You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/12/03 19:07:08 UTC
[tomcat] 02/02: Action review comments
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch bz-64110
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f98f1164a77a49e785e7beb7325e89c38a8a2f4d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Dec 3 19:06:06 2020 +0000
Action review comments
---
java/org/apache/catalina/util/TLSUtil.java | 21 +++++++++++++--------
.../apache/tomcat/util/net/LocalStrings.properties | 1 +
.../apache/tomcat/util/net/SecureNio2Channel.java | 4 ++--
.../apache/tomcat/util/net/SecureNioChannel.java | 2 +-
.../tomcat/util/net/TLSClientHelloExtractor.java | 10 +++++-----
5 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/java/org/apache/catalina/util/TLSUtil.java b/java/org/apache/catalina/util/TLSUtil.java
index 37ae78c..7f895dd 100644
--- a/java/org/apache/catalina/util/TLSUtil.java
+++ b/java/org/apache/catalina/util/TLSUtil.java
@@ -33,13 +33,18 @@ public class TLSUtil {
* information, otherwise {@code false}
*/
public static boolean isTLSRequestAttribute(String name) {
- return Globals.CERTIFICATES_ATTR.equals(name) ||
- Globals.CIPHER_SUITE_ATTR.equals(name) ||
- Globals.KEY_SIZE_ATTR.equals(name) ||
- Globals.SSL_SESSION_ID_ATTR.equals(name) ||
- Globals.SSL_SESSION_MGR_ATTR.equals(name) ||
- SSLSupport.PROTOCOL_VERSION_KEY.equals(name) ||
- SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) ||
- SSLSupport.REQUESTED_CIPHERS_KEY.equals(name);
+ switch (name) {
+ case Globals.CERTIFICATES_ATTR:
+ case Globals.CIPHER_SUITE_ATTR:
+ case Globals.KEY_SIZE_ATTR:
+ case Globals.SSL_SESSION_ID_ATTR:
+ case Globals.SSL_SESSION_MGR_ATTR:
+ case SSLSupport.PROTOCOL_VERSION_KEY:
+ case SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY:
+ case SSLSupport.REQUESTED_CIPHERS_KEY:
+ return true;
+ default:
+ return false;
+ }
}
}
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 1de8916..a6bb669 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -146,6 +146,7 @@ nioBlockingSelector.selectError=Error selecting key
sniExtractor.clientHelloInvalid=The ClientHello message was not correctly formatted
sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single TLS record so no SNI information could be extracted
+sniExtractor.tooEarly=It is illegal to call this method before the client hello has been parsed
socket.apr.clientAbort=The client aborted the connection.
socket.apr.closed=The socket [{0}] associated with this connection has been closed.
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index cbe3f8b..611038e 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -65,7 +65,7 @@ public class SecureNio2Channel extends Nio2Channel {
protected SSLEngine sslEngine;
- protected boolean sniComplete = false;
+ protected volatile boolean sniComplete = false;
private volatile boolean handshakeComplete = false;
private volatile HandshakeStatus handshakeStatus; //gets set by handshake
@@ -73,7 +73,7 @@ public class SecureNio2Channel extends Nio2Channel {
protected boolean closed;
protected boolean closing;
- private Map<String,List<String>> additionalTlsAttributes = new HashMap<>();
+ private final Map<String,List<String>> additionalTlsAttributes = new HashMap<>();
private volatile boolean unwrapBeforeRead;
private final CompletionHandler<Integer, SocketWrapperBase<Nio2Channel>> handshakeReadCompletionHandler;
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 6e1fe14..1ac2061 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -71,7 +71,7 @@ public class SecureNioChannel extends NioChannel {
protected boolean closed = false;
protected boolean closing = false;
- private Map<String,List<String>> additionalTlsAttributes = new HashMap<>();
+ private final Map<String,List<String>> additionalTlsAttributes = new HashMap<>();
public SecureNioChannel(SocketBufferHandler bufHandler, NioEndpoint endpoint) {
super(bufHandler);
diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
index cb8436e..21a5924 100644
--- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
+++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
@@ -200,7 +200,7 @@ public class TLSClientHelloExtractor {
if (result == ExtractorResult.COMPLETE) {
return sniValue;
} else {
- throw new IllegalStateException();
+ throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
}
}
@@ -209,7 +209,7 @@ public class TLSClientHelloExtractor {
if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) {
return clientRequestedCiphers;
} else {
- throw new IllegalStateException();
+ throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
}
}
@@ -218,7 +218,7 @@ public class TLSClientHelloExtractor {
if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) {
return clientRequestedCipherNames;
} else {
- throw new IllegalStateException();
+ throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
}
}
@@ -227,7 +227,7 @@ public class TLSClientHelloExtractor {
if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) {
return clientRequestedApplicationProtocols;
} else {
- throw new IllegalStateException();
+ throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
}
}
@@ -236,7 +236,7 @@ public class TLSClientHelloExtractor {
if (result == ExtractorResult.COMPLETE || result == ExtractorResult.NOT_PRESENT) {
return clientRequestedProtocols;
} else {
- throw new IllegalStateException();
+ throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org