Author: markt Date: Thu May 7 13:14:19 2015 New Revision: 1678189 URL: http://svn.apache.org/r1678189 Log: Refactor as per Remy's suggestion
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1678189&r1=1678188&r2=1678189&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Thu May 7 13:14:19 2015 @@ -367,7 +367,7 @@ public class AprEndpoint extends Abstrac if (isSSLEnabled()) { for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) { - if (sslHostConfig.getCertificateFileAbsolute() == null) { + if (SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()) == null) { // This is required throw new Exception(sm.getString("endpoint.apr.noSslCertFile")); } @@ -485,19 +485,24 @@ public class AprEndpoint extends Abstrac // List the ciphers that the client is permitted to negotiate SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers()); // Load Server key and certificate - SSLContext.setCertificate(ctx, sslHostConfig.getCertificateFileAbsolute(), - sslHostConfig.getCertificateKeyFileAbsolute(), + SSLContext.setCertificate(ctx, + SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()), + SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateKeyFile()), sslHostConfig.getCertificateKeyPassword(), SSL.SSL_AIDX_RSA); // Set certificate chain file - SSLContext.setCertificateChainFile( - ctx, sslHostConfig.getCertificateChainFileAbsolute(), false); + SSLContext.setCertificateChainFile(ctx, + SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateChainFile()), + false); // Support Client Certificates - SSLContext.setCACertificate(ctx, sslHostConfig.getCaCertificateFileAbsolute(), - sslHostConfig.getCaCertificatePathAbsolute()); + SSLContext.setCACertificate(ctx, + SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), + SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())); // Set revocation SSLContext.setCARevocation(ctx, - sslHostConfig.getCertificateRevocationListFileAbsolute(), - sslHostConfig.getCertificateRevocationListPathAbsolute()); + SSLHostConfig.adjustRelativePath( + sslHostConfig.getCertificateRevocationListFile()), + SSLHostConfig.adjustRelativePath( + sslHostConfig.getCertificateRevocationListPath())); // Client certificate verification switch (sslHostConfig.getCertificateVerification()) { case NONE: Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678189&r1=1678188&r2=1678189&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7 13:14:19 2015 @@ -52,7 +52,6 @@ public class SSLHostConfig { // Common private String certificateKeyPassword = null; private String certificateRevocationListFile; - private String certificateRevocationListFileAbsolute; private CertificateVerification certificateVerification = CertificateVerification.NONE; private int certificateVerificationDepth = 10; private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"; @@ -62,7 +61,6 @@ public class SSLHostConfig { private String certificateKeyAlias; private String certificateKeystorePassword = "changeit"; private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore"; - private String certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile); private String certificateKeystoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider"); private String certificateKeystoreType = System.getProperty("javax.net.ssl.keyStoreType"); private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); @@ -72,23 +70,16 @@ public class SSLHostConfig { private String trustManagerClassName; private String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); private String truststoreFile = System.getProperty("javax.net.ssl.trustStore"); - private String truststoreFileAbsolute = adjustRelativePath(truststoreFile); private String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); private String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); private String truststoreType = System.getProperty("javax.net.ssl.trustStoreType"); // OpenSSL private String certificateChainFile; - private String certificateChainFileAbsolute; private String certificateFile; - private String certificateFileAbsolute; private String certificateKeyFile; - private String certificateKeyFileAbsolute; private String certificateRevocationListPath; - private String certificateRevocationListPathAbsolute; private String caCertificateFile; - private String caCertificateFileAbsolute; private String caCertificatePath; - private String caCertificatePathAbsolute; private boolean disableCompression = true; private boolean disableSessionTickets = false; private boolean insecureRenegotiation = false; @@ -156,19 +147,12 @@ public class SSLHostConfig { public void setCertificateRevocationListFile(String certificateRevocationListFile) { this.certificateRevocationListFile = certificateRevocationListFile; - this.certificateRevocationListFileAbsolute = - adjustRelativePath(certificateRevocationListFile); } public String getCertificateRevocationListFile() { return certificateRevocationListFile; } - public String getCertificateRevocationListFileAbsolute() { - return certificateRevocationListFileAbsolute; - } - - public void setCertificateVerification(String certificateVerification) { @@ -287,16 +271,12 @@ public class SSLHostConfig { public void setCertificateKeystoreFile(String certificateKeystoreFile) { setProperty("certificateKeystoreFile", Type.JSSE); this.certificateKeystoreFile = certificateKeystoreFile; - this.certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile); } public String getCertificateKeystoreFile() { return certificateKeystoreFile; } - public String getCertificateKeystoreFileAbsolute() { - return certificateKeystoreFileAbsolute; - } public void setCertificateKeystorePassword(String certificateKeystorePassword) { @@ -401,16 +381,12 @@ public class SSLHostConfig { public void setTruststoreFile(String truststoreFile) { setProperty("truststoreFile", Type.JSSE); this.truststoreFile = truststoreFile; - this.truststoreFileAbsolute = adjustRelativePath(truststoreFile); } public String getTruststoreFile() { return truststoreFile; } - public String getTruststoreFileAbsolute() { - return truststoreFileAbsolute; - } public void setTruststorePassword(String truststorePassword) { @@ -459,92 +435,67 @@ public class SSLHostConfig { public void setCertificateChainFile(String certificateChainFile) { setProperty("certificateChainFile", Type.OPENSSL); this.certificateChainFile = certificateChainFile; - this.certificateChainFileAbsolute = adjustRelativePath(certificateChainFile); } public String getCertificateChainFile() { return certificateChainFile; } - public String getCertificateChainFileAbsolute() { - return certificateChainFileAbsolute; - } public void setCertificateFile(String certificateFile) { setProperty("certificateFile", Type.OPENSSL); this.certificateFile = certificateFile; - this.certificateFileAbsolute = adjustRelativePath(certificateFile); } public String getCertificateFile() { return certificateFile; } - public String getCertificateFileAbsolute() { - return certificateFileAbsolute; - } public void setCertificateKeyFile(String certificateKeyFile) { setProperty("certificateKeyFile", Type.OPENSSL); this.certificateKeyFile = certificateKeyFile; - this.certificateKeyFileAbsolute = adjustRelativePath(certificateKeyFile); } public String getCertificateKeyFile() { return certificateKeyFile; } - public String getCertificateKeyFileAbsolute() { - return certificateKeyFileAbsolute; - } public void setCertificateRevocationListPath(String certificateRevocationListPath) { setProperty("certificateRevocationListPath", Type.OPENSSL); this.certificateRevocationListPath = certificateRevocationListPath; - this.certificateRevocationListPathAbsolute = - adjustRelativePath(certificateRevocationListPath); } public String getCertificateRevocationListPath() { return certificateRevocationListPath; } - public String getCertificateRevocationListPathAbsolute() { - return certificateRevocationListPathAbsolute; - } public void setCaCertificateFile(String caCertificateFile) { setProperty("caCertificateFile", Type.OPENSSL); this.caCertificateFile = caCertificateFile; - this.caCertificateFileAbsolute = adjustRelativePath(caCertificateFile); } public String getCaCertificateFile() { return caCertificateFile; } - public String getCaCertificateFileAbsolute() { - return caCertificateFileAbsolute; - } public void setCaCertificatePath(String caCertificatePath) { setProperty("caCertificatePath", Type.OPENSSL); this.caCertificatePath = caCertificatePath; - this.caCertificatePathAbsolute = adjustRelativePath(caCertificatePath); } public String getCaCertificatePath() { return caCertificatePath; } - public String getCaCertificatePathAbsolute() { - return caCertificatePathAbsolute; - } public void setDisableCompression(boolean disableCompression) { @@ -582,7 +533,7 @@ public class SSLHostConfig { // --------------------------------------------------------- Support methods - private String adjustRelativePath(String path) { + public static String adjustRelativePath(String path) { // Empty or null path can't point to anything useful. The assumption is // that the value is deliberately empty / null so leave it that way. if (path == null || path.length() == 0) { Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678189&r1=1678188&r2=1678189&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu May 7 13:14:19 2015 @@ -170,7 +170,7 @@ public class JSSESocketFactory implement protected KeyStore getTrustStore() throws IOException { KeyStore trustStore = null; - String truststoreFile = sslHostConfig.getTruststoreFileAbsolute(); + String truststoreFile = SSLHostConfig.adjustRelativePath(sslHostConfig.getTruststoreFile()); String truststoreType = sslHostConfig.getTruststoreType(); String truststoreProvider = sslHostConfig.getTruststoreProvider(); @@ -261,7 +261,8 @@ public class JSSESocketFactory implement public KeyManager[] getKeyManagers() throws Exception { String keystoreType = sslHostConfig.getCertificateKeystoreType(); String keystoreProvider = sslHostConfig.getCertificateKeystoreProvider(); - String keystoreFile = sslHostConfig.getCertificateKeystoreFileAbsolute(); + String keystoreFile = SSLHostConfig.adjustRelativePath( + sslHostConfig.getCertificateKeystoreFile()); String keystorePass = sslHostConfig.getCertificateKeystorePassword(); String keyAlias = sslHostConfig.getCertificateKeyAlias(); String algorithm = sslHostConfig.getKeyManagerAlgorithm(); @@ -301,7 +302,8 @@ public class JSSESocketFactory implement public TrustManager[] getTrustManagers() throws Exception { String algorithm = sslHostConfig.getTruststoreAlgorithm(); - String crlf = sslHostConfig.getCertificateRevocationListFileAbsolute(); + String crlf = SSLHostConfig.adjustRelativePath( + sslHostConfig.getCertificateRevocationListFile()); String className = sslHostConfig.getTrustManagerClassName(); if(className != null && className.length() > 0) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org