billbarker 2003/07/17 22:26:46
Modified: util/java/org/apache/tomcat/util/net/jsse JSSE13Factory.java
JSSE14SocketFactory.java JSSESocketFactory.java
Added: util/java/org/apache/tomcat/util/net/jsse
JSSE13SocketFactory.java
Log:
Yet one more change to allow for write-once-run-anywhere.
Using IBM's 1.4.x JVM, it was very unhappy with the base class referencing classes
in the com.sun package (even if the method is never invoked). Now TC SSL Connectors
run happily with the IBM JVM.
Revision Changes Path
1.2 +2 -2
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java
Index: JSSE13Factory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JSSE13Factory.java 5 Jun 2003 05:16:25 -0000 1.1
+++ JSSE13Factory.java 18 Jul 2003 05:26:45 -0000 1.2
@@ -77,10 +77,10 @@
}
public ServerSocketFactory getSocketFactory() {
- return new JSSESocketFactory();
+ return new JSSE13SocketFactory();
}
public SSLSupport getSSLSupport(Socket socket) {
- return new JSSESupport((SSLSocket)socket);
+ return new JSSESupport((SSLSocket)socket);
}
}
1.4 +15 -15
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
Index: JSSE14SocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- JSSE14SocketFactory.java 11 Jul 2003 01:04:54 -0000 1.3
+++ JSSE14SocketFactory.java 18 Jul 2003 05:26:45 -0000 1.4
@@ -103,46 +103,46 @@
void init() throws IOException {
try {
- String clientAuthStr = (String)attributes.get("clientauth");
- if (clientAuthStr != null){
- clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
- }
+ String clientAuthStr = (String)attributes.get("clientauth");
+ if (clientAuthStr != null){
+ clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
+ }
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
+ // SSL protocol variant (e.g., TLS, SSL v3, etc.)
String protocol = (String)attributes.get("protocol");
if (protocol == null) protocol = defaultProtocol;
- // Certificate encoding algorithm (e.g., SunX509)
+ // Certificate encoding algorithm (e.g., SunX509)
String algorithm = (String)attributes.get("algorithm");
if (algorithm == null) algorithm = defaultAlgorithm;
// Set up KeyManager, which will extract server key
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- String keystoreType = (String)attributes.get("keystoreType");
- if (keystoreType == null)
- keystoreType = defaultKeystoreType;
- String keystorePass = getKeystorePassword();
+ String keystoreType = (String)attributes.get("keystoreType");
+ if (keystoreType == null)
+ keystoreType = defaultKeystoreType;
+ String keystorePass = getKeystorePassword();
kmf.init(getKeystore(keystoreType, keystorePass),
- keystorePass.toCharArray());
+ keystorePass.toCharArray());
// Set up TrustManager
TrustManager[] tm = null;
- KeyStore trustStore = getTrustStore(keystoreType);
+ KeyStore trustStore = getTrustStore(keystoreType);
if (trustStore != null) {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
tm = tmf.getTrustManagers();
}
- // Create and init SSLContext
+ // Create and init SSLContext
SSLContext context = SSLContext.getInstance(protocol);
context.init(kmf.getKeyManagers(), tm, new SecureRandom());
// create proxy
sslProxy = context.getServerSocketFactory();
- // Determine which cipher suites to enable
- enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites());
+ // Determine which cipher suites to enable
+ enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites());
} catch(Exception e) {
if( e instanceof IOException )
1.4 +121 -182
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- JSSESocketFactory.java 11 Jul 2003 01:04:54 -0000 1.3
+++ JSSESocketFactory.java 18 Jul 2003 05:26:45 -0000 1.4
@@ -89,7 +89,7 @@
* @author Stefan Freyr Stefansson
* @author EKR -- renamed to JSSESocketFactory
*/
-public class JSSESocketFactory
+public abstract class JSSESocketFactory
extends org.apache.tomcat.util.net.ServerSocketFactory
{
// defaults
@@ -111,49 +111,49 @@
}
public ServerSocket createSocket (int port)
- throws IOException
+ throws IOException
{
- if (!initialized) init();
- ServerSocket socket = sslProxy.createServerSocket(port);
- initServerSocket(socket);
- return socket;
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port);
+ initServerSocket(socket);
+ return socket;
}
public ServerSocket createSocket (int port, int backlog)
- throws IOException
+ throws IOException
{
- if (!initialized) init();
- ServerSocket socket = sslProxy.createServerSocket(port, backlog);
- initServerSocket(socket);
- return socket;
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port, backlog);
+ initServerSocket(socket);
+ return socket;
}
public ServerSocket createSocket (int port, int backlog,
- InetAddress ifAddress)
- throws IOException
- {
- if (!initialized) init();
- ServerSocket socket = sslProxy.createServerSocket(port, backlog,
- ifAddress);
- initServerSocket(socket);
- return socket;
+ InetAddress ifAddress)
+ throws IOException
+ {
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port, backlog,
+ ifAddress);
+ initServerSocket(socket);
+ return socket;
}
public Socket acceptSocket(ServerSocket socket)
- throws IOException
+ throws IOException
{
- SSLSocket asock = null;
- try {
- asock = (SSLSocket)socket.accept();
- asock.setNeedClientAuth(clientAuth);
- } catch (SSLException e){
- throw new SocketException("SSL handshake error" + e.toString());
- }
- return asock;
+ SSLSocket asock = null;
+ try {
+ asock = (SSLSocket)socket.accept();
+ asock.setNeedClientAuth(clientAuth);
+ } catch (SSLException e){
+ throw new SocketException("SSL handshake error" + e.toString());
+ }
+ return asock;
}
public void handshake(Socket sock) throws IOException {
- ((SSLSocket)sock).startHandshake();
+ ((SSLSocket)sock).startHandshake();
}
/*
@@ -165,204 +165,143 @@
*/
protected String[] getEnabledCiphers(String[] supportedCiphers) {
- String[] enabledCiphers = null;
+ String[] enabledCiphers = null;
- String attrValue = (String)attributes.get("ciphers");
- if (attrValue != null) {
- Vector vec = null;
- int fromIndex = 0;
- int index = attrValue.indexOf(',', fromIndex);
- while (index != -1) {
- String cipher = attrValue.substring(fromIndex, index).trim();
- /*
- * Check to see if the requested cipher is among the supported
- * ciphers, i.e., may be enabled
- */
- for (int i=0; supportedCiphers != null
- && i<supportedCiphers.length; i++) {
- if (supportedCiphers[i].equals(cipher)) {
- if (vec == null) {
- vec = new Vector();
- }
- vec.addElement(cipher);
- break;
- }
- }
- fromIndex = index+1;
- index = attrValue.indexOf(',', fromIndex);
- }
-
- if (vec != null) {
- enabledCiphers = new String[vec.size()];
- vec.copyInto(enabledCiphers);
- }
- }
+ String attrValue = (String)attributes.get("ciphers");
+ if (attrValue != null) {
+ Vector vec = null;
+ int fromIndex = 0;
+ int index = attrValue.indexOf(',', fromIndex);
+ while (index != -1) {
+ String cipher = attrValue.substring(fromIndex, index).trim();
+ /*
+ * Check to see if the requested cipher is among the supported
+ * ciphers, i.e., may be enabled
+ */
+ for (int i=0; supportedCiphers != null
+ && i<supportedCiphers.length; i++) {
+ if (supportedCiphers[i].equals(cipher)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(cipher);
+ break;
+ }
+ }
+ fromIndex = index+1;
+ index = attrValue.indexOf(',', fromIndex);
+ }
+
+ if (vec != null) {
+ enabledCiphers = new String[vec.size()];
+ vec.copyInto(enabledCiphers);
+ }
+ }
- return enabledCiphers;
+ return enabledCiphers;
}
/*
* Gets the SSL server's keystore password.
*/
protected String getKeystorePassword() {
- String keyPass = (String)attributes.get("keypass");
- if (keyPass == null) {
- keyPass = defaultKeyPass;
- }
- String keystorePass = (String)attributes.get("keystorePass");
- if (keystorePass == null) {
- keystorePass = keyPass;
- }
- return keystorePass;
+ String keyPass = (String)attributes.get("keypass");
+ if (keyPass == null) {
+ keyPass = defaultKeyPass;
+ }
+ String keystorePass = (String)attributes.get("keystorePass");
+ if (keystorePass == null) {
+ keystorePass = keyPass;
+ }
+ return keystorePass;
}
/*
* Gets the SSL server's keystore.
*/
protected KeyStore getKeystore(String type, String pass)
- throws IOException {
+ throws IOException {
- String keystoreFile = (String)attributes.get("keystore");
- if (keystoreFile == null)
- keystoreFile = defaultKeystoreFile;
+ String keystoreFile = (String)attributes.get("keystore");
+ if (keystoreFile == null)
+ keystoreFile = defaultKeystoreFile;
- return getStore(type, keystoreFile, pass);
+ return getStore(type, keystoreFile, pass);
}
/*
* Gets the SSL server's truststore.
*/
protected KeyStore getTrustStore(String keystoreType) throws IOException {
- KeyStore trustStore = null;
+ KeyStore trustStore = null;
- String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
- String trustStorePassword =
- System.getProperty("javax.net.ssl.trustStorePassword");
- if (trustStoreFile != null && trustStorePassword != null){
- trustStore = getStore(keystoreType, trustStoreFile,
- trustStorePassword);
- }
+ String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
+ String trustStorePassword =
+ System.getProperty("javax.net.ssl.trustStorePassword");
+ if (trustStoreFile != null && trustStorePassword != null){
+ trustStore = getStore(keystoreType, trustStoreFile,
+ trustStorePassword);
+ }
- return trustStore;
+ return trustStore;
}
/*
* Gets the key- or truststore with the specified type, path, and password.
*/
private KeyStore getStore(String type, String path, String pass)
- throws IOException {
+ throws IOException {
- KeyStore ks = null;
- InputStream istream = null;
- try {
- ks = KeyStore.getInstance(type);
- istream = new FileInputStream(path);
- ks.load(istream, pass.toCharArray());
- istream.close();
- istream = null;
- } catch (FileNotFoundException fnfe) {
- throw fnfe;
- } catch (IOException ioe) {
- throw ioe;
- } catch(Exception ex) {
- ex.printStackTrace();
- throw new IOException("Exception trying to load keystore " +
- path + ": " + ex.getMessage() );
- } finally {
- if (istream != null) {
- try {
- istream.close();
- } catch (IOException ioe) {
- // Do nothing
- }
- }
- }
+ KeyStore ks = null;
+ InputStream istream = null;
+ try {
+ ks = KeyStore.getInstance(type);
+ istream = new FileInputStream(path);
+ ks.load(istream, pass.toCharArray());
+ istream.close();
+ istream = null;
+ } catch (FileNotFoundException fnfe) {
+ throw fnfe;
+ } catch (IOException ioe) {
+ throw ioe;
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ throw new IOException("Exception trying to load keystore " +
+ path + ": " + ex.getMessage() );
+ } finally {
+ if (istream != null) {
+ try {
+ istream.close();
+ } catch (IOException ioe) {
+ // Do nothing
+ }
+ }
+ }
- return ks;
+ return ks;
}
/**
* Reads the keystore and initializes the SSL socket factory.
*
- * NOTE: This method is identical in functionality to the method of the
- * same name in JSSE14SocketFactory, except that this method is used with
- * JSSE 1.0.x (which is an extension to the 1.3 JVM), whereas the other is
- * used with JSSE 1.1.x (which ships with the 1.4 JVM). Therefore, this
- * method uses classes in com.sun.net.ssl, which have since moved to
- * javax.net.ssl, and explicitly registers the required security providers,
- * which come standard in a 1.4 JVM.
+ * Place holder method to initialize the KeyStore, etc.
*/
- private void init() throws IOException {
- try {
- Security.addProvider (new sun.security.provider.Sun());
- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
-
- String clientAuthStr = (String)attributes.get("clientauth");
- if (clientAuthStr != null){
- clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
- }
-
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
- String protocol = (String)attributes.get("protocol");
- if (protocol == null) protocol = defaultProtocol;
-
- // Certificate encoding algorithm (e.g., SunX509)
- String algorithm = (String)attributes.get("algorithm");
- if (algorithm == null) algorithm = defaultAlgorithm;
-
- // Set up KeyManager, which will extract server key
- com.sun.net.ssl.KeyManagerFactory kmf =
- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
- String keystoreType = (String)attributes.get("keystoreType");
- if (keystoreType == null) {
- keystoreType = defaultKeystoreType;
- }
- String keystorePass = getKeystorePassword();
- kmf.init(getKeystore(keystoreType, keystorePass),
- keystorePass.toCharArray());
-
- // Set up TrustManager
- com.sun.net.ssl.TrustManager[] tm = null;
- KeyStore trustStore = getTrustStore(keystoreType);
- if (trustStore != null) {
- com.sun.net.ssl.TrustManagerFactory tmf =
- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
- tmf.init(trustStore);
- tm = tmf.getTrustManagers();
- }
-
- // Create and init SSLContext
- com.sun.net.ssl.SSLContext context =
- com.sun.net.ssl.SSLContext.getInstance(protocol);
- context.init(kmf.getKeyManagers(), tm, new SecureRandom());
-
- // Create proxy
- sslProxy = context.getServerSocketFactory();
-
- // Determine which cipher suites to enable
- enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites());
-
- } catch(Exception e) {
- if( e instanceof IOException )
- throw (IOException)e;
- throw new IOException(e.getMessage());
- }
- }
+ abstract void init() throws IOException ;
/**
* Sets the SSL server socket properties (such as enabled cipher suites,
* etc.)
*/
private void initServerSocket(ServerSocket ssocket) {
- SSLServerSocket socket=(SSLServerSocket)ssocket;
+ SSLServerSocket socket=(SSLServerSocket)ssocket;
- if (enabledCiphers != null) {
- socket.setEnabledCipherSuites(enabledCiphers);
- }
-
- // we don't know if client auth is needed -
- // after parsing the request we may re-handshake
- socket.setNeedClientAuth(clientAuth);
+ if (enabledCiphers != null) {
+ socket.setEnabledCipherSuites(enabledCiphers);
+ }
+
+ // we don't know if client auth is needed -
+ // after parsing the request we may re-handshake
+ socket.setNeedClientAuth(clientAuth);
}
}
1.1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
Index: JSSE13SocketFactory.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.util.net.jsse;
import java.io.*;
import java.net.*;
import java.util.Vector;
import java.security.KeyStore;
import java.security.Security;
import java.security.SecureRandom;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HandshakeCompletedEvent;
/*
1. Make the JSSE's jars available, either as an installed
extension (copy them into jre/lib/ext) or by adding
them to the Tomcat classpath.
2. keytool -genkey -alias tomcat -keyalg RSA
Use "changeit" as password ( this is the default we use )
*/
/**
* SSL server socket factory. It _requires_ a valid RSA key and
* JSSE.
*
* @author Harish Prabandham
* @author Costin Manolache
* @author Stefan Freyr Stefansson
* @author EKR -- renamed to JSSESocketFactory
* @author Bill Barker
*/
public class JSSE13SocketFactory extends JSSESocketFactory
{
public JSSE13SocketFactory () {
super();
}
/**
* Reads the keystore and initializes the SSL socket factory.
*
* NOTE: This method is identical in functionality to the method of the
* same name in JSSE14SocketFactory, except that this method is used with
* JSSE 1.0.x (which is an extension to the 1.3 JVM), whereas the other is
* used with JSSE 1.1.x (which ships with the 1.4 JVM). Therefore, this
* method uses classes in com.sun.net.ssl, which have since moved to
* javax.net.ssl, and explicitly registers the required security providers,
* which come standard in a 1.4 JVM.
*/
void init() throws IOException {
try {
Security.addProvider (new sun.security.provider.Sun());
Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
String clientAuthStr = (String)attributes.get("clientauth");
if (clientAuthStr != null){
clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
}
// SSL protocol variant (e.g., TLS, SSL v3, etc.)
String protocol = (String)attributes.get("protocol");
if (protocol == null) protocol = defaultProtocol;
// Certificate encoding algorithm (e.g., SunX509)
String algorithm = (String)attributes.get("algorithm");
if (algorithm == null) algorithm = defaultAlgorithm;
// Set up KeyManager, which will extract server key
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
String keystoreType = (String)attributes.get("keystoreType");
if (keystoreType == null) {
keystoreType = defaultKeystoreType;
}
String keystorePass = getKeystorePassword();
kmf.init(getKeystore(keystoreType, keystorePass),
keystorePass.toCharArray());
// Set up TrustManager
com.sun.net.ssl.TrustManager[] tm = null;
KeyStore trustStore = getTrustStore(keystoreType);
if (trustStore != null) {
com.sun.net.ssl.TrustManagerFactory tmf =
com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
tm = tmf.getTrustManagers();
}
// Create and init SSLContext
com.sun.net.ssl.SSLContext context =
com.sun.net.ssl.SSLContext.getInstance(protocol);
context.init(kmf.getKeyManagers(), tm, new SecureRandom());
// Create proxy
sslProxy = context.getServerSocketFactory();
// Determine which cipher suites to enable
enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites());
} catch(Exception e) {
if( e instanceof IOException )
throw (IOException)e;
throw new IOException(e.getMessage());
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
