Author: remm Date: Fri Jun 23 21:34:50 2017 New Revision: 1799709 URL: http://svn.apache.org/viewvc?rev=1799709&view=rev Log: 60461: Sync SSL session access for the APR connector.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1799709&r1=1799708&r2=1799709&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 23 21:34:50 2017 @@ -2761,5 +2761,44 @@ public class AprEndpoint extends Abstrac public void setAppReadBufHandler(ApplicationBufferHandler handler) { // no-op } + + String getSSLInfoS(int id) { + synchronized (closedLock) { + if (closed) { + return null; + } + try { + return SSLSocket.getInfoS(getSocket().longValue(), id); + } catch (Exception e) { + throw new IllegalStateException(e); + } + } + } + + int getSSLInfoI(int id) { + synchronized (closedLock) { + if (closed) { + return 0; + } + try { + return SSLSocket.getInfoI(getSocket().longValue(), id); + } catch (Exception e) { + throw new IllegalStateException(e); + } + } + } + + byte[] getSSLInfoB(int id) { + synchronized (closedLock) { + if (closed) { + return null; + } + try { + return SSLSocket.getInfoB(getSocket().longValue(), id); + } catch (Exception e) { + throw new IllegalStateException(e); + } + } + } } } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1799709&r1=1799708&r2=1799709&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Fri Jun 23 21:34:50 2017 @@ -22,7 +22,6 @@ import java.security.cert.CertificateFac import java.security.cert.X509Certificate; import org.apache.tomcat.jni.SSL; -import org.apache.tomcat.jni.SSLSocket; /** * Implementation of SSLSupport for APR. @@ -32,11 +31,11 @@ import org.apache.tomcat.jni.SSLSocket; */ public class AprSSLSupport implements SSLSupport { - private final SocketWrapperBase<Long> socketWrapper; + private final AprEndpoint.AprSocketWrapper socketWrapper; private final String clientCertProvider; - public AprSSLSupport(SocketWrapperBase<Long> socketWrapper, String clientCertProvider) { + public AprSSLSupport(AprEndpoint.AprSocketWrapper socketWrapper, String clientCertProvider) { this.socketWrapper = socketWrapper; this.clientCertProvider = clientCertProvider; } @@ -44,12 +43,8 @@ public class AprSSLSupport implements SS @Override public String getCipherSuite() throws IOException { - long socketRef = socketWrapper.getSocket().longValue(); - if (socketRef == 0) { - return null; - } try { - return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_CIPHER); + return socketWrapper.getSSLInfoS(SSL.SSL_INFO_CIPHER); } catch (Exception e) { throw new IOException(e); } @@ -58,15 +53,10 @@ public class AprSSLSupport implements SS @Override public X509Certificate[] getPeerCertificateChain() throws IOException { - long socketRef = socketWrapper.getSocket().longValue(); - if (socketRef == 0) { - return null; - } - try { // certLength == -1 indicates an error - int certLength = SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN); - byte[] clientCert = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT); + int certLength = socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN); + byte[] clientCert = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT); X509Certificate[] certs = null; if (clientCert != null && certLength > -1) { certs = new X509Certificate[certLength + 1]; @@ -78,7 +68,7 @@ public class AprSSLSupport implements SS } certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert)); for (int i = 0; i < certLength; i++) { - byte[] data = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i); + byte[] data = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT_CHAIN + i); certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data)); } } @@ -91,13 +81,8 @@ public class AprSSLSupport implements SS @Override public Integer getKeySize() throws IOException { - long socketRef = socketWrapper.getSocket().longValue(); - if (socketRef == 0) { - return null; - } - try { - return Integer.valueOf(SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CIPHER_USEKEYSIZE)); + return Integer.valueOf(socketWrapper.getSSLInfoI(SSL.SSL_INFO_CIPHER_USEKEYSIZE)); } catch (Exception e) { throw new IOException(e); } @@ -106,13 +91,8 @@ public class AprSSLSupport implements SS @Override public String getSessionId() throws IOException { - long socketRef = socketWrapper.getSocket().longValue(); - if (socketRef == 0) { - return null; - } - try { - return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_SESSION_ID); + return socketWrapper.getSSLInfoS(SSL.SSL_INFO_SESSION_ID); } catch (Exception e) { throw new IOException(e); } @@ -120,13 +100,8 @@ public class AprSSLSupport implements SS @Override public String getProtocol() throws IOException { - long socketRef = socketWrapper.getSocket().longValue(); - if (socketRef == 0) { - return null; - } - try { - return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_PROTOCOL); + return socketWrapper.getSSLInfoS(SSL.SSL_INFO_PROTOCOL); } catch (Exception e) { throw new IOException(e); } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799709&r1=1799708&r2=1799709&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 23 21:34:50 2017 @@ -67,6 +67,9 @@ available to the access log valve when the connection is closing. (markt) </fix> + <fix> + <bug>60461</bug>: Sync SSL session access for the APR connector. (remm) + </fix> </changelog> </subsection> <subsection name="Tribes"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org