date:20231018

[Bug 67793] New: FORM authenticator does not remember original max inactive interval in all use-cases

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67793

Bug ID: 67793
   Summary: FORM authenticator does not remember original max
inactive interval in all use-cases
   Product: Tomcat 10
   Version: 10.1.8
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: mircea.butma...@radcom.ro
  Target Milestone: --

There is a use-case when FROM authenticator does not remember original session
inactive timeout value and (after successful authentication) the session
inactive timeout remains at default 2 minutes value which is very low for a
default web session.

Example use case is as follows:
1. You access a protected resource for the first time. At this point the FORM
authenticator forwards to login page and saves data from original request to
session note Constants.FORM_REQUEST_NOTE including sesion original inactive
timeout value and resets temporarly the session inactive timeout to 2 minutes
(default value)
2. You refresh page from browser inside 2 minutes timeframe. At this point the
FORM authenticator forwards again to login page and saves again data from this
request.

AT THIS POINT: you loose the original inactive timeout, because at step 1 the
session inactive timeout was set to 2 minutes.

In order to correct this use case we propose to change the code from class
org.apache.catalina.authenticator.FormAuthenticator in tomcat-catalina as
follows:


line 719 (as of release 10.1.13) which now has the following contents:

if (session instanceof HttpSession && ((HttpSession) session).isNew())
{
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
   
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
   
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
}


change it to the following contents:

final SavedRequest oldSaved = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
if (session instanceof HttpSession) {
final HttpSession httpSession = (HttpSession) session;
if (httpSession.isNew()) {
final int originalMaxInactiveInterval =
session.getMaxInactiveInterval();
if (originalMaxInactiveInterval > authenticationSessionTimeout)
{
   
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
   
session.setMaxInactiveInterval(authenticationSessionTimeout);
}
} else if ((oldSaved != null) &&
(oldSaved.getOriginalMaxInactiveInterval() > 0)) {
   
saved.setOriginalMaxInactiveInterval(oldSaved.getOriginalMaxInactiveInterval());
}
}


PS: the problem seems to exist also in current release of Tomcat 11.x, Tomcat
8.5.x, Tomcat 9.0.x


Best regards.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Mark Thomas


On 17/10/2023 16:36, Mark Thomas wrote:

It looks like Javadoc generation is different between Linux and Windows 
with Java 21. That is still causing issues for the full-docs package for 
Tomcat 11. I'm still looking into options for fixing that. Other than 
that, I'm not seeing any reproducibility issues for those files.


I've got as far as figuring out what is causing the problem.

This commit

https://github.com/openjdk/jdk/commit/e9f3e325c274f19b0f6eceea2367708e3be689e9

causes the files from $JAVA_HOME/legal/jdk.javadoc to be added to the 
legal directory in the created javadoc. In Linux, some of those files 
are symlinks so the entire file gets copied whereas in Windows some of 
those files are text files that reference the symlink target.


I am currently leaning towards writing an Ant task that will replace 
those "link" files on Windows with the target of the link. It will need 
to run after the Javadoc.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Add two more macros

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new fb26ae7b82 Add two more macros
fb26ae7b82 is described below

commit fb26ae7b82cab011aabaa8bccb7d51db9c1a411e
Author: remm 
AuthorDate: Wed Oct 18 14:49:01 2023 +0200

Add two more macros
---
 .../util/net/openssl/panama/OpenSSLContext.java| 16 +++--
 .../tomcat/util/openssl/openssl_h_Macros.java  | 39 ++
 2 files changed, 43 insertions(+), 12 deletions(-)

diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index c0bb643e4f..d81c688efd 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -986,9 +986,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 if (certificate.getCertificateFile().endsWith(".pkcs12")) {
 // Load pkcs12
 bio = BIO_new(BIO_s_file());
-//#  define BIO_read_filename(b,name)
-//(int)BIO_ctrl(b,BIO_C_SET_FILENAME, 
BIO_CLOSE|BIO_FP_READ,(char *)(name))
-if (BIO_ctrl(bio, BIO_C_SET_FILENAME(), BIO_CLOSE() | 
BIO_FP_READ(), certificateFileNative) <= 0) {
+if (BIO_read_filename(bio, certificateFileNative) <= 0) {
 BIO_free(bio);
 log.error(sm.getString("openssl.errorLoadingCertificate", 
"[0]:" + certificate.getCertificateFile()));
 return;
@@ -1025,9 +1023,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 } else {
 // Load key
 bio = BIO_new(BIO_s_file());
-//#  define BIO_read_filename(b,name)
-//(int)BIO_ctrl(b,BIO_C_SET_FILENAME, 
BIO_CLOSE|BIO_FP_READ,(char *)(name))
-if (BIO_ctrl(bio, BIO_C_SET_FILENAME(), BIO_CLOSE() | 
BIO_FP_READ(), certificateKeyFileNative) <= 0) {
+if (BIO_read_filename(bio, certificateKeyFileNative) <= 0) {
 BIO_free(bio);
 log.error(sm.getString("openssl.errorLoadingCertificate", 
certificate.getCertificateKeyFile()));
 return;
@@ -1110,10 +1106,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 if (OpenSSL_version_num() < 0x300fL) {
 var dh = PEM_read_bio_DHparams(bio, MemorySegment.NULL, 
MemorySegment.NULL, MemorySegment.NULL);
 BIO_free(bio);
-// #  define SSL_CTX_set_tmp_dh(sslCtx,dh) \
-//   
SSL_CTX_ctrl(sslCtx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
 if (!MemorySegment.NULL.equals(dh)) {
-SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_TMP_DH(), 0, 
dh);
+SSL_CTX_set_tmp_dh(state.sslCtx, dh);
 DH_free(dh);
 }
 } else {
@@ -1138,9 +1132,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 if (!MemorySegment.NULL.equals(ecparams)) {
 int nid = EC_GROUP_get_curve_name(ecparams);
 var eckey = EC_KEY_new_by_curve_name(nid);
-// #  define SSL_CTX_set_tmp_ecdh(sslCtx,ecdh) \
-//   
SSL_CTX_ctrl(sslCtx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
-SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_TMP_ECDH(), 0, 
eckey);
+SSL_CTX_set_tmp_ecdh(state.sslCtx, eckey);
 EC_KEY_free(eckey);
 EC_GROUP_free(ecparams);
 }
diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 03f55e2a4b..5d11bdf628 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -131,6 +131,45 @@ public class openssl_h_Macros {
 }
 
 
+/**
+ * Read the specified file.
+ * #  define BIO_read_filename(b,name) \
+ *   (int)BIO_ctrl(b,BIO_C_SET_FILENAME, 
BIO_CLOSE|BIO_FP_READ,(char *)(name))
+ * @param bio The BIO to read into
+ * @param name the file name
+ * @return > 0 if successful
+ */
+public static long BIO_read_filename(MemorySegment bio, MemorySegment 
name) {
+

[tomcat] branch main updated: Add some deprecated for OpenSSL 1.1 related methods

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 0b1af48fe9 Add some deprecated for OpenSSL 1.1 related methods
0b1af48fe9 is described below

commit 0b1af48fe94e37d80e0c50e6466107c415d29378
Author: remm 
AuthorDate: Wed Oct 18 15:45:46 2023 +0200

Add some deprecated for OpenSSL 1.1 related methods

Also rename flag.
---
 .../util/net/openssl/panama/OpenSSLLibrary.java| 25 --
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index ae1d2ff12c..5759abc01b 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -98,6 +98,7 @@ public class OpenSSLLibrary {
 { BN_get_rfc3526_prime_2048, NULL, 1025 },
 { BN_get_rfc2409_prime_1024, NULL, 0 }
  */
+@Deprecated
 static final class DHParam {
 final MemorySegment dh;
 final int min;
@@ -108,6 +109,7 @@ public class OpenSSLLibrary {
 }
 static final DHParam[] dhParameters = new DHParam[6];
 
+@Deprecated
 private static void initDHParameters() {
 var dh = DH_new();
 var p = BN_get_rfc3526_prime_8192(MemorySegment.NULL);
@@ -147,6 +149,7 @@ public class OpenSSLLibrary {
 dhParameters[5] = new DHParam(dh, 0);
 }
 
+@Deprecated
 private static void freeDHParameters() {
 for (int i = 0; i < dhParameters.length; i++) {
 if (dhParameters[i] != null) {
@@ -177,11 +180,11 @@ public class OpenSSLLibrary {
 initLibrary();
 
 // OpenSSL 3 onwards uses providers
-boolean usingProviders = (OpenSSL_version_num() >= 
0x300fL);
+boolean isOpenSSL3 = (OpenSSL_version_num() >= 0x300fL);
 
 // Setup engine
 String engineName = "on".equalsIgnoreCase(SSLEngine) ? null : 
SSLEngine;
-if (!usingProviders && engineName != null) {
+if (!isOpenSSL3 && engineName != null) {
 if ("auto".equals(engineName)) {
 ENGINE_register_all_complete();
 } else {
@@ -225,15 +228,15 @@ public class OpenSSLLibrary {
 
RAND_seed(memorySession.allocateFrom(ValueLayout.JAVA_BYTE, randomBytes), 128);
 }
 
-if (!usingProviders) {
+if (!isOpenSSL3) {
 initDHParameters();
 }
 
-if (usingProviders || !(null == FIPSMode || 
"off".equalsIgnoreCase(FIPSMode))) {
+if (isOpenSSL3 || !(null == FIPSMode || 
"off".equalsIgnoreCase(FIPSMode))) {
 fipsModeActive = false;
 final boolean enterFipsMode;
 int fipsModeState = FIPS_OFF;
-if (usingProviders) {
+if (isOpenSSL3) {
 var md = EVP_MD_fetch(MemorySegment.NULL, 
memorySession.allocateFrom("SHA-512"), MemorySegment.NULL);
 var provider = EVP_MD_get0_provider(md);
 String name = 
OSSL_PROVIDER_get0_name(provider).getString(0);
@@ -256,13 +259,13 @@ public class OpenSSLLibrary {
 enterFipsMode = false;
 } else if ("on".equalsIgnoreCase(FIPSMode)) {
 if (fipsModeState == FIPS_ON) {
-if (!usingProviders) {
+if (!isOpenSSL3) {
 
log.info(sm.getString("openssllibrary.skipFIPSInitialization"));
 }
 fipsModeActive = true;
 enterFipsMode = false;
 } else {
-if (usingProviders) {
+if (isOpenSSL3) {
 throw new 
IllegalStateException(sm.getString("openssllibrary.FIPSProviderNotDefault", 
FIPSMode));
 } else {
 enterFipsMode = true;
@@ -273,7 +276,7 @@ public class OpenSSLLibrary {
 fipsModeActive = true;
 enterFipsMode = false;
 } else {
-if (usingProviders) {
+if (isOpenSSL3) {
 throw new 
IllegalStateException(sm.getString("openssllibrary.FIPSProviderNotDefault", 
FIPSMode));

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Konstantin Kolinko

ср, 18 окт. 2023 г. в 14:55, Mark Thomas :
>
> On 17/10/2023 16:36, Mark Thomas wrote:
>
> > It looks like Javadoc generation is different between Linux and Windows
> > with Java 21. That is still causing issues for the full-docs package for
> > Tomcat 11. I'm still looking into options for fixing that. Other than
> > that, I'm not seeing any reproducibility issues for those files.
>
> I've got as far as figuring out what is causing the problem.
>
> This commit
>
> https://github.com/openjdk/jdk/commit/e9f3e325c274f19b0f6eceea2367708e3be689e9
>
> causes the files from $JAVA_HOME/legal/jdk.javadoc to be added to the
> legal directory in the created javadoc. In Linux, some of those files
> are symlinks so the entire file gets copied whereas in Windows some of
> those files are text files that reference the symlink target.
>
> I am currently leaning towards writing an Ant task that will replace
> those "link" files on Windows with the target of the link. It will need
> to run after the Javadoc.

Maybe this will be fixed in JDK itself?

Essentially their fix for "8259530" (the commit that you referenced)
is incomplete on Windows,
and that is a legal issue.


BTW, Reviewing that commit, I see that there exists a command-line
option, "--legal-notices" that can be set to "none".

BTW, the files can be seen in apache-tomcat-11.0.0-M13-fulldocs.tar.gz
e.g. \tomcat-11.0-doc\api\legal\LICENSE is the following one nonsense line:

Please see ..\java.base\LICENSE

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Nicer error message when not using Java 22

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new ee11047fdd Nicer error message when not using Java 22
ee11047fdd is described below

commit ee11047fdd8a564973f777ded029d79af2316d5a
Author: remm 
AuthorDate: Wed Oct 18 16:08:00 2023 +0200

Nicer error message when not using Java 22
---
 .../tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java  | 8 
 .../apache/tomcat/util/net/openssl/panama/LocalStrings.properties | 1 +
 2 files changed, 9 insertions(+)

diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index dd43b456f2..2e92f01b74 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -24,6 +24,7 @@ import org.apache.catalina.Server;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.res.StringManager;
 
 
@@ -61,6 +62,10 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
 log.warn(sm.getString("listener.notServer",
 event.getLifecycle().getClass().getSimpleName()));
 }
+if (!JreCompat.isJre22Available()) {
+log.warn(sm.getString("openssllistener.java22"));
+return;
+}
 try {
 OpenSSLLibrary.init();
 } catch (Throwable t) {
@@ -79,6 +84,9 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
 }
 }
 if (initError || 
Lifecycle.AFTER_DESTROY_EVENT.equals(event.getType())) {
+if (!JreCompat.isJre22Available()) {
+return;
+}
 // Note: Without the listener, destroy will never be called (which 
is not a significant problem)
 try {
 OpenSSLLibrary.destroy();
diff --git 
a/modules/openssl-foreign/src/main/resources/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
 
b/modules/openssl-foreign/src/main/resources/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index f1bff0a31a..e3a4aebafa 100644
--- 
a/modules/openssl-foreign/src/main/resources/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ 
b/modules/openssl-foreign/src/main/resources/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -82,6 +82,7 @@ sessionContext.nullTicketKeys=Null keys
 
 openssllistener.destroy=Failed shutdown of OpenSSL
 openssllistener.initializeFIPSFailed=Failed to enter FIPS mode
+openssllistener.java22=Tomcat OpenSSL support requires the FFM API which is 
available in Java 22 and newer, tomcat-native should be used instead
 openssllistener.sslInit=Failed to initialize the SSLEngine.
 
 openssllibrary.ciphersFailure=Failed getting cipher list


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67675] Tomcat and/or Java do not read encrypted private keys with DES-EDE3-CBC generated by openssl-req(1)

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67675

--- Comment #6 from Christopher Schultz  ---
It looks like handling OID 1.2.840.113549.3.7 is something I was working on a
while back in my project on GitHub. When running this through my own code, I
get some debug output saying something about "Rainer's weird thing" which must
have been a PEM file from him that I was trying to decode.

This appears to be ANSI X9.52 which requires payment to get a copy of the
specification, but I've been picking my way through it. I have it parsing
everything correctly, but the decryption doesn't seem to be working as
expected. It succeeds but then produces garbage plaintext.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Use the proper API name

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 17ba45fee7 Use the proper API name
17ba45fee7 is described below

commit 17ba45fee737b7e8808f7577c31abf3d7268d627
Author: remm 
AuthorDate: Wed Oct 18 16:52:28 2023 +0200

Use the proper API name
---
 java/org/apache/coyote/http11/AbstractHttp11Protocol.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 77bd542d05..fe4380dbe2 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -725,7 +725,7 @@ public abstract class AbstractHttp11Protocol extends 
AbstractProtocol {
 }
 if (getSslImplementationName() != null &&
 
getSslImplementationName().endsWith(".panama.OpenSSLImplementation")) {
-return "opensslforeign";
+return "opensslffm";
 }
 return "jsse";
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated: Use the proper API name

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new b71f23cb09 Use the proper API name
b71f23cb09 is described below

commit b71f23cb09e65e941900aec4d94a8ee524dfbb9b
Author: remm 
AuthorDate: Wed Oct 18 16:53:41 2023 +0200

Use the proper API name
---
 java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
index 6f6fff40e8..2ea65972fd 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
@@ -39,7 +39,7 @@ public abstract class AbstractHttp11JsseProtocol extends 
AbstractHttp11Protoc
 }
 if (getSslImplementationName() != null &&
 
getSslImplementationName().endsWith(".panama.OpenSSLImplementation")) {
-return "opensslforeign";
+return "opensslffm";
 }
 return "jsse";
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Use the proper API name

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new e96a0ddc98 Use the proper API name
e96a0ddc98 is described below

commit e96a0ddc987231ad9349787e9519efdf2736ca7f
Author: remm 
AuthorDate: Wed Oct 18 16:53:41 2023 +0200

Use the proper API name
---
 java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
index 6f6fff40e8..2ea65972fd 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
@@ -39,7 +39,7 @@ public abstract class AbstractHttp11JsseProtocol extends 
AbstractHttp11Protoc
 }
 if (getSslImplementationName() != null &&
 
getSslImplementationName().endsWith(".panama.OpenSSLImplementation")) {
-return "opensslforeign";
+return "opensslffm";
 }
 return "jsse";
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Use the proper API name

2023-10-18 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new c104daa372 Use the proper API name
c104daa372 is described below

commit c104daa3722a3a68a1325169f2e460751ebbb35a
Author: remm 
AuthorDate: Wed Oct 18 16:53:41 2023 +0200

Use the proper API name
---
 java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
index 6f6fff40e8..2ea65972fd 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
@@ -39,7 +39,7 @@ public abstract class AbstractHttp11JsseProtocol extends 
AbstractHttp11Protoc
 }
 if (getSslImplementationName() != null &&
 
getSslImplementationName().endsWith(".panama.OpenSSLImplementation")) {
-return "opensslforeign";
+return "opensslffm";
 }
 return "jsse";
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Mark Thomas


On 18/10/2023 15:06, Konstantin Kolinko wrote:

ср, 18 окт. 2023 г. в 14:55, Mark Thomas :


On 17/10/2023 16:36, Mark Thomas wrote:


It looks like Javadoc generation is different between Linux and Windows
with Java 21. That is still causing issues for the full-docs package for
Tomcat 11. I'm still looking into options for fixing that. Other than
that, I'm not seeing any reproducibility issues for those files.


I've got as far as figuring out what is causing the problem.

This commit

https://github.com/openjdk/jdk/commit/e9f3e325c274f19b0f6eceea2367708e3be689e9

causes the files from $JAVA_HOME/legal/jdk.javadoc to be added to the
legal directory in the created javadoc. In Linux, some of those files
are symlinks so the entire file gets copied whereas in Windows some of
those files are text files that reference the symlink target.

I am currently leaning towards writing an Ant task that will replace
those "link" files on Windows with the target of the link. It will need
to run after the Javadoc.


Maybe this will be fixed in JDK itself?


It looks like it should be.


Essentially their fix for "8259530" (the commit that you referenced)
is incomplete on Windows,
and that is a legal issue.


+1


BTW, Reviewing that commit, I see that there exists a command-line
option, "--legal-notices" that can be set to "none".

BTW, the files can be seen in apache-tomcat-11.0.0-M13-fulldocs.tar.gz
e.g. \tomcat-11.0-doc\api\legal\LICENSE is the following one nonsense line:

 Please see ..\java.base\LICENSE


So, do we try and fix this to get back to completely reproducible builds 
or do we accept that the full-docs package isn't reproducible until this 
bug gets fixed?


Given this is just the full-docs, I'm leaning towards raising an OpenJDK 
bug and accepting that the full-docs package won;t be 100% reproducible 
at the moment.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot cancelled in on tomcat-8.5.x

2023-10-18 Thread buildbot

Build status: Build was cancelled
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/36/builds/653
Blamelist: remm 
Build Text: Snapshot deployed to ASF Maven snapshot repository (cancelled)
Status Detected: cancelled build
Build Source Stamp: [branch 8.5.x] c104daa3722a3a68a1325169f2e460751ebbb35a


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 6


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Add JSON stats to the status servlet

2023-10-18 Thread Michael Osipov

On 2023/10/17 13:58:06 r...@apache.org wrote:
> @@ -51,6 +52,8 @@ public class StatusTransformer {
>  response.setContentType("text/html;charset=" + 
> Constants.CHARSET);
>  } else if (mode == 1) {
>  response.setContentType("text/xml;charset=" + Constants.CHARSET);
> +} else if (mode == 2) {
> +response.setContentType("application/json");

This is brittle. Remember that JSON is always UTF-8, nothing else, but you 
haven't set that in the reponse object. Therefore, the writer is set to 
ISO-8859-1. I don't know whether anything of the MBeans could contain any 
multibyte characters.

>  }
>  }

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostCon… [tomcat-native]

2023-10-18 Thread via GitHub



michael-o commented on PR #20:
URL: https://github.com/apache/tomcat-native/pull/20#issuecomment-1769102946

   Closing as described in 
https://github.com/apache/tomcat/pull/672#issuecomment-1769101843.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostCon… [tomcat-native]

2023-10-18 Thread via GitHub



michael-o closed pull request #20: BZ 66670: Add 
SSLHostConfig#certificateKeyPasswordFile and SSLHostCon…
URL: https://github.com/apache/tomcat-native/pull/20


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile [tomcat]

2023-10-18 Thread via GitHub



michael-o commented on PR #672:
URL: https://github.com/apache/tomcat/pull/672#issuecomment-1769101843

   Guys, I have now changed the code by reading the password file for OpenSSL 
in Java, instead of C. Please have a look again.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Add JSON stats to the status servlet

2023-10-18 Thread Rémy Maucherat

On Wed, Oct 18, 2023 at 8:23 PM Michael Osipov  wrote:
>
> On 2023/10/17 13:58:06 r...@apache.org wrote:
> > @@ -51,6 +52,8 @@ public class StatusTransformer {
> >  response.setContentType("text/html;charset=" + 
> > Constants.CHARSET);
> >  } else if (mode == 1) {
> >  response.setContentType("text/xml;charset=" + 
> > Constants.CHARSET);
> > +} else if (mode == 2) {
> > +response.setContentType("application/json");
>
> This is brittle. Remember that JSON is always UTF-8, nothing else, but you 
> haven't set that in the reponse object. Therefore, the writer is set to 
> ISO-8859-1. I don't know whether anything of the MBeans could contain any 
> multibyte characters.

Ok, sure, I'll likely add it, but there should not be anything too wild.

Rémy

> >  }
> >  }
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Mark Thomas


On 18/10/2023 16:43, Mark Thomas wrote:

On 18/10/2023 15:06, Konstantin Kolinko wrote:

ср, 18 окт. 2023 г. в 14:55, Mark Thomas :


On 17/10/2023 16:36, Mark Thomas wrote:


It looks like Javadoc generation is different between Linux and Windows
with Java 21. That is still causing issues for the full-docs package 
for

Tomcat 11. I'm still looking into options for fixing that. Other than
that, I'm not seeing any reproducibility issues for those files.


I've got as far as figuring out what is causing the problem.

This commit

https://github.com/openjdk/jdk/commit/e9f3e325c274f19b0f6eceea2367708e3be689e9

causes the files from $JAVA_HOME/legal/jdk.javadoc to be added to the
legal directory in the created javadoc. In Linux, some of those files
are symlinks so the entire file gets copied whereas in Windows some of
those files are text files that reference the symlink target.

I am currently leaning towards writing an Ant task that will replace
those "link" files on Windows with the target of the link. It will need
to run after the Javadoc.


Maybe this will be fixed in JDK itself?


It looks like it should be.


Essentially their fix for "8259530" (the commit that you referenced)
is incomplete on Windows,
and that is a legal issue.


+1


BTW, Reviewing that commit, I see that there exists a command-line
option, "--legal-notices" that can be set to "none".

BTW, the files can be seen in apache-tomcat-11.0.0-M13-fulldocs.tar.gz
e.g. \tomcat-11.0-doc\api\legal\LICENSE is the following one nonsense 
line:


 Please see ..\java.base\LICENSE


So, do we try and fix this to get back to completely reproducible builds 
or do we accept that the full-docs package isn't reproducible until this 
bug gets fixed?


Given this is just the full-docs, I'm leaning towards raising an OpenJDK 
bug and accepting that the full-docs package won;t be 100% reproducible 
at the moment.


https://bugs.openjdk.org/browse/JDK-8318469

I'm not currently planning to fix this for Tomcat. I think it will only 
effect Tomcat 11 at the moment although it looks like the partial fix is 
going to be back-ported to Java 11 so we'll see likely see this issue 
for all versions eventually.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67818] New: SSLContext#setVerify() silently sets undocumented default verify paths

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67818

Bug ID: 67818
   Summary: SSLContext#setVerify() silently sets undocumented
default verify paths
   Product: Tomcat Native
   Version: 2.0.6
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Library
  Assignee: dev@tomcat.apache.org
  Reporter: micha...@apache.org
  Target Milestone: ---

Note: This applies to 2.0.x and 1.2.x

Consider the following Connector (any Tomcat version):
>  maxParameterCount="1000"
>   maxHttpHeaderSize="24576" maxThreads="250"
>   SSLEnabled="true" scheme="https" secure="true"
>   defaultSSLHostConfigName="deblndw024v.ad001.siemens.net">
>protocols="TLSv1.2+TLSv1.3"
>   honorCipherOrder="true" disableSessionTickets="true"
>   certificateVerification="optional" 
> certificateVerificationDepth="5"
>   
> ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384">
>certificateFile="/opt/openssl/deblndw024v.ad001.siemens.net/cert.crt"
>   
> certificateKeyFile="/opt/openssl/deblndw024v.ad001.siemens.net/key.crt"
>   
> certificateKeyPasswordFile="/opt/openssl/deblndw024v.ad001.siemens.net/password"
>  type="RSA" />
>   
>value="/opt/openssl/siemens-medium+strong-clientcert-cacerts.crt" />
>   
>   
>   
> 

Conditions:
* The certificate file does not contain a chain of the issuers
* SSLCertificateChainFile (mod_ssl) or certificateChainFile (Tomcat) is not set
* Neither SSLCACertificatePath/SSLCACertificateFile (mod_ssl) or
caCertificateFile/caCertificatePath (Tomcat) is not set

According then to my understanding Tomcat should construct any chain for the
peer to verify the server certificate, nor when the server requests for for a
client certificate would it be able to verify the client certificate chain.

Now let's probe the server:
> $ openssl s_client -connect deblndw024v:18444 -no-CApath -no-CAfile
> CONNECTED(0004)
> Can't use SSL_get_servername
> depth=2 C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = 
> ZZA1, OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
> verify error:num=19:self signed certificate in certificate chain
> verify return:1
> depth=2 C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = 
> ZZA1, OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
> verify return:1
> depth=1 C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = 
> ZZE7, CN = Siemens Issuing CA Intranet Server 2022
> verify return:1
> depth=0 C = DE, O = Siemens, OU = SMD HVM DW, CN = 
> deblndw024v.ad001.siemens.net
> verify return:1
> ---
> Certificate chain
>  0 s:C = DE, O = Siemens, OU = SMD HVM DW, CN = deblndw024v.ad001.siemens.net
>i:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZE7, 
> CN = Siemens Issuing CA Intranet Server 2022
>  1 s:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZE7, 
> CN = Siemens Issuing CA Intranet Server 2022
>i:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZA1, 
> OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
>  2 s:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZA1, 
> OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
>i:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZA1, 
> OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
> ---
> Server certificate
> -BEGIN CERTIFICATE-
> MIIIvjCCBqagAwIBAgIUFZyE3zc5lFsDVaFS9w2zaDea4mYwDQYJKoZIhvcNAQEL
> ...
> tiR7NMIYlOYgW/cUNFfwJUJk8D0L92oKlmT6JAfDN+rahjtOTUXXw3MD7uZ58+6T
> aYp+izk9yY90cqgrdGe82vv4kx2xkEozgvYlW2GyKg1Fhh9GYu64xn0ny4M5jE0N
> eFdmSs7MqQZBF6HSlucSXbkVV3zvoltvILbWXrMVYldJGA==
> -END CERTIFICATE-
> subject=C = DE, O = Siemens, OU = SMD HVM DW, CN = 
> deblndw024v.ad001.siemens.net
> 
> issuer=C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = 
> ZZE7, CN = Siemens Issuing CA Intranet Server 2022
> 
> ---
> Acceptable client certificate CA names
> C = DE, ST = Bayern, O = Siemens, serialNumber = ZZD2, CN = Siemens 
> Issuing CA EE Auth 2021
> C = DE, ST = Bayern, O = Siemens, serialNumber = ZZDD, CN = Siemens 
> Issuing CA EE Network Smartcard Auth 2021
> C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZB2, OU = 
> Siemens Trust Center, CN = Siemens Issuing CA EE Auth 2020
> C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZBD, OU = 
> Siemens Trust Center, CN = Siemens Issuing CA EE Network Smartcard Auth 2020
> C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZB6, OU = 
> Siemens Trust Center, CN = Siemens Issuing CA Medium Strength Authentication 
> 2020
> C = DE, ST = Bayern, O =

[Bug 67818] SSLContext#setVerify() silently sets undocumented default verify paths

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67818

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67818] SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67818

Michael Osipov  changed:

   What|Removed |Added

Summary|SSLContext#setVerify()  |SSL#setVerify()/SSLContext#
   |silently sets undocumented  |setVerify() silently set
   |default verify paths|undocumented default verify
   ||paths

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67818] SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths

2023-10-18 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=67818

--- Comment #1 from Michael Osipov  ---
Tested the patch locally with my smartcard and Edge properly says:
Die Verbindung mit dieser Website ist nicht
sicher.deblndw024v.ad001.siemens.net hat ihr Anmeldezertifikat nicht
akzeptiert, oder es wurde kein Anmeldezertifikat bereitgestellt.
Wenden Sie sich an Ihre Organisation.
ERR_BAD_SSL_CLIENT_AUTH_CERT

Rough translation: deblndw024v.ad001.siemens.net did not accept your
certificate.

Now lets add caCertificatePath="/opt/openssl/certs" and retry:
2023-10-18T22:39:55.656 [https-openssl-apr-18444-exec-2] 139.21.146.171
osipo...@ad001.siemens.net "GET /manager/html HTTP/1.1" 200 13596 1197

So OpenSSL did accept my certificate which is issued by one of the accepted CA
which is provided by RequestCAFile.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[PR] BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocum… [tomcat-native]

2023-10-18 Thread via GitHub



michael-o opened a new pull request, #22:
URL: https://github.com/apache/tomcat-native/pull/22

   …ented default verify paths


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated (17ba45fee7 -> 79a0f7e9dd)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 17ba45fee7 Use the proper API name
 new 2a7c019510 Fail faster if a file does not exist.
 new 79a0f7e9dd Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../digester/ServiceBindingPropertySource.java | 38 +-
 1 file changed, 37 insertions(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Add a "chomp" capability to optionally remove a trailing newline from a file-based value.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 79a0f7e9ddf9733bbb5a43c525703731436b74db
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:50 2023 -0400

Add a "chomp" capability to optionally remove a trailing newline from a 
file-based value.
---
 .../digester/ServiceBindingPropertySource.java | 33 +-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index 1ae9528609..89617c9cfb 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -39,6 +39,7 @@ import org.apache.tomcat.util.IntrospectionUtils;
  */keyFile
  */file
  */chainFile
+ */keyPassword
  * 
  * 
  *   {@code
@@ -46,10 +47,19 @@ import org.apache.tomcat.util.IntrospectionUtils;
  *   
  *  }
  * 
  *
+ * 
+ *   The optional chomp: prefix will cause the 
ServiceBindingPropertySource
+ *   to trim a single newline (\r\n, \r, or 
\n)
+ *   from the end of the file, if it exists. This is a convenience for 
hand-edited
+ *   files/values where removing a trailing newline is difficult, and trailing
+ *   whitespace changes the meaning of the value.
+ * 
+ *
  * How to configure:
  * 
  * {@code
@@ -82,6 +92,12 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.Property
 return null;
 }
 
+boolean chomp = false;
+if (key.startsWith("chomp:")) {
+chomp = true;
+key = key.substring(6); // Remove the "chomp:" prefix
+}
+
 // we expect the keys to be in the format 
$SERVICE_BINDING_ROOT//
 String[] parts = key.split("\\.");
 if (parts.length != 2) {
@@ -95,7 +111,22 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.Property
 }
 
 try {
-return new String(Files.readAllBytes(path));
+byte[] bytes = Files.readAllBytes(path);
+
+int length = bytes.length;
+
+if (chomp) {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length - 
2] == '\n') {
+length -= 2;
+} else if (length > 0) {
+byte c = bytes[length - 1];
+if (c == '\r' || c == '\n') {
+length -= 1;
+}
+}
+}
+
+return new String(bytes, 0, length);
 } catch (IOException e) {
 return null;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Fail faster if a file does not exist.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2a7c0195108664779d52c0155b9444776e40fe3c
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:05 2023 -0400

Fail faster if a file does not exist.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index fb332bd8b2..1ae9528609 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -89,6 +89,11 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.Property
 }
 
 Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]);
+
+if (!path.toFile().exists()) {
+return null;
+}
+
 try {
 return new String(Files.readAllBytes(path));
 } catch (IOException e) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Add a "chomp" capability to optionally remove a trailing newline from a file-based value.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 625037b3618f8f754386be24ef16775e3103845a
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:50 2023 -0400

Add a "chomp" capability to optionally remove a trailing newline from a 
file-based value.
---
 .../digester/ServiceBindingPropertySource.java | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index fd882fcf63..a96e5d8285 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -42,6 +42,7 @@ import org.apache.tomcat.util.security.PermissionCheck;
  */keyFile
  */file
  */chainFile
+ */keyPassword
  * 
  * 
  *   {@code
@@ -49,10 +50,19 @@ import org.apache.tomcat.util.security.PermissionCheck;
  *   
  *  }
  * 
  *
+ * 
+ *   The optional chomp: prefix will cause the 
ServiceBindingPropertySource
+ *   to trim a single newline (\r\n, \r, or 
\n)
+ *   from the end of the file, if it exists. This is a convenience for 
hand-edited
+ *   files/values where removing a trailing newline is difficult, and trailing
+ *   whitespace changes the meaning of the value.
+ * 
+ *
  * How to configure:
  * 
  * {@code
@@ -98,6 +108,12 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 
+boolean chomp = false;
+if (key.startsWith("chomp:")) {
+chomp = true;
+key = key.substring(6); // Remove the "chomp:" prefix
+}
+
 // we expect the keys to be in the format 
$SERVICE_BINDING_ROOT//
 String[] parts = key.split("\\.");
 if (parts.length != 2) {
@@ -117,7 +133,23 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 }
-return new String(Files.readAllBytes(path));
+
+byte[] bytes = Files.readAllBytes(path);
+
+int length = bytes.length;
+
+if (chomp) {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length - 
2] == '\n') {
+length -= 2;
+} else if (length > 0) {
+byte c = bytes[length - 1];
+if (c == '\r' || c == '\n') {
+length -= 1;
+}
+}
+}
+
+return new String(bytes, 0, length);
 } catch (IOException e) {
 return null;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated (b71f23cb09 -> 625037b361)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from b71f23cb09 Use the proper API name
 new 68626e4319 Fail faster if a file does not exist.
 new 625037b361 Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../digester/ServiceBindingPropertySource.java | 39 +-
 1 file changed, 38 insertions(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Fail faster if a file does not exist.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 68626e431940e37eb28dea1b339aeb9fddaca517
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:05 2023 -0400

Fail faster if a file does not exist.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index c6b7b6ae12..fd882fcf63 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -105,6 +105,11 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 }
 
 Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]);
+
+if (!path.toFile().exists()) {
+return null;
+}
+
 try {
 if (classLoader instanceof PermissionCheck) {
 Permission p = new FilePermission(path.toString(), "read");


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (e96a0ddc98 -> 7bc57d0d66)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from e96a0ddc98 Use the proper API name
 new 3fed5bba41 Fail faster if a file does not exist.
 new 7bc57d0d66 Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../digester/ServiceBindingPropertySource.java | 39 +-
 1 file changed, 38 insertions(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Add a "chomp" capability to optionally remove a trailing newline from a file-based value.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7bc57d0d66ee7972a2419ace8346de40cb1a2811
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:50 2023 -0400

Add a "chomp" capability to optionally remove a trailing newline from a 
file-based value.
---
 .../digester/ServiceBindingPropertySource.java | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index fd882fcf63..a96e5d8285 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -42,6 +42,7 @@ import org.apache.tomcat.util.security.PermissionCheck;
  */keyFile
  */file
  */chainFile
+ */keyPassword
  * 
  * 
  *   {@code
@@ -49,10 +50,19 @@ import org.apache.tomcat.util.security.PermissionCheck;
  *   
  *  }
  * 
  *
+ * 
+ *   The optional chomp: prefix will cause the 
ServiceBindingPropertySource
+ *   to trim a single newline (\r\n, \r, or 
\n)
+ *   from the end of the file, if it exists. This is a convenience for 
hand-edited
+ *   files/values where removing a trailing newline is difficult, and trailing
+ *   whitespace changes the meaning of the value.
+ * 
+ *
  * How to configure:
  * 
  * {@code
@@ -98,6 +108,12 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 
+boolean chomp = false;
+if (key.startsWith("chomp:")) {
+chomp = true;
+key = key.substring(6); // Remove the "chomp:" prefix
+}
+
 // we expect the keys to be in the format 
$SERVICE_BINDING_ROOT//
 String[] parts = key.split("\\.");
 if (parts.length != 2) {
@@ -117,7 +133,23 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 }
-return new String(Files.readAllBytes(path));
+
+byte[] bytes = Files.readAllBytes(path);
+
+int length = bytes.length;
+
+if (chomp) {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length - 
2] == '\n') {
+length -= 2;
+} else if (length > 0) {
+byte c = bytes[length - 1];
+if (c == '\r' || c == '\n') {
+length -= 1;
+}
+}
+}
+
+return new String(bytes, 0, length);
 } catch (IOException e) {
 return null;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Fail faster if a file does not exist.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 3fed5bba4196f8ee5c26b3a1a8b930bd58b17aad
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:05 2023 -0400

Fail faster if a file does not exist.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index c6b7b6ae12..fd882fcf63 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -105,6 +105,11 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 }
 
 Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]);
+
+if (!path.toFile().exists()) {
+return null;
+}
+
 try {
 if (classLoader instanceof PermissionCheck) {
 Permission p = new FilePermission(path.toString(), "read");


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated (79a0f7e9dd -> 9877bcf698)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 79a0f7e9dd Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.
 new de290ec723 Add changelog entry.
 new 9877bcf698 Attribution

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Attribution

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9877bcf698327536ca475ff96bb665675f829918
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:40:23 2023 -0400

Attribution
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d30a4d785e..95fcb7f376 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,7 @@
   
   
 Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
-from a file containing a property-value.
+from a file containing a property-value. (schultz)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated (625037b361 -> 608d0c0c16)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 625037b361 Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.
 new b457f24103 Add changelog entry.
 new 608d0c0c16 Attribution

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add changelog entry.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b457f241030814b72fef2343c0c4ec4924185918
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:39:51 2023 -0400

Add changelog entry.
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5ef44b4c93..1d2672039d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -116,6 +116,10 @@
 statistics as JSON, using the JSON=true URL parameter.
 (remm)
   
+  
+Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
+from a file containing a property-value.
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add changelog entry.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit de290ec723d1c559dfab05bb2d40eafd30096253
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:39:51 2023 -0400

Add changelog entry.
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 69cc6ad255..d30a4d785e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -116,6 +116,10 @@
 statistics as JSON, using the JSON=true URL parameter.
 (remm)
   
+  
+Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
+from a file containing a property-value.
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add changelog entry.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0d8776c18c0927db8e392413966685f16c7bf72a
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:39:51 2023 -0400

Add changelog entry.
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 81b626540e..4145ce49cc 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -116,6 +116,10 @@
 statistics as JSON, using the JSON=true URL parameter.
 (remm)
   
+  
+Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
+from a file containing a property-value.
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Attribution

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 6b7d4ba0a7ff595460270db3f48442db82c3db47
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:40:23 2023 -0400

Attribution
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4145ce49cc..0075fdbcd4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,7 @@
   
   
 Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
-from a file containing a property-value.
+from a file containing a property-value. (schultz)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (7bc57d0d66 -> 6b7d4ba0a7)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 7bc57d0d66 Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.
 new 0d8776c18c Add changelog entry.
 new 6b7d4ba0a7 Attribution

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Attribution

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 608d0c0c16d79d89949206fba227c6cf8d52a488
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:40:23 2023 -0400

Attribution
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1d2672039d..6d765bbe91 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,7 @@
   
   
 Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
-from a file containing a property-value.
+from a file containing a property-value. (schultz)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (c104daa372 -> a1b54130f2)

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from c104daa372 Use the proper API name
 new a76a6d5368 Add changelog entry.
 new 356db9f871 Attribution
 new 9763186dbe Fail faster if a file does not exist.
 new a1b54130f2 Add a "chomp" capability to optionally remove a trailing 
newline from a file-based value.

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../digester/ServiceBindingPropertySource.java | 39 +-
 webapps/docs/changelog.xml |  4 +++
 2 files changed, 42 insertions(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/04: Add a "chomp" capability to optionally remove a trailing newline from a file-based value.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a1b54130f240c5daf68518d2682d636d6efde2ed
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:50 2023 -0400

Add a "chomp" capability to optionally remove a trailing newline from a 
file-based value.
---
 .../digester/ServiceBindingPropertySource.java | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index fd882fcf63..a96e5d8285 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -42,6 +42,7 @@ import org.apache.tomcat.util.security.PermissionCheck;
  */keyFile
  */file
  */chainFile
+ */keyPassword
  * 
  * 
  *   {@code
@@ -49,10 +50,19 @@ import org.apache.tomcat.util.security.PermissionCheck;
  *   
  *  }
  * 
  *
+ * 
+ *   The optional chomp: prefix will cause the 
ServiceBindingPropertySource
+ *   to trim a single newline (\r\n, \r, or 
\n)
+ *   from the end of the file, if it exists. This is a convenience for 
hand-edited
+ *   files/values where removing a trailing newline is difficult, and trailing
+ *   whitespace changes the meaning of the value.
+ * 
+ *
  * How to configure:
  * 
  * {@code
@@ -98,6 +108,12 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 
+boolean chomp = false;
+if (key.startsWith("chomp:")) {
+chomp = true;
+key = key.substring(6); // Remove the "chomp:" prefix
+}
+
 // we expect the keys to be in the format 
$SERVICE_BINDING_ROOT//
 String[] parts = key.split("\\.");
 if (parts.length != 2) {
@@ -117,7 +133,23 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 return null;
 }
 }
-return new String(Files.readAllBytes(path));
+
+byte[] bytes = Files.readAllBytes(path);
+
+int length = bytes.length;
+
+if (chomp) {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length - 
2] == '\n') {
+length -= 2;
+} else if (length > 0) {
+byte c = bytes[length - 1];
+if (c == '\r' || c == '\n') {
+length -= 1;
+}
+}
+}
+
+return new String(bytes, 0, length);
 } catch (IOException e) {
 return null;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/04: Attribution

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 356db9f871c2bd6928b7a9627ca4052b8fb559b9
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:40:23 2023 -0400

Attribution
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e524b92f5b..04a45d6980 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,7 @@
   
   
 Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
-from a file containing a property-value.
+from a file containing a property-value. (schultz)
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/04: Fail faster if a file does not exist.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9763186dbeea80d58842f8eaac7b2b2660bc7420
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:31:05 2023 -0400

Fail faster if a file does not exist.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index c6b7b6ae12..fd882fcf63 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -105,6 +105,11 @@ public class ServiceBindingPropertySource implements 
IntrospectionUtils.SecurePr
 }
 
 Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]);
+
+if (!path.toFile().exists()) {
+return null;
+}
+
 try {
 if (classLoader instanceof PermissionCheck) {
 Permission p = new FilePermission(path.toString(), "read");


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/04: Add changelog entry.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a76a6d536877fc1e18c64fa07628fc31851829bf
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 21:39:51 2023 -0400

Add changelog entry.
---
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fe075b3259..e524b92f5b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -116,6 +116,10 @@
 statistics as JSON, using the JSON=true URL parameter.
 (remm)
   
+  
+Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
+from a file containing a property-value.
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Use a better "move" method.

2023-10-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 7d301f5f9a Use a better "move" method.
7d301f5f9a is described below

commit 7d301f5f9aa1ac7c8d82336594cef2fd0702d0e4
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 22:08:42 2023 -0400

Use a better "move" method.
---
 java/org/apache/catalina/ha/deploy/FarmWarDeployer.java | 9 +
 webapps/docs/changelog.xml  | 5 +
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java 
b/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
index 1fb548314a..16e821c282 100644
--- a/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
+++ b/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
@@ -19,6 +19,7 @@ package org.apache.catalina.ha.deploy;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.HashMap;
 
 import javax.management.MBeanServer;
@@ -224,10 +225,10 @@ public class FarmWarDeployer extends ClusterListener 
implements ClusterDeployer,
 if (tryAddServiced(contextName)) {
 try {
 remove(contextName);
-if (!factory.getFile().renameTo(deployable)) {
-log.error(
-
sm.getString("farmWarDeployer.renameFail", factory.getFile(), deployable));
-}
+
+Files.move(factory.getFile().toPath(), 
deployable.toPath());
+} catch (IOException ioe) {
+
log.error(sm.getString("farmWarDeployer.renameFail", factory.getFile(), 
deployable), ioe);
 } finally {
 removeServiced(contextName);
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 95fcb7f376..eb1a0aad09 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,11 @@
 Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
 from a file containing a property-value. (schultz)
   
+  
+Use Files.move instead of File.renameTo in the FarmWebDeployer to
+support a broader range of environments, and to give better information
+in the event of a failure. (schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Christopher Schultz


Mark,

On 10/18/23 11:43, Mark Thomas wrote:

On 18/10/2023 15:06, Konstantin Kolinko wrote:

ср, 18 окт. 2023 г. в 14:55, Mark Thomas :


On 17/10/2023 16:36, Mark Thomas wrote:


It looks like Javadoc generation is different between Linux and Windows
with Java 21. That is still causing issues for the full-docs package 
for

Tomcat 11. I'm still looking into options for fixing that. Other than
that, I'm not seeing any reproducibility issues for those files.


I've got as far as figuring out what is causing the problem.

This commit

https://github.com/openjdk/jdk/commit/e9f3e325c274f19b0f6eceea2367708e3be689e9

causes the files from $JAVA_HOME/legal/jdk.javadoc to be added to the
legal directory in the created javadoc. In Linux, some of those files
are symlinks so the entire file gets copied whereas in Windows some of
those files are text files that reference the symlink target.

I am currently leaning towards writing an Ant task that will replace
those "link" files on Windows with the target of the link. It will need
to run after the Javadoc.


Maybe this will be fixed in JDK itself?


It looks like it should be.


Essentially their fix for "8259530" (the commit that you referenced)
is incomplete on Windows,
and that is a legal issue.


+1


BTW, Reviewing that commit, I see that there exists a command-line
option, "--legal-notices" that can be set to "none".

BTW, the files can be seen in apache-tomcat-11.0.0-M13-fulldocs.tar.gz
e.g. \tomcat-11.0-doc\api\legal\LICENSE is the following one nonsense 
line:


 Please see ..\java.base\LICENSE


So, do we try and fix this to get back to completely reproducible builds 
or do we accept that the full-docs package isn't reproducible until this 
bug gets fixed?


Given this is just the full-docs, I'm leaning towards raising an OpenJDK 
bug and accepting that the full-docs package won;t be 100% reproducible 
at the moment.


+1

In the "verify-release" ant target, I'm already ignoring the fulldocs 
artifact, though I am /checking/ it before ignoring the result.


But Mark, if you missed my message from the 13th, you'll see that the 
problem is I'm running a slightly different version of Java than you 
are, and the exact spelling of the version string is causing the problem 
-- mostly in MANIFEST.MF files because the whole JRE's version string is 
present in there and not just the version number.


A recent commit of mine adds the release version number (only) to the 
build.properties.release file so it can be checked for a match in 
verify-release. I wonder if we should check the full version string to 
ensure the verifier and releaser are using the exact same versions. 
That's really the only way to prevent someone from attempting to verify 
a release and claiming it's not reproducible for not-relevant reasons.


And I'd very much like to make it next-to-trivial for anyone to verify a 
release build.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Use a better "move" method.

2023-10-18 Thread Christopher Schultz


All,

I've had this sitting around in a stash for ages; just finally applied 
it, now.


If there are no objections, I'll back-port this to the other branches. 
java.nio.file.Files.move() was added in Java 7 so it should be available 
in all currently-supported environments.


-chris

On 10/18/23 22:09, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 7d301f5f9a Use a better "move" method.
7d301f5f9a is described below

commit 7d301f5f9aa1ac7c8d82336594cef2fd0702d0e4
Author: Christopher Schultz 
AuthorDate: Wed Oct 18 22:08:42 2023 -0400

 Use a better "move" method.
---
  java/org/apache/catalina/ha/deploy/FarmWarDeployer.java | 9 +
  webapps/docs/changelog.xml  | 5 +
  2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java 
b/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
index 1fb548314a..16e821c282 100644
--- a/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
+++ b/java/org/apache/catalina/ha/deploy/FarmWarDeployer.java
@@ -19,6 +19,7 @@ package org.apache.catalina.ha.deploy;
  import java.io.File;
  import java.io.FileNotFoundException;
  import java.io.IOException;
+import java.nio.file.Files;
  import java.util.HashMap;
  
  import javax.management.MBeanServer;

@@ -224,10 +225,10 @@ public class FarmWarDeployer extends ClusterListener 
implements ClusterDeployer,
  if (tryAddServiced(contextName)) {
  try {
  remove(contextName);
-if (!factory.getFile().renameTo(deployable)) {
-log.error(
-
sm.getString("farmWarDeployer.renameFail", factory.getFile(), deployable));
-}
+
+Files.move(factory.getFile().toPath(), 
deployable.toPath());
+} catch (IOException ioe) {
+
log.error(sm.getString("farmWarDeployer.renameFail", factory.getFile(), 
deployable), ioe);
  } finally {
  removeServiced(contextName);
  }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 95fcb7f376..eb1a0aad09 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,11 @@
  Optionally allow ServiceBindingPropertySource to trim a trailing 
newline
  from a file containing a property-value. (schultz)

+  
+Use Files.move instead of File.renameTo in the FarmWebDeployer to
+support a broader range of environments, and to give better information
+in the event of a failure. (schultz)
+  
  




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-8.5.x

2023-10-18 Thread buildbot

Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/36/builds/654
Blamelist: Christopher Schultz , remm 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 8.5.x] a1b54130f240c5daf68518d2682d636d6efde2ed


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Which release artifact should we expect to be reproducible?

2023-10-18 Thread Emmanuel Bourg


Le 19/10/2023 à 04:17, Christopher Schultz a écrit :

But Mark, if you missed my message from the 13th, you'll see that the 
problem is I'm running a slightly different version of Java than you 
are, and the exact spelling of the version string is causing the problem 
-- mostly in MANIFEST.MF files because the whole JRE's version string is 
present in there and not just the version number.


I think the Created-By field should be removed. I've got a quick look at 
the 11.0.0-M13 release and the manifests in tomcat-*.jar don't have it. 
I've found it only in bootstrap.jar and in the external dependencies.


Emmanuel Bourg


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Reinstantiate an updated patch for OpenSSL 1.1.1 on Windows [tomcat-native]

2023-10-18 Thread via GitHub



michael-o commented on PR #21:
URL: https://github.com/apache/tomcat-native/pull/21#issuecomment-1770165905

   Closing this and will leave the branch for some time.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Reinstantiate an updated patch for OpenSSL 1.1.1 on Windows [tomcat-native]

2023-10-18 Thread via GitHub



michael-o closed pull request #21: Reinstantiate an updated patch for OpenSSL 
1.1.1 on Windows
URL: https://github.com/apache/tomcat-native/pull/21


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

54 matches

Mail list logo