TAO support revocation lists

[caoxiaolins]

TAO support revocation lists

Summary by CodeRabbit

• New Features
  • Enhanced SSL security by adding support for loading Certificate Revocation Lists (CRLs) from user-specified files in standard formats.
  • Introduced a new SSL configuration option that accepts a CRL file path, with updated documentation to guide users.

[caoxiaolins]

There's an issuse with a cyclomatic complexity of 130. However, the cyclomatic complexity of this function was high before. Can I ignore this issuse? @jwillemsen

[jwillemsen]

Complexity is not a problem

[jwillemsen]

Please don't assign me as reviewer, my free time for github reviews is very limited, when you need a guaranteed response/review from my side, see https://www.remedy.nl for our services, without being payed for my time you have to wait until I have spare time which I can't tell when I have.

[jwillemsen]

Don't keep assigning my as reviewer, you have to wait until I have free time or fund my time! There is a huge list of things to do on ACE/TAO and sponsoring is welcome!

[coderabbitai]

Walkthrough

The changes add support for loading Certificate Revocation Lists (CRLs) into the SSL context. A new method, load_crl_file, is introduced and declared in the ACE_SSL_Context class to load CRL files in either PEM or ASN1 format. In parallel, SSLIOP configuration is enhanced by adding a -SSLCRLFile option in both documentation and command-line parsing. The SSLIOP factory now parses the new option, sets appropriate parameters, and invokes the CRL loading functionality with error handling.

Changes

File(s)	Change Summary
ACE/.../SSL_Context.cpp, ACE/.../SSL_Context.h	Added new method load_crl_file to load CRL files (PEM/ASN1) into the SSL context, with parameter validation and error handling.
TAO/.../SSLIOP-USAGE.html	Added new SSLIOP option -SSLCRLFile <filename> to specify a certificate revocation list file in the configuration documentation.
TAO/.../SSLIOP_Factory.cpp	Updated command-line parsing to support the -SSLCRLFile option; introduced variables for CRL path and type; integrated call to load_crl_file with logging.

Sequence Diagram(s)

sequenceDiagram
    participant CLI as Command Line
    participant Factory as SSLIOP_Factory
    participant Context as ACE_SSL_Context
    participant Store as X509_Store

    CLI->>Factory: Parse command-line args (-SSLCRLFile)
    Factory->>Factory: Set crl_path & crl_type variables
    Factory->>Context: Call load_crl_file(file_name, type)
    Context->>Context: Validate context and file parameter
    Context->>Store: Retrieve X509_STORE
    Store-->>Context: Return store reference
    Context->>Context: Load CRL (PEM/ASN1) and add to store
    Context->>Store: Update store with loaded CRL and set CRL flags
    Context-->>Factory: Return result (success/error)
    Factory->>CLI: Log result of CRL load operation

Loading

Poem

I'm a bunny in the code field, leaping with glee,
CRL files now hop into SSL, smoother than can be.
With PEM or ASN1 format, my carrots align,
Every change in this garden makes the system shine.
A joyful hop for innovation, in a secure design! 🐰✨

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

ACE/ace/SSL/SSL_Context.h (1)

257-268: Enhance the method documentation.

The documentation could be improved by:

1. Clarifying the return value (1 for success, others for error).
2. Documenting specific error cases.
3. Adding an example usage.

Apply this diff to enhance the documentation:

 /**
  *  Load the location of the CRL.
  *
- *  @param[in] file_name          CRL file pathname. Passed to
- *                                @c SSL_CTX_Load_verify_locations() if not
- *                                0 and @a type is SSL_FILETYPE_PEM. Pass to
- *                                @c X509_STORE_add_crl if not 0 @a type is SSL_FILETYPE_ASN1.
- *  @param[in] type               CRL file type. Support SSL_FILETYPE_PEM and
- *                                SSL_FILETYPE_ASN1.
- *  @return 1 for success or others on error.
+ *  @param[in] file_name          CRL file pathname.
+ *  @param[in] type               CRL file type. Must be one of:
+ *                                - SSL_FILETYPE_PEM: File is in PEM format
+ *                                - SSL_FILETYPE_ASN1: File is in ASN1 format
+ *
+ *  @return 1 for success, 0 if file_name or context is null, or -1 on other errors:
+ *          - Failed to load PEM file
+ *          - Failed to create BIO for ASN1 file
+ *          - Failed to read ASN1 file
+ *          - Failed to add CRL to store
+ *
+ *  @note For PEM files, uses SSL_CTX_load_verify_locations().
+ *        For ASN1 files, uses X509_STORE_add_crl().
+ *
+ *  Example:
+ *  @code
+ *    ACE_SSL_Context* ssl_ctx = ACE_SSL_Context::instance();
+ *    if (ssl_ctx->load_crl_file("revoked.pem", SSL_FILETYPE_PEM) != 1) {
+ *      // Handle error
+ *    }
+ *  @endcode
  */

ACE/ace/SSL/SSL_Context.cpp (1)

553-599: Improve error handling and memory management.

The implementation has several areas for improvement:

1. Error handling could be more granular with specific error codes.
2. Memory management could be improved using RAII.

Apply this diff to enhance the implementation:

 int
 ACE_SSL_Context::load_crl_file(const char *file_name, int type)
 {
-  if (context_ == nullptr || file_name == nullptr)
+  if (context_ == nullptr)
+    {
+      if (TAO_debug_level > 0)
+        ORBSVCS_ERROR ((LM_ERROR,
+                      ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                      ACE_TEXT ("null context\n")));
+      return 0;
+    }
+
+  if (file_name == nullptr)
     {
+      if (TAO_debug_level > 0)
+        ORBSVCS_ERROR ((LM_ERROR,
+                      ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                      ACE_TEXT ("null file name\n")));
       return 0;
     }

   int ret = 0;
-  BIO *in = nullptr;
-  X509_CRL *x = nullptr;
   X509_STORE *st = ::SSL_CTX_get_cert_store(context_);
   if (st == nullptr)
     {
+      if (TAO_debug_level > 0)
+        ORBSVCS_ERROR ((LM_ERROR,
+                      ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                      ACE_TEXT ("null store\n")));
       goto err;
     }

   if (type == SSL_FILETYPE_PEM)
     {
       ret = ::SSL_CTX_load_verify_locations(context_, file_name, nullptr);
     }
   else if (type == SSL_FILETYPE_ASN1)
     {
-      in = BIO_new(BIO_s_file());
-      if (in == nullptr || BIO_read_filename(in, file_name) <= 0)
+      // Use RAII for BIO
+      struct BIO_Guard {
+        BIO *bio;
+        BIO_Guard(BIO *b) : bio(b) {}
+        ~BIO_Guard() { BIO_free(bio); }
+      };
+      BIO_Guard in_guard(BIO_new(BIO_s_file()));
+      if (in_guard.bio == nullptr)
         {
+          if (TAO_debug_level > 0)
+            ORBSVCS_ERROR ((LM_ERROR,
+                          ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                          ACE_TEXT ("failed to create BIO\n")));
           goto err;
         }
-      x = d2i_X509_CRL_bio(in, nullptr);
-      if (x == nullptr)
+
+      if (BIO_read_filename(in_guard.bio, file_name) <= 0)
         {
+          if (TAO_debug_level > 0)
+            ORBSVCS_ERROR ((LM_ERROR,
+                          ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                          ACE_TEXT ("failed to read file\n")));
           goto err;
         }
-      ret = ::X509_STORE_add_crl(st, x);
+
+      // Use RAII for X509_CRL
+      struct CRL_Guard {
+        X509_CRL *crl;
+        CRL_Guard(X509_CRL *c) : crl(c) {}
+        ~CRL_Guard() { X509_CRL_free(crl); }
+      };
+      CRL_Guard x_guard(d2i_X509_CRL_bio(in_guard.bio, nullptr));
+      if (x_guard.crl == nullptr)
+        {
+          if (TAO_debug_level > 0)
+            ORBSVCS_ERROR ((LM_ERROR,
+                          ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                          ACE_TEXT ("failed to parse CRL\n")));
+          goto err;
+        }
+
+      ret = ::X509_STORE_add_crl(st, x_guard.crl);
     }

   if (ret == 1)
     {
       (void)X509_STORE_set_flags(st, X509_V_FLAG_CRL_CHECK);
     }

 err:
-  X509_CRL_free(x);
-  (void)BIO_free(in);
+  if (ret != 1 && TAO_debug_level > 0)
+    {
+      ORBSVCS_ERROR ((LM_ERROR,
+                    ACE_TEXT ("TAO (%P|%t) - SSL_Context::load_crl_file ")
+                    ACE_TEXT ("failed with error: %C\n"),
+                    ERR_reason_error_string(ERR_get_error())));
+    }

   return ret;
 }

TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp (1)

651-670: Improve error handling and logging for CRL loading.

The CRL loading code could be improved with better error handling and debug logging.

Apply this diff to enhance the implementation:

   if (crl_path.in() != 0)
     {
-      if (ssl_ctx->load_crl_file(crl_path.in(), crl_type) != 1)
+      int result = ssl_ctx->load_crl_file(crl_path.in(), crl_type);
+      if (result != 1)
         {
+          const char* error_type = (result == 0) ? "invalid arguments" : "loading failed";
           ORBSVCS_ERROR ((LM_ERROR,
-                          ACE_TEXT ("TAO (%P|%t) - Unable to load crl file ")
-                          ACE_TEXT ("<%C> in SSLIOP factory, errno = %C.\n"),
-                          crl_path.in(), ERR_reason_error_string(ERR_get_error())));
+                          ACE_TEXT ("TAO (%P|%t) - Unable to load CRL file ")
+                          ACE_TEXT ("<%C> in SSLIOP factory: %C (%C)\n"),
+                          crl_path.in(),
+                          error_type,
+                          ERR_reason_error_string(ERR_get_error())));
+          // Don't fail the initialization as CRL is optional
         }
       else
         {
           if (TAO_debug_level > 0)
             {
               ORBSVCS_DEBUG ((LM_INFO,
-                              ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded crl file ")
-                              ACE_TEXT("<%C>\n"),
-                              crl_path.in()));
+                              ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded CRL file ")
+                              ACE_TEXT ("<%C> of type %C\n"),
+                              crl_path.in(),
+                              (crl_type == SSL_FILETYPE_PEM) ? "PEM" : "ASN1"));
             }
         }
     }

TAO/docs/Security/SSLIOP-USAGE.html (1)

170-173: Enhance the documentation for the -SSLCRLFile option.

The documentation for the new option could be more comprehensive.

Apply this diff to improve the documentation:

     <tr>
       <td><code>-SSLCRLFile</code> <em>filename</em></td>
-      <td>Provide a file containing a certificate revocation list.</td>
+      <td>
+        <p>Provide a file containing a Certificate Revocation List (CRL). The file must be in either PEM or ASN1 format,
+           specified using the format prefix (e.g., "PEM:crl.pem" or "ASN1:crl.der").</p>
+        <p>A CRL is used to identify certificates that have been revoked by their issuing Certificate Authority (CA)
+           and should no longer be trusted. When this option is used, the SSL/TLS implementation will check
+           peer certificates against the CRL during the handshake.</p>
+        <p>Example usage:</p>
+        <pre>
+  -SSLCRLFile PEM:/path/to/crl.pem    # Load a PEM-formatted CRL
+  -SSLCRLFile ASN1:/path/to/crl.der   # Load an ASN1-formatted CRL</pre>
+        <p>Note: This option is typically used in conjunction with <code>-SSLCAfile</code> or <code>-SSLCApath</code>
+           to provide complete certificate validation.</p>
+      </td>
     </tr>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f11974 and 2a1773c.

📒 Files selected for processing (4)

• ACE/ace/SSL/SSL_Context.cpp (1 hunks)
• ACE/ace/SSL/SSL_Context.h (1 hunks)
• TAO/docs/Security/SSLIOP-USAGE.html (1 hunks)
• TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp (3 hunks)

[coderabbitai]

🛠️ Refactor suggestion

Add error handling for missing argument.

The command-line parsing should handle the case where no argument is provided after -SSLCRLFile.

Apply this diff to improve error handling:

       else if (ACE_OS::strcasecmp (argv[curarg],
                                    ACE_TEXT("-SSLCRLFile")) == 0)
         {
           curarg++;
           if (curarg < argc)
             {
               crl_type = parse_x509_file (ACE_TEXT_ALWAYS_CHAR(argv[curarg]),
                                           crl_path.out ());
+              if (crl_type == -1)
+                {
+                  ORBSVCS_ERROR ((LM_ERROR,
+                              ACE_TEXT ("TAO (%P|%t) - Invalid CRL file format ")
+                              ACE_TEXT ("<%C>, must be PEM or ASN1\n"),
+                              argv[curarg]));
+                  return -1;
+                }
             }
+          else
+            {
+              ORBSVCS_ERROR ((LM_ERROR,
+                          ACE_TEXT ("TAO (%P|%t) - -SSLCRLFile requires a ")
+                          ACE_TEXT ("filename argument\n")));
+              return -1;
+            }
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	else if (ACE_OS::strcasecmp (argv[curarg],
	ACE_TEXT("-SSLCRLFile")) == 0)
	{
	curarg++;
	if (curarg < argc)
	{
	crl_type = parse_x509_file (ACE_TEXT_ALWAYS_CHAR(argv[curarg]),
	crl_path.out ());
	}
	}
	else if (ACE_OS::strcasecmp (argv[curarg],
	ACE_TEXT("-SSLCRLFile")) == 0)
	{
	curarg++;
	if (curarg < argc)
	{
	crl_type = parse_x509_file (ACE_TEXT_ALWAYS_CHAR(argv[curarg]),
	crl_path.out ());
	if (crl_type == -1)
	{
	ORBSVCS_ERROR ((LM_ERROR,
	ACE_TEXT ("TAO (%P|%t) - Invalid CRL file format ")
	ACE_TEXT ("<%C>, must be PEM or ASN1\n"),
	argv[curarg]));
	return -1;
	}
	}
	else
	{
	ORBSVCS_ERROR ((LM_ERROR,
	ACE_TEXT ("TAO (%P|%t) - -SSLCRLFile requires a ")
	ACE_TEXT ("filename argument\n")));
	return -1;
	}
	}