cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls PureTLSSocketFactory.java PureTLSSupport.java
billbarker2003/06/30 22:21:30
Modified:util/java/org/apache/tomcat/util/net/puretls Tag: coyote_10
PureTLSSocketFactory.java PureTLSSupport.java
Log:
Porting fixes for CLIENT-CERT from HEAD branch.
Revision ChangesPath
No revision
No revision
1.1.2.1 +13 -5
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
Index: PureTLSSocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- PureTLSSocketFactory.java 4 Oct 2002 20:03:10 - 1.1
+++ PureTLSSocketFactory.java 1 Jul 2003 05:21:30 - 1.1.2.1
@@ -79,6 +79,8 @@
public class PureTLSSocketFactory
extends org.apache.tomcat.util.net.ServerSocketFactory
{
+static org.apache.commons.logging.Log logger =
+ org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
static String defaultProtocol = "TLS";
static boolean defaultClientAuth = false;
static String defaultKeyStoreFile = "server.pem";
@@ -158,11 +160,15 @@
}
}
- SSLContext tmpContext=new SSLContext();
- if(clientAuth){
- tmpContext.loadRootCertificates(rootFile);
- }
- tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
+SSLContext tmpContext=new SSLContext();
+try {
+tmpContext.loadRootCertificates(rootFile);
+} catch(IOException iex) {
+if(logger.isDebugEnabled())
+logger.debug("Error loading Client Root Store: " +
+ rootFile,iex);
+}
+tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
tmpContext.useRandomnessFile(randomFile,keyPass);
SSLPolicyInt policy=new SSLPolicyInt();
@@ -172,6 +178,7 @@
tmpContext.setPolicy(policy);
context=tmpContext;
} catch (Exception e){
+ logger.info("Error initializing SocketFactory",e);
throw new IOException(e.getMessage());
}
}
@@ -183,6 +190,7 @@
Socket sock=socket.accept();
return sock;
} catch (SSLException e){
+logger.debug("SSL handshake error",e);
throw new SocketException("SSL handshake error" + e.toString());
}
}
1.1.2.1 +16 -4
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
Index: PureTLSSupport.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- PureTLSSupport.java 4 Oct 2002 20:03:10 - 1.1
+++ PureTLSSupport.java 1 Jul 2003 05:21:30 - 1.1.2.1
@@ -64,6 +64,7 @@
import java.net.*;
import java.util.Vector;
import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import org.apache.tomcat.util.buf.HexUtils;
import COM.claymoresystems.sslg.*;
@@ -83,6 +84,9 @@
*/
class PureTLSSupport implements SSLSupport {
+static org.apache.commons.logging.Log logger =
+ org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
+
private COM.claymoresystems.ptls.SSLSocket ssl;
PureTLSSupport(SSLSocket sock){
@@ -130,12 +134,16 @@
CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream =
new ByteArrayInputStream(buffer);
-
-chain[i]=(java.security.cert.X509Certificate)
- cf.generateCertificate(stream);
+
+X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
+chain[i-1]= xCert;
+if(logger.isTraceEnabled()) {
+ logger.trace("Cert # " + i + " = " + xCert);
+ }
}
} catch (java.security.cert.CertificateException e) {
-throw new IOException("JDK's broken cert handling can't parse this
certificate (which PureTLS likes");
+ logger.info("JDK's broken cert handling can't parse this certificate
(which PureTLS likes)",e);
+throw new IOException("JDK's broken cert handling can't parse this
certificate (which PureTLS likes)");
}
return chain;
}
@@ -168,6 +176,10 @@
}
}
+
+
+
+
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls PureTLSSocketFactory.java PureTLSSupport.java
billbarker2003/06/15 19:45:56
Modified:util/java/org/apache/tomcat/util/net/puretls
PureTLSSocketFactory.java PureTLSSupport.java
Log:
Fixes for CLIENT-CERT auth when using PureTLS
1) We need to set the rootFile always, since it is needed for CLIENT-CERT even when
clientAuth="false".
2) Fix off-by-one problem with generating the x509 certs.
Revision ChangesPath
1.3 +9 -5
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
Index: PureTLSSocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- PureTLSSocketFactory.java 12 Jun 2003 04:30:41 - 1.2
+++ PureTLSSocketFactory.java 16 Jun 2003 02:45:56 - 1.3
@@ -160,11 +160,15 @@
}
}
- SSLContext tmpContext=new SSLContext();
- if(clientAuth){
- tmpContext.loadRootCertificates(rootFile);
- }
- tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
+SSLContext tmpContext=new SSLContext();
+try {
+tmpContext.loadRootCertificates(rootFile);
+} catch(IOException iex) {
+if(logger.isDebugEnabled())
+logger.debug("Error loading Client Root Store: " +
+ rootFile,iex);
+}
+tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
tmpContext.useRandomnessFile(randomFile,keyPass);
SSLPolicyInt policy=new SSLPolicyInt();
1.2 +16 -4
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
Index: PureTLSSupport.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PureTLSSupport.java 4 Oct 2002 20:03:10 - 1.1
+++ PureTLSSupport.java 16 Jun 2003 02:45:56 - 1.2
@@ -64,6 +64,7 @@
import java.net.*;
import java.util.Vector;
import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import org.apache.tomcat.util.buf.HexUtils;
import COM.claymoresystems.sslg.*;
@@ -83,6 +84,9 @@
*/
class PureTLSSupport implements SSLSupport {
+static org.apache.commons.logging.Log logger =
+ org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
+
private COM.claymoresystems.ptls.SSLSocket ssl;
PureTLSSupport(SSLSocket sock){
@@ -130,12 +134,16 @@
CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream =
new ByteArrayInputStream(buffer);
-
-chain[i]=(java.security.cert.X509Certificate)
- cf.generateCertificate(stream);
+
+X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
+chain[i-1]= xCert;
+if(logger.isTraceEnabled()) {
+ logger.trace("Cert # " + i + " = " + xCert);
+ }
}
} catch (java.security.cert.CertificateException e) {
-throw new IOException("JDK's broken cert handling can't parse this
certificate (which PureTLS likes");
+ logger.info("JDK's broken cert handling can't parse this certificate
(which PureTLS likes)",e);
+throw new IOException("JDK's broken cert handling can't parse this
certificate (which PureTLS likes)");
}
return chain;
}
@@ -168,6 +176,10 @@
}
}
+
+
+
+
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
