cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java
billbarker2004/12/13 23:02:32 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java Log: JSSE 1.0.x doesn't include sun.security.provider.Sun, so we can't assume that it will be available. Fix for Bug #32680 Revision ChangesPath 1.10 +7 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JSSE13SocketFactory.java 2 Jul 2004 03:27:39 - 1.9 +++ JSSE13SocketFactory.java 14 Dec 2004 07:02:32 - 1.10 @@ -20,6 +20,7 @@ import java.security.KeyStore; import java.security.SecureRandom; import java.security.Security; +import java.security.Provider; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; @@ -66,7 +67,12 @@ */ void init() throws IOException { try { -Security.addProvider (new sun.security.provider.Sun()); +try { +Class ssps = Class.forName(sun.security.provider.Sun); +Security.addProvider ((Provider)ssps.newInstance()); +}catch(Exception cnfe) { +//Ignore, since this is a non-Sun JVM +} Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider()); String clientAuthStr = (String)attributes.get(clientauth); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2004/07/01 20:27:39 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java Log: Revert back to where not configuring Ciphers means that you get all available ciphers. Fix for Bug #29695 Revision ChangesPath 1.9 +1 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JSSE13SocketFactory.java 24 Feb 2004 08:50:05 - 1.8 +++ JSSE13SocketFactory.java 2 Jul 2004 03:27:39 - 1.9 @@ -119,11 +119,8 @@ // Determine which cipher suites to enable String requestedCiphers = (String)attributes.get(ciphers); -if (requestedCiphers != null) { -enabledCiphers = getEnabledCiphers -(requestedCiphers, +enabledCiphers = getEnabledCiphers(requestedCiphers, sslProxy.getSupportedCipherSuites()); -} } catch(Exception e) { if( e instanceof IOException ) 1.23 +2 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- JSSE14SocketFactory.java 24 Feb 2004 08:50:05 - 1.22 +++ JSSE14SocketFactory.java 2 Jul 2004 03:27:39 - 1.23 @@ -116,10 +116,8 @@ // Determine which cipher suites to enable String requestedCiphers = (String)attributes.get(ciphers); -if (requestedCiphers != null) { -enabledCiphers = getEnabledCiphers(requestedCiphers, - sslProxy.getSupportedCipherSuites()); -} +enabledCiphers = getEnabledCiphers(requestedCiphers, + sslProxy.getSupportedCipherSuites()); } catch(Exception e) { if( e instanceof IOException ) 1.16 +3 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Index: JSSESocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- JSSESocketFactory.java24 Feb 2004 08:50:05 - 1.15 +++ JSSESocketFactory.java2 Jul 2004 03:27:39 - 1.16 @@ -187,6 +187,8 @@ enabledCiphers = new String[vec.size()]; vec.copyInto(enabledCiphers); } +} else { +enabledCiphers = supportedCiphers; } return enabledCiphers; @@ -351,7 +353,7 @@ SSLServerSocket socket = (SSLServerSocket) ssocket; -if (attributes.get(ciphers) != null) { +if (enabledCiphers != null) { socket.setEnabledCipherSuites(enabledCiphers); } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2004/01/23 20:56:32 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java Log: Allow the option to only want client authentication. Submitted By: Michael Becker [EMAIL PROTECTED] (with some cosmetic changes). Revision ChangesPath 1.7 +21 -2 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- JSSE13SocketFactory.java 11 Oct 2003 04:24:30 - 1.6 +++ JSSE13SocketFactory.java 24 Jan 2004 04:56:32 - 1.7 @@ -64,6 +64,7 @@ import java.security.Security; import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; /* 1. Make the JSSE's jars available, either as an installed @@ -85,6 +86,11 @@ */ public class JSSE13SocketFactory extends JSSESocketFactory { +/** + * Flag for client authentication + */ +protected boolean clientAuth = false; + public JSSE13SocketFactory () { super(); } @@ -106,8 +112,10 @@ Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider()); String clientAuthStr = (String)attributes.get(clientauth); -if (clientAuthStr != null){ -clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); +if(true.equalsIgnoreCase(clientAuthStr) || + yes.equalsIgnoreCase(clientAuthStr) || + want.equalsIgnoreCase(clientAuthStr)) { +clientAuth = true; } // SSL protocol variant (e.g., TLS, SSL v3, etc.) @@ -171,6 +179,17 @@ } protected void setEnabledProtocols(SSLServerSocket socket, String [] protocols){ +} + +protected void configureClientAuth(SSLServerSocket socket){ +socket.setNeedClientAuth(clientAuth); +} + +protected void configureClientAuth(SSLSocket socket){ +// In JSSE 1.0.2 docs it does not explicitly +// state whether SSLSockets returned from +// SSLServerSocket.accept() inherit this setting. +socket.setNeedClientAuth(clientAuth); } } 1.21 +30 -2 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- JSSE14SocketFactory.java 19 Nov 2003 18:02:53 - 1.20 +++ JSSE14SocketFactory.java 24 Jan 2004 04:56:32 - 1.21 @@ -68,6 +68,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509KeyManager; @@ -97,6 +98,16 @@ private static StringManager sm = StringManager.getManager(org.apache.tomcat.util.net.jsse.res); +/** + * Flag to state that we require client authentication. + */ +protected boolean requireClientAuth = false; + +/** + * Flag to state that we would like client authentication. + */ +protected boolean wantClientAuth= false; + public JSSE14SocketFactory () { super(); } @@ -108,8 +119,11 @@ try { String clientAuthStr = (String) attributes.get(clientauth); -if (clientAuthStr != null){ -clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); +if(true.equalsIgnoreCase(clientAuthStr) || + yes.equalsIgnoreCase(clientAuthStr)) { +requireClientAuth = true; +} else if(want.equalsIgnoreCase(clientAuthStr)) { +wantClientAuth = true; } // SSL protocol variant (e.g., TLS, SSL v3, etc.) @@ -281,4 +295,18 @@ return enabledProtocols; } + +protected void configureClientAuth(SSLServerSocket socket){ +if (wantClientAuth){ +socket.setWantClientAuth(wantClientAuth); +} else { +socket.setNeedClientAuth(requireClientAuth); +} +} + +protected void configureClientAuth(SSLSocket
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java
billbarker2003/10/10 21:24:30 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java Log: Allow the TrustStore to have a different type from the KeyStore. Probably a small minority case, but it can be useful when moving from Apache to Tomcat-Standalone. Revision ChangesPath 1.6 +5 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JSSE13SocketFactory.java 2 Sep 2003 21:34:38 - 1.5 +++ JSSE13SocketFactory.java 11 Oct 2003 04:24:30 - 1.6 @@ -131,7 +131,11 @@ // Set up TrustManager com.sun.net.ssl.TrustManager[] tm = null; -KeyStore trustStore = getTrustStore(keystoreType); +String truststoreType = (String)attributes.get(truststoreType); +if(truststoreType == null) { +truststoreType = keystoreType; +} +KeyStore trustStore = getTrustStore(truststoreType); if (trustStore != null) { com.sun.net.ssl.TrustManagerFactory tmf = com.sun.net.ssl.TrustManagerFactory.getInstance(SunX509); 1.16 +5 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- JSSE14SocketFactory.java 27 Sep 2003 02:44:07 - 1.15 +++ JSSE14SocketFactory.java 11 Oct 2003 04:24:30 - 1.16 @@ -186,7 +186,11 @@ TrustManager[] tms = null; -KeyStore trustStore = getTrustStore(keystoreType); +String truststoreType = (String)attributes.get(truststoreType); +if(truststoreType == null) { +truststoreType = keystoreType; +} +KeyStore trustStore = getTrustStore(truststoreType); if (trustStore != null) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(trustStore); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2003/08/12 22:32:53 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java Log: Getting the tab-police off my case ;-). Revision ChangesPath 1.4 +3 -3 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- JSSE13SocketFactory.java 13 Aug 2003 05:29:08 - 1.3 +++ JSSE13SocketFactory.java 13 Aug 2003 05:32:53 - 1.4 @@ -169,11 +169,11 @@ } } protected String[] getEnabledProtocols(SSLServerSocket socket, -String requestedProtocols){ - return null; + String requestedProtocols){ +return null; } protected void setEnabledProtocols(SSLServerSocket socket, - String [] protocols){ + String [] protocols){ } } 1.11 +3 -3 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- JSSE14SocketFactory.java 13 Aug 2003 05:29:08 - 1.10 +++ JSSE14SocketFactory.java 13 Aug 2003 05:32:53 - 1.11 @@ -192,14 +192,14 @@ return tms; } protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){ - if (protocols != null) { +if (protocols != null) { socket.setEnabledProtocols(protocols); } } protected String[] getEnabledProtocols(SSLServerSocket socket, -String requestedProtocols){ - String[] supportedProtocols = socket.getSupportedProtocols(); + String requestedProtocols){ +String[] supportedProtocols = socket.getSupportedProtocols(); String[] enabledProtocols = null; 1.7 +4 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Index: JSSESocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- JSSESocketFactory.java13 Aug 2003 05:29:08 - 1.6 +++ JSSESocketFactory.java13 Aug 2003 05:32:53 - 1.7 @@ -302,7 +302,7 @@ * the requested protocol variants are supported */ abstract protected String[] getEnabledProtocols(SSLServerSocket socket, - String requestedProtocols); +String requestedProtocols); /** * Set the SSL protocol variants to be enabled. @@ -310,7 +310,7 @@ * @param protocols the protocols to use. */ abstract protected void setEnabledProtocols(SSLServerSocket socket, - String [] protocols); +String [] protocols); /** * Configures the given SSL server socket with the requested cipher suites, @@ -325,8 +325,8 @@ } String requestedProtocols = (String) attributes.get(protocols); - setEnabledProtocols(socket, getEnabledProtocols(socket, - requestedProtocols)); +setEnabledProtocols(socket, getEnabledProtocols(socket, + requestedProtocols)); // we don't know if client auth is needed - // after parsing the request we may re-handshake - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2003/08/12 22:29:08 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java Log: Moving the new protocols logic to the 14 Factory. This feature isn't supported (at least in the public interface) in JSSE 1.0.x. Now you can still use SSL with a 1.3.x JVM. I didn't attempt to dig into the com.sun.** to see if there is a hidden implementation there. Revision ChangesPath 1.3 +8 -0 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JSSE13SocketFactory.java 12 Aug 2003 12:01:27 - 1.2 +++ JSSE13SocketFactory.java 13 Aug 2003 05:29:08 - 1.3 @@ -168,4 +168,12 @@ throw new IOException(e.getMessage()); } } +protected String[] getEnabledProtocols(SSLServerSocket socket, +String requestedProtocols){ + return null; +} +protected void setEnabledProtocols(SSLServerSocket socket, + String [] protocols){ +} + } 1.10 +47 -0 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JSSE14SocketFactory.java 11 Aug 2003 21:46:41 - 1.9 +++ JSSE14SocketFactory.java 13 Aug 2003 05:29:08 - 1.10 @@ -61,8 +61,10 @@ import java.io.*; import java.net.*; +import java.util.Vector; import java.security.KeyStore; import java.security.SecureRandom; +import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLContext; import javax.net.ssl.KeyManager; import javax.net.ssl.X509KeyManager; @@ -188,5 +190,50 @@ } return tms; +} +protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){ + if (protocols != null) { +socket.setEnabledProtocols(protocols); +} +} + +protected String[] getEnabledProtocols(SSLServerSocket socket, +String requestedProtocols){ + String[] supportedProtocols = socket.getSupportedProtocols(); + +String[] enabledProtocols = null; + +if (requestedProtocols != null) { +Vector vec = null; +int fromIndex = 0; +int index = requestedProtocols.indexOf(',', fromIndex); +while (index != -1) { +String protocol += requestedProtocols.substring(fromIndex, index).trim(); +/* + * Check to see if the requested protocol is among the + * supported protocols, i.e., may be enabled + */ +for (int i=0; supportedProtocols != null + isupportedProtocols.length; i++) { +if (supportedProtocols[i].equals(protocol)) { +if (vec == null) { +vec = new Vector(); +} +vec.addElement(protocol); +break; +} +} +fromIndex = index+1; +index = requestedProtocols.indexOf(',', fromIndex); +} + +if (vec != null) { +enabledProtocols = new String[vec.size()]; +vec.copyInto(enabledProtocols); +} +} + +return enabledProtocols; } } 1.6 +12 -43 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Index: JSSESocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JSSESocketFactory.java11 Aug 2003 21:46:41 - 1.5 +++ JSSESocketFactory.java13 Aug 2003 05:29:08 - 1.6 @@ -294,51 +294,23 @@ /* * Determines the SSL protocol variants to be enabled. * + * @param socket The socket to get supported list from. *
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java
remm2003/08/12 05:01:27 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java Log: - Fix the build. Please do ant clean; ant after modifying any interface or superclass (or after any big commit). Thanks. Revision ChangesPath 1.2 +6 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JSSE13SocketFactory.java 18 Jul 2003 05:26:45 - 1.1 +++ JSSE13SocketFactory.java 12 Aug 2003 12:01:27 - 1.2 @@ -155,7 +155,12 @@ sslProxy = context.getServerSocketFactory(); // Determine which cipher suites to enable -enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites()); +String requestedCiphers = (String)attributes.get(ciphers); +if (requestedCiphers != null) { +enabledCiphers = getEnabledCiphers +(requestedCiphers, + sslProxy.getSupportedCipherSuites()); +} } catch(Exception e) { if( e instanceof IOException ) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE13Factory.java JSSESocketFactory.java
billbarker2003/07/22 20:52:59 Modified:util/java/org/apache/tomcat/util/net/jsse Tag: coyote_10 JSSE13Factory.java JSSESocketFactory.java Added: util/java/org/apache/tomcat/util/net/jsse Tag: coyote_10 JSSE13SocketFactory.java Log: Porting non-Sun vendor re-factoring from HEAD branch. From the users list, it seems that there are people using IBM's JVM, so I'm porting this a bit earlier than I normally would (so it is easier for them to find). However, since it's a pure re-factor, it shouldn't cause any problems. Revision ChangesPath No revision No revision 1.1.2.2 +1 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java Index: JSSE13Factory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- JSSE13Factory.java1 Jul 2003 05:27:12 - 1.1.2.1 +++ JSSE13Factory.java23 Jul 2003 03:52:58 - 1.1.2.2 @@ -77,7 +77,7 @@ } public ServerSocketFactory getSocketFactory() { - return new JSSESocketFactory(); + return new JSSE13SocketFactory(); } public SSLSupport getSSLSupport(Socket socket) { 1.1.2.4 +2 -86 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Index: JSSESocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- JSSESocketFactory.java1 Jul 2003 05:27:12 - 1.1.2.3 +++ JSSESocketFactory.java23 Jul 2003 03:52:58 - 1.1.2.4 @@ -89,7 +89,7 @@ * @author Stefan Freyr Stefansson * @author EKR -- renamed to JSSESocketFactory */ -public class JSSESocketFactory +public abstract class JSSESocketFactory extends org.apache.tomcat.util.net.ServerSocketFactory { String keystoreType; @@ -146,91 +146,7 @@ // Internal methods /** Read the keystore, init the SSL socket factory */ -void initProxy() throws IOException { - try { - Security.addProvider (new sun.security.provider.Sun()); - Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider()); - - // Please don't change the name of the attribute - other - // software may depend on it ( j2ee for sure ) - String keystoreFile=(String)attributes.get(keystore); - if( keystoreFile==null) keystoreFile=defaultKeystoreFile; - - keystoreType=(String)attributes.get(keystoreType); - if( keystoreType==null) keystoreType=defaultKeystoreType; - - //determine whether we want client authentication - // the presence of the attribute enables client auth - String clientAuthStr=(String)attributes.get(clientauth); - if(clientAuthStr != null){ - if(clientAuthStr.equals(true)){ - clientAuth=true; - } else if(clientAuthStr.equals(false)) { - clientAuth=false; - } else { - throw new IOException(Invalid value ' + - clientAuthStr + - ' for 'clientauth' parameter:); - } - } - - String keyPass=(String)attributes.get(keypass); - if( keyPass==null) keyPass=defaultKeyPass; - - String keystorePass=(String)attributes.get(keystorePass); - if( keystorePass==null) keystorePass=keyPass; - - //protocol for the SSL ie - TLS, SSL v3 etc. - String protocol = (String)attributes.get(protocol); - if(protocol == null) protocol = defaultProtocol; - - //Algorithm used to encode the certificate ie - SunX509 - String algorithm = (String)attributes.get(algorithm); - if(algorithm == null) algorithm = defaultAlgorithm; - - // You can't use ssl without a server certificate. - // Create a KeyStore ( to get server certs ) - KeyStore kstore = initKeyStore( keystoreFile, keystorePass ); - - // Create a SSLContext ( to create the ssl factory ) - // This is the only way to use server sockets with JSSE 1.0.1 - com.sun.net.ssl.SSLContext context = - com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL - - // Key manager will extract the server key -
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE13Factory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2003/07/17 22:26:46 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13Factory.java JSSE14SocketFactory.java JSSESocketFactory.java Added: util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java Log: Yet one more change to allow for write-once-run-anywhere. Using IBM's 1.4.x JVM, it was very unhappy with the base class referencing classes in the com.sun package (even if the method is never invoked). Now TC SSL Connectors run happily with the IBM JVM. Revision ChangesPath 1.2 +2 -2 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java Index: JSSE13Factory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JSSE13Factory.java5 Jun 2003 05:16:25 - 1.1 +++ JSSE13Factory.java18 Jul 2003 05:26:45 - 1.2 @@ -77,10 +77,10 @@ } public ServerSocketFactory getSocketFactory() { - return new JSSESocketFactory(); +return new JSSE13SocketFactory(); } public SSLSupport getSSLSupport(Socket socket) { - return new JSSESupport((SSLSocket)socket); +return new JSSESupport((SSLSocket)socket); } } 1.4 +15 -15 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- JSSE14SocketFactory.java 11 Jul 2003 01:04:54 - 1.3 +++ JSSE14SocketFactory.java 18 Jul 2003 05:26:45 - 1.4 @@ -103,46 +103,46 @@ void init() throws IOException { try { - String clientAuthStr = (String)attributes.get(clientauth); - if (clientAuthStr != null){ - clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); - } +String clientAuthStr = (String)attributes.get(clientauth); +if (clientAuthStr != null){ +clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); +} - // SSL protocol variant (e.g., TLS, SSL v3, etc.) +// SSL protocol variant (e.g., TLS, SSL v3, etc.) String protocol = (String)attributes.get(protocol); if (protocol == null) protocol = defaultProtocol; - // Certificate encoding algorithm (e.g., SunX509) +// Certificate encoding algorithm (e.g., SunX509) String algorithm = (String)attributes.get(algorithm); if (algorithm == null) algorithm = defaultAlgorithm; // Set up KeyManager, which will extract server key KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); - String keystoreType = (String)attributes.get(keystoreType); - if (keystoreType == null) - keystoreType = defaultKeystoreType; - String keystorePass = getKeystorePassword(); +String keystoreType = (String)attributes.get(keystoreType); +if (keystoreType == null) +keystoreType = defaultKeystoreType; +String keystorePass = getKeystorePassword(); kmf.init(getKeystore(keystoreType, keystorePass), - keystorePass.toCharArray()); + keystorePass.toCharArray()); // Set up TrustManager TrustManager[] tm = null; - KeyStore trustStore = getTrustStore(keystoreType); +KeyStore trustStore = getTrustStore(keystoreType); if (trustStore != null) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(SunX509); tmf.init(trustStore); tm = tmf.getTrustManagers(); } - // Create and init SSLContext +// Create and init SSLContext SSLContext context = SSLContext.getInstance(protocol); context.init(kmf.getKeyManagers(), tm, new SecureRandom()); // create proxy sslProxy = context.getServerSocketFactory(); - // Determine which cipher suites to enable - enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites()); +// Determine which cipher suites to enable +enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites()); } catch(Exception e) { if( e instanceof