Menu
▾
▴
[dcm4che-commits] SF.net SVN: dcm4che: [6146] dcm4chee
|
From: <gun...@us...> - 2008-03-31 13:40:20
|
Revision: 6146
http://dcm4che.svn.sourceforge.net/dcm4che/?rev=6146&view=rev
Author: gunterze
Date: 2008-03-31 06:40:14 -0700 (Mon, 31 Mar 2008)
Log Message:
-----------
[#DCMEE-800] Audit failed TLS handshake on https connections by Tomcat
Modified Paths:
--------------
dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml
dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml
Added Paths:
-----------
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java
dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java
Modified: dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml
===================================================================
--- dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml 2008-03-31 13:32:02 UTC (rev 6145)
+++ dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml 2008-03-31 13:40:14 UTC (rev 6146)
@@ -17,6 +17,8 @@
value="${m2.repos}/dcm4che/dcm4chee-audit-login/${audit-version}"/>
<property name="dcm4chee-audit-logger.lib"
value="${m2.repos}/dcm4che/dcm4chee-audit-logger/${audit-version}"/>
+ <property name="dcm4chee-audit-tomcat.lib"
+ value="${m2.repos}/dcm4che/dcm4chee-audit-tomcat/${audit-version}"/>
<!-- Override with your JBoss server bundle dist location -->
<property name="jboss.home" value="${user.home}/jboss-4.2.2.GA"/>
@@ -166,6 +168,10 @@
prefix="${dist.db.config}/lib">
<include name="*jar"/>
</zipfileset>
+ <zipfileset dir="${dcm4chee-audit-tomcat.lib}"
+ prefix="${dist.db.config}/lib">
+ <include name="*jar"/>
+ </zipfileset>
<zipfileset dir="${target.dir}" prefix="${dist.db}">
<include name="bin/*"/>
<exclude name="bin/*.sh"/>
Modified: dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml
===================================================================
--- dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml 2008-03-31 13:32:02 UTC (rev 6145)
+++ dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml 2008-03-31 13:40:14 UTC (rev 6146)
@@ -29,11 +29,16 @@
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
- <!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" />
- -->
+ maxThreads="150" scheme="https" secure="true"
+ clientAuth="true" sslProtocol="TLS"
+ ciphers="SSL_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
+ keystoreFile="${jboss.server.home.dir}/conf/identity.p12"
+ keystorePass="secret" keystoreType="PKCS12"
+ truststoreFile="${jboss.server.home.dir}/conf/cacerts.jks"
+ truststorePass="secret" truststoreType="JKS"
+ SSLImplementation="org.dcm4chee.audit.tomcat.ATNAImplementation"
+ />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath
===================================================================
--- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath (rev 0)
+++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath 2008-03-31 13:40:14 UTC (rev 6146)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project
===================================================================
--- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project (rev 0)
+++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project 2008-03-31 13:40:14 UTC (rev 6146)
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>dcm4chee-audit-tomcat</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml
===================================================================
--- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml (rev 0)
+++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml 2008-03-31 13:40:14 UTC (rev 6146)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project>
+ <parent>
+ <artifactId>dcm4chee-audit</artifactId>
+ <groupId>dcm4che</groupId>
+ <version>2.13.5</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>dcm4che</groupId>
+ <artifactId>dcm4chee-audit-tomcat</artifactId>
+ <version>2.13.5</version>
+ <name>Tomcat JSSEImplementation to audit TLS handshake failures</name>
+ <dependencies>
+ <dependency>
+ <groupId>dcm4che</groupId>
+ <artifactId>dcm4che-audit</artifactId>
+ <version>2.0.14-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jbossweb.jar</artifactId>
+ <version>4.2.2.GA</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+</project>
Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java
===================================================================
--- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java (rev 0)
+++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java 2008-03-31 13:40:14 UTC (rev 6146)
@@ -0,0 +1,65 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is part of dcm4che, an implementation of DICOM(TM) in
+ * Java(TM), available at http://sourceforge.net/projects/dcm4che.
+ *
+ * The Initial Developer of the Original Code is
+ * Agfa-Gevaert Group.
+ * Portions created by the Initial Developer are Copyright (C) 2003-2005
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * See @authors listed below.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+package org.dcm4chee.audit.tomcat;
+
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import org.apache.tomcat.util.net.jsse.JSSEImplementation;
+
+/**
+ * @author Gunter Zeilinger <gun...@gm...>
+ * @version $Revision$ $Date$
+ * @since Mar 31, 2008
+ */
+public class ATNAImplementation extends JSSEImplementation {
+
+ public ATNAImplementation() throws ClassNotFoundException {
+ super();
+ }
+
+ @Override
+ public ServerSocketFactory getServerSocketFactory() {
+ return new ATNASocketFactory();
+ }
+
+ @Override
+ public String getImplementationName() {
+ return "dcm4chee-audit-tomcat";
+ }
+
+}
Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java
===================================================================
--- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java (rev 0)
+++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java 2008-03-31 13:40:14 UTC (rev 6146)
@@ -0,0 +1,79 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is part of dcm4che, an implementation of DICOM(TM) in
+ * Java(TM), available at http://sourceforge.net/projects/dcm4che.
+ *
+ * The Initial Developer of the Original Code is
+ * Agfa-Gevaert Group.
+ * Portions created by the Initial Developer are Copyright (C) 2003-2005
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * See @authors listed below.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+package org.dcm4chee.audit.tomcat;
+
+import java.io.IOException;
+import java.net.Socket;
+
+import org.apache.log4j.Logger;
+import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
+import org.dcm4che2.audit.message.AuditEvent;
+import org.dcm4che2.audit.message.AuditMessage;
+import org.dcm4che2.audit.message.SecurityAlertMessage;
+
+/**
+ * @author Gunter Zeilinger <gun...@gm...>
+ * @version $Revision$ $Date$
+ * @since Mar 31, 2008
+ */
+public class ATNASocketFactory extends JSSESocketFactory {
+
+ @Override
+ public void handshake(Socket sock) throws IOException {
+ try {
+ super.handshake(sock);
+ } catch (IOException e) {
+ SecurityAlertMessage msg = new SecurityAlertMessage(
+ SecurityAlertMessage.NODE_AUTHENTICATION);
+ msg.setOutcomeIndicator(AuditEvent.OutcomeIndicator.MINOR_FAILURE);
+ msg.addReportingProcess(AuditMessage.getProcessID(),
+ AuditMessage.getLocalAETitles(),
+ AuditMessage.getProcessName(),
+ AuditMessage.getLocalHostName());
+ msg.addPerformingNode(
+ AuditMessage.hostNameOf(sock.getInetAddress()));
+ msg.addAlertSubjectWithNodeID(AuditMessage.getLocalNodeID(),
+ e.getMessage());
+ msg.validate();
+ Logger.getLogger("auditlog").warn(msg);
+ throw e;
+ }
+ }
+
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|