Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaxime Porhel2018-08-24 05:46:30 -0400
committerEike Stepper2018-09-21 14:18:12 -0400
commitb0d1b054ede890b07e7c25cff46082c2347683f1 (patch)
treea77d99e7a8d7be76f1090f03db3daeed153e73fe
parentfa46ef93cefcc7572129480f247837a7c686a469 (diff)
downloadcdo-b0d1b054ede890b07e7c25cff46082c2347683f1.tar.gz
cdo-b0d1b054ede890b07e7c25cff46082c2347683f1.tar.xz
cdo-b0d1b054ede890b07e7c25cff46082c2347683f1.zip
[538239] Fix SSL mode and update certificates
The SSLBuffer must not call the the flip() method inherited from its super class in startGetting (l.80 and l.100) nor in write (l.161) but continue to call getByteBuffer().flip() as before. The previous certificates used to test the SSL acceptor/connector were no more valid. The current commit provide new keystore and trustore to replace them: the validity has been set to 20 years and the The algorithm is now SHA256withRSA (prev: SHA1withRSA), the lenght of the key moves from 1024 to 2048 bits. The key store contains the private and public parts of the certificate whereas the trust store contains only the public part of the certificate. The certificate has been generated with the IP 127.0.0.1 so that it can only be used by anyone. It is supposed that the server is launched on the same machine as the client. The same password has been used (see launch configurations). Keystore creation: keytool -genkey -ext SAN=IP:127.0.0.1 -keyalg "RSA" -alias CDO_SSL_Tests -keystore testKeys -storepass ab987c -validity 7300 Certificate export: keytool -export -keystore testKeys -alias cdo_ssl_tests -file test.cer Trustore creation: keytool -import -file test.cer -alias cdo_ssl_tests -keystore testTrust -storepass ab987c Certicate checks: keytool -list -v -keystore testkeys On previous testkeys file: Type de fichier de clés : JKS Fournisseur de fichier de clés : SUN Votre fichier de clés d'accès contient 1 entrée Nom d'alias : wat Date de création : 13 déc. 2010 Type d'entrée : PrivateKeyEntry Longueur de chaîne du certificat : 1 Certificat[1]: Propriétaire : CN=wat, OU=nma, O=nomagicasia, L=ca, ST=us, C=us Emetteur : CN=wat, OU=nma, O=nomagicasia, L=ca, ST=us, C=us Numéro de série : 4d060507 Valide du : Mon Dec 13 12:35:35 CET 2010 au : Sun Mar 13 12:35:35 CET 2011 Empreintes du certificat : MD5 : 51:14:6D:ED:B7:F2:74:AE:2C:FF:91:B2:6F:3C:28:E2 SHA1 : 46:FD:7A:E4:0C:15:3A:7B:9C:FE:44:E7:1E:1B:30:72:C4:9E:D8:EC SHA256 : E7:81:21:DF:DE:CE:C1:C5:08:48:EC:47:76:D9:9E:6F:83:A8:A4:8B:27:F7:37:D3:01:EF:D5:60:39:57:BC:0D Nom de l'algorithme de signature : SHA1withRSA Algorithme de clé publique du sujet : Clé RSA 1024 bits Version : 3 ________________________________________________________________________ On current file: Type de fichier de clés : JKS Fournisseur de fichier de clés : SUN Votre fichier de clés d'accès contient 1 entrée Nom d'alias : cdo_ssl_tests Date de création : 27 août 2018 Type d'entrée : PrivateKeyEntry Longueur de chaîne du certificat : 1 Certificat[1]: Propriétaire : CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Emetteur : CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Numéro de série : 66887244 Valide du : Mon Aug 27 15:02:41 CEST 2018 au : Sun Aug 22 15:02:41 CEST 2038 Empreintes du certificat : MD5 : 18:2C:39:15:83:19:8D:C6:E1:1A:FD:2F:83:14:42:2D SHA1 : 80:30:1C:E2:E5:07:B0:61:CE:CB:5A:90:D5:2C:74:65:78:DC:C4:53 SHA256 : CD:20:26:F0:E7:BE:B1:71:16:17:A9:43:11:C0:DB:FC:16:2C:A6:13:55:E8:72:55:11:44:D2:5C:AA:95:7D:08 Nom de l'algorithme de signature : SHA256withRSA Algorithme de clé publique du sujet : Clé RSA 2048 bits Version : 3 Extensions : SubjectAlternativeName [ IPAddress: 127.0.0.1 ] SubjectKeyIdentifier [ KeyIdentifier [ 0000: C4 7A C5 ED C2 E1 1B D5 98 C8 4A 66 83 F8 D9 A3 .z........Jf.... 0010: 07 FA 55 50 ..UP ] ] Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=538239 Change-Id: I747bc08d3882558bbcd481c3381a2582be0fe06e Signed-off-by: Maxime Porhel <maxime.porhel@obeo.fr>
-rw-r--r--plugins/org.eclipse.emf.cdo.examples/sslKey/testKeysbin1323 -> 2270 bytes
-rw-r--r--plugins/org.eclipse.emf.cdo.examples/sslKey/testTrustbin621 -> 978 bytes
-rw-r--r--plugins/org.eclipse.emf.cdo.tests/sslKey/testKeysbin1323 -> 2270 bytes
-rw-r--r--plugins/org.eclipse.emf.cdo.tests/sslKey/testTrustbin621 -> 978 bytes
-rw-r--r--plugins/org.eclipse.net4j.examples/sslKey/testKeysbin1323 -> 2270 bytes
-rw-r--r--plugins/org.eclipse.net4j.examples/sslKey/testTrustbin621 -> 978 bytes
-rw-r--r--plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLBuffer.java6
-rw-r--r--plugins/org.eclipse.net4j.tests/sslKey/testKeysbin1323 -> 2270 bytes
-rw-r--r--plugins/org.eclipse.net4j.tests/sslKey/testTrustbin621 -> 978 bytes
9 files changed, 3 insertions, 3 deletions
diff --git a/plugins/org.eclipse.emf.cdo.examples/sslKey/testKeys b/plugins/org.eclipse.emf.cdo.examples/sslKey/testKeys
index ecbf5f2083..07ac9de657 100644
--- a/plugins/org.eclipse.emf.cdo.examples/sslKey/testKeys
+++ b/plugins/org.eclipse.emf.cdo.examples/sslKey/testKeys
Binary files differ
diff --git a/plugins/org.eclipse.emf.cdo.examples/sslKey/testTrust b/plugins/org.eclipse.emf.cdo.examples/sslKey/testTrust
index 9a14541df3..cb52a6fb28 100644
--- a/plugins/org.eclipse.emf.cdo.examples/sslKey/testTrust
+++ b/plugins/org.eclipse.emf.cdo.examples/sslKey/testTrust
Binary files differ
diff --git a/plugins/org.eclipse.emf.cdo.tests/sslKey/testKeys b/plugins/org.eclipse.emf.cdo.tests/sslKey/testKeys
index ecbf5f2083..07ac9de657 100644
--- a/plugins/org.eclipse.emf.cdo.tests/sslKey/testKeys
+++ b/plugins/org.eclipse.emf.cdo.tests/sslKey/testKeys
Binary files differ
diff --git a/plugins/org.eclipse.emf.cdo.tests/sslKey/testTrust b/plugins/org.eclipse.emf.cdo.tests/sslKey/testTrust
index 9a14541df3..cb52a6fb28 100644
--- a/plugins/org.eclipse.emf.cdo.tests/sslKey/testTrust
+++ b/plugins/org.eclipse.emf.cdo.tests/sslKey/testTrust
Binary files differ
diff --git a/plugins/org.eclipse.net4j.examples/sslKey/testKeys b/plugins/org.eclipse.net4j.examples/sslKey/testKeys
index ecbf5f2083..07ac9de657 100644
--- a/plugins/org.eclipse.net4j.examples/sslKey/testKeys
+++ b/plugins/org.eclipse.net4j.examples/sslKey/testKeys
Binary files differ
diff --git a/plugins/org.eclipse.net4j.examples/sslKey/testTrust b/plugins/org.eclipse.net4j.examples/sslKey/testTrust
index 9a14541df3..cb52a6fb28 100644
--- a/plugins/org.eclipse.net4j.examples/sslKey/testTrust
+++ b/plugins/org.eclipse.net4j.examples/sslKey/testTrust
Binary files differ
diff --git a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLBuffer.java b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLBuffer.java
index fc9b7ea5cb..e5c0fd394a 100644
--- a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLBuffer.java
+++ b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLBuffer.java
@@ -77,7 +77,7 @@ public class SSLBuffer extends Buffer
put(buf.array(), 0, limit);
buf.position(limit);
buf.compact();
- flip();
+ getByteBuffer().flip();
setChannelID(getShort());
short payloadSize = getShort();
@@ -97,7 +97,7 @@ public class SSLBuffer extends Buffer
setLimit(payloadSize);
setState(BufferState.READING_BODY);
- flip();
+ getByteBuffer().flip();
setState(BufferState.GETTING);
return getByteBuffer();
@@ -158,7 +158,7 @@ public class SSLBuffer extends Buffer
+ (isEOS() ? " (EOS)" : "") + StringUtil.NL + formatContent(false)); //$NON-NLS-1$ //$NON-NLS-2$
}
- flip();
+ getByteBuffer().flip();
putShort(getChannelID());
putShort((short)payloadSize);
setPosition(0);
diff --git a/plugins/org.eclipse.net4j.tests/sslKey/testKeys b/plugins/org.eclipse.net4j.tests/sslKey/testKeys
index ecbf5f2083..07ac9de657 100644
--- a/plugins/org.eclipse.net4j.tests/sslKey/testKeys
+++ b/plugins/org.eclipse.net4j.tests/sslKey/testKeys
Binary files differ
diff --git a/plugins/org.eclipse.net4j.tests/sslKey/testTrust b/plugins/org.eclipse.net4j.tests/sslKey/testTrust
index 9a14541df3..cb52a6fb28 100644
--- a/plugins/org.eclipse.net4j.tests/sslKey/testTrust
+++ b/plugins/org.eclipse.net4j.tests/sslKey/testTrust
Binary files differ

Back to the top