>: Log error reporting multiple SSLHostConfig elements
         when using the APR Connector instead of crashing Tomcat. (csutherl)
       </fix>
+      <fix>
+        <bug>62032</bug>: Fix NullPointerException when certificateFile is not
+        defined on an SSLHostConfig and unify the behavior when a
+        certificateFile is defined but the file does not exist for both
+        JKS and PEM file types.
+      </fix>
     </changelog>
   </subsection>
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to