[qpid-broker-j] branch main updated: QPID-8597: [Broker-J] SNI hostname handling for java 11/17 compatibility (#135)

Tue, 26 Jul 2022 03:02:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

vavrtom pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git


The following commit(s) were added to refs/heads/main by this push:
     new 802ddfa14d QPID-8597: [Broker-J] SNI hostname handling for java 11/17 
compatibility (#135)
802ddfa14d is described below

commit 802ddfa14d5e88781bf52a6528368ea35178d166
Author: Daniil Kirilyuk <[email protected]>
AuthorDate: Tue Jul 26 12:02:13 2022 +0200

    QPID-8597: [Broker-J] SNI hostname handling for java 11/17 compatibility 
(#135)
---
 .../apache/qpid/server/model/port/AmqpPort.java    |  6 ++++
 .../org/apache/qpid/server/transport/SNITest.java  | 14 +++++++-
 .../org/apache/qpid/test/utils/JvmVersion.java     | 41 ++++++++++++++++++++++
 3 files changed, 60 insertions(+), 1 deletion(-)

diff --git 
a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java 
b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
index 7fcb110bea..98aadbad04 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
@@ -82,6 +82,12 @@ public interface AmqpPort<X extends AmqpPort<X>> extends 
Port<X>
 
     String PORT_IGNORE_INVALID_SNI = "qpid.port.amqp.ignoreInvalidSni";
 
+    /**
+     * In Java 17 logic SNI hostname validation became stricter and this flag 
will not help with the syntax errors
+     * in SNI hostnames provided by client. They will result in 
SSLPeerUnverifiedException thrown by SSLEngine.
+     * Therefore, usage of this flag is discouraged. It may be deleted in one 
of the future broker releases.
+     */
+    @Deprecated
     @SuppressWarnings("unused")
     @ManagedContextDefault(name = PORT_IGNORE_INVALID_SNI)
     boolean DEFAULT_PORT_IGNORE_INVALID_SNI = false;
diff --git 
a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java 
b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
index f9c8eac01c..26b50569e7 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
@@ -20,7 +20,11 @@
 
 package org.apache.qpid.server.transport;
 
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.number.OrderingComparison.greaterThanOrEqualTo;
+import static org.hamcrest.number.OrderingComparison.lessThan;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assume.assumeThat;
 
 import java.io.File;
 import java.net.InetSocketAddress;
@@ -65,6 +69,7 @@ import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.security.FileKeyStore;
 import 
org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
 import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
+import org.apache.qpid.test.utils.JvmVersion;
 import org.apache.qpid.test.utils.TestFileUtils;
 import org.apache.qpid.test.utils.UnitTestBase;
 import org.apache.qpid.test.utils.tls.AltNameType;
@@ -169,9 +174,16 @@ public class SNITest extends UnitTestBase
     @Test
     public void testBypassInvalidSniHostname() throws Exception
     {
-        performTest(false, "foovalid", "_foo", _fooValid,true);
+        assumeThat(JvmVersion.getVersion(), is(lessThan(17)));
+        performTest(false, "foovalid", "_foo", _fooValid, true);
     }
 
+    @Test(expected = SSLPeerUnverifiedException.class)
+    public void testBypassInvalidSniHostnameWithJava17() throws Exception
+    {
+        assumeThat(JvmVersion.getVersion(), is(greaterThanOrEqualTo(17)));
+        performTest(false, "foovalid", "_foo", _fooValid, true);
+    }
 
     private void performTest(final boolean useMatching,
                              final String defaultAlias,
diff --git 
a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/JvmVersion.java 
b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/JvmVersion.java
new file mode 100644
index 0000000000..1be2b343fb
--- /dev/null
+++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/JvmVersion.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.test.utils;
+
+public class JvmVersion
+{
+    public static int getVersion()
+    {
+        String version = System.getProperty("java.version");
+        if (version.startsWith("1."))
+        {
+            version = version.substring(2, 3);
+        }
+        else
+        {
+            final int dot = version.indexOf(".");
+            if (dot != -1)
+            {
+                version = version.substring(0, dot);
+            }
+        }
+        return Integer.parseInt(version);
+    }
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to