I wonder if this should be called SecretProvider because I am thinking that optionally (or not) the user name can also be a secret. Also there is such a thing as other login info like the "realm" in Windows IIRC.
Gary On Sep 23, 2017 11:36, <[email protected]> wrote: > Repository: logging-log4j2 > Updated Branches: > refs/heads/master 8b5d644d5 -> cfc263268 > > > LOG4J2-1896 Update classes in org.apache.logging.log4j.core.net.ssl in > APIs from String to a PasswordProvider producing char[] for passwords. > > > Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo > Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/ > commit/cfc26326 > Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/cfc26326 > Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/cfc26326 > > Branch: refs/heads/master > Commit: cfc263268d46abbae5cf5fdd8e11d30253dd08d2 > Parents: 8b5d644 > Author: rpopma <[email protected]> > Authored: Sun Sep 24 02:36:35 2017 +0900 > Committer: rpopma <[email protected]> > Committed: Sun Sep 24 02:36:35 2017 +0900 > > ---------------------------------------------------------------------- > .../net/ssl/AbstractKeyStoreConfiguration.java | 33 ++++++++++----- > .../core/net/ssl/KeyStoreConfiguration.java | 42 ++++++++++++++----- > .../core/net/ssl/MemoryPasswordProvider.java | 36 ++++++++++++++++ > .../log4j/core/net/ssl/PasswordProvider.java | 41 +++++++++++++++++++ > .../log4j/core/net/ssl/StoreConfiguration.java | 43 +++++++++++--------- > .../core/net/ssl/TrustStoreConfiguration.java | 27 ++++++++---- > .../SecureSocketAppenderSocketOptionsTest.java | 7 ++-- > .../core/net/ssl/KeyStoreConfigurationTest.java | 37 +++++++++++++++-- > .../core/net/ssl/SslConfigurationTest.java | 37 ++++++++++++----- > .../core/net/ssl/StoreConfigurationTest.java | 27 ++++++------ > .../net/ssl/TrustStoreConfigurationTest.java | 36 ++++++++++++++-- > src/changes/changes.xml | 3 ++ > 12 files changed, 288 insertions(+), 81 deletions(-) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > AbstractKeyStoreConfiguration.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/AbstractKeyStoreConfiguration.java b/log4j-core/src/main/java/ > org/apache/logging/log4j/core/net/ssl/AbstractKeyStoreConfiguration.java > index 95d6ec2..5855026 100644 > --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > AbstractKeyStoreConfiguration.java > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > AbstractKeyStoreConfiguration.java > @@ -23,6 +23,7 @@ import java.security.KeyStore; > import java.security.KeyStoreException; > import java.security.NoSuchAlgorithmException; > import java.security.cert.CertificateException; > +import java.util.Arrays; > > import org.apache.logging.log4j.core.config.ConfigurationSource; > import org.apache.logging.log4j.core.util.NetUtils; > @@ -34,24 +35,29 @@ public class AbstractKeyStoreConfiguration extends > StoreConfiguration<KeyStore> > private final KeyStore keyStore; > private final String keyStoreType; > > - public AbstractKeyStoreConfiguration(final String location, final > char[] password, final String keyStoreType) > + public AbstractKeyStoreConfiguration(final String location, final > PasswordProvider passwordProvider, final String keyStoreType) > throws StoreConfigurationException { > - super(location, password); > + super(location, passwordProvider); > this.keyStoreType = keyStoreType == null ? > SslConfigurationDefaults.KEYSTORE_TYPE : keyStoreType; > this.keyStore = this.load(); > } > > - /* > - * @deprecated Use > - * org.apache.logging.log4j.core.net.ssl. > AbstractKeyStoreConfiguration.AbstractKeyStoreConfiguration(String, > char[], > - * String) > + /** > + * @deprecated Use {@link #AbstractKeyStoreConfiguration(String, > PasswordProvider, String)} instead > + */ > + @Deprecated > + public AbstractKeyStoreConfiguration(final String location, final > char[] password, final String keyStoreType) > + throws StoreConfigurationException { > + this(location, new MemoryPasswordProvider(password), > keyStoreType); > + } > + > + /** > + * @deprecated Use {@link #AbstractKeyStoreConfiguration(String, > PasswordProvider, String)} instead > */ > @Deprecated > public AbstractKeyStoreConfiguration(final String location, final > String password, final String keyStoreType) > throws StoreConfigurationException { > - super(location, password); > - this.keyStoreType = keyStoreType == null ? > SslConfigurationDefaults.KEYSTORE_TYPE : keyStoreType; > - this.keyStore = this.load(); > + this(location, new MemoryPasswordProvider(password == null ? > null : password.toCharArray()), keyStoreType); > } > > @Override > @@ -64,7 +70,14 @@ public class AbstractKeyStoreConfiguration extends > StoreConfiguration<KeyStore> > } > try (final InputStream fin = openInputStream(loadLocation)) { > final KeyStore ks = KeyStore.getInstance(this. > keyStoreType); > - ks.load(fin, this.getPasswordAsCharArray()); > + char[] password = this.getPasswordAsCharArray(); > + try { > + ks.load(fin, password); > + } finally { > + if (password != null) { > + Arrays.fill(password, '\0'); > + } > + } > LOGGER.debug("KeyStore successfully loaded from location > {}", loadLocation); > return ks; > } > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > KeyStoreConfiguration.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/KeyStoreConfiguration.java b/log4j-core/src/main/java/ > org/apache/logging/log4j/core/net/ssl/KeyStoreConfiguration.java > index facf153..3fc37bd 100644 > --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/KeyStoreConfiguration.java > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/KeyStoreConfiguration.java > @@ -19,6 +19,7 @@ package org.apache.logging.log4j.core.net.ssl; > import java.security.KeyStoreException; > import java.security.NoSuchAlgorithmException; > import java.security.UnrecoverableKeyException; > +import java.util.Arrays; > > import javax.net.ssl.KeyManagerFactory; > > @@ -39,9 +40,11 @@ public class KeyStoreConfiguration extends > AbstractKeyStoreConfiguration { > * > * @throws StoreConfigurationException Thrown if this instance cannot > load the KeyStore. > */ > - public KeyStoreConfiguration(final String location, final char[] > password, final String keyStoreType, > - final String keyManagerFactoryAlgorithm) throws > StoreConfigurationException { > - super(location, password, keyStoreType); > + public KeyStoreConfiguration(final String location, > + final PasswordProvider passwordProvider, > + final String keyStoreType, > + final String keyManagerFactoryAlgorithm) > throws StoreConfigurationException { > + super(location, passwordProvider, keyStoreType); > this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm == > null ? KeyManagerFactory.getDefaultAlgorithm() > : keyManagerFactoryAlgorithm; > } > @@ -49,14 +52,25 @@ public class KeyStoreConfiguration extends > AbstractKeyStoreConfiguration { > /** > * > * @throws StoreConfigurationException Thrown if this instance cannot > load the KeyStore. > - * @deprecated Use KeyStoreConfiguration(String, char[], String, > String) > + * @deprecated use {@link #KeyStoreConfiguration(String, > PasswordProvider, String, String)} instead > + */ > + public KeyStoreConfiguration(final String location, > + final char[] password, > + final String keyStoreType, > + final String keyManagerFactoryAlgorithm) > throws StoreConfigurationException { > + this(location, new MemoryPasswordProvider(password), > keyStoreType, keyManagerFactoryAlgorithm); > + } > + > + /** > + * > + * @throws StoreConfigurationException Thrown if this instance cannot > load the KeyStore. > + * @deprecated Use {@link #KeyStoreConfiguration(String, > PasswordProvider, String, String)} instead > */ > @Deprecated > public KeyStoreConfiguration(final String location, final String > password, final String keyStoreType, > final String keyManagerFactoryAlgorithm) throws > StoreConfigurationException { > - super(location, password, keyStoreType); > - this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm == > null ? KeyManagerFactory.getDefaultAlgorithm() > - : keyManagerFactoryAlgorithm; > + this(location, new MemoryPasswordProvider(password == null ? > null : password.toCharArray()), keyStoreType, > + keyManagerFactoryAlgorithm); > } > > /** > @@ -81,7 +95,7 @@ public class KeyStoreConfiguration extends > AbstractKeyStoreConfiguration { > @PluginAttribute("type") final String keyStoreType, > @PluginAttribute("keyManagerFactoryAlgorithm") final String > keyManagerFactoryAlgorithm) throws StoreConfigurationException { > // @formatter:on > - return new KeyStoreConfiguration(location, password, > keyStoreType, > + return new KeyStoreConfiguration(location, new > MemoryPasswordProvider(password), keyStoreType, > keyManagerFactoryAlgorithm); > } > > @@ -108,14 +122,22 @@ public class KeyStoreConfiguration extends > AbstractKeyStoreConfiguration { > final String keyStoreType, > final String keyManagerFactoryAlgorithm) throws > StoreConfigurationException { > // @formatter:on > - return new KeyStoreConfiguration(location, password == null ? > null : password.toCharArray(), keyStoreType, > + return new KeyStoreConfiguration(location, > + new MemoryPasswordProvider(password == null ? null : > password.toCharArray()), keyStoreType, > keyManagerFactoryAlgorithm); > } > > public KeyManagerFactory initKeyManagerFactory() throws > NoSuchAlgorithmException, UnrecoverableKeyException, > KeyStoreException { > final KeyManagerFactory kmFactory = KeyManagerFactory.getInstance( > this.keyManagerFactoryAlgorithm); > - kmFactory.init(this.getKeyStore(), this.getPasswordAsCharArray()) > ; > + char[] password = this.getPasswordAsCharArray(); > + try { > + kmFactory.init(this.getKeyStore(), password); > + } finally { > + if (password != null) { > + Arrays.fill(password, '\0'); > + } > + } > return kmFactory; > } > > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > MemoryPasswordProvider.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/MemoryPasswordProvider.java b/log4j-core/src/main/java/ > org/apache/logging/log4j/core/net/ssl/MemoryPasswordProvider.java > new file mode 100644 > index 0000000..a1d2b19 > --- /dev/null > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > MemoryPasswordProvider.java > @@ -0,0 +1,36 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one or more > + * contributor license agreements. See the NOTICE file distributed with > + * this work for additional information regarding copyright ownership. > + * The ASF licenses this file to You under the Apache license, Version 2.0 > + * (the "License"); you may not use this file except in compliance with > + * the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > + * See the license for the specific language governing permissions and > + * limitations under the license. > + */ > +package org.apache.logging.log4j.core.net.ssl; > + > +/** > + * Simple (and not very secure) PasswordProvider implementation that > keeps the password char[] array in memory. > + */ > +public class MemoryPasswordProvider implements PasswordProvider { > + private final char[] password; > + > + public MemoryPasswordProvider(final char[] chars) { > + password = chars; > + } > + > + @Override > + public char[] getPassword() { > + if (password == null) { > + return null; > + } > + return password.clone(); > + } > +} > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/ > core/net/ssl/PasswordProvider.java > ---------------------------------------------------------------------- > diff --git > a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/PasswordProvider.java > b/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/PasswordProvider.java > new file mode 100644 > index 0000000..be7c994 > --- /dev/null > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/PasswordProvider.java > @@ -0,0 +1,41 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one or more > + * contributor license agreements. See the NOTICE file distributed with > + * this work for additional information regarding copyright ownership. > + * The ASF licenses this file to You under the Apache license, Version 2.0 > + * (the "License"); you may not use this file except in compliance with > + * the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > + * See the license for the specific language governing permissions and > + * limitations under the license. > + */ > +package org.apache.logging.log4j.core.net.ssl; > + > +/** > + * PasswordProvider implementations are able to produce a password from > somewhere. The source of the password data > + * is implementation-specific. > + * <p>The {@link #getPassword()} method may be called multiple times as > needed, so the > + * caller does not need to (and <b>should not</b>) keep the password data > in memory for longer than absolutely > + * necessary. Users of this class should erase the password array by > calling > + * {@link java.util.Arrays#fill(char[], char)} immediately when > authentication is complete and the password data > + * is no longer needed. > + * </p> > + */ > +public interface PasswordProvider { > + > + /** > + * Returns a new char[] array with the password characters. > + * <p> > + * It is the responsibility of the caller to erase this data by > calling > + * {@link java.util.Arrays#fill(char[], char)} immediately when > authentication is complete and the password data > + * is no longer needed. > + * </p> > + * @return a copy of the password > + */ > + char[] getPassword(); > +} > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > StoreConfiguration.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/StoreConfiguration.java b/log4j-core/src/main/java/ > org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java > index 47dea1d..9bdeaf5 100644 > --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/StoreConfiguration.java > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/StoreConfiguration.java > @@ -17,6 +17,7 @@ > package org.apache.logging.log4j.core.net.ssl; > > import java.util.Arrays; > +import java.util.Objects; > > import org.apache.logging.log4j.status.StatusLogger; > > @@ -27,31 +28,35 @@ public class StoreConfiguration<T> { > protected static final StatusLogger LOGGER = StatusLogger.getLogger(); > > private String location; > - private char[] password; // TODO get and set in some obfuscated or > encrypted format? > + private PasswordProvider passwordProvider; > > - public StoreConfiguration(final String location, final char[] > password) { > + public StoreConfiguration(final String location, final > PasswordProvider passwordProvider) { > this.location = location; > - this.password = password; > + this.passwordProvider = Objects.requireNonNull(passwordProvider, > "passwordProvider"); > } > > /** > - * Clears the secret fields in this object. > + * @deprecated Use {@link #StoreConfiguration(String, > PasswordProvider)} > */ > - public void clearSecrets() { > - this.location = null; > - if (password != null) { > - Arrays.fill(password, Character.MIN_VALUE); > - this.password = null; > - } > + @Deprecated > + public StoreConfiguration(final String location, final char[] > password) { > + this(location, new MemoryPasswordProvider(password)); > } > > /** > - * @deprecated Use StoreConfiguration(String, char[]) > + * @deprecated Use {@link #StoreConfiguration(String, > PasswordProvider)} > */ > @Deprecated > public StoreConfiguration(final String location, final String > password) { > - this.location = location; > - this.password = password == null ? null : password.toCharArray(); > + this(location, new MemoryPasswordProvider(password == null ? > null : password.toCharArray())); > + } > + > + /** > + * Clears the secret fields in this object. > + */ > + public void clearSecrets() { > + this.location = null; > + this.passwordProvider = null; > } > > public String getLocation() { > @@ -68,15 +73,15 @@ public class StoreConfiguration<T> { > */ > @Deprecated > public String getPassword() { > - return String.valueOf(this.password); > + return String.valueOf(this.passwordProvider.getPassword()); > } > > public char[] getPasswordAsCharArray() { > - return this.password; > + return this.passwordProvider.getPassword(); > } > > public void setPassword(final char[] password) { > - this.password = password; > + this.passwordProvider = new MemoryPasswordProvider(password); > } > > /** > @@ -85,7 +90,7 @@ public class StoreConfiguration<T> { > */ > @Deprecated > public void setPassword(final String password) { > - this.password = password == null ? null : password.toCharArray(); > + this.passwordProvider = new MemoryPasswordProvider(password == > null ? null : password.toCharArray()); > } > > /** > @@ -100,7 +105,7 @@ public class StoreConfiguration<T> { > final int prime = 31; > int result = 1; > result = prime * result + ((location == null) ? 0 : > location.hashCode()); > - result = prime * result + Arrays.hashCode(password); > + result = prime * result + Arrays.hashCode( > passwordProvider.getPassword()); > return result; > } > > @@ -123,7 +128,7 @@ public class StoreConfiguration<T> { > } else if (!location.equals(other.location)) { > return false; > } > - if (!Arrays.equals(password, other.password)) { > + if (!Arrays.equals(passwordProvider.getPassword(), > other.passwordProvider.getPassword())) { > return false; > } > return true; > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfiguration.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/ > net/ssl/TrustStoreConfiguration.java b/log4j-core/src/main/java/ > org/apache/logging/log4j/core/net/ssl/TrustStoreConfiguration.java > index 58c4d11..c472186 100644 > --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfiguration.java > +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfiguration.java > @@ -34,22 +34,32 @@ public class TrustStoreConfiguration extends > AbstractKeyStoreConfiguration { > > private final String trustManagerFactoryAlgorithm; > > - public TrustStoreConfiguration(final String location, final char[] > password, final String keyStoreType, > - final String trustManagerFactoryAlgorithm) throws > StoreConfigurationException { > - super(location, password, keyStoreType); > + public TrustStoreConfiguration(final String location, > + final PasswordProvider > passwordProvider, > + final String keyStoreType, > + final String > trustManagerFactoryAlgorithm) throws StoreConfigurationException { > + super(location, passwordProvider, keyStoreType); > this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm > == null ? TrustManagerFactory > .getDefaultAlgorithm() : trustManagerFactoryAlgorithm; > } > > /** > - * @deprecated Use TrustStoreConfiguration(String, char[], String, > String) > + * @deprecated Use {@link #TrustStoreConfiguration(String, > PasswordProvider, String, String)} instead > + */ > + @Deprecated > + public TrustStoreConfiguration(final String location, final char[] > password, final String keyStoreType, > + final String trustManagerFactoryAlgorithm) throws > StoreConfigurationException { > + this(location, new MemoryPasswordProvider(password), > keyStoreType, trustManagerFactoryAlgorithm); > + } > + > + /** > + * @deprecated Use {@link #TrustStoreConfiguration(String, > PasswordProvider, String, String)} instead > */ > @Deprecated > public TrustStoreConfiguration(final String location, final String > password, final String keyStoreType, > final String trustManagerFactoryAlgorithm) throws > StoreConfigurationException { > - super(location, password, keyStoreType); > - this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm > == null ? TrustManagerFactory > - .getDefaultAlgorithm() : trustManagerFactoryAlgorithm; > + this(location, new MemoryPasswordProvider(password == null ? > null : password.toCharArray()), keyStoreType, > + trustManagerFactoryAlgorithm); > } > > /** > @@ -74,7 +84,8 @@ public class TrustStoreConfiguration extends > AbstractKeyStoreConfiguration { > @PluginAttribute("type") final String keyStoreType, > @PluginAttribute("trustManagerFactoryAlgorithm") final > String trustManagerFactoryAlgorithm) throws StoreConfigurationException { > // @formatter:on > - return new TrustStoreConfiguration(location, password, > keyStoreType, trustManagerFactoryAlgorithm); > + return new TrustStoreConfiguration(location, new > MemoryPasswordProvider(password), keyStoreType, > + trustManagerFactoryAlgorithm); > } > > /** > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/ > SecureSocketAppenderSocketOptionsTest.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > appender/SecureSocketAppenderSocketOptionsTest.java > b/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/ > SecureSocketAppenderSocketOptionsTest.java > index 98e1aa7..ade4c56 100644 > --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/ > SecureSocketAppenderSocketOptionsTest.java > +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/ > SecureSocketAppenderSocketOptionsTest.java > @@ -27,6 +27,7 @@ import org.apache.logging.log4j.core. > net.Rfc1349TrafficClass; > import org.apache.logging.log4j.core.net.SocketOptions; > import org.apache.logging.log4j.core.net.TcpSocketManager; > import org.apache.logging.log4j.core.net.ssl.KeyStoreConfiguration; > +import org.apache.logging.log4j.core.net.ssl.MemoryPasswordProvider; > import org.apache.logging.log4j.core.net.ssl.SslConfiguration; > import org.apache.logging.log4j.core.net.ssl.StoreConfigurationException; > import org.apache.logging.log4j.core.net.ssl.TestConstants; > @@ -52,7 +53,7 @@ public class SecureSocketAppenderSocketOptionsTest { > PORT = AvailablePortFinder.getNextAvailable(); > System.setProperty("SecureSocketAppenderSocketOptionsTest.port", > Integer.toString(PORT)); > try { > - initServerSocketFactory(); > + initServerSocketFactory(); > tcpSocketTestServer = new TcpSocketTestServer( > serverSocketFactory.createServerSocket(PORT)); > tcpSocketTestServer.start(); > loggerContextRule = new LoggerContextRule("log4j-ssl- > socket-options.xml"); > @@ -74,9 +75,9 @@ public class SecureSocketAppenderSocketOptionsTest { > > public static void initServerSocketFactory() throws > StoreConfigurationException { > final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE, > - TestConstants.KEYSTORE_PWD, null, null); > + new MemoryPasswordProvider(TestConstants.KEYSTORE_PWD), > null, null); > final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE, > - TestConstants.TRUSTSTORE_PWD, null, null); > + new MemoryPasswordProvider(TestConstants.TRUSTSTORE_PWD), > null, null); > sslConfiguration = SslConfiguration.createSSLConfiguration(null, > ksc, tsc); > serverSocketFactory = sslConfiguration. > getSslServerSocketFactory(); > } > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > KeyStoreConfigurationTest.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/KeyStoreConfigurationTest.java b/log4j-core/src/test/java/ > org/apache/logging/log4j/core/net/ssl/KeyStoreConfigurationTest.java > index ab61e18..ef38483 100644 > --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > KeyStoreConfigurationTest.java > +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > KeyStoreConfigurationTest.java > @@ -23,14 +23,20 @@ import org.junit.Test; > > public class KeyStoreConfigurationTest { > @Test(expected = StoreConfigurationException.class) > - public void loadEmptyConfiguration() throws > StoreConfigurationException { > + public void loadEmptyConfigurationDeprecated() throws > StoreConfigurationException { > final KeyStoreConfiguration ksc = new KeyStoreConfiguration(null, > TestConstants.NULL_PWD, null, null); > final KeyStore ks = ksc.getKeyStore(); > Assert.assertTrue(ks == null); > } > + @Test(expected = StoreConfigurationException.class) > + public void loadEmptyConfiguration() throws > StoreConfigurationException { > + final KeyStoreConfiguration ksc = new KeyStoreConfiguration(null, > new MemoryPasswordProvider(TestConstants.NULL_PWD), null, null); > + final KeyStore ks = ksc.getKeyStore(); > + Assert.assertTrue(ks == null); > + } > > @Test > - public void loadNotEmptyConfiguration() throws > StoreConfigurationException { > + public void loadNotEmptyConfigurationDeprecated() throws > StoreConfigurationException { > final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > TestConstants.KEYSTORE_PWD, > TestConstants.KEYSTORE_TYPE, null); > final KeyStore ks = ksc.getKeyStore(); > @@ -38,7 +44,15 @@ public class KeyStoreConfigurationTest { > } > > @Test > - public void returnTheSameKeyStoreAfterMultipleLoads() throws > StoreConfigurationException { > + public void loadNotEmptyConfiguration() throws > StoreConfigurationException { > + final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > new MemoryPasswordProvider(TestConstants.KEYSTORE_PWD), > + TestConstants.KEYSTORE_TYPE, null); > + final KeyStore ks = ksc.getKeyStore(); > + Assert.assertTrue(ks != null); > + } > + > + @Test > + public void returnTheSameKeyStoreAfterMultipleLoadsDeprecated() > throws StoreConfigurationException { > final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > TestConstants.KEYSTORE_PWD, > TestConstants.KEYSTORE_TYPE, null); > final KeyStore ks = ksc.getKeyStore(); > @@ -46,9 +60,24 @@ public class KeyStoreConfigurationTest { > Assert.assertTrue(ks == ks2); > } > > + @Test > + public void returnTheSameKeyStoreAfterMultipleLoads() throws > StoreConfigurationException { > + final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > new MemoryPasswordProvider(TestConstants.KEYSTORE_PWD), > + TestConstants.KEYSTORE_TYPE, null); > + final KeyStore ks = ksc.getKeyStore(); > + final KeyStore ks2 = ksc.getKeyStore(); > + Assert.assertTrue(ks == ks2); > + } > + > @Test(expected = StoreConfigurationException.class) > - public void wrongPassword() throws StoreConfigurationException { > + public void wrongPasswordDeprecated() throws > StoreConfigurationException { > final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > "wrongPassword!", null, null); > ksc.getKeyStore(); > } > + > + @Test(expected = StoreConfigurationException.class) > + public void wrongPassword() throws StoreConfigurationException { > + final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > new MemoryPasswordProvider("wrongPassword!".toCharArray()), null, null); > + ksc.getKeyStore(); > + } > } > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > SslConfigurationTest.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/SslConfigurationTest.java b/log4j-core/src/test/java/ > org/apache/logging/log4j/core/net/ssl/SslConfigurationTest.java > index 89fef7c..936cc66 100644 > --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/SslConfigurationTest.java > +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/SslConfigurationTest.java > @@ -27,11 +27,11 @@ import org.junit.Assert; > import org.junit.Test; > > public class SslConfigurationTest { > - > + > private static final String TLS_TEST_HOST = "login.yahoo.com"; > private static final int TLS_TEST_PORT = 443; > > - public static SslConfiguration createTestSslConfigurationResources() > throws StoreConfigurationException { > + public static SslConfiguration > createTestSslConfigurationResourcesDeprecated() > throws StoreConfigurationException { > final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE_RESOURCE, > TestConstants.KEYSTORE_PWD, TestConstants.KEYSTORE_TYPE, > null); > final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE_RESOURCE, > @@ -39,7 +39,15 @@ public class SslConfigurationTest { > return SslConfiguration.createSSLConfiguration(null, ksc, tsc); > } > > - public static SslConfiguration createTestSslConfigurationFiles() > throws StoreConfigurationException { > + public static SslConfiguration createTestSslConfigurationResources() > throws StoreConfigurationException { > + final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE_RESOURCE, > + new MemoryPasswordProvider(TestConstants.KEYSTORE_PWD), > TestConstants.KEYSTORE_TYPE, null); > + final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE_RESOURCE, > + new MemoryPasswordProvider(TestConstants.TRUSTSTORE_PWD), > null, null); > + return SslConfiguration.createSSLConfiguration(null, ksc, tsc); > + } > + > + public static SslConfiguration > createTestSslConfigurationFilesDeprecated() > throws StoreConfigurationException { > final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE, > TestConstants.KEYSTORE_PWD, TestConstants.KEYSTORE_TYPE, > null); > final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE, > @@ -47,7 +55,15 @@ public class SslConfigurationTest { > return SslConfiguration.createSSLConfiguration(null, ksc, tsc); > } > > - @Test > + public static SslConfiguration createTestSslConfigurationFiles() > throws StoreConfigurationException { > + final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE, > + new MemoryPasswordProvider(TestConstants.KEYSTORE_PWD), > TestConstants.KEYSTORE_TYPE, null); > + final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE, > + new MemoryPasswordProvider(TestConstants.TRUSTSTORE_PWD), > null, null); > + return SslConfiguration.createSSLConfiguration(null, ksc, tsc); > + } > + > + @Test > public void testGettersFromScratchFiles() throws > StoreConfigurationException { > Assert.assertNotNull(createTestSslConfigurationFile > s().getProtocol()); > Assert.assertNotNull(createTestSslConfigurationFile > s().getKeyStoreConfig()); > @@ -55,8 +71,8 @@ public class SslConfigurationTest { > Assert.assertNotNull(createTestSslConfigurationFile > s().getSslSocketFactory()); > Assert.assertNotNull(createTestSslConfigurationFile > s().getTrustStoreConfig()); > } > - > - @Test > + > + @Test > public void testGettersFromScratchResources() throws > StoreConfigurationException { > Assert.assertNotNull(createTestSslConfigurationReso > urces().getProtocol()); > Assert.assertNotNull(createTestSslConfigurationReso > urces().getKeyStoreConfig()); > @@ -64,12 +80,12 @@ public class SslConfigurationTest { > Assert.assertNotNull(createTestSslConfigurationReso > urces().getSslSocketFactory()); > Assert.assertNotNull(createTestSslConfigurationReso > urces().getTrustStoreConfig()); > } > - > + > @Test > public void equals() { > Assert.assertEquals(SslConfiguration.createSSLConfiguration(null, > null, null), SslConfiguration.createSSLConfiguration(null, null, null)); > } > - > + > @Test > public void emptyConfigurationDoesntCauseNullSSLSocketFactory() { > final SslConfiguration sc = > SslConfiguration.createSSLConfiguration(null, > null, null); > @@ -94,7 +110,7 @@ public class SslConfigurationTest { > @Test > public void connectionFailsWithoutValidServerCertificate() throws > IOException, StoreConfigurationException { > final TrustStoreConfiguration tsc = new TrustStoreConfiguration( > TestConstants.TRUSTSTORE_FILE, > - TestConstants.NULL_PWD, null, null); > + new MemoryPasswordProvider(TestConstants.NULL_PWD), > null, null); > final SslConfiguration sc = > SslConfiguration.createSSLConfiguration(null, > null, tsc); > final SSLSocketFactory factory = sc.getSslSocketFactory(); > try { > @@ -113,7 +129,8 @@ public class SslConfigurationTest { > > @Test > public void loadKeyStoreWithoutPassword() throws > StoreConfigurationException { > - final KeyStoreConfiguration ksc = new > KeyStoreConfiguration(TestConstants.KEYSTORE_FILE, > TestConstants.NULL_PWD, null, null); > + final KeyStoreConfiguration ksc = new KeyStoreConfiguration( > TestConstants.KEYSTORE_FILE, > + new MemoryPasswordProvider(TestConstants.NULL_PWD), > null, null); > final SslConfiguration sslConf = > SslConfiguration.createSSLConfiguration(null, > ksc, null); > final SSLSocketFactory factory = sslConf.getSslSocketFactory(); > Assert.assertNotNull(factory); > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > StoreConfigurationTest.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/StoreConfigurationTest.java b/log4j-core/src/test/java/ > org/apache/logging/log4j/core/net/ssl/StoreConfigurationTest.java > index 65c50bc..2224ab6 100644 > --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > StoreConfigurationTest.java > +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > StoreConfigurationTest.java > @@ -16,41 +16,42 @@ > */ > package org.apache.logging.log4j.core.net.ssl; > > -import org.junit.Assert; > import org.junit.Ignore; > import org.junit.Test; > > +import static org.junit.Assert.*; > + > @Ignore > public class StoreConfigurationTest<T extends StoreConfiguration<?>> { > > @Test > public void equalsWithNotNullValues() { > final String location = "/to/the/file.jks"; > - final char[] password = "changeit".toCharArray(); > + final PasswordProvider password = new MemoryPasswordProvider(" > changeit".toCharArray()); > final StoreConfiguration<Object> a = new > StoreConfiguration<>(location, password); > final StoreConfiguration<Object> b = new > StoreConfiguration<>(location, password); > > - Assert.assertTrue(a.equals(b)); > - Assert.assertTrue(b.equals(a)); > + assertTrue(a.equals(b)); > + assertTrue(b.equals(a)); > } > > @Test > - public void equalsWithNullAndNotNullValues() { > + public void notEqualsWithNullAndNotNullValues() { > final String location = "/to/the/file.jks"; > - final char[] password = "changeit".toCharArray(); > + final PasswordProvider password = new MemoryPasswordProvider(" > changeit".toCharArray()); > final StoreConfiguration<Object> a = new > StoreConfiguration<>(location, password); > - final StoreConfiguration<Object> b = new > StoreConfiguration<>(null, (char[]) null); > + final StoreConfiguration<Object> b = new > StoreConfiguration<>(null, new MemoryPasswordProvider(null)); > > - Assert.assertTrue(a.equals(b)); > - Assert.assertTrue(b.equals(a)); > + assertNotEquals(a, b); > + assertNotEquals(b, a); > } > > @Test > public void equalsWithNullValues() { > - final StoreConfiguration<Object> a = new > StoreConfiguration<>(null, (char[]) null); > - final StoreConfiguration<Object> b = new > StoreConfiguration<>(null, (char[]) null); > + final StoreConfiguration<Object> a = new > StoreConfiguration<>(null, new MemoryPasswordProvider(null)); > + final StoreConfiguration<Object> b = new > StoreConfiguration<>(null, new MemoryPasswordProvider(null)); > > - Assert.assertTrue(a.equals(b)); > - Assert.assertTrue(b.equals(a)); > + assertTrue(a.equals(b)); > + assertTrue(b.equals(a)); > } > } > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfigurationTest.java > ---------------------------------------------------------------------- > diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/ > net/ssl/TrustStoreConfigurationTest.java b/log4j-core/src/test/java/ > org/apache/logging/log4j/core/net/ssl/TrustStoreConfigurationTest.java > index 8e7a849..14c58bb 100644 > --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfigurationTest.java > +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/net/ssl/ > TrustStoreConfigurationTest.java > @@ -23,31 +23,59 @@ import org.junit.Test; > > public class TrustStoreConfigurationTest { > @Test(expected = StoreConfigurationException.class) > - public void loadEmptyConfiguration() throws > StoreConfigurationException { > + public void loadEmptyConfigurationDeprecated() throws > StoreConfigurationException { > final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(null, TestConstants.NULL_PWD, null, null); > final KeyStore ks = ksc.getKeyStore(); > Assert.assertTrue(ks == null); > } > + @Test(expected = StoreConfigurationException.class) > + public void loadEmptyConfiguration() throws > StoreConfigurationException { > + final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(null, new > MemoryPasswordProvider(TestConstants.NULL_PWD), > null, null); > + final KeyStore ks = ksc.getKeyStore(); > + Assert.assertTrue(ks == null); > + } > > @Test > - public void loadConfiguration() throws StoreConfigurationException { > + public void loadConfigurationDeprecated() throws > StoreConfigurationException { > final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > TestConstants.TRUSTSTORE_PWD, null, null); > final KeyStore ks = ksc.getKeyStore(); > Assert.assertNotNull(ks); > } > > @Test > - public void returnTheSameKeyStoreAfterMultipleLoads() throws > StoreConfigurationException { > + public void loadConfiguration() throws StoreConfigurationException { > + final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > new MemoryPasswordProvider(TestConstants.TRUSTSTORE_PWD), null, null); > + final KeyStore ks = ksc.getKeyStore(); > + Assert.assertNotNull(ks); > + } > + > + @Test > + public void returnTheSameKeyStoreAfterMultipleLoadsDeprecated() > throws StoreConfigurationException { > final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > TestConstants.TRUSTSTORE_PWD, null, null); > final KeyStore ks = ksc.getKeyStore(); > final KeyStore ks2 = ksc.getKeyStore(); > Assert.assertTrue(ks == ks2); > } > > + @Test > + public void returnTheSameKeyStoreAfterMultipleLoads() throws > StoreConfigurationException { > + final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > new MemoryPasswordProvider(TestConstants.TRUSTSTORE_PWD), null, null); > + final KeyStore ks = ksc.getKeyStore(); > + final KeyStore ks2 = ksc.getKeyStore(); > + Assert.assertTrue(ks == ks2); > + } > + > @Test(expected = StoreConfigurationException.class) > - public void wrongPassword() throws StoreConfigurationException { > + public void wrongPasswordDeprecated() throws > StoreConfigurationException { > final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > "wrongPassword!".toCharArray(), null, null); > ksc.getKeyStore(); > Assert.assertTrue(false); > } > + > + @Test(expected = StoreConfigurationException.class) > + public void wrongPassword() throws StoreConfigurationException { > + final TrustStoreConfiguration ksc = new > TrustStoreConfiguration(TestConstants.TRUSTSTORE_FILE, > new MemoryPasswordProvider("wrongPassword!".toCharArray()), null, null); > + ksc.getKeyStore(); > + Assert.assertTrue(false); > + } > } > > http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ > cfc26326/src/changes/changes.xml > ---------------------------------------------------------------------- > diff --git a/src/changes/changes.xml b/src/changes/changes.xml > index 300b443..dff1de7 100644 > --- a/src/changes/changes.xml > +++ b/src/changes/changes.xml > @@ -31,6 +31,9 @@ > - "remove" - Removed > --> > <release version="2.9.2" date="2017-XX-XX" description="GA Release > 2.9.2"> > + <action issue="LOG4J2-1896" dev="rpopma" type="update"> > + Update classes in org.apache.logging.log4j.core.net.ssl in APIs > from String to a PasswordProvider producing char[] for passwords. > + </action> > <action issue="LOG4J2-2031" dev="rpopma" type="fix"> > Until this change, messages appeared out of order in log file any > time when the async logging queue was full. With this change, messages are > only logged out of order to prevent deadlock when Log4j2 detects recursive > logging while the queue is full. > </action> > >
