billbarker 2005/04/10 16:48:44
Modified: util/java/org/apache/tomcat/util/net/jsse
JSSEImplementation.java
Added: util/java/org/apache/tomcat/util/net/jsse JSSE15Factory.java
JSSE15SocketFactory.java
Log:
Adding support for CRLs, at least with JDK 1.5
Revision Changes Path
1.10 +24 -14
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
Index: JSSEImplementation.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JSSEImplementation.java 24 Feb 2004 08:50:05 -0000 1.9
+++ JSSEImplementation.java 10 Apr 2005 23:48:44 -0000 1.10
@@ -32,6 +32,8 @@
public class JSSEImplementation extends SSLImplementation
{
+ static final String JSSE15Factory =
+ "org.apache.tomcat.util.net.jsse.JSSE15Factory";
static final String JSSE14Factory =
"org.apache.tomcat.util.net.jsse.JSSE14Factory";
static final String JSSE13Factory =
@@ -41,24 +43,32 @@
static org.apache.commons.logging.Log logger =
org.apache.commons.logging.LogFactory.getLog(JSSEImplementation.class);
- private JSSEFactory factory;
+ private JSSEFactory factory = null;
public JSSEImplementation() throws ClassNotFoundException {
// Check to see if JSSE is floating around somewhere
Class.forName(SSLSocketClass);
- if( JdkCompat.isJava14() ) {
- try {
- Class factcl = Class.forName(JSSE14Factory);
- factory = (JSSEFactory)factcl.newInstance();
- } catch(Exception ex) {
- factory = new JSSE13Factory();
- if(logger.isDebugEnabled()) {
- logger.debug("Error getting factory: " + JSSE14Factory, ex);
- }
- }
- } else {
- factory = new JSSE13Factory();
- }
+ if( JdkCompat.isJava15() ) {
+ try {
+ Class factcl = Class.forName(JSSE15Factory);
+ factory = (JSSEFactory)factcl.newInstance();
+ } catch(Exception ex) {
+ if(logger.isDebugEnabled())
+ logger.debug("Error getting factory: " + JSSE15Factory,
ex);
+ }
+ }
+ if(factory == null && JdkCompat.isJava14() ) {
+ try {
+ Class factcl = Class.forName(JSSE14Factory);
+ factory = (JSSEFactory)factcl.newInstance();
+ } catch(Exception ex) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("Error getting factory: " + JSSE14Factory,
ex);
+ }
+ }
+ } if(factory == null) {
+ factory = new JSSE13Factory();
+ }
}
1.1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE15Factory.java
Index: JSSE15Factory.java
===================================================================
/*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.util.net.jsse;
import java.net.Socket;
import javax.net.ssl.SSLSocket;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.ServerSocketFactory;
/**
* Implementation class for JSSEFactory for JSSE 1.1.x (that ships with the
* 1.5 JVM).
*
* @author Bill Barker
*/
class JSSE15Factory extends JSSE14Factory {
JSSE15Factory() {
super();
}
public ServerSocketFactory getSocketFactory() {
return new JSSE15SocketFactory();
}
}
1.1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE15SocketFactory.java
Index: JSSE15SocketFactory.java
===================================================================
/*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.util.net.jsse;
import java.io.IOException;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.Collection;
import java.security.KeyStore;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.CRL;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.CertPathTrustManagerParameters;
/**
* SSL Socket Factory for JDK 1.5
*
* @author Bill Barker
*/
public class JSSE15SocketFactory extends JSSE14SocketFactory {
private static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(JSSE15SocketFactory.class);
public JSSE15SocketFactory() {
super();
}
/**
* Gets the intialized trust managers.
*/
protected TrustManager[] getTrustManagers(String keystoreType, String
algorithm)
throws Exception {
if(attributes.get("truststoreAlgorithm") == null) {
// in 1.5, the Trust default isn't the same as the Key default.
algorithm = TrustManagerFactory.getDefaultAlgorithm();
}
String crlf = (String)attributes.get("crlFile");
if(crlf == null) {
return super.getTrustManagers(keystoreType, algorithm);
}
TrustManager[] tms = null;
String truststoreType = (String)attributes.get("truststoreType");
if(truststoreType == null) {
truststoreType = keystoreType;
}
KeyStore trustStore = getTrustStore(truststoreType);
if (trustStore != null) {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(algorithm, crlf,
trustStore);
ManagerFactoryParameters mfp = new
CertPathTrustManagerParameters(params);
tmf.init(mfp);
tms = tmf.getTrustManagers();
}
return tms;
}
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new
PKIXBuilderParameters(trustStore,
new
X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = (String)attributes.get("trustMaxCertLength");
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
/**
* Load the collection of CRLs.
*
*/
protected Collection<? extends CRL> getCRLs(String crlf)
throws IOException, CRLException, CertificateException {
File crlFile = new File(crlf);
if( !crlFile.isAbsolute() ) {
crlFile = new File(System.getProperty("catalina.base"), crlf);
}
Collection<? extends CRL> crls = null;
InputStream is = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
is = new FileInputStream(crlFile);
crls = cf.generateCRLs(is);
} catch(IOException iex) {
throw iex;
} catch(CRLException crle) {
throw crle;
} catch(CertificateException ce) {
throw ce;
} finally {
if(is != null) {
try{
is.close();
} catch(Exception ex) {
}
}
}
return crls;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
