svn commit: r1075699 - /tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
Author: markt
Date: Tue Mar 1 08:36:57 2011
New Revision: 1075699
URL: http://svn.apache.org/viewvc?rev=1075699&view=rev
Log:
Comment tweaks
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1075699&r1=1075698&r2=1075699&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Tue Mar 1
08:36:57 2011
@@ -42,10 +42,9 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Requires test.keystore (checked in), generated with:
- * keytool -genkey -alias tomcat -keyalg RSA
- * pass: changeit
- * CN: localhost ( for hostname validation )
+ * The keys and certificates used in this file are all available in svn and
were
+ * generated using a test CA the files for which are in the Tomcat PMC private
+ * repository since not all of them are AL2 licensed.
*/
public class TestSsl extends TomcatBaseTest {
@@ -69,7 +68,7 @@ public class TestSsl extends TomcatBaseT
public void testRenegotiateFail() throws Exception {
-// If RFC5746 is supported, renegotiation will always will (and will
+// If RFC5746 is supported, renegotiation will always work (and will
// always be secure)
if (TesterSupport.RFC_5746_SUPPORTED) {
return;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075708 - /tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java
Author: markt
Date: Tue Mar 1 08:44:29 2011
New Revision: 1075708
URL: http://svn.apache.org/viewvc?rev=1075708&view=rev
Log:
FindBugs fixes - make constants static
Modified:
tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java
Modified: tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java?rev=1075708&r1=1075707&r2=1075708&view=diff
==
--- tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java (original)
+++ tomcat/trunk/test/org/apache/el/lang/TestELArithmetic.java Tue Mar 1
08:44:29 2011
@@ -21,8 +21,9 @@ import java.math.BigInteger;
import junit.framework.TestCase;
public class TestELArithmetic extends TestCase {
-private final String a = "1.1";
-private final BigInteger b = new BigInteger("10");
+private static final String a = "1.1";
+private static final BigInteger b =
+new BigInteger("10");
public void testAdd() throws Exception {
assertEquals("11.1",
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075713 - /tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java
Author: markt
Date: Tue Mar 1 08:50:40 2011
New Revision: 1075713
URL: http://svn.apache.org/viewvc?rev=1075713&view=rev
Log:
More explicit failure message - fixed FindBugs nags
Modified:
tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java
Modified: tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java?rev=1075713&r1=1075712&r2=1075713&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/servlets/TestDefaultServlet.java Tue
Mar 1 08:50:40 2011
@@ -153,7 +153,10 @@ public class TestDefaultServlet extends
*/
public void testCustomErrorPage() throws Exception {
File appDir = new File(getTemporaryDirectory(), "MyApp");
-new File(appDir, "WEB-INF").mkdirs();
+File webInf = new File(appDir, "WEB-INF");
+if (!webInf.mkdirs()) {
+fail("Unable to create directory [" + webInf + "]");
+}
Writer w = new OutputStreamWriter(new FileOutputStream(new File(appDir,
"WEB-INF/web.xml")), "UTF-8");
try {
@@ -234,7 +237,10 @@ public class TestDefaultServlet extends
*/
public void testCustomErrorPageMissing() throws Exception {
File appDir = new File(getTemporaryDirectory(), "MyApp");
-new File(appDir, "WEB-INF").mkdirs();
+File webInf = new File(appDir, "WEB-INF");
+if (!webInf.mkdirs()) {
+fail("Unable to create directory [" + webInf + "]");
+}
Writer w = new OutputStreamWriter(new FileOutputStream(new File(appDir,
"WEB-INF/web.xml")), "UTF-8");
try {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075718 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Author: markt
Date: Tue Mar 1 08:56:48 2011
New Revision: 1075718
URL: http://svn.apache.org/viewvc?rev=1075718&view=rev
Log:
Fix FindBugs warning
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?rev=1075718&r1=1075717&r2=1075718&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java Tue Mar 1
08:56:48 2011
@@ -113,8 +113,8 @@ public class TestTomcat extends TomcatBa
try {
is = conn.getInputStream();
reader = new InputStreamReader(is);
-reader.read(cbuf);
-res.getWriter().write(cbuf);
+int len = reader.read(cbuf);
+res.getWriter().write(cbuf, 0, len);
} finally {
if (reader != null) {
try { reader.close(); } catch(IOException ioe)
{/*Ignore*/}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075719 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Author: markt
Date: Tue Mar 1 09:00:01 2011
New Revision: 1075719
URL: http://svn.apache.org/viewvc?rev=1075719&view=rev
Log:
Better fix, we actually need to read 20 byres for the test to pass
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?rev=1075719&r1=1075718&r2=1075719&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java Tue Mar 1
09:00:01 2011
@@ -110,11 +110,15 @@ public class TestTomcat extends TomcatBa
InputStream is = null;
Reader reader = null;
char cbuf[] = new char[20];
+int read = 0;
try {
-is = conn.getInputStream();
-reader = new InputStreamReader(is);
-int len = reader.read(cbuf);
-res.getWriter().write(cbuf, 0, len);
+while (read < 20) {
+is = conn.getInputStream();
+reader = new InputStreamReader(is);
+int len = reader.read(cbuf, read, cbuf.length - read);
+res.getWriter().write(cbuf, 0, len);
+read = read + len;
+}
} finally {
if (reader != null) {
try { reader.close(); } catch(IOException ioe)
{/*Ignore*/}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075724 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Author: markt
Date: Tue Mar 1 09:01:30 2011
New Revision: 1075724
URL: http://svn.apache.org/viewvc?rev=1075724&view=rev
Log:
Grr. This worked if 20 bytes were read in one go
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?rev=1075724&r1=1075723&r2=1075724&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java Tue Mar 1
09:01:30 2011
@@ -116,7 +116,7 @@ public class TestTomcat extends TomcatBa
is = conn.getInputStream();
reader = new InputStreamReader(is);
int len = reader.read(cbuf, read, cbuf.length - read);
-res.getWriter().write(cbuf, 0, len);
+res.getWriter().write(cbuf, read, len);
read = read + len;
}
} finally {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075725 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java
Author: markt
Date: Tue Mar 1 09:02:52 2011
New Revision: 1075725
URL: http://svn.apache.org/viewvc?rev=1075725&view=rev
Log:
Fix Findbugs nag
Reduce visibility
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java?rev=1075725&r1=1075724&r2=1075725&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcatClassLoader.java
Tue Mar 1 09:02:52 2011
@@ -74,7 +74,7 @@ public class TestTomcatClassLoader exten
private static final class ClassLoaderReport extends HttpServlet {
private static final long serialVersionUID = 1L;
-ClassLoader custom;
+private transient ClassLoader custom;
public ClassLoaderReport(ClassLoader custom) {
this.custom = custom;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075736 - /tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java
Author: markt
Date: Tue Mar 1 09:12:51 2011
New Revision: 1075736
URL: http://svn.apache.org/viewvc?rev=1075736&view=rev
Log:
Remove unused code
Modified:
tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java
Modified:
tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java?rev=1075736&r1=1075735&r2=1075736&view=diff
==
---
tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java
(original)
+++
tomcat/trunk/test/org/apache/catalina/tribes/demos/MembersWithProperties.java
Tue Mar 1 09:12:51 2011
@@ -29,11 +29,9 @@ import org.apache.catalina.tribes.util.A
import org.apache.catalina.tribes.util.UUIDGenerator;
public class MembersWithProperties implements MembershipListener{
-Channel channel;
static Thread main;
public MembersWithProperties(Channel channel, Properties props) throws
IOException {
-this.channel = channel;
channel.addMembershipListener(this);
ManagedChannel mchannel = (ManagedChannel)channel;
mchannel.getMembershipService().setPayload(getPayload(props));
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075737 - /tomcat/trunk/res/findbugs/filter-false-positives.xml
Author: markt Date: Tue Mar 1 09:13:18 2011 New Revision: 1075737 URL: http://svn.apache.org/viewvc?rev=1075737&view=rev Log: More entries Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1075737&r1=1075736&r2=1075737&view=diff == --- tomcat/trunk/res/findbugs/filter-false-positives.xml (original) +++ tomcat/trunk/res/findbugs/filter-false-positives.xml Tue Mar 1 09:13:18 2011 @@ -209,6 +209,27 @@ + + + + + + + + + + + + + + + + + + + + + @@ -262,4 +283,12 @@ + + + + + + + + \ No newline at end of file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075742 - in /tomcat/trunk: res/findbugs/filter-false-positives.xml test/org/apache/catalina/tribes/demos/CoordinationDemo.java test/org/apache/tomcat/util/net/TesterSupport.java
Author: markt
Date: Tue Mar 1 09:33:57 2011
New Revision: 1075742
URL: http://svn.apache.org/viewvc?rev=1075742&view=rev
Log:
Clear remainder of current FindBugs issues in unit tests
Modified:
tomcat/trunk/res/findbugs/filter-false-positives.xml
tomcat/trunk/test/org/apache/catalina/tribes/demos/CoordinationDemo.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1075742&r1=1075741&r2=1075742&view=diff
==
--- tomcat/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/trunk/res/findbugs/filter-false-positives.xml Tue Mar 1 09:33:57
2011
@@ -217,6 +217,15 @@
+
+
+
+
+
+
+
+
+
@@ -226,6 +235,23 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Modified:
tomcat/trunk/test/org/apache/catalina/tribes/demos/CoordinationDemo.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/tribes/demos/CoordinationDemo.java?rev=1075742&r1=1075741&r2=1075742&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/tribes/demos/CoordinationDemo.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/tribes/demos/CoordinationDemo.java
Tue Mar 1 09:33:57 2011
@@ -113,7 +113,12 @@ public class CoordinationDemo {
for ( int i=0; i= 1 && (!"quit".equalsIgnoreCase(args[0]))) {
if ("start".equalsIgnoreCase(args[0])) {
cmdStart(args);
@@ -123,7 +128,9 @@ public class CoordinationDemo {
}
printScreen();
l = reader.readLine();
-args = tokenize(l);
+if (l != null) {
+args = tokenize(l);
+}
}
for ( int i=0; ihttp://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1075742&r1=1075741&r2=1075742&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue Mar 1
09:33:57 2011
@@ -18,6 +18,7 @@ package org.apache.tomcat.util.net;
import java.io.File;
import java.io.FileInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
@@ -102,9 +103,20 @@ public final class TesterSupport {
private static KeyStore getKeyStore(String keystore) throws Exception {
File keystoreFile = new File(keystore);
-InputStream is = new FileInputStream(keystoreFile);
KeyStore ks = KeyStore.getInstance("JKS");
-ks.load(is, "changeit".toCharArray());
+InputStream is = null;
+try {
+is = new FileInputStream(keystoreFile);
+ks.load(is, "changeit".toCharArray());
+} finally {
+if (is != null) {
+try {
+is.close();
+} catch (IOException ioe) {
+// Ignore
+}
+}
+}
return ks;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075762 - in /tomcat/trunk/test/org/apache: catalina/startup/TomcatBaseTest.java tomcat/util/net/TestClientCert.java tomcat/util/net/TestSsl.java tomcat/util/net/TesterSupport.java
Author: markt
Date: Tue Mar 1 10:16:36 2011
New Revision: 1075762
URL: http://svn.apache.org/viewvc?rev=1075762&view=rev
Log:
Extract the client-cert tests into a separate test
Check maxPostSize works as expected with client-cert
Added:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (with
props)
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java?rev=1075762&r1=1075761&r2=1075762&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java Tue Mar
1 10:16:36 2011
@@ -20,6 +20,7 @@ import java.io.BufferedInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
@@ -215,4 +216,65 @@ public abstract class TomcatBaseTest ext
}
return rc;
}
+
+public static ByteChunk postUrl(byte[] body, String path)
+throws IOException {
+ByteChunk out = new ByteChunk();
+postUrl(body, path, out, null);
+return out;
+}
+
+public static int postUrl(byte[] body, String path, ByteChunk out,
+Map> resHead) throws IOException {
+
+URL url = new URL(path);
+HttpURLConnection connection =
+(HttpURLConnection) url.openConnection();
+connection.setDoOutput(true);
+connection.setReadTimeout(100);
+connection.connect();
+
+// Write the request body
+OutputStream os = null;
+try {
+os = connection.getOutputStream();
+os.write(body, 0, body.length);
+} finally {
+if (os != null) {
+try {
+os.close();
+} catch (IOException ioe) {
+// Ignore
+}
+}
+}
+
+int rc = connection.getResponseCode();
+if (resHead != null) {
+Map> head = connection.getHeaderFields();
+resHead.putAll(head);
+}
+if (rc == HttpServletResponse.SC_OK) {
+InputStream is = connection.getInputStream();
+BufferedInputStream bis = null;
+try {
+bis = new BufferedInputStream(is);
+byte[] buf = new byte[2048];
+int rd = 0;
+while((rd = bis.read(buf)) > 0) {
+out.append(buf, 0, rd);
+}
+} finally {
+if (bis != null) {
+try {
+bis.close();
+} catch (IOException e) {
+// Ignore
+}
+}
+}
+}
+return rc;
+}
+
}
Added: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1075762&view=auto
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (added)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Mar 1
10:16:36 2011
@@ -0,0 +1,181 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.net;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina
svn commit: r1075776 - in /tomcat/trunk/java/org/apache/tomcat/util/net: NioChannel.java SecureNioChannel.java
Author: markt
Date: Tue Mar 1 11:12:22 2011
New Revision: 1075776
URL: http://svn.apache.org/viewvc?rev=1075776&view=rev
Log:
Remove the init from references to handshake since the same fields/methods will
be used for renegotiation
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java?rev=1075776&r1=1075775&r2=1075776&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java Tue Mar 1
11:12:22 2011
@@ -173,9 +173,8 @@ public class NioChannel implements ByteC
* isInitHandshakeComplete
*
* @return boolean
- * TODO Implement this org.apache.tomcat.util.net.SecureNioChannel method
*/
-public boolean isInitHandshakeComplete() {
+public boolean isHandshakeComplete() {
return true;
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1075776&r1=1075775&r2=1075776&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue Mar
1 11:12:22 2011
@@ -43,8 +43,8 @@ public class SecureNioChannel extends Ni
protected SSLEngine sslEngine;
-protected boolean initHandshakeComplete = false;
-protected HandshakeStatus initHandshakeStatus; //gets set by begin
handshake
+protected boolean handshakeComplete = false;
+protected HandshakeStatus handshakeStatus; //gets set by handshake
protected boolean closed = false;
protected boolean closing = false;
@@ -82,12 +82,12 @@ public class SecureNioChannel extends Ni
netOutBuffer.limit(0);
netInBuffer.position(0);
netInBuffer.limit(0);
-initHandshakeComplete = false;
+handshakeComplete = false;
closed = false;
closing = false;
//initiate handshake
sslEngine.beginHandshake();
-initHandshakeStatus = sslEngine.getHandshakeStatus();
+handshakeStatus = sslEngine.getHandshakeStatus();
}
@Override
@@ -146,35 +146,35 @@ public class SecureNioChannel extends Ni
*/
@Override
public int handshake(boolean read, boolean write) throws IOException {
-if ( initHandshakeComplete ) return 0; //we have done our initial
handshake
+if ( handshakeComplete ) return 0; //we have done our initial handshake
if (!flush(netOutBuffer)) return SelectionKey.OP_WRITE; //we still
have data to write
SSLEngineResult handshake = null;
-while (!initHandshakeComplete) {
-switch ( initHandshakeStatus ) {
+while (!handshakeComplete) {
+switch ( handshakeStatus ) {
case NOT_HANDSHAKING: {
//should never happen
throw new IOException("NOT_HANDSHAKING during handshake");
}
case FINISHED: {
//we are complete if we have delivered the last package
-initHandshakeComplete = !netOutBuffer.hasRemaining();
+handshakeComplete = !netOutBuffer.hasRemaining();
//return 0 if we are complete, otherwise we still have
data to write
-return initHandshakeComplete?0:SelectionKey.OP_WRITE;
+return handshakeComplete?0:SelectionKey.OP_WRITE;
}
case NEED_WRAP: {
//perform the wrap function
handshake = handshakeWrap(write);
if ( handshake.getStatus() == Status.OK ){
-if (initHandshakeStatus == HandshakeStatus.NEED_TASK)
-initHandshakeStatus = tasks();
+if (handshakeStatus == HandshakeStatus.NEED_TASK)
+handshakeStatus = tasks();
} else {
//wrap should always work with our buffers
throw new IOException("Unexpected status:" +
handshake.getStatus() + " during handshake WRAP.");
}
-if ( initHandshakeStatus != HandshakeStatus.NEED_UNWRAP ||
(!flush(netOutBuffer)) ) {
+if ( handshakeStatus != HandshakeStatus.NEED_UNWRAP ||
(!flush(netOutBuffer)) ) {
//should actually return OP_READ if we have NEED_UNWRAP
svn commit: r1075792 - in /tomcat/trunk: java/org/apache/catalina/authenticator/SSLAuthenticator.java java/org/apache/coyote/http11/filters/BufferedInputFilter.java webapps/docs/changelog.xml
Author: markt
Date: Tue Mar 1 12:32:25 2011
New Revision: 1075792
URL: http://svn.apache.org/viewvc?rev=1075792&view=rev
Log:
Improve handling of SSL renegotiation by failing earlier when the request body
contains more bytes than maxSavePostSize.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java?rev=1075792&r1=1075791&r2=1075792&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
Tue Mar 1 12:32:25 2011
@@ -132,8 +132,15 @@ public class SSLAuthenticator
X509Certificate certs[] = (X509Certificate[])
request.getAttribute(Globals.CERTIFICATES_ATTR);
if ((certs == null) || (certs.length < 1)) {
-request.getCoyoteRequest().action
- (ActionCode.REQ_SSL_CERTIFICATE, null);
+try {
+request.getCoyoteRequest().action
+ (ActionCode.REQ_SSL_CERTIFICATE, null);
+} catch (IllegalStateException ise) {
+// Request body was too large for save buffer
+response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+sm.getString("authenticator.certificates"));
+return false;
+}
certs = (X509Certificate[])
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java?rev=1075792&r1=1075791&r2=1075792&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
Tue Mar 1 12:32:25 2011
@@ -80,8 +80,10 @@ public class BufferedInputFilter impleme
buffered.append(tempRead);
tempRead.recycle();
}
-} catch(IOException iex) {
-// Ignore
+} catch(IOException ioe) {
+// No need for i18n - this isn't going to get logged anywhere
+throw new IllegalStateException(
+"Request body too large for buffer");
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1075792&r1=1075791&r2=1075792&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 12:32:25 2011
@@ -50,6 +50,10 @@
presented by Ant tasks to the Manager application. Based on a patch by
Stephane Bailliez. (mark)
+
+Improve handling of SSL renegotiation by failing earlier when the
+request body contains more bytes than maxSavePostSize. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075811 - /tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java
Author: markt
Date: Tue Mar 1 13:24:31 2011
New Revision: 1075811
URL: http://svn.apache.org/viewvc?rev=1075811&view=rev
Log:
Fix bug in unit test due to some Lifecycle refactoring
Modified:
tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java
Modified:
tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java?rev=1075811&r1=1075810&r2=1075811&view=diff
==
---
tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java
(original)
+++
tomcat/trunk/test/org/apache/catalina/core/TestStandardContextResources.java
Tue Mar 1 13:24:31 2011
@@ -29,6 +29,8 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.deploy.WebXml;
import org.apache.catalina.startup.ContextConfig;
@@ -149,6 +151,9 @@ public class TestStandardContextResource
// prevent it from looking ( if it finds one - it'll have dup error )
config1.setDefaultWebXml("org/apache/catalin/startup/NO_DEFAULT_XML");
listener1[1] = config1;
+// Need to init since context won't call init
+config1.lifecycleEvent(
+new LifecycleEvent(ctx, Lifecycle.AFTER_INIT_EVENT, null));
Tomcat.addServlet(ctx, "getresource", new GetResourceServlet());
ctx.addServletMapping("/getresource", "getresource");
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1075719 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
2011/3/1 :
> Author: markt
> Date: Tue Mar 1 09:00:01 2011
> New Revision: 1075719
>
> URL: http://svn.apache.org/viewvc?rev=1075719&view=rev
> Log:
> Better fix, we actually need to read 20 byres for the test to pass
>
> Modified:
> tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
>
> + int read = 0;
> try {
> - is = conn.getInputStream();
> - reader = new InputStreamReader(is);
> - int len = reader.read(cbuf);
> - res.getWriter().write(cbuf, 0, len);
> + while (read < 20) {
> + is = conn.getInputStream();
> + reader = new InputStreamReader(is);
The above two lines should be moved outside the loop.
Besides creating a new Reader on each loop, there is no guarantee that
conn.getInputStream() always returns the same stream that we started
reading, and not a new one.
(It looks like JarURLConnection always returns a new stream)
The write() below can be moved below the loop, but keeping it inside
the loop looks more interesting.
> + int len = reader.read(cbuf, read, cbuf.length -
> read);
> + res.getWriter().write(cbuf, 0, len);
> + read = read + len;
> + }
> } finally {
> if (reader != null) {
> try { reader.close(); } catch(IOException ioe)
> {/*Ignore*/}
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075816 - /tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
Author: markt
Date: Tue Mar 1 13:35:24 2011
New Revision: 1075816
URL: http://svn.apache.org/viewvc?rev=1075816&view=rev
Log:
Missed a keystore in the refactoring
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java?rev=1075816&r1=1075815&r2=1075816&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java Tue Mar 1
13:35:24 2011
@@ -63,7 +63,7 @@ public class TestCustomSsl extends Tomca
connector.setProperty("sslProtocol", "tls");
File keystoreFile =
-new File("test/org/apache/catalina/startup/test.keystore");
+new File("test/org/apache/tomcat/util/net/localhost.jks");
connector.setAttribute(
"keystoreFile", keystoreFile.getAbsolutePath());
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075823 - /tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Author: markt
Date: Tue Mar 1 14:13:16 2011
New Revision: 1075823
URL: http://svn.apache.org/viewvc?rev=1075823&view=rev
Log:
Move outside of loop as per kkolinko's review
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?rev=1075823&r1=1075822&r2=1075823&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java Tue Mar 1
14:13:16 2011
@@ -112,9 +112,9 @@ public class TestTomcat extends TomcatBa
char cbuf[] = new char[20];
int read = 0;
try {
+is = conn.getInputStream();
+reader = new InputStreamReader(is);
while (read < 20) {
-is = conn.getInputStream();
-reader = new InputStreamReader(is);
int len = reader.read(cbuf, read, cbuf.length - read);
res.getWriter().write(cbuf, read, len);
read = read + len;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1074675 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/
On 2/28/2011 5:27 PM, Mark Thomas wrote: On 01/03/2011 00:16, Filip Hanik - Dev Lists wrote: On 2/28/2011 4:49 PM, Mark Thomas wrote: It isn't clear to me if you are voting -1 on the above commit, and the following commits. r1074675 Understood and agree those commits are broken. I'll get those backed out shortly. If you wish to do this, it should at least include: 1. input filters need to check if they retrieved the entire body if only partial, why even attempt a reneg and make your thread hang for soTimeout while it fails. this is another DoS scenario. the system knows if it read the entire body or not. it's part of the protocol itself, no need to rely on timeouts for a reneg to fail. 2. don't change the names of all the flags, since it makes the diffs so much harder to review. just change the lines pertinent to the change. 3. implement rehandshake as simple as possible, by using the handshake(...) and using its return code 4. SSLAuthenticator should have a flag to fail directly without trying to reneg if the connector is misconfigured to avoid reneg for clients vulnerable to the man in the middle reneg attack 5. SSLAuthenticator should be able to find out if the cert truly was client-auth or if it came from another source. otherwise, putting httpd/mod_jk in front of it, and I can bypass client-auth as the document states is required 6. And if you want the most performant solution, instead of opening a selector on the same thread, just call sslEngine.beginHandshake, add the connection to the poller, and return from the call all together. this way, the worker thread is not in use during a handshake, and it's done in the poller just like the initial hand shake. this protects you from slow clients using up threads. this is of course more complicated, so I would not expect it in the first iteration. I would say the other connectors would benefit from improvements in 1,4,5 as well. I agree on all of those points (with a few questions - see below). My current thinking is approaching it in this order. Do 2 in a separate commit. The flag needs to be renamed to ease confusion but a separate commit that does just that should be easy to review. Yes, that would be much better. Address 3 for the NIO connector. That will bring it in line with BIO and APR. Fix 1 for all connectors. I don't understand what you mean in point 4. Could you try and expand on that. Sure, a renegotiation with a non updated client, IIRC would bring CVE-2009-3555 SSL Man-In-The-Middle attack. Hence, some sysadmins should have the configuration option to only allow the initial handshake. Add in a flag that would say disableRenegotiation="true" (or similar). Meaning, the only time the valve would work, is if the clientAuth="true" in the connector. Fix 5. I may re-word the Javadoc again. Doing the client cert validation in httpd is valid. But how do you know it took place in httpd? Sounds like adding httpd/mod_jk in the mixture, Tomcat makes an assumption that client-auth took place. 6 is definitely more complicated. I did try this before but gave up. That was before I had anything working. It may well be easier to get there from a working solution. I can help you here. But I'd like the simple solution first. The reason the NIO connector doesn't use individual selectors, is that on some systems with high concurrency, having too many selectors made the system puke. Filip Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1204 / Virus Database: 1435/3473 - Release Date: 02/28/11 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50850] New: Accepting java keyword in EL
https://issues.apache.org/bugzilla/show_bug.cgi?id=50850
Summary: Accepting java keyword in EL
Product: Tomcat 7
Version: 7.0.4
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: minor
Priority: P2
Component: Jasper
AssignedTo: dev@tomcat.apache.org
ReportedBy: eldar.kama...@db.com
CC: ysekharb...@gmail.com, joker8achtu...@googlemail.com
Depends on: 49217
+++ This bug was initially created as a clone of Bug #49217 +++
Hi!
I am trying to use the following expression in my JSP page:
${exception.class.name}
And in response get this exception in tomcat:
Caused by: org.apache.jasper.JasperException:
/WEB-INF/views/uncaughtException.jspx(22,52) "${exception.class.name}" contains
invalid expression(s): javax.el.ELException: [class] is not a valid Java
identifier
It seems that the check for valid Java identifiers has been put there
intentionally, which is fine for checking validity of variables. However it
does not make any sense to apply the same check for property names as they
might well match reserved Java keywords, such as 'class', 'int', double', etc.
In the example above I am trying to get a value returned
java.lang.Exception#getClass(), which is not possible because of the check in
question.
According to bug #49217 it has been fixed in Tomcat 6.0.x but I still seem to
be getting the same problem in 7.0.4.
Thanks,
Eldar
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 49217] Accepting java keyword in EL
https://issues.apache.org/bugzilla/show_bug.cgi?id=49217 eldar.kama...@db.com changed: What|Removed |Added Blocks||50850 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075956 - /tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Author: fhanik
Date: Tue Mar 1 18:13:38 2011
New Revision: 1075956
URL: http://svn.apache.org/viewvc?rev=1075956&view=rev
Log:
Simple implementation of a forced and blocking renegotiation with a SSL client
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1075956&r1=1075955&r2=1075956&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue Mar
1 18:13:38 2011
@@ -16,7 +16,9 @@
*/
package org.apache.tomcat.util.net;
+import java.io.EOFException;
import java.io.IOException;
+import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
@@ -209,6 +211,58 @@ public class SecureNioChannel extends Ni
}
/**
+ * Force a blocking handshake to take place for this key.
+ * This requires that both network and application buffers have been
emptied out prior to this call taking place, or a
+ * IOException will be thrown.
+ * @param timeout - timeout in milliseconds for each socket operation
+ * @throws IOException - if an IO exception occurs or if application or
network buffers contain data
+ * @throws SocketTimeoutException - if a socket operation timed out
+ */
+public void rehandshake(long timeout) throws IOException {
+//validate the network buffers are empty
+if (netInBuffer.position() > 0) throw new IOException("Network input
buffer still contains data. Handshake will fail.");
+if (netOutBuffer.position() > 0) throw new IOException("Network output
buffer still contains data. Handshake will fail.");
+if (getBufHandler().getReadBuffer().position()>0) throw new
IOException("Aplication input buffer still contains data. Data would have been
lost.");
+if (getBufHandler().getWriteBuffer().position()>0) throw new
IOException("Aplication output buffer still contains data. Data would have been
lost.");
+reset();
+boolean isReadable = true;
+boolean isWriteable = true;
+boolean handshaking = true;
+Selector selector = null;
+SelectionKey key = null;
+try {
+while (handshaking) {
+int hsStatus = this.handshake(isReadable, isWriteable);
+switch (hsStatus) {
+case -1 : throw new EOFException("EOF during handshake.");
+case 0 : handshaking = false; break;
+default : {
+long now = System.currentTimeMillis();
+if (selector==null) {
+selector = Selector.open();
+key = getIOChannel().register(selector, hsStatus);
+} else {
+key.interestOps(hsStatus);
+}
+int keyCount = selector.select(timeout);
+if (keyCount == 0 && ((System.currentTimeMillis()-now)
>= timeout)) {
+throw new SocketTimeoutException("Handshake
operation timed out.");
+}
+isReadable = key.isReadable();
+isWriteable = key.isWritable();
+}
+}
+}
+} finally {
+if (key!=null) try {key.cancel();} catch (Exception ignore) {}
+if (selector!=null) try {selector.close();} catch (Exception
ignore) {}
+}
+
+}
+
+
+
+/**
* Executes all the tasks needed on the same thread.
* @return HandshakeStatus
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1075964 - /tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Author: fhanik
Date: Tue Mar 1 18:24:03 2011
New Revision: 1075964
URL: http://svn.apache.org/viewvc?rev=1075964&view=rev
Log:
propagate all exceptions through IOExceptions
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1075964&r1=1075963&r2=1075964&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue Mar
1 18:24:03 2011
@@ -253,11 +253,15 @@ public class SecureNioChannel extends Ni
}
}
}
+} catch (IOException x) {
+throw x;
+} catch (Exception cx) {
+IOException x = new IOException(cx);
+throw x;
} finally {
if (key!=null) try {key.cancel();} catch (Exception ignore) {}
if (selector!=null) try {selector.close();} catch (Exception
ignore) {}
}
-
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50850] Accepting java keyword in EL
https://issues.apache.org/bugzilla/show_bug.cgi?id=50850
Konstantin Kolinko changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution||DUPLICATE
--- Comment #1 from Konstantin Kolinko 2011-03-01
13:36:54 EST ---
1. Support questions should be sent to the users@ list. Bugzilla is the wrong
place for them.
2. You are free to use ${exception['class'].name} and so on.
*** This bug has been marked as a duplicate of bug 49217 ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 49217] Accepting java keyword in EL
https://issues.apache.org/bugzilla/show_bug.cgi?id=49217 Konstantin Kolinko changed: What|Removed |Added CC||eldar.kama...@db.com --- Comment #10 from Konstantin Kolinko 2011-03-01 13:36:54 EST --- *** Bug 50850 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1076004 - /tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Author: fhanik
Date: Tue Mar 1 19:58:55 2011
New Revision: 1076004
URL: http://svn.apache.org/viewvc?rev=1076004&view=rev
Log:
Correctly determine if a buffer has data or not
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1076004&r1=1076003&r2=1076004&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue Mar
1 19:58:55 2011
@@ -220,10 +220,10 @@ public class SecureNioChannel extends Ni
*/
public void rehandshake(long timeout) throws IOException {
//validate the network buffers are empty
-if (netInBuffer.position() > 0) throw new IOException("Network input
buffer still contains data. Handshake will fail.");
-if (netOutBuffer.position() > 0) throw new IOException("Network output
buffer still contains data. Handshake will fail.");
-if (getBufHandler().getReadBuffer().position()>0) throw new
IOException("Aplication input buffer still contains data. Data would have been
lost.");
-if (getBufHandler().getWriteBuffer().position()>0) throw new
IOException("Aplication output buffer still contains data. Data would have been
lost.");
+if (netInBuffer.position() > 0 &&
netInBuffer.position() 0 &&
netOutBuffer.position()0 &&
getBufHandler().getReadBuffer().position()0 &&
getBufHandler().getWriteBuffer().position()
svn commit: r1076008 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11NioProcessor.java test/org/apache/tomcat/util/net/TestClientCert.java
Author: fhanik
Date: Tue Mar 1 20:04:26 2011
New Revision: 1076008
URL: http://svn.apache.org/viewvc?rev=1076008&view=rev
Log:
Implement renegotiation for SSL cert authentication
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1076008&r1=1076007&r2=1076008&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Tue Mar
1 20:04:26 2011
@@ -23,6 +23,8 @@ import java.nio.channels.SelectionKey;
import java.util.Locale;
import java.util.concurrent.Executor;
+import javax.net.ssl.SSLEngine;
+
import org.apache.coyote.ActionCode;
import org.apache.coyote.Request;
import org.apache.coyote.RequestInfo;
@@ -42,7 +44,9 @@ import org.apache.tomcat.util.net.NioCha
import org.apache.tomcat.util.net.NioEndpoint;
import org.apache.tomcat.util.net.NioEndpoint.KeyAttachment;
import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.SecureNioChannel;
import org.apache.tomcat.util.net.SocketStatus;
+import org.apache.tomcat.util.net.jsse.JSSEFactory;
/**
@@ -625,6 +629,19 @@ public class Http11NioProcessor extends
.setLimit(maxSavePostSize);
inputBuffer.addActiveFilter
(inputFilters[Constants.BUFFERED_FILTER]);
+SecureNioChannel sslChannel = (SecureNioChannel) socket;
+SSLEngine engine = sslChannel.getSslEngine();
+if (!engine.getNeedClientAuth()) {
+// Need to re-negotiate SSL connection
+engine.setNeedClientAuth(true);
+try {
+sslChannel.rehandshake(endpoint.getSoTimeout());
+sslSupport = (new
JSSEFactory()).getSSLSupport(engine.getSession());
+} catch (IOException ioe) {
+
log.warn(sm.getString("http11processor.socket.sslreneg",ioe));
+}
+}
+
try {
Object sslO = sslSupport.getPeerCertificateChain(true);
if( sslO != null) {
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1076008&r1=1076007&r2=1076008&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Mar 1
20:04:26 2011
@@ -103,9 +103,6 @@ public class TestClientCert extends Tomc
Tomcat tomcat = getTomcatInstance();
String protocol = tomcat.getConnector().getProtocolHandlerClassName();
-if (protocol.indexOf("Nio") != -1) {
-return; // Not supported yet (2011-03-01)
-}
if (protocol.indexOf("Apr") != -1) {
return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1076015 - /tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
Author: fhanik
Date: Tue Mar 1 20:34:00 2011
New Revision: 1076015
URL: http://svn.apache.org/viewvc?rev=1076015&view=rev
Log:
Make sure we also validate the content that is sent and received
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1076015&r1=1076014&r2=1076015&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Mar 1
20:34:00 2011
@@ -18,6 +18,7 @@ package org.apache.tomcat.util.net;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -40,7 +41,8 @@ import org.apache.tomcat.util.buf.ByteCh
* repository since not all of them are AL2 licensed.
*/
public class TestClientCert extends TomcatBaseTest {
-
+public static final byte DATA = (byte)33;
+
public void testClientCertGet() throws Exception {
// Unprotected resource
ByteChunk res =
@@ -74,6 +76,7 @@ public class TestClientCert extends Tomc
throws Exception {
byte[] body = new byte[bodySize];
+Arrays.fill(body, DATA);
// Unprotected resource
ByteChunk res = postUrl(body,
@@ -163,16 +166,23 @@ public class TestClientCert extends Tomc
int len = 0;
byte[] buffer = new byte[4096];
InputStream is = req.getInputStream();
+boolean contentOK = true;
while (len > -1) {
len = is.read(buffer);
read = read + len;
+for (int i=0; i
DO NOT REPLY [Bug 49284] Implement SSL renegotiation for the NIO connector
https://issues.apache.org/bugzilla/show_bug.cgi?id=49284 Filip Hanik changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #3 from Filip Hanik 2011-03-01 15:35:24 EST --- Fixed in r1075956 r1075964 r1076004 r1076008 Will be included in 7.0.10 onwards -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1076046 - in /tomcat: tc5.5.x/trunk/STATUS.txt tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Tue Mar 1 23:20:56 2011 New Revision: 1076046 URL: http://svn.apache.org/viewvc?rev=1076046&view=rev Log: vote Modified: tomcat/tc5.5.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1076046&r1=1076045&r2=1076046&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Tue Mar 1 23:20:56 2011 @@ -58,5 +58,5 @@ PATCHES PROPOSED TO BACKPORT: the Manager application. Based on a patch by Stephane Bailliez. http://svn.apache.org/viewvc?rev=1075458&view=rev - +1: markt + +1: markt, kkolinko -1: Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1076046&r1=1076045&r2=1076046&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 1 23:20:56 2011 @@ -131,5 +131,5 @@ PATCHES PROPOSED TO BACKPORT: the Manager application. Based on a patch by Stephane Bailliez. http://svn.apache.org/viewvc?rev=1075458&view=rev - +1: markt + +1: markt, kkolinko -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1076047 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SecureNioChannel.java res/findbugs/filter-false-positives.xml webapps/docs/changelog.xml
Author: kkolinko Date: Tue Mar 1 23:24:33 2011 New Revision: 1076047 URL: http://svn.apache.org/viewvc?rev=1076047&view=rev Log: Correct several typos Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java tomcat/trunk/res/findbugs/filter-false-positives.xml tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1076047&r1=1076046&r2=1076047&view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue Mar 1 23:24:33 2011 @@ -222,8 +222,8 @@ public class SecureNioChannel extends Ni //validate the network buffers are empty if (netInBuffer.position() > 0 && netInBuffer.position() 0 && netOutBuffer.position()0 && getBufHandler().getReadBuffer().position()0 && getBufHandler().getWriteBuffer().position()0 && getBufHandler().getReadBuffer().position()0 && getBufHandler().getWriteBuffer().position()http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1076047&r1=1076046&r2=1076047&view=diff == --- tomcat/trunk/res/findbugs/filter-false-positives.xml (original) +++ tomcat/trunk/res/findbugs/filter-false-positives.xml Tue Mar 1 23:24:33 2011 @@ -17,7 +17,7 @@ - + Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1076047&r1=1076046&r2=1076047&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 23:24:33 2011 @@ -1290,7 +1290,7 @@ attributes as well. (timw) -Correctly handle the setting of primitve bean values via expression +Correctly handle the setting of primitive bean values via expression language. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1075175 - /tomcat/trunk/res/findbugs/filter-false-positives.xml
2011/2/28 sebb : > On 27 February 2011 22:59, wrote: >> Author: markt >> Date: Sun Feb 27 22:59:10 2011 >> New Revision: 1075175 >> >> URL: http://svn.apache.org/viewvc?rev=1075175&view=rev >> Log: >> Clear remaining FindBugs issues from javax.* >> >> Modified: >> tomcat/trunk/res/findbugs/filter-false-positives.xml >> >> @@ -17,6 +17,16 @@ >> >> >> >> + > > s/Can/Cannot/ Corrected. Thank you. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1076059 - in /tomcat/trunk: java/org/apache/catalina/startup/ClassLoaderFactory.java webapps/docs/changelog.xml
Author: kkolinko
Date: Tue Mar 1 23:59:36 2011
New Revision: 1076059
URL: http://svn.apache.org/viewvc?rev=1076059&view=rev
Log:
Improve the fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=48863
1) Be more strict when ignoring the warning:
ignore only when it is the "lib" directory and when it does not exist
2) Warn about JARs created from expanding the GLOB pattern as well
3) s/new File(f.getCanonicalPath())/f.getCanonicalFile()/ for efficiency
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java?rev=1076059&r1=1076058&r2=1076059&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java Tue
Mar 1 23:59:36 2011
@@ -168,7 +168,7 @@ public final class ClassLoaderFactory {
set.add(url);
} else if (repository.getType() == RepositoryType.DIR) {
File directory = new File(repository.getLocation());
-directory = new File(directory.getCanonicalPath());
+directory = directory.getCanonicalFile();
if (!validateFile(directory, RepositoryType.DIR)) {
continue;
}
@@ -178,7 +178,7 @@ public final class ClassLoaderFactory {
set.add(url);
} else if (repository.getType() == RepositoryType.JAR) {
File file=new File(repository.getLocation());
-file = new File(file.getCanonicalPath());
+file = file.getCanonicalFile();
if (!validateFile(file, RepositoryType.JAR)) {
continue;
}
@@ -188,7 +188,7 @@ public final class ClassLoaderFactory {
set.add(url);
} else if (repository.getType() == RepositoryType.GLOB) {
File directory=new File(repository.getLocation());
-directory = new File(directory.getCanonicalPath());
+directory = directory.getCanonicalFile();
if (!validateFile(directory, RepositoryType.GLOB)) {
continue;
}
@@ -201,9 +201,10 @@ public final class ClassLoaderFactory {
if (!filename.endsWith(".jar"))
continue;
File file = new File(directory, filenames[j]);
-file = new File(file.getCanonicalPath());
-if (!file.exists() || !file.canRead())
+file = file.getCanonicalFile();
+if (!validateFile(file, RepositoryType.JAR)) {
continue;
+}
if (log.isDebugEnabled())
log.debug("Including glob jar file "
+ file.getAbsolutePath());
@@ -241,14 +242,19 @@ public final class ClassLoaderFactory {
"], exists: [" + file.exists() +
"], isDirectory: [" + file.isDirectory() +
"], canRead: [" + file.canRead() + "]";
-
+
File home = new File (Bootstrap.getCatalinaHome());
home = home.getCanonicalFile();
File base = new File (Bootstrap.getCatalinaBase());
base = base.getCanonicalFile();
+File defaultValue = new File(base, "lib");
-if (!home.getPath().equals(base.getPath()) &&
-file.getPath().startsWith(base.getPath())) {
+// Existence of ${catalina.base}/lib directory is optional.
+// Hide the warning if Tomcat runs with separate catalina.home
+// and catalina.base and that directory is absent.
+if (!home.getPath().equals(base.getPath())
+&& file.getPath().equals(defaultValue.getPath())
+&& !file.exists()) {
log.debug(msg);
} else {
log.warn(msg);
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1076059&r1=1076058&r2=1076059&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 23:59:36 2011
@@ -78,7 +78,7 @@
48863: Better logging when specifying an invalid direc
svn commit: r1076067 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Wed Mar 2 00:30:49 2011 New Revision: 1076067 URL: http://svn.apache.org/viewvc?rev=1076067&view=rev Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1076067&r1=1076066&r2=1076067&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Mar 2 00:30:49 2011 @@ -126,6 +126,11 @@ PATCHES PROPOSED TO BACKPORT: +1: markt -1: + Improved patch (added r1076059): + http://people.apache.org/~kkolinko/patches/2011-03-02_tc6_48863.patch + +1: kkolinko + -1: + * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=28852 Add URL encoding where missing to parameters in URLs presented by Ant tasks to the Manager application. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
