Author: markt
Date: Tue May 5 19:48:53 2015
New Revision: 1677884
URL: http://svn.apache.org/r1677884
Log:
Move alias, keystoreType and keystoreProvider to SSlHostConfig
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/webapps/docs/config/http.xml
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Tue May 5 19:48:53 2015
@@ -25,22 +25,9 @@ public abstract class AbstractHttp11Jsse
super(endpoint);
}
- public String getKeystoreType() { return getEndpoint().getKeystoreType();}
- public void setKeystoreType(String s ) { getEndpoint().setKeystoreType(s);}
-
- public String getKeystoreProvider() {
- return getEndpoint().getKeystoreProvider();
- }
- public void setKeystoreProvider(String s ) {
- getEndpoint().setKeystoreProvider(s);
- }
-
public String getSslProtocol() { return getEndpoint().getSslProtocol();}
public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);}
- public String getKeyAlias() { return getEndpoint().getKeyAlias();}
- public void setKeyAlias(String s ) { getEndpoint().setKeyAlias(s);}
-
public void setTruststoreFile(String f){
getEndpoint().setTruststoreFile(f);}
public String getTruststoreFile(){ return
getEndpoint().getTruststoreFile();}
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Tue
May 5 19:48:53 2015
@@ -459,6 +459,24 @@ public abstract class AbstractHttp11Prot
}
+ public void setKeystoreType(String certificateKeystoreType) {
+ registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeystoreType(certificateKeystoreType);
+ }
+
+
+ public void setKeystoreProvider(String certificateKeystoreProvider) {
+ registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeystoreProvider(certificateKeystoreProvider);
+ }
+
+
+ public void setKeyAlias(String certificateKeyAlias) {
+ registerDefaultSSLHostConfig();
+ defaultSSLHostConfig.setCertificateKeyAlias(certificateKeyAlias);
+ }
+
+
// ------------------------------------------------------------- Common
code
// Common configuration required for all new HTTP11 processors
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue May
5 19:48:53 2015
@@ -982,22 +982,10 @@ public abstract class AbstractEndpoint<S
this.sslImplementationName = s;
}
- private String keystoreType = "JKS";
- public String getKeystoreType() { return keystoreType;}
- public void setKeystoreType(String s ) { this.keystoreType = s;}
-
- private String keystoreProvider = null;
- public String getKeystoreProvider() { return keystoreProvider;}
- public void setKeystoreProvider(String s ) { this.keystoreProvider = s;}
-
private String sslProtocol = "TLS";
public String getSslProtocol() { return sslProtocol;}
public void setSslProtocol(String s) { sslProtocol = s;}
- private String keyAlias = null;
- public String getKeyAlias() { return keyAlias;}
- public void setKeyAlias(String s ) { keyAlias = s;}
-
private String truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
public String getTruststoreFile() {return truststoreFile;}
public void setTruststoreFile(String s) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Tue
May 5 19:48:53 2015
@@ -57,7 +57,7 @@ public abstract class AbstractJsseEndpoi
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
SSLUtil sslUtil = sslImplementation.getSSLUtil(this,
sslHostConfig);
SSLContext sslContext = sslUtil.createSSLContext();
- sslContext.init(wrap(sslUtil.getKeyManagers()),
+ sslContext.init(wrap(sslUtil.getKeyManagers(), sslHostConfig),
sslUtil.getTrustManagers(), null);
SSLSessionContext sessionContext =
@@ -115,14 +115,15 @@ public abstract class AbstractJsseEndpoi
}
- private KeyManager[] wrap(KeyManager[] managers) {
+ private KeyManager[] wrap(KeyManager[] managers, SSLHostConfig
sslHostConfig) {
if (managers==null) return null;
KeyManager[] result = new KeyManager[managers.length];
for (int i=0; i<result.length; i++) {
- if (managers[i] instanceof X509KeyManager && getKeyAlias() !=
null) {
- String keyAlias = getKeyAlias();
+ if (managers[i] instanceof X509KeyManager &&
+ sslHostConfig.getCertificateKeyAlias() != null) {
+ String keyAlias = sslHostConfig.getCertificateKeyAlias();
// JKS keystores always convert the alias name to lower case
- if ("jks".equalsIgnoreCase(getKeystoreType())) {
+ if
("jks".equalsIgnoreCase(sslHostConfig.getCertificateKeystoreType())) {
keyAlias = keyAlias.toLowerCase(Locale.ENGLISH);
}
result[i] = new NioX509KeyManager((X509KeyManager)
managers[i], keyAlias);
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue May 5
19:48:53 2015
@@ -53,8 +53,11 @@ public class SSLHostConfig {
private Set<String> protocols = new HashSet<>();
private String certificateRevocationListFile;
// JSSE
+ private String certificateKeyAlias;
private String certificateKeystorePassword = "changeit";
private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
+ private String certificateKeystoreProvider;
+ private String certificateKeystoreType = "JKS";
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
// OpenSSL
private String certificateFile;
@@ -230,13 +233,14 @@ public class SSLHostConfig {
// ---------------------------------- JSSE specific configuration
properties
- public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
- this.certificateKeystorePassword = certificateKeystorePassword;
+ public void setCertificateKeyAlias(String certificateKeyAlias) {
+ setProperty("certificateKeyAlias", Type.JSSE);
+ this.certificateKeyAlias = certificateKeyAlias;
}
- public String getCertificateKeystorePassword() {
- return certificateKeystorePassword;
+ public String getCertificateKeyAlias() {
+ return certificateKeyAlias;
}
@@ -251,6 +255,39 @@ public class SSLHostConfig {
}
+ public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
+ setProperty("certificateKeystorePassword", Type.JSSE);
+ this.certificateKeystorePassword = certificateKeystorePassword;
+ }
+
+
+ public String getCertificateKeystorePassword() {
+ return certificateKeystorePassword;
+ }
+
+
+ public void setCertificateKeystoreProvider(String
certificateKeystoreProvider) {
+ setProperty("certificateKeystoreProvider", Type.JSSE);
+ this.certificateKeystoreProvider = certificateKeystoreProvider;
+ }
+
+
+ public String getCertificateKeystoreProvider() {
+ return certificateKeystoreProvider;
+ }
+
+
+ public void setCertificateKeystoreType(String certificateKeystoreType) {
+ setProperty("certificateKeystoreType", Type.JSSE);
+ this.certificateKeystoreType = certificateKeystoreType;
+ }
+
+
+ public String getCertificateKeystoreType() {
+ return certificateKeystoreType;
+ }
+
+
public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
setProperty("keyManagerAlgorithm", Type.JSSE);
this.keyManagerAlgorithm = keyManagerAlgorithm;
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue May 5 19:48:53 2015
@@ -337,13 +337,14 @@ public class JSSESocketFactory implement
@Override
public KeyManager[] getKeyManagers() throws Exception {
- String keystoreType = endpoint.getKeystoreType();
+ String keystoreType = sslHostConfig.getCertificateKeystoreType();
if (keystoreType == null) {
keystoreType = defaultKeystoreType;
}
- return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(),
- sslHostConfig.getKeyManagerAlgorithm(),
endpoint.getKeyAlias());
+ return getKeyManagers(keystoreType,
sslHostConfig.getCertificateKeystoreProvider(),
+ sslHostConfig.getKeyManagerAlgorithm(),
+ sslHostConfig.getCertificateKeyAlias());
}
@Override
@@ -353,7 +354,7 @@ public class JSSESocketFactory implement
truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
}
if (truststoreType == null) {
- truststoreType = endpoint.getKeystoreType();
+ truststoreType = sslHostConfig.getCertificateKeystoreType();
}
if (truststoreType == null) {
truststoreType = defaultKeystoreType;
@@ -364,7 +365,7 @@ public class JSSESocketFactory implement
algorithm = TrustManagerFactory.getDefaultAlgorithm();
}
- return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(),
+ return getTrustManagers(truststoreType,
sslHostConfig.getCertificateKeystoreProvider(),
algorithm);
}
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677884&r1=1677883&r2=1677884&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Tue May 5 19:48:53 2015
@@ -1037,6 +1037,17 @@
PEM-encoded.</p>
</attribute>
+ <attribute name="certificateKeyAlias" required="true">
+ <p>JSSE only.</p>
+ <p>The alias used for the server key and certificate in the keystore. If
+ not specified, the first key read from the keystore will be used. The
+ order in which keys are read from the keystore is implementation
+ dependent. It may not be the case that keys are read from the keystore in
+ the same order as they were added. If more than one key is present in the
+ kesytore it is strongly recommended that a keyAlias is configured to
+ ensure that the correct key is used.</p>
+ </attribute>
+
<attribute name="certificateKeyFile" required="false">
<p>OpenSSL only.</p>
<p>Name of the file that contains the server private key. The format is
@@ -1045,6 +1056,14 @@
RECOMMENDED).</p>
</attribute>
+ <attribute name="certificateKeyPassword" required="false">
+ <p>The password used to access the private key associated with the server
+ certificate from the specified file.</p>
+ <p>If not specified, the default behaviour for JSSE is to use the
+ <strong>certificateKeystorePassword</strong>. For OpenSSL the default
+ behaviour is not to use a password.</p>
+ </attribute>
+
<attribute name="certificateKeystoreFile" required="false">
<p>JSSE only.</p>
<p>The pathname of the keystore file where you have stored the server
@@ -1061,12 +1080,19 @@
<code>changeit</code> will be used.</p>
</attribute>
- <attribute name="certificateKeyPassword" required="false">
- <p>The password used to access the private key associated with the server
- certificate from the specified file.</p>
- <p>If not specified, the default behaviour for JSSE is to use the
- <strong>certificateKeystorePassword</strong>. For OpenSSL the default
- behaviour is not to use a password.</p>
+ <attribute name="certificateKeystoreProvider" required="true">
+ <p>JSSE only.</p>
+ <p>The name of the keystore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>keystoreType</code> is used.
+ </p>
+ </attribute>
+
+ <attribute name="certificateKeystoreType" required="true">
+ <p>JSSE only.</p>
+ <p>The type of keystore file to be used for the server certificate.
+ If not specified, the default value is "<code>JKS</code>".</p>
</attribute>
<attribute name="certificateRevocationFile" required="false">
@@ -1193,13 +1219,9 @@
</attribute>
<attribute name="keyAlias" required="false">
- <p>The alias used for the server key and certificate in the keystore. If
- not specified, the first key read from the keystore will be used. The
- order in which keys are read from the keystore is implementation
- dependent. It may not be the case that keys are read from the keystore in
- the same order as they were added. If more than one key is present in the
- kesytore it is strongly recommended that a keyAlias is configured to
- ensure that the correct key is used.</p>
+ <p>This is an alias for the <code>certificateKeyAlias</code> attribute of
+ the default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+ element.</p>
</attribute>
<attribute name="keyPass" required="false">
@@ -1221,16 +1243,15 @@
</attribute>
<attribute name="keystoreProvider" required="false">
- <p>The name of the keystore provider to be used for the server
- certificate. If not specified, the list of registered providers is
- traversed in preference order and the first provider that supports the
- <code>keystoreType</code> is used.
- </p>
+ <p>This is an alias for the <code>certificateKeystoreProvider</code>
+ attribute of the default
+ <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element.</p>
</attribute>
<attribute name="keystoreType" required="false">
- <p>The type of keystore file to be used for the server certificate.
- If not specified, the default value is "<code>JKS</code>".</p>
+ <p>This is an alias for the <code>certificateKeystoreType</code>
attribute
+ of the default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+ element.</p>
</attribute>
<attribute name="sessionCacheSize" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
