cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
billbarker2005/04/07 19:49:50
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Add support for using Smart Cards as trust/keyStore.
Revision ChangesPath
1.18 +8 -8
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JSSESocketFactory.java29 Aug 2004 17:14:42 - 1.17
+++ JSSESocketFactory.java8 Apr 2005 02:49:50 - 1.18
@@ -270,22 +270,22 @@
InputStream istream = null;
try {
ks = KeyStore.getInstance(type);
-File keyStoreFile = new File(path);
-if (!keyStoreFile.isAbsolute()) {
-keyStoreFile = new File(System.getProperty(catalina.base),
-path);
+if(! PKCS11.equalsIgnoreCase(type) ) {
+File keyStoreFile = new File(path);
+if (!keyStoreFile.isAbsolute()) {
+keyStoreFile = new
File(System.getProperty(catalina.base),
+path);
+}
+istream = new FileInputStream(keyStoreFile);
}
-istream = new FileInputStream(keyStoreFile);
ks.load(istream, pass.toCharArray());
-istream.close();
-istream = null;
} catch (FileNotFoundException fnfe) {
throw fnfe;
} catch (IOException ioe) {
throw ioe;
} catch(Exception ex) {
-ex.printStackTrace();
+log.error(Exception trying to load keystore +path,ex);
throw new IOException(Exception trying to load keystore +
path + : + ex.getMessage() );
} finally {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
luehe 2004/02/18 14:42:22
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Fixed Bugzilla 27050 (keystoreFile parameter, when specified as
relative, is not treated relative to $CATALINA_BASE or catalina.base
property)
Revision ChangesPath
1.14 +8 -1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JSSESocketFactory.java24 Jan 2004 04:56:32 - 1.13
+++ JSSESocketFactory.java18 Feb 2004 22:42:22 - 1.14
@@ -58,6 +58,7 @@
*/
package org.apache.tomcat.util.net.jsse;
+import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -309,7 +310,13 @@
InputStream istream = null;
try {
ks = KeyStore.getInstance(type);
-istream = new FileInputStream(path);
+File keyStoreFile = new File(path);
+if (!keyStoreFile.isAbsolute()) {
+keyStoreFile = new File(System.getProperty(catalina.base),
+path);
+}
+istream = new FileInputStream(keyStoreFile);
+
ks.load(istream, pass.toCharArray());
istream.close();
istream = null;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
billbarker2003/12/17 21:19:47
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Adding a 'truststoreType' attribute, and making the trustStorePassword default to
the keystorePass.
Sort of fix for bug #25603.
Revision ChangesPath
1.12 +19 -1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JSSESocketFactory.java6 Oct 2003 00:08:19 - 1.11
+++ JSSESocketFactory.java18 Dec 2003 05:19:47 - 1.12
@@ -102,6 +102,8 @@
private static final String defaultKeystoreFile
= System.getProperty(user.home) + /.keystore;
private static final String defaultKeyPass = changeit;
+static org.apache.commons.logging.Log log =
+org.apache.commons.logging.LogFactory.getLog(JSSESocketFactory.class);
protected boolean initialized;
protected boolean clientAuth = false;
@@ -269,12 +271,28 @@
if(trustStoreFile == null) {
trustStoreFile = System.getProperty(javax.net.ssl.trustStore);
}
+if(log.isDebugEnabled()) {
+log.debug(Truststore = + trustStoreFile);
+}
String trustStorePassword = (String)attributes.get(truststorePass);
if( trustStorePassword == null) {
trustStorePassword =
System.getProperty(javax.net.ssl.trustStorePassword);
}
+if( trustStorePassword == null ) {
+trustStorePassword = getKeystorePassword();
+}
+if(log.isDebugEnabled()) {
+log.debug(TrustPass = + trustStorePassword);
+}
+String truststoreType = (String)attributes.get(truststoreType);
+if(truststoreType == null) {
+truststoreType = keystoreType;
+}
+if(log.isDebugEnabled()) {
+log.debug(trustType = + truststoreType);
+}
if (trustStoreFile != null trustStorePassword != null){
-trustStore = getStore(keystoreType, trustStoreFile,
+trustStore = getStore(truststoreType, trustStoreFile,
trustStorePassword);
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
billbarker2003/10/05 16:43:47
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Make the TrustStore a configurable option (so different Hosts can have different
TrustStores).
Revision ChangesPath
1.10 +8 -3
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JSSESocketFactory.java2 Sep 2003 21:34:38 - 1.9
+++ JSSESocketFactory.java5 Oct 2003 23:43:47 - 1.10
@@ -265,9 +265,14 @@
protected KeyStore getTrustStore(String keystoreType) throws IOException {
KeyStore trustStore = null;
-String trustStoreFile = System.getProperty(javax.net.ssl.trustStore);
-String trustStorePassword =
-System.getProperty(javax.net.ssl.trustStorePassword);
+String trustStoreFile = (String)attributes.get(truststoreFile);
+ if(trustStoreFile == null) {
+ trustStoreFile = System.getProperty(javax.net.ssl.trustStore);
+ }
+String trustStorePassword = (String)attributes.get(truststorePass);
+ if( trustStorePassword == null) {
+trustStorePassword =
System.getProperty(javax.net.ssl.trustStorePassword);
+ }
if (trustStoreFile != null trustStorePassword != null){
trustStore = getStore(keystoreType, trustStoreFile,
trustStorePassword);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
billbarker2003/10/05 17:08:19
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Attempting to escape the dreaded tab-police.
This just hasn't been my day. Apologies for all of the bad commits.
Revision ChangesPath
1.11 +5 -5
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JSSESocketFactory.java5 Oct 2003 23:43:47 - 1.10
+++ JSSESocketFactory.java6 Oct 2003 00:08:19 - 1.11
@@ -266,13 +266,13 @@
KeyStore trustStore = null;
String trustStoreFile = (String)attributes.get(truststoreFile);
- if(trustStoreFile == null) {
- trustStoreFile = System.getProperty(javax.net.ssl.trustStore);
- }
+if(trustStoreFile == null) {
+trustStoreFile = System.getProperty(javax.net.ssl.trustStore);
+}
String trustStorePassword = (String)attributes.get(truststorePass);
- if( trustStorePassword == null) {
+if( trustStorePassword == null) {
trustStorePassword =
System.getProperty(javax.net.ssl.trustStorePassword);
- }
+}
if (trustStoreFile != null trustStorePassword != null){
trustStore = getStore(keystoreType, trustStoreFile,
trustStorePassword);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESocketFactory.java
luehe 2003/08/25 11:38:52
Modified:util/java/org/apache/tomcat/util/net/jsse
JSSESocketFactory.java
Log:
Also consider last element in comma-separated list of ciphers, or the
case where the list contains a single element and no commas
Revision ChangesPath
1.8 +44 -19
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JSSESocketFactory.java13 Aug 2003 05:32:53 - 1.7
+++ JSSESocketFactory.java25 Aug 2003 18:38:52 - 1.8
@@ -172,28 +172,53 @@
if (requestedCiphers != null) {
Vector vec = null;
-int fromIndex = 0;
-int index = requestedCiphers.indexOf(',', fromIndex);
-while (index != -1) {
-String cipher
-= requestedCiphers.substring(fromIndex, index).trim();
-/*
- * Check to see if the requested cipher is among the supported
- * ciphers, i.e., may be enabled
- */
-for (int i=0; supportedCiphers != null
- isupportedCiphers.length; i++) {
-if (supportedCiphers[i].equals(cipher)) {
-if (vec == null) {
-vec = new Vector();
+String cipher = requestedCiphers;
+int index = requestedCiphers.indexOf(',');
+if (index != -1) {
+int fromIndex = 0;
+while (index != -1) {
+cipher = requestedCiphers.substring(fromIndex, index).trim();
+if (cipher.length() 0) {
+/*
+ * Check to see if the requested cipher is among the
+ * supported ciphers, i.e., may be enabled
+ */
+for (int i=0; supportedCiphers != null
+ isupportedCiphers.length; i++) {
+if (supportedCiphers[i].equals(cipher)) {
+if (vec == null) {
+vec = new Vector();
+}
+vec.addElement(cipher);
+break;
+}
}
-vec.addElement(cipher);
-break;
}
-}
-fromIndex = index+1;
-index = requestedCiphers.indexOf(',', fromIndex);
+fromIndex = index+1;
+index = requestedCiphers.indexOf(',', fromIndex);
+} // while
+cipher = requestedCiphers.substring(fromIndex);
}
+
+if (cipher != null) {
+cipher = cipher.trim();
+if (cipher.length() 0) {
+/*
+ * Check to see if the requested cipher is among the
+ * supported ciphers, i.e., may be enabled
+ */
+for (int i=0; supportedCiphers != null
+ isupportedCiphers.length; i++) {
+if (supportedCiphers[i].equals(cipher)) {
+if (vec == null) {
+vec = new Vector();
+}
+vec.addElement(cipher);
+break;
+}
+}
+}
+}
if (vec != null) {
enabledCiphers = new String[vec.size()];
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
