diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java index d604e81497..657e5734f0 100644 --- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java +++ b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java @@ -87,4 +87,9 @@ synchronized public void reloadSSLHosts(final Map cr) { createSSLContext(sslHostConfig); } } + + @Override + protected SSLHostConfig getSSLHostConfig(final String sniHostName) { + return super.getSSLHostConfig(sniHostName.toLowerCase()); + } } diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateRegistry.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateRegistry.java index b3bfd3ce2e..e3f773c084 100644 --- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateRegistry.java +++ b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateRegistry.java @@ -17,12 +17,12 @@ import com.comcast.cdn.traffic_control.traffic_router.protocol.RouterNioEndpoint; import com.comcast.cdn.traffic_control.traffic_router.shared.CertificateData; +import org.apache.log4j.Logger; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.log4j.Logger; public class CertificateRegistry { private static final Logger log = Logger.getLogger(CertificateRegistry.class); @@ -61,6 +61,7 @@ private static class CertificateRegistryHolder { private static final CertificateRegistry DELIVERY_SERVICE_CERTIFICATES = new CertificateRegistry(); } + @SuppressWarnings({"PMD.CyclomaticComplexity", "PMD.AvoidDeeplyNestedIfStmts", "PMD.NPathComplexity"}) synchronized public void importCertificateDataList(final List certificateDataList) { final Map changes = new HashMap<>(); final Map master = new HashMap<>(); @@ -68,34 +69,43 @@ synchronized public void importCertificateDataList(final List c // find CertificateData which has changed for (final CertificateData certificateData : certificateDataList) { try { - final HandshakeData handshakeData = certificateDataConverter.toHandshakeData(certificateData); - final String alias = handshakeData.getHostname().replaceFirst("\\*\\.", ""); - master.put(alias, handshakeData); - - if (certificateData.equals(previousData.get(certificateData.getHostname()))) { - continue; - } - changes.put(alias, handshakeData); - log.warn("Imported handshake data with alias " + alias); - } catch (Exception e) { + final String alias = certificateData.alias(); + + if (!master.containsKey(alias)) { + final HandshakeData handshakeData = certificateDataConverter.toHandshakeData(certificateData); + master.put(alias, handshakeData); + if (!certificateData.equals(previousData.get(alias))) { + changes.put(alias, handshakeData); + log.warn("Imported handshake data with alias " + alias); + } + } + else { + log.error("An TLS certificate already exists in the registry for host: "+alias+" There can be " + + "only one!" ); + } + } catch (Exception e) { log.error("Failed to import certificate data for delivery service: '" + certificateData.getDeliveryservice() + "', hostname: '" + certificateData.getHostname() + "'"); } } // find CertificateData which has been removed - for (final String hostname : previousData.keySet()) + for (final String alias : previousData.keySet()) { - if (!master.containsKey(hostname.replaceFirst("\\*\\.", "")) && sslEndpoint != null) + if (!master.containsKey(alias) && sslEndpoint != null) { - sslEndpoint.removeSslHostConfig(hostname); - log.warn("Removed handshake data with hostname " + hostname); + final String hostname = previousData.get(alias).getHostname(); + sslEndpoint.removeSslHostConfig(hostname); + log.warn("Removed handshake data with hostname " + hostname); } } // store the result for the next import previousData.clear(); for (final CertificateData certificateData : certificateDataList) { - previousData.put(certificateData.getHostname(), certificateData); + final String alias = certificateData.alias(); + if (!previousData.containsKey(alias)) { + previousData.put(alias, certificateData); + } } handshakeDataMap = master; diff --git a/traffic_router/connector/src/test/java/secure/CertificateRegistryTest.java b/traffic_router/connector/src/test/java/secure/CertificateRegistryTest.java index 555e4abf9a..d01da22e93 100644 --- a/traffic_router/connector/src/test/java/secure/CertificateRegistryTest.java +++ b/traffic_router/connector/src/test/java/secure/CertificateRegistryTest.java @@ -50,6 +50,9 @@ public void before() throws Exception { certificateData1 = mock(CertificateData.class); certificateData2 = mock(CertificateData.class); certificateData3 = mock(CertificateData.class); + when(certificateData1.alias()).thenReturn("ds-1.some-cdn.example.com"); + when(certificateData2.alias()).thenReturn("ds-2.some-cdn.example.com"); + when(certificateData3.alias()).thenReturn("ds-3.some-cdn.example.com"); certificateDataList = Arrays.asList(certificateData1, certificateData2, certificateData3); diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/shared/CertificateData.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/shared/CertificateData.java index 202908f01d..f9726f36d3 100644 --- a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/shared/CertificateData.java +++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/shared/CertificateData.java @@ -49,8 +49,12 @@ public String getHostname() { return hostname; } + public String alias() { + return getHostname().replaceFirst("\\*\\.", ""); + } + public void setHostname(final String hostname) { - this.hostname = hostname; + this.hostname = hostname.toLowerCase(); } @SuppressWarnings("PMD.IfStmtsMustUseBraces")