From: <gun...@us...> - 2008-03-31 13:40:20
|
Revision: 6146 http://dcm4che.svn.sourceforge.net/dcm4che/?rev=6146&view=rev Author: gunterze Date: 2008-03-31 06:40:14 -0700 (Mon, 31 Mar 2008) Log Message: ----------- [#DCMEE-800] Audit failed TLS handshake on https connections by Tomcat Modified Paths: -------------- dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml Added Paths: ----------- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java Modified: dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml =================================================================== --- dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml 2008-03-31 13:32:02 UTC (rev 6145) +++ dcm4chee/dcm4chee-arc/trunk/dcm4jboss-build/build.xml 2008-03-31 13:40:14 UTC (rev 6146) @@ -17,6 +17,8 @@ value="${m2.repos}/dcm4che/dcm4chee-audit-login/${audit-version}"/> <property name="dcm4chee-audit-logger.lib" value="${m2.repos}/dcm4che/dcm4chee-audit-logger/${audit-version}"/> + <property name="dcm4chee-audit-tomcat.lib" + value="${m2.repos}/dcm4che/dcm4chee-audit-tomcat/${audit-version}"/> <!-- Override with your JBoss server bundle dist location --> <property name="jboss.home" value="${user.home}/jboss-4.2.2.GA"/> @@ -166,6 +168,10 @@ prefix="${dist.db.config}/lib"> <include name="*jar"/> </zipfileset> + <zipfileset dir="${dcm4chee-audit-tomcat.lib}" + prefix="${dist.db.config}/lib"> + <include name="*jar"/> + </zipfileset> <zipfileset dir="${target.dir}" prefix="${dist.db}"> <include name="bin/*"/> <exclude name="bin/*.sh"/> Modified: dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml =================================================================== --- dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml 2008-03-31 13:32:02 UTC (rev 6145) +++ dcm4chee/dcm4chee-arc/trunk/dcm4jboss-sar/src/etc/deploy/jboss-web.deployer/server.xml 2008-03-31 13:40:14 UTC (rev 6146) @@ -29,11 +29,16 @@ This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> - <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" - maxThreads="150" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" /> - --> + maxThreads="150" scheme="https" secure="true" + clientAuth="true" sslProtocol="TLS" + ciphers="SSL_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" + keystoreFile="${jboss.server.home.dir}/conf/identity.p12" + keystorePass="secret" keystoreType="PKCS12" + truststoreFile="${jboss.server.home.dir}/conf/cacerts.jks" + truststorePass="secret" truststoreType="JKS" + SSLImplementation="org.dcm4chee.audit.tomcat.ATNAImplementation" + /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3" Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath =================================================================== --- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath (rev 0) +++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.classpath 2008-03-31 13:40:14 UTC (rev 6146) @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" path="src/main/java"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> + <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/> + <classpathentry kind="output" path="target/classes"/> +</classpath> Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project =================================================================== --- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project (rev 0) +++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/.project 2008-03-31 13:40:14 UTC (rev 6146) @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>dcm4chee-audit-tomcat</name> + <comment></comment> + <projects> + </projects> + <buildSpec> + <buildCommand> + <name>org.maven.ide.eclipse.maven2Builder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments> + </arguments> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + <nature>org.maven.ide.eclipse.maven2Nature</nature> + </natures> +</projectDescription> Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml =================================================================== --- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml (rev 0) +++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/pom.xml 2008-03-31 13:40:14 UTC (rev 6146) @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project> + <parent> + <artifactId>dcm4chee-audit</artifactId> + <groupId>dcm4che</groupId> + <version>2.13.5</version> + </parent> + <modelVersion>4.0.0</modelVersion> + <groupId>dcm4che</groupId> + <artifactId>dcm4chee-audit-tomcat</artifactId> + <version>2.13.5</version> + <name>Tomcat JSSEImplementation to audit TLS handshake failures</name> + <dependencies> + <dependency> + <groupId>dcm4che</groupId> + <artifactId>dcm4che-audit</artifactId> + <version>2.0.14-SNAPSHOT</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.14</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>jboss</groupId> + <artifactId>jbossweb.jar</artifactId> + <version>4.2.2.GA</version> + <scope>provided</scope> + </dependency> + </dependencies> +</project> Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java =================================================================== --- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java (rev 0) +++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNAImplementation.java 2008-03-31 13:40:14 UTC (rev 6146) @@ -0,0 +1,65 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is part of dcm4che, an implementation of DICOM(TM) in + * Java(TM), available at http://sourceforge.net/projects/dcm4che. + * + * The Initial Developer of the Original Code is + * Agfa-Gevaert Group. + * Portions created by the Initial Developer are Copyright (C) 2003-2005 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * See @authors listed below. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +package org.dcm4chee.audit.tomcat; + +import org.apache.tomcat.util.net.ServerSocketFactory; +import org.apache.tomcat.util.net.jsse.JSSEImplementation; + +/** + * @author Gunter Zeilinger <gun...@gm...> + * @version $Revision$ $Date$ + * @since Mar 31, 2008 + */ +public class ATNAImplementation extends JSSEImplementation { + + public ATNAImplementation() throws ClassNotFoundException { + super(); + } + + @Override + public ServerSocketFactory getServerSocketFactory() { + return new ATNASocketFactory(); + } + + @Override + public String getImplementationName() { + return "dcm4chee-audit-tomcat"; + } + +} Added: dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java =================================================================== --- dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java (rev 0) +++ dcm4chee/dcm4chee-audit/trunk/dcm4chee-audit-tomcat/src/main/java/org/dcm4chee/audit/tomcat/ATNASocketFactory.java 2008-03-31 13:40:14 UTC (rev 6146) @@ -0,0 +1,79 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is part of dcm4che, an implementation of DICOM(TM) in + * Java(TM), available at http://sourceforge.net/projects/dcm4che. + * + * The Initial Developer of the Original Code is + * Agfa-Gevaert Group. + * Portions created by the Initial Developer are Copyright (C) 2003-2005 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * See @authors listed below. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +package org.dcm4chee.audit.tomcat; + +import java.io.IOException; +import java.net.Socket; + +import org.apache.log4j.Logger; +import org.apache.tomcat.util.net.jsse.JSSESocketFactory; +import org.dcm4che2.audit.message.AuditEvent; +import org.dcm4che2.audit.message.AuditMessage; +import org.dcm4che2.audit.message.SecurityAlertMessage; + +/** + * @author Gunter Zeilinger <gun...@gm...> + * @version $Revision$ $Date$ + * @since Mar 31, 2008 + */ +public class ATNASocketFactory extends JSSESocketFactory { + + @Override + public void handshake(Socket sock) throws IOException { + try { + super.handshake(sock); + } catch (IOException e) { + SecurityAlertMessage msg = new SecurityAlertMessage( + SecurityAlertMessage.NODE_AUTHENTICATION); + msg.setOutcomeIndicator(AuditEvent.OutcomeIndicator.MINOR_FAILURE); + msg.addReportingProcess(AuditMessage.getProcessID(), + AuditMessage.getLocalAETitles(), + AuditMessage.getProcessName(), + AuditMessage.getLocalHostName()); + msg.addPerformingNode( + AuditMessage.hostNameOf(sock.getInetAddress())); + msg.addAlertSubjectWithNodeID(AuditMessage.getLocalNodeID(), + e.getMessage()); + msg.validate(); + Logger.getLogger("auditlog").warn(msg); + throw e; + } + } + +} This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |