Author: markt
Date: Tue May 20 15:54:32 2008
New Revision: 658474
URL: http://svn.apache.org/viewvc?rev=658474&view=rev
Log:
Fix remainder of https://issues.apache.org/bugzilla/show_bug.cgi?id=43094
Provide options for selecting keystore providers
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue May 20 15:54:32 2008
@@ -249,38 +249,39 @@
/*
* Gets the SSL server's keystore.
*/
- protected KeyStore getKeystore(String type, String pass)
+ protected KeyStore getKeystore(String type, String provider, String pass)
throws IOException {
String keystoreFile = (String)attributes.get("keystore");
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
- return getStore(type, keystoreFile, pass);
+ return getStore(type, provider, keystoreFile, pass);
}
/*
* Gets the SSL server's truststore.
*/
- protected KeyStore getTrustStore(String keystoreType) throws IOException {
+ protected KeyStore getTrustStore(String keystoreType,
+ String keystoreProvider) throws IOException {
KeyStore trustStore = null;
- String trustStoreFile = (String)attributes.get("truststoreFile");
- if(trustStoreFile == null) {
- trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
+ String truststoreFile = (String)attributes.get("truststoreFile");
+ if(truststoreFile == null) {
+ truststoreFile = System.getProperty("javax.net.ssl.trustStore");
}
if(log.isDebugEnabled()) {
- log.debug("Truststore = " + trustStoreFile);
+ log.debug("Truststore = " + truststoreFile);
}
- String trustStorePassword = (String)attributes.get("truststorePass");
- if( trustStorePassword == null) {
- trustStorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
+ String truststorePassword = (String)attributes.get("truststorePass");
+ if( truststorePassword == null) {
+ truststorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
}
- if( trustStorePassword == null ) {
- trustStorePassword = getKeystorePassword();
+ if( truststorePassword == null ) {
+ truststorePassword = getKeystorePassword();
}
if(log.isDebugEnabled()) {
- log.debug("TrustPass = " + trustStorePassword);
+ log.debug("TrustPass = " + truststorePassword);
}
String truststoreType = (String)attributes.get("truststoreType");
if( truststoreType == null) {
@@ -292,9 +293,22 @@
if(log.isDebugEnabled()) {
log.debug("trustType = " + truststoreType);
}
- if (trustStoreFile != null && trustStorePassword != null){
- trustStore = getStore(truststoreType, trustStoreFile,
- trustStorePassword);
+ String truststoreProvider =
+ (String)attributes.get("truststoreProvider");
+ if( truststoreProvider == null) {
+ truststoreProvider =
+ System.getProperty("javax.net.ssl.trustStoreProvider");
+ }
+ if (truststoreProvider == null) {
+ truststoreProvider = keystoreProvider;
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("trustProvider = " + truststoreProvider);
+ }
+
+ if (truststoreFile != null && truststorePassword != null){
+ trustStore = getStore(truststoreType, truststoreProvider,
+ truststoreFile, truststorePassword);
}
return trustStore;
@@ -303,13 +317,17 @@
/*
* Gets the key- or truststore with the specified type, path, and password.
*/
- private KeyStore getStore(String type, String path, String pass)
- throws IOException {
+ private KeyStore getStore(String type, String provider, String path,
+ String pass) throws IOException {
KeyStore ks = null;
InputStream istream = null;
try {
- ks = KeyStore.getInstance(type);
+ if (provider == null) {
+ ks = KeyStore.getInstance(type);
+ } else {
+ ks = KeyStore.getInstance(type, provider);
+ }
if(!("PKCS11".equalsIgnoreCase(type) ||
"".equalsIgnoreCase(path))) {
File keyStoreFile = new File(path);
if (!keyStoreFile.isAbsolute()) {
@@ -377,15 +395,22 @@
keystoreType = defaultKeystoreType;
}
- String trustAlgorithm = (String)attributes.get("truststoreAlgorithm");
- if( trustAlgorithm == null ) {
- trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- }
+ String keystoreProvider =
+ (String) attributes.get("keystoreProvider");
+
+ String trustAlgorithm =
+ (String)attributes.get("truststoreAlgorithm");
+ if( trustAlgorithm == null ) {
+ trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+
// Create and init SSLContext
SSLContext context = SSLContext.getInstance(protocol);
- context.init(getKeyManagers(keystoreType, algorithm,
- (String) attributes.get("keyAlias")),
- getTrustManagers(keystoreType, trustAlgorithm),
+ context.init(getKeyManagers(keystoreType, keystoreProvider,
+ algorithm,
+ (String) attributes.get("keyAlias")),
+ getTrustManagers(keystoreType, keystoreProvider,
+ trustAlgorithm),
new SecureRandom());
// create proxy
@@ -407,6 +432,7 @@
* Gets the initialized key managers.
*/
protected KeyManager[] getKeyManagers(String keystoreType,
+ String keystoreProvider,
String algorithm,
String keyAlias)
throws Exception {
@@ -415,7 +441,7 @@
String keystorePass = getKeystorePassword();
- KeyStore ks = getKeystore(keystoreType, keystorePass);
+ KeyStore ks = getKeystore(keystoreType, keystoreProvider,
keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(sm.getString("jsse.alias_no_key_entry",
keyAlias));
}
@@ -439,17 +465,14 @@
/**
* Gets the intialized trust managers.
*/
- protected TrustManager[] getTrustManagers(String keystoreType, String
algorithm)
+ protected TrustManager[] getTrustManagers(String keystoreType,
+ String keystoreProvider, String algorithm)
throws Exception {
String crlf = (String) attributes.get("crlFile");
TrustManager[] tms = null;
- String truststoreType = (String) attributes.get("truststoreType");
- if (truststoreType == null) {
- truststoreType = keystoreType;
- }
- KeyStore trustStore = getTrustStore(truststoreType);
+ KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
if (trustStore != null) {
if (crlf == null) {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(algorithm);
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue May 20 15:54:32 2008
@@ -187,9 +187,13 @@
Caldarale. (markt/jim)
</fix>
<update>
- Add support for keystore types that do not need a file. Based on a
patch by
- Bruno Harbulot. (markt)
- </update>
+ Add support for keystore types that do not need a file. Based on a patch
+ by Bruno Harbulot. (markt)
+ </update>
+ <update>
+ <bug>43094</bug>: Allow specification of keystore providers. Based on a
+ patch by Bruno Harbulot. (markt)
+ </update>
<fix>
<bug>43191</bug>: Make it possible to override the defaults with the
compressableMimeType attribute. Based on a patch by Len Popp. (markt)
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Tue May 20 15:54:32 2008
@@ -671,6 +671,14 @@
If not specified, the default value is "<code>JKS</code>".</p>
</attribute>
+ <attribute name="keystoreProvider" required="false">
+ <p>The name of the keystore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>keystoreType</code> is used.
+ </p>
+ </attribute>
+
<attribute name="sslProtocol" required="false">
<p>The version of the SSL protocol to use. If not specified,
the default is "<code>TLS</code>".</p>
@@ -700,6 +708,14 @@
TrustStore then you are using for the KeyStore.</p>
</attribute>
+ <attribute name="truststoreProvider" required="false">
+ <p>The name of the truststore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>truststoreType</code> is used.
+ </p>
+ </attribute>
+
</attributes>
<p>For more information, see the
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
