You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2018/10/05 17:29:22 UTC
svn commit: r1842950 - in /tomcat/trunk:
java/org/apache/catalina/storeconfig/ webapps/docs/
Author: remm
Date: Fri Oct 5 17:29:22 2018
New Revision: 1842950
URL: http://svn.apache.org/viewvc?rev=1842950&view=rev
Log:
62803: Fix SSL connectors handling in storeconfig. The attribute duplication is indeed extreme.
Added:
tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java
tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java
tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
tomcat/trunk/webapps/docs/changelog.xml
Added: tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java?rev=1842950&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java (added)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java Fri Oct 5 17:29:22 2018
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.storeconfig;
+
+import java.beans.PropertyDescriptor;
+
+import org.apache.tomcat.util.IntrospectionUtils;
+
+/**
+ * Store the Certificate attributes.
+ */
+public class CertificateStoreAppender extends StoreAppender {
+
+ @Override
+ protected Object checkAttribute(StoreDescription desc,
+ PropertyDescriptor descriptor, String attributeName, Object bean,
+ Object bean2) {
+ if (attributeName.equals("type")) {
+ return IntrospectionUtils.getProperty(bean, descriptor.getName());
+ } else {
+ return super.checkAttribute(desc, descriptor, attributeName, bean, bean2);
+ }
+ }
+
+}
\ No newline at end of file
Propchange: tomcat/trunk/java/org/apache/catalina/storeconfig/CertificateStoreAppender.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/ConnectorSF.java Fri Oct 5 17:29:22 2018
@@ -41,9 +41,11 @@ public class ConnectorSF extends StoreFa
// Store nested <UpgradeProtocol> elements
UpgradeProtocol[] upgradeProtocols = connector.findUpgradeProtocols();
storeElementArray(aWriter, indent, upgradeProtocols);
- // Store nested <SSLHostConfig> elements
- SSLHostConfig[] hostConfigs = connector.findSslHostConfigs();
- storeElementArray(aWriter, indent, hostConfigs);
+ if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
+ // Store nested <SSLHostConfig> elements
+ SSLHostConfig[] hostConfigs = connector.findSslHostConfigs();
+ storeElementArray(aWriter, indent, hostConfigs);
+ }
}
}
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/SSLHostConfigSF.java Fri Oct 5 17:29:22 2018
@@ -18,9 +18,11 @@
package org.apache.catalina.storeconfig;
import java.io.PrintWriter;
+import java.util.ArrayList;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
/**
@@ -39,6 +41,16 @@ public class SSLHostConfigSF extends Sto
SSLHostConfig sslHostConfig = (SSLHostConfig) aSSLHostConfig;
// Store nested <SSLHostConfigCertificate> elements
SSLHostConfigCertificate[] hostConfigsCertificates = sslHostConfig.getCertificates().toArray(new SSLHostConfigCertificate[0]);
+ // Remove a possible default UNDEFINED certificate
+ if (hostConfigsCertificates.length > 1) {
+ ArrayList<SSLHostConfigCertificate> certificates = new ArrayList<>();
+ for (SSLHostConfigCertificate certificate : hostConfigsCertificates) {
+ if (Type.UNDEFINED != certificate.getType()) {
+ certificates.add(certificate);
+ }
+ }
+ hostConfigsCertificates = certificates.toArray(new SSLHostConfigCertificate[0]);
+ }
storeElementArray(aWriter, indent, hostConfigsCertificates);
// Store nested <OpenSSLConf> element
OpenSSLConf openSslConf = sslHostConfig.getOpenSslConf();
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/StoreAppender.java Fri Oct 5 17:29:22 2018
@@ -230,29 +230,10 @@ public class StoreAppender {
// Create blank instance
Object bean2 = defaultInstance(bean);
for (int i = 0; i < descriptors.length; i++) {
- if (descriptors[i] instanceof IndexedPropertyDescriptor) {
- continue; // Indexed properties are not persisted
+ Object value = checkAttribute(desc, descriptors[i], descriptors[i].getName(), bean, bean2);
+ if (value != null) {
+ printAttribute(writer, indent, bean, desc, descriptors[i].getName(), bean2, value);
}
- if (!isPersistable(descriptors[i].getPropertyType())
- || (descriptors[i].getReadMethod() == null)
- || (descriptors[i].getWriteMethod() == null)) {
- continue; // Must be a read-write primitive or String
- }
- if (desc.isTransientAttribute(descriptors[i].getName())) {
- continue; // Skip the specified exceptions
- }
- Object value = IntrospectionUtils.getProperty(bean, descriptors[i]
- .getName());
- if (value == null) {
- continue; // Null values are not persisted
- }
- Object value2 = IntrospectionUtils.getProperty(bean2,
- descriptors[i].getName());
- if (value.equals(value2)) {
- // The property has its default value
- continue;
- }
- printAttribute(writer, indent, bean, desc, descriptors[i].getName(), bean2, value);
}
if (bean instanceof ResourceBase) {
@@ -273,6 +254,39 @@ public class StoreAppender {
}
/**
+ * Check if the attribute should be printed.
+ * @param desc RegistryDescriptor from this bean
+ * @param descriptor PropertyDescriptor from this bean property
+ * @param attributeName The attribute name to store
+ * @param bean The current bean
+ * @param bean2 A default instance of the bean for comparison
+ * @return null if the value should be skipped, the value to print otherwise
+ */
+ protected Object checkAttribute(StoreDescription desc, PropertyDescriptor descriptor, String attributeName, Object bean, Object bean2) {
+ if (descriptor instanceof IndexedPropertyDescriptor) {
+ return null; // Indexed properties are not persisted
+ }
+ if (!isPersistable(descriptor.getPropertyType())
+ || (descriptor.getReadMethod() == null)
+ || (descriptor.getWriteMethod() == null)) {
+ return null; // Must be a read-write primitive or String
+ }
+ if (desc.isTransientAttribute(descriptor.getName())) {
+ return null; // Skip the specified exceptions
+ }
+ Object value = IntrospectionUtils.getProperty(bean, descriptor.getName());
+ if (value == null) {
+ return null; // Null values are not persisted
+ }
+ Object value2 = IntrospectionUtils.getProperty(bean2, descriptor.getName());
+ if (value.equals(value2)) {
+ // The property has its default value
+ return null;
+ }
+ return value;
+ }
+
+ /**
* Store the specified of the specified JavaBean.
*
* @param writer PrintWriter to which we are storing
@@ -303,15 +317,7 @@ public class StoreAppender {
*/
public boolean isPrintValue(Object bean, Object bean2, String attrName,
StoreDescription desc) {
- boolean printValue = false;
-
- Object value = IntrospectionUtils.getProperty(bean, attrName);
- if (value != null) {
- Object value2 = IntrospectionUtils.getProperty(bean2, attrName);
- printValue = !value.equals(value2);
-
- }
- return printValue;
+ return true;
}
/**
Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml Fri Oct 5 17:29:22 2018
@@ -102,6 +102,42 @@
<TransientAttribute>URIEncoding</TransientAttribute>
<TransientAttribute>maxProcessor</TransientAttribute>
<TransientAttribute>minProcessor</TransientAttribute>
+ <!-- All attribute duplicated from the SSLHostConfig, may be removed in Tomcat 10 -->
+ <TransientAttribute>SSLProtocol</TransientAttribute>
+ <TransientAttribute>sslEnabledProtocols</TransientAttribute>
+ <TransientAttribute>SSLCipherSuite</TransientAttribute>
+ <TransientAttribute>ciphers</TransientAttribute>
+ <TransientAttribute>SSLCertificateChainFile</TransientAttribute>
+ <TransientAttribute>SSLCertificateFile</TransientAttribute>
+ <TransientAttribute>keyAlias</TransientAttribute>
+ <TransientAttribute>SSLCertificateKeyFile</TransientAttribute>
+ <TransientAttribute>keyPass</TransientAttribute>
+ <TransientAttribute>SSLPassword</TransientAttribute>
+ <TransientAttribute>keystoreFile</TransientAttribute>
+ <TransientAttribute>keystorePass</TransientAttribute>
+ <TransientAttribute>keystoreProvider</TransientAttribute>
+ <TransientAttribute>keystoreType</TransientAttribute>
+ <TransientAttribute>SSLCACertificateFile</TransientAttribute>
+ <TransientAttribute>SSLCACertificatePath</TransientAttribute>
+ <TransientAttribute>crlFile</TransientAttribute>
+ <TransientAttribute>SSLCARevocationFile</TransientAttribute>
+ <TransientAttribute>SSLCARevocationPath</TransientAttribute>
+ <TransientAttribute>SSLDisableCompression</TransientAttribute>
+ <TransientAttribute>SSLDisableSessionTickets</TransientAttribute>
+ <TransientAttribute>SSLDisableCompression</TransientAttribute>
+ <TransientAttribute>SSLHonorCipherOrder</TransientAttribute>
+ <TransientAttribute>useServerCipherSuitesOrder</TransientAttribute>
+ <TransientAttribute>algorithm</TransientAttribute>
+ <TransientAttribute>sslContext</TransientAttribute>
+ <TransientAttribute>sessionCacheSize</TransientAttribute>
+ <TransientAttribute>sessionTimeout</TransientAttribute>
+ <TransientAttribute>sslProtocol</TransientAttribute>
+ <TransientAttribute>trustManagerClassName</TransientAttribute>
+ <TransientAttribute>truststoreAlgorithm</TransientAttribute>
+ <TransientAttribute>truststoreFile</TransientAttribute>
+ <TransientAttribute>truststorePass</TransientAttribute>
+ <TransientAttribute>truststoreProvider</TransientAttribute>
+ <TransientAttribute>truststoreType</TransientAttribute>
</Description>
<Description
tag="UpgradeProtocol"
@@ -120,6 +156,16 @@
storeFactoryClass="org.apache.catalina.storeconfig.SSLHostConfigSF">
<TransientAttribute>openSslContext</TransientAttribute>
<TransientAttribute>openSslConfContext</TransientAttribute>
+ <!-- All attribute duplicated from the Certificate, may be removed in Tomcat 10 -->
+ <TransientAttribute>certificateChainFile</TransientAttribute>
+ <TransientAttribute>certificateFile</TransientAttribute>
+ <TransientAttribute>certificateKeyAlias</TransientAttribute>
+ <TransientAttribute>certificateKeyFile</TransientAttribute>
+ <TransientAttribute>certificateKeyPassword</TransientAttribute>
+ <TransientAttribute>certificateKeystoreFile</TransientAttribute>
+ <TransientAttribute>certificateKeystorePassword</TransientAttribute>
+ <TransientAttribute>certificateKeystoreProvider</TransientAttribute>
+ <TransientAttribute>certificateKeystoreType</TransientAttribute>
</Description>
<Description
tag="Certificate"
@@ -127,7 +173,8 @@
default="true"
tagClass="org.apache.tomcat.util.net.SSLHostConfigCertificate"
children="false"
- storeFactoryClass="org.apache.catalina.storeconfig.StoreFactoryBase">
+ storeFactoryClass="org.apache.catalina.storeconfig.StoreFactoryBase"
+ storeAppenderClass="org.apache.catalina.storeconfig.CertificateStoreAppender">
</Description>
<Description
tag="OpenSSLConf"
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1842950&r1=1842949&r2=1842950&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Oct 5 17:29:22 2018
@@ -92,6 +92,10 @@
Ensure that a canonical path is always used for the docBase of a Context
to ensure consistent behaviour. (markt)
</fix>
+ <fix>
+ <bug>62803</bug>: Fix SSL connector configuration processing
+ in storeconfig. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org