bobh 2002/10/08 09:49:43
Modified: util/java/org/apache/tomcat/util/net/jsse JSSESupport.java
Log:
- fixes problem with JDK1.4's JSSE trying to negociate certs on a socket that has no
data flowing
Revision Changes Path
1.2 +45 -0
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Index: JSSESupport.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JSSESupport.java 4 Oct 2002 20:03:10 -0000 1.1
+++ JSSESupport.java 8 Oct 2002 16:49:43 -0000 1.2
@@ -66,6 +66,8 @@
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.HandshakeCompletedEvent;
import java.security.cert.CertificateFactory;
import javax.security.cert.X509Certificate;
@@ -127,6 +129,9 @@
session.invalidate();
ssl.setNeedClientAuth(true);
ssl.startHandshake();
+ if ("1.4".equals(System.getProperty("java.specification.version"))) {
+ synchronousHandshake(ssl);
+ }
session = ssl.getSession();
jsseCerts = session.getPeerCertificateChain();
if(jsseCerts == null)
@@ -198,5 +203,45 @@
}
return buf.toString();
}
+
+ /**
+ * JSSE in JDK 1.4 has an issue/feature that requires us to do a
+ * read() to get the client-cert. As suggested by Andreas
+ * Sterbenz
+ */
+ private static void synchronousHandshake(SSLSocket socket)
+ throws IOException {
+ InputStream in = socket.getInputStream();
+ int oldTimeout = socket.getSoTimeout();
+ socket.setSoTimeout(100);
+ Listener listener = new Listener();
+ socket.addHandshakeCompletedListener(listener);
+ byte[] b = new byte[0];
+ socket.startHandshake();
+ int maxTries = 50; // 50 * 100 = example 5 second rehandshake timeout
+ for (int i = 0; i < maxTries; i++) {
+ try {
+ int x = in.read(b);
+ } catch (SocketTimeoutException e) {
+ // ignore
+ }
+ if (listener.completed) {
+ break;
+ }
+ }
+ socket.removeHandshakeCompletedListener(listener);
+ socket.setSoTimeout(oldTimeout);
+ if (listener.completed == false) {
+ throw new SocketTimeoutException("SSL Cert handshake timeout");
+ }
+ }
+
+ private static class Listener implements HandshakeCompletedListener {
+ volatile boolean completed = false;
+ public void handshakeCompleted(HandshakeCompletedEvent event) {
+ completed = true;
+ }
+ }
+
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
