Author: markt
Date: Tue Sep 29 18:44:28 2015
New Revision: 1705909
URL: http://svn.apache.org/viewvc?rev=1705909&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=56777
Allow trust stores, keystores, CRLs and the tomcat-users.xml file to be loaded
from URLs as well as the file system.
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1705909&r1=1705908&r2=1705909&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Tue Sep 29 18:44:28 2015
@@ -16,7 +16,6 @@
*/
package org.apache.tomcat.util.net;
-import java.io.File;
import java.io.OutputStreamWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@@ -826,25 +825,6 @@ public abstract class AbstractEndpoint<S
}
}
-
- private String adjustRelativePath(String path, String relativeTo) {
- // Empty or null path can't point to anything useful. The assumption is
- // that the value is deliberately empty / null so leave it that way.
- if (path == null || path.length() == 0) {
- return path;
- }
- String newPath = path;
- File f = new File(newPath);
- if ( !f.isAbsolute()) {
- newPath = relativeTo + File.separator + newPath;
- f = new File(newPath);
- }
- if (!f.exists()) {
- getLog().warn("configured file:["+newPath+"] does not exist.");
- }
- return newPath;
- }
-
protected abstract Log getLog();
// Flags to indicate optional feature support
// Some of these are always hard-coded, some are hard-coded to false (i.e.
@@ -930,10 +910,7 @@ public abstract class AbstractEndpoint<S
private String keystoreFile = System.getProperty("user.home")+"/.keystore";
public String getKeystoreFile() { return keystoreFile;}
- public void setKeystoreFile(String s ) {
- keystoreFile = adjustRelativePath(s,
- System.getProperty(Constants.CATALINA_BASE_PROP));
- }
+ public void setKeystoreFile(String s ) { keystoreFile = s; }
private String keystorePass = null;
public String getKeystorePass() { return keystorePass;}
@@ -975,10 +952,7 @@ public abstract class AbstractEndpoint<S
private String truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
public String getTruststoreFile() {return truststoreFile;}
- public void setTruststoreFile(String s) {
- truststoreFile = adjustRelativePath(s,
- System.getProperty(Constants.CATALINA_BASE_PROP));
- }
+ public void setTruststoreFile(String s) { truststoreFile = s; }
private String truststorePass =
System.getProperty("javax.net.ssl.trustStorePassword");
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1705909&r1=1705908&r2=1705909&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue Sep 29 18:44:28 2015
@@ -17,8 +17,6 @@
package org.apache.tomcat.util.net.jsse;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
@@ -65,6 +63,7 @@ import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.compat.JreVendor;
+import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLUtil;
@@ -442,12 +441,7 @@ public class JSSESocketFactory implement
}
if(!("PKCS11".equalsIgnoreCase(type) ||
"".equalsIgnoreCase(path))) {
- File keyStoreFile = new File(path);
- if (!keyStoreFile.isAbsolute()) {
- keyStoreFile = new File(System.getProperty(
- Constants.CATALINA_BASE_PROP), path);
- }
- istream = new FileInputStream(keyStoreFile);
+ istream = ConfigFileLoader.getInputStream(path);
}
char[] storePass = null;
@@ -729,15 +723,10 @@ public class JSSESocketFactory implement
protected Collection<? extends CRL> getCRLs(String crlf)
throws IOException, CRLException, CertificateException {
- File crlFile = new File(crlf);
- if( !crlFile.isAbsolute() ) {
- crlFile = new File(
- System.getProperty(Constants.CATALINA_BASE_PROP), crlf);
- }
Collection<? extends CRL> crls = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
- try (InputStream is = new FileInputStream(crlFile)) {
+ try (InputStream is = ConfigFileLoader.getInputStream(crlf)) {
crls = cf.generateCRLs(is);
}
} catch(IOException iex) {
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1705909&r1=1705908&r2=1705909&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Sep 29 18:44:28 2015
@@ -52,6 +52,11 @@
an be used anywhere Tomcat accepts a URL for a configuration parameter.
(markt)
</add>
+ <fix>
+ <bug>56777</bug>: Allow file based configuration resources (user
+ database, certificate revocation lists, keystores an dtrust stores) to
+ be configured using URLs as well as files. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml?rev=1705909&r1=1705908&r2=1705909&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml Tue Sep 29 18:44:28 2015
@@ -1148,7 +1148,8 @@
<attribute name="crlFile" required="false">
<p>The certificate revocation list to be used to verify client
certificates. If not defined, client certificates will not be checked
- against a certificate revocation list.</p>
+ against a certificate revocation list. The file may be specified using a
+ URL, an absolute path or a relative (to CATAINA_BASE) path.</p>
</attribute>
<attribute name="keyAlias" required="false">
@@ -1173,7 +1174,8 @@
the file "<code>.keystore</code>" in the operating system home
directory of the user that is running Tomcat. If your
<code>keystoreType</code> doesn't need a file use <code>""</code>
- (empty string) for this parameter.</p>
+ (empty string) for this parameter. The file may be specified using a
+ URL, an absolute path or a relative (to CATAINA_BASE) path.</p>
</attribute>
<attribute name="keystorePass" required="false">
@@ -1263,7 +1265,8 @@
<p>The trust store file to use to validate client certificates. The
default is the value of the <code>javax.net.ssl.trustStore</code> system
property. If neither this attribute nor the default system property is
- set, no trust store will be configured.</p>
+ set, no trust store will be configured. The file may be specified using a
+ URL, an absolute path or a relative (to CATAINA_BASE) path.</p>
</attribute>
<attribute name="truststorePass" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
