This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6732b0c0b7 Simplify the process of using a custom SSLContext
6732b0c0b7 is described below
commit 6732b0c0b7aa821b10ab8c78b2bfcd8de287621c
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Mar 28 07:02:31 2025 +0000
Simplify the process of using a custom SSLContext
Based on PR #805 by Hakky54.
---
.../apache/tomcat/util/net/SSLContextWrapper.java | 87 ++++++++++++++++++++++
java/org/apache/tomcat/util/net/SSLUtil.java | 18 +++++
webapps/docs/changelog.xml | 4 +
3 files changed, 109 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLContextWrapper.java
b/java/org/apache/tomcat/util/net/SSLContextWrapper.java
new file mode 100644
index 0000000000..280d4dbbce
--- /dev/null
+++ b/java/org/apache/tomcat/util/net/SSLContextWrapper.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.net;
+
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.Objects;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Wrapper class to simplify using a pre-configured {@code
javax.net.ssl.SSLContext} instance with an
+ * {@code SSLHostConfigCertificate}.
+ */
+class SSLContextWrapper implements SSLContext {
+
+ private final javax.net.ssl.SSLContext sslContext;
+ private final X509KeyManager keyManager;
+ private final X509TrustManager trustManager;
+
+ SSLContextWrapper(javax.net.ssl.SSLContext sslContext, X509KeyManager
keyManager, X509TrustManager trustManager) {
+ this.sslContext = Objects.requireNonNull(sslContext);
+ this.keyManager = Objects.requireNonNull(keyManager);
+ this.trustManager = Objects.requireNonNull(trustManager);
+ }
+
+ @Override
+ public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) {
+ // NO-OP as it is already initialized
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+
+ @Override
+ public SSLSessionContext getServerSessionContext() {
+ return sslContext.getServerSessionContext();
+ }
+
+ @Override
+ public SSLEngine createSSLEngine() {
+ return sslContext.createSSLEngine();
+ }
+
+ @Override
+ public SSLServerSocketFactory getServerSocketFactory() {
+ return sslContext.getServerSocketFactory();
+ }
+
+ @Override
+ public SSLParameters getSupportedSSLParameters() {
+ return sslContext.getSupportedSSLParameters();
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(String alias) {
+ return keyManager.getCertificateChain(alias);
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return trustManager.getAcceptedIssuers();
+ }
+}
diff --git a/java/org/apache/tomcat/util/net/SSLUtil.java
b/java/org/apache/tomcat/util/net/SSLUtil.java
index ef3f0d2708..d85655e3c9 100644
--- a/java/org/apache/tomcat/util/net/SSLUtil.java
+++ b/java/org/apache/tomcat/util/net/SSLUtil.java
@@ -21,6 +21,8 @@ import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
/**
* Provides a common interface for {@link SSLImplementation}s to create the
@@ -29,6 +31,22 @@ import javax.net.ssl.TrustManager;
*/
public interface SSLUtil {
+ /**
+ * Creates an instance of Tomcat's {@code SSLContext} from the provided
inputs. Typically used when the user wants
+ * to provide a pre-configured {@code javax.net.ssl.SSLContext} instance.
There is no need to call
+ * {@link SSLContext#init(KeyManager[], TrustManager[],
java.security.SecureRandom)} on the returned value.
+ *
+ * @param sslContext The JSSE SSL context
+ * @param keyManager The JSSE key manager
+ * @param trustManager The JSSE trust manager
+ *
+ * @return An instance of Tomcat's {@code SSLContext} formed from the
provided inputs.
+ */
+ static SSLContext createSSLContext(javax.net.ssl.SSLContext sslContext,
X509KeyManager keyManager,
+ X509TrustManager trustManager) {
+ return new SSLContextWrapper(sslContext, keyManager, trustManager);
+ }
+
SSLContext createSSLContext(List<String> negotiableProtocols) throws
Exception;
KeyManager[] getKeyManagers() throws Exception;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 43911abd96..deaf6d543e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -166,6 +166,10 @@
Add missing code to process an OpenSSL profile, such as
<code>PROFILE=SYSTEM</code>, using FFM. (remm)
</fix>
+ <add>
+ Simplify the process of using a custom SSLContext for an HTTPS enabled
+ connector. Based on pull request <pr>805</pr> by Hakky54. (markt)
+ </add>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
