From b7ed1d314046345e38dc92c92017fb610832e8ba Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 16 Sep 2024 15:51:12 -0600 Subject: [PATCH] JSSE: fixes for some items found with SpotBugs --- src/java/com/wolfssl/WolfSSLX509Name.java | 2 +- .../com/wolfssl/provider/jsse/WolfSSLContext.java | 3 ++- .../wolfssl/provider/jsse/WolfSSLEngineHelper.java | 13 +++++++++---- .../provider/jsse/WolfSSLImplementSSLSession.java | 2 +- .../wolfssl/provider/jsse/WolfSSLServerSocket.java | 1 - .../wolfssl/provider/jsse/WolfSSLTrustManager.java | 14 ++++++++++++-- 6 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/java/com/wolfssl/WolfSSLX509Name.java b/src/java/com/wolfssl/WolfSSLX509Name.java index e32c917..68f5342 100644 --- a/src/java/com/wolfssl/WolfSSLX509Name.java +++ b/src/java/com/wolfssl/WolfSSLX509Name.java @@ -501,7 +501,7 @@ public class WolfSSLX509Name { } /* TODO: wrap wolfSSL_X509_NAME_oneline() */ - return null; + return ""; } /** diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java index 5dd164a..4dd89f8 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java @@ -389,7 +389,8 @@ public class WolfSSLContext extends SSLContextSpi { SecureRandom sr) throws KeyManagementException { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "entered engineInit(km=" + km + ", tm=" + tm + ", sr=" + sr +")"); + "entered engineInit(km=" + Arrays.toString(km) + + ", tm=" + Arrays.toString(tm) + ", sr=" + sr +")"); try { authStore = new WolfSSLAuthStore(km, tm, sr, currentVersion); diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index 0a1f3b4..08be352 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -1046,13 +1046,18 @@ public class WolfSSLEngineHelper { * with HAVE_SECURE_RENEGOTIATION. Some JSSE consuming apps * expect that secure renegotiation will be supported. */ int ret = this.ssl.useSecureRenegotiation(); - if (ret != WolfSSL.SSL_SUCCESS && ret != WolfSSL.NOT_COMPILED_IN) { - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "error enabling secure renegotiation, ret = " + ret); - } else if (ret == 0) { + if (ret == WolfSSL.SSL_SUCCESS) { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "enabled secure renegotiation support for session"); } + else if (ret == WolfSSL.NOT_COMPILED_IN) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "native secure renegotiation not compiled in"); + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "error enabling secure renegotiation, ret = " + ret); + } } private void setLocalSigAlgorithms() { diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java index 0161b44..a5c697c 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java @@ -264,7 +264,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession /* use pseudo session ID if session tickets are being used */ if (this.ssl.getVersion().equals("TLSv1.3") || this.ssl.sessionTicketsEnabled()) { - return this.pseudoSessionID; + return this.pseudoSessionID.clone(); } else { return this.ssl.getSessionID(); diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java index fcee295..b287e0a 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java @@ -46,7 +46,6 @@ public class WolfSSLServerSocket extends SSLServerSocket { private boolean clientMode = false; private boolean enableSessionCreation = true; - private WolfSSLDebug debug; /** * Create new WolfSSLServerSocket diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java index d817587..e000d8b 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java @@ -511,8 +511,20 @@ public class WolfSSLTrustManager extends TrustManagerFactorySpi { String caStoreDir = androidRoot.concat("etc/security/cacerts"); File cadir = new File(caStoreDir); String[] cafiles = null; + + if (cadir == null) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Unable to open etc/security/cacerts, none loaded"); + return null; + } + try { cafiles = cadir.list(); + if (cafiles != null) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Found " + cafiles.length + + " CA files to load into KeyStore"); + } } catch (Exception e) { /* Denied access reading cacerts directory */ WolfSSLDebug.log(getClass(), WolfSSLDebug.ERROR, @@ -520,8 +532,6 @@ public class WolfSSLTrustManager extends TrustManagerFactorySpi { "CA certificates"); return null; } - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "Found " + cafiles.length + " CA files to load into KeyStore"); /* Get factory for cert creation */ try {