SSLConfigChangeListener is not working. #34235
Description
Describe the bug
The SSLConfigChangeListener is not working.
Context: See APIs JSSEHelper and SSLConfigChangeListener.
The JSSEHelper supports passing in an implementation of SSLConfigChangeListener to various methods that retrieve a certain SSLConfig. For example, getProperties(..) or getSSLContext(...). These methods involve acquiring an SSL config (from server.xml) as part of its logic. The SSLConfigChangeListener is supposed to be "tied" to this SSL config and is invoked when a change to the SSL config occurs.
I had the following SSL config set.
<!-- pw omitted for this snippet -->
<keyStore id="defaultKeyStore" updateTrigger="polled"/>
<!-- pw omitted for this snippet -->
<keyStore id="newkeyStore" location="${server.output.dir}/resources/security/newkey.p12" />
<ssl id="debugSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultKeyStore" trustDefaultCerts="true" >
<outboundConnection host="localhost"/>
</ssl>
Changing the keyStoreRef, or updating the defaultKeyStore's .p12 file or changing the value of host in the outBoundConnection did not result in the SSLConfigChangeListener being invoked (System.out.printlns currenlty for testing). See below for code snippets.
The code was simply calling the JSSEHelper methods, I called both getSSLContext(...) and getProperties(...)
This code was from "within" OpenLiberty. Also tried using JSSEHelper through a deployed application and it did not work there either.
For example:
JSSEHelper jsse = JSSEHelper.getInstance();
final Map<String, Object> connectionInfo = new HashMap<String, Object>();
connectionInfo.put(Constants.CONNECTION_INFO_DIRECTION, Constants.DIRECTION_OUTBOUND);
connectionInfo.put(Constants.CONNECTION_INFO_REMOTE_HOST, "localhost");
connectionInfo.put(Constants.CONNECTION_INFO_REMOTE_PORT, "4317");
SSLContext sslContext = null;
X509TrustManager trustManager = null;
SSLConfig sslConfig;
String alias = null;
try {
sslContext = jsse.getSSLContext(null, connectionInfo, mynotifier, true);
//debug to see what SSL Config we would get with just the connectionInfo we would
sslConfig = (SSLConfig) jsse.getProperties(null, connectionInfo, myOtherNotifier, true);
alias = sslConfig.getProperty(Constants.SSLPROP_ALIAS);
System.out.println("DDebug: The alias the SSL component would return is " + alias);
} catch (Exception e) {
e.printStackTrace();
}
The notifiers:
static MyPrivateSSLConfigListener mynotifier = new MyPrivateSSLConfigListener("first");
static MyPrivateSSLConfigListener myOtherNotifier = new MyPrivateSSLConfigListener("second");
// TEST
static class MyPrivateSSLConfigListener implements SSLConfigChangeListener {
String name;
public MyPrivateSSLConfigListener(String name) {
this.name = name;
}
@Override
public void stateChanged(SSLConfigChangeEvent e) {
System.out.println(name + " changed: " + e);
}
Looking into this more. it seems that SSLConfigManager.notifySSLConfigChangeListener(...) is never called by any other method in the code base.
Steps to Reproduce
See above.
Expected behavior
SSLConfigChangeListener is supposed to be invoked when changes are made to the associated SSL config as explained in the JavaDoc/API
Diagnostic information:
- OpenLiberty Version: [e.g. 21.0.0.8 - 21.0.0.10]
- Affected feature(s) [e.g. mpHealth-3.0]
- Java Version: [i.e. full output of
java -version] - server.xml configuration (WITHOUT sensitive information like passwords)
- If it would be useful, upload the messages.log file found in
$WLP_OUTPUT_DIR/messages.log
Additional context
Add any other context about the problem here.