From 8509356e4cc36a558a941fd496ed89f15407a3ed Mon Sep 17 00:00:00 2001 From: Emmanuel Hugonnet Date: Wed, 10 Jun 2020 18:32:51 +0200 Subject: [PATCH] ARTEMIS-2791 array out of bounds in SSLContextFactoryProvider Making the SSLContextFactoryProvider work even without any SSLContextFactory service. Iusse: https://issues.apache.org/jira/browse/ARTEMIS-2791 --- .../ssl/SSLContextFactoryProvider.java | 23 +++++++++++++++-- .../ssl/SSLContextFactoryProviderTest.java | 25 +++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 artemis-core-client/src/test/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProviderTest.java diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProvider.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProvider.java index fb3f3bf271..2b6cf2a365 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProvider.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProvider.java @@ -18,7 +18,9 @@ package org.apache.activemq.artemis.spi.core.remoting.ssl; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.ServiceLoader; +import javax.net.ssl.SSLContext; /** * Provider that loads the SSLContextFactory services and return the one with the highest priority. @@ -30,8 +32,25 @@ public class SSLContextFactoryProvider { ServiceLoader loader = ServiceLoader.load(SSLContextFactory.class, Thread.currentThread().getContextClassLoader()); final List factories = new ArrayList<>(); loader.forEach(factories::add); - Collections.sort(factories); - factory = factories.get(factories.size() - 1); + if (factories.isEmpty()) { + factory = new SSLContextFactory() { + @Override + public SSLContext getSSLContext(Map configuration, + String keystoreProvider, String keystorePath, String keystorePassword, + String truststoreProvider, String truststorePath, String truststorePassword, + String crlPath, String trustManagerFactoryPlugin, boolean trustAll) throws Exception { + return SSLContext.getDefault(); + } + + @Override + public int getPriority() { + return -1; + } + }; + } else { + Collections.sort(factories); + factory = factories.get(factories.size() - 1); + } } /** * @return the SSLContextFactory with the higher priority. diff --git a/artemis-core-client/src/test/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProviderTest.java b/artemis-core-client/src/test/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProviderTest.java new file mode 100644 index 0000000000..66a85055ea --- /dev/null +++ b/artemis-core-client/src/test/java/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactoryProviderTest.java @@ -0,0 +1,25 @@ +/* + * Copyright 2020 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.spi.core.remoting.ssl; + +public class SSLContextFactoryProviderTest { + /** + * Test to access a SSLContextfactory without providing any implmentation via ServiceLaoder + */ + public void testLoadSSLContextFactoryProviderWithoutAnyServices() { + SSLContextFactoryProvider.getSSLContextFactory().clearSSLContexts(); + } +}