You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/12/08 23:03:32 UTC
[qpid-broker-j] branch 8.0.x updated: QPID-8490 - Java broker
crashes on sending non-LDH virtual hostname from cpp client
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new ab1dadf QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client
ab1dadf is described below
commit ab1dadfc8340c2954caa327d3254ce4dcf89f682
Author: aw924 <da...@deutsche-boerse.com>
AuthorDate: Tue Dec 8 16:31:13 2020 +0100
QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client
This closes #74
---
.../NonBlockingConnectionTLSDelegate.java | 2 +-
.../transport/network/security/ssl/SSLUtil.java | 27 +++++++++++++++++++++-
.../org/apache/qpid/server/transport/SNITest.java | 9 +++++++-
3 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
index 3e52716..c1eb6de 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
@@ -102,7 +102,7 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe
{
_parent.setSelectedHost(hostName);
SSLParameters sslParameters = _sslEngine.getSSLParameters();
- sslParameters.setServerNames(Collections.singletonList(new SNIHostName(hostName)));
+ sslParameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(hostName)));
_sslEngine.setSSLParameters(sslParameters);
}
_hostChecked = true;
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index dd581ca..7640e88 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -75,6 +75,7 @@ import javax.net.ssl.StandardConstants;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
+import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -897,7 +898,7 @@ public class SSLUtil
if (code == StandardConstants.SNI_HOST_NAME)
{
- return new SNIHostName(encoded).getAsciiName();
+ return createSNIHostName(encoded).getAsciiName();
}
extensionDataRemaining -= serverNameLength + 3;
}
@@ -1065,6 +1066,30 @@ public class SSLUtil
return certificates;
}
+ public static SNIHostName createSNIHostName(String hostName)
+ {
+ try
+ {
+ return new SNIHostName(hostName);
+ }
+ catch (IllegalArgumentException e)
+ {
+ throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from string '" + hostName + "'", e);
+ }
+ }
+
+ public static SNIHostName createSNIHostName(byte[] hostName)
+ {
+ try
+ {
+ return new SNIHostName(hostName);
+ }
+ catch (IllegalArgumentException e)
+ {
+ throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from byte array '" + new String(hostName) + "'", e);
+ }
+ }
+
public interface KeyCertPair
{
PrivateKey getPrivateKey();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
index 6a08ee4..e567573 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
@@ -42,6 +42,7 @@ import javax.net.ssl.X509TrustManager;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
@@ -156,6 +157,12 @@ public class SNITest extends UnitTestBase
performTest(false, "fooinvalid", "foo", _fooInvalid);
}
+ @Test(expected = ConnectionScopedRuntimeException.class)
+ public void testInvalidHostname() throws Exception
+ {
+ performTest(false, "fooinvalid", "_foo", _fooInvalid);
+ }
+
private void performTest(final boolean useMatching,
final String defaultAlias,
@@ -194,7 +201,7 @@ public class SNITest extends UnitTestBase
SSLParameters parameters = socket.getSSLParameters();
if (sniHostName != null)
{
- parameters.setServerNames(Collections.singletonList(new SNIHostName(sniHostName)));
+ parameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(sniHostName)));
}
socket.setSSLParameters(parameters);
InetSocketAddress address = new InetSocketAddress("localhost", _boundPort);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org