billbarker 2005/04/10 16:48:44 Modified: util/java/org/apache/tomcat/util/net/jsse JSSEImplementation.java Added: util/java/org/apache/tomcat/util/net/jsse JSSE15Factory.java JSSE15SocketFactory.java Log: Adding support for CRLs, at least with JDK 1.5 Revision Changes Path 1.10 +24 -14 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java Index: JSSEImplementation.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JSSEImplementation.java 24 Feb 2004 08:50:05 -0000 1.9 +++ JSSEImplementation.java 10 Apr 2005 23:48:44 -0000 1.10 @@ -32,6 +32,8 @@ public class JSSEImplementation extends SSLImplementation { + static final String JSSE15Factory = + "org.apache.tomcat.util.net.jsse.JSSE15Factory"; static final String JSSE14Factory = "org.apache.tomcat.util.net.jsse.JSSE14Factory"; static final String JSSE13Factory = @@ -41,24 +43,32 @@ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory.getLog(JSSEImplementation.class); - private JSSEFactory factory; + private JSSEFactory factory = null; public JSSEImplementation() throws ClassNotFoundException { // Check to see if JSSE is floating around somewhere Class.forName(SSLSocketClass); - if( JdkCompat.isJava14() ) { - try { - Class factcl = Class.forName(JSSE14Factory); - factory = (JSSEFactory)factcl.newInstance(); - } catch(Exception ex) { - factory = new JSSE13Factory(); - if(logger.isDebugEnabled()) { - logger.debug("Error getting factory: " + JSSE14Factory, ex); - } - } - } else { - factory = new JSSE13Factory(); - } + if( JdkCompat.isJava15() ) { + try { + Class factcl = Class.forName(JSSE15Factory); + factory = (JSSEFactory)factcl.newInstance(); + } catch(Exception ex) { + if(logger.isDebugEnabled()) + logger.debug("Error getting factory: " + JSSE15Factory, ex); + } + } + if(factory == null && JdkCompat.isJava14() ) { + try { + Class factcl = Class.forName(JSSE14Factory); + factory = (JSSEFactory)factcl.newInstance(); + } catch(Exception ex) { + if(logger.isDebugEnabled()) { + logger.debug("Error getting factory: " + JSSE14Factory, ex); + } + } + } if(factory == null) { + factory = new JSSE13Factory(); + } } 1.1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE15Factory.java Index: JSSE15Factory.java =================================================================== /* * Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net.jsse; import java.net.Socket; import javax.net.ssl.SSLSocket; import org.apache.tomcat.util.net.SSLSupport; import org.apache.tomcat.util.net.ServerSocketFactory; /** * Implementation class for JSSEFactory for JSSE 1.1.x (that ships with the * 1.5 JVM). * * @author Bill Barker */ class JSSE15Factory extends JSSE14Factory { JSSE15Factory() { super(); } public ServerSocketFactory getSocketFactory() { return new JSSE15SocketFactory(); } } 1.1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE15SocketFactory.java Index: JSSE15SocketFactory.java =================================================================== /* * Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net.jsse; import java.io.IOException; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.util.Collection; import java.security.KeyStore; import java.security.cert.PKIXBuilderParameters; import java.security.cert.X509CertSelector; import java.security.cert.CRL; import java.security.cert.CollectionCertStoreParameters; import java.security.cert.CertStoreParameters; import java.security.cert.CertPathParameters; import java.security.cert.CertStore; import java.security.cert.CertificateFactory; import java.security.cert.CRLException; import java.security.cert.CertificateException; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509KeyManager; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.CertPathTrustManagerParameters; /** * SSL Socket Factory for JDK 1.5 * * @author Bill Barker */ public class JSSE15SocketFactory extends JSSE14SocketFactory { private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(JSSE15SocketFactory.class); public JSSE15SocketFactory() { super(); } /** * Gets the intialized trust managers. */ protected TrustManager[] getTrustManagers(String keystoreType, String algorithm) throws Exception { if(attributes.get("truststoreAlgorithm") == null) { // in 1.5, the Trust default isn't the same as the Key default. algorithm = TrustManagerFactory.getDefaultAlgorithm(); } String crlf = (String)attributes.get("crlFile"); if(crlf == null) { return super.getTrustManagers(keystoreType, algorithm); } TrustManager[] tms = null; String truststoreType = (String)attributes.get("truststoreType"); if(truststoreType == null) { truststoreType = keystoreType; } KeyStore trustStore = getTrustStore(truststoreType); if (trustStore != null) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); CertPathParameters params = getParameters(algorithm, crlf, trustStore); ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params); tmf.init(mfp); tms = tmf.getTrustManagers(); } return tms; } /** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = (String)attributes.get("trustMaxCertLength"); if(trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: "+trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; } /** * Load the collection of CRLs. * */ protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException { File crlFile = new File(crlf); if( !crlFile.isAbsolute() ) { crlFile = new File(System.getProperty("catalina.base"), crlf); } Collection<? extends CRL> crls = null; InputStream is = null; try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); is = new FileInputStream(crlFile); crls = cf.generateCRLs(is); } catch(IOException iex) { throw iex; } catch(CRLException crle) { throw crle; } catch(CertificateException ce) { throw ce; } finally { if(is != null) { try{ is.close(); } catch(Exception ex) { } } } return crls; } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]