remm 2005/07/12 10:01:42 Modified: jni/java/org/apache/tomcat/jni SSLSocket.java http11/src/java/org/apache/coyote/http11 Http11AprProcessor.java Log: - Translate old SSL code to APR (untested right now). Revision Changes Path 1.18 +1 -4 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java Index: SSLSocket.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- SSLSocket.java 12 Jul 2005 14:56:09 -0000 1.17 +++ SSLSocket.java 12 Jul 2005 17:01:42 -0000 1.18 @@ -16,9 +16,6 @@ package org.apache.tomcat.jni; -/* Import needed classes */ -import java.nio.ByteBuffer; - /** SSL Socket * * @author Mladen Turk 1.23 +52 -31 jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java Index: Http11AprProcessor.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- Http11AprProcessor.java 7 Jul 2005 22:54:13 -0000 1.22 +++ Http11AprProcessor.java 12 Jul 2005 17:01:42 -0000 1.23 @@ -16,6 +16,7 @@ package org.apache.coyote.http11; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InterruptedIOException; import java.net.InetAddress; @@ -24,6 +25,8 @@ import java.util.regex.PatternSyntaxException; import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import org.apache.coyote.ActionCode; import org.apache.coyote.ActionHook; @@ -41,6 +44,8 @@ import org.apache.coyote.http11.filters.VoidOutputFilter; import org.apache.coyote.http11.filters.BufferedInputFilter; import org.apache.tomcat.jni.Address; +import org.apache.tomcat.jni.SSL; +import org.apache.tomcat.jni.SSLSocket; import org.apache.tomcat.jni.Sockaddr; import org.apache.tomcat.jni.Socket; import org.apache.tomcat.util.buf.Ascii; @@ -50,7 +55,6 @@ import org.apache.tomcat.util.http.FastHttpDateFormat; import org.apache.tomcat.util.http.MimeHeaders; import org.apache.tomcat.util.net.AprEndpoint; -import org.apache.tomcat.util.net.SSLSupport; import org.apache.tomcat.util.threads.ThreadWithAttributes; @@ -90,6 +94,8 @@ outputBuffer = new InternalAprOutputBuffer(response, headerBufferSize); response.setOutputBuffer(outputBuffer); request.setResponse(response); + + ssl = !"off".equalsIgnoreCase(endpoint.getSSLEngine()); initializeFilters(); @@ -194,10 +200,10 @@ /** - * SSL information. + * SSL enabled ? */ - protected SSLSupport sslSupport; - + protected boolean ssl = false; + /** * Socket associated with the current connection. @@ -645,14 +651,6 @@ /** - * Set the SSL information for this HTTP connection. - */ - public void setSSLSupport(SSLSupport sslSupport) { - this.sslSupport = sslSupport; - } - - - /** * Set the flag to control upload time-outs. */ public void setDisableUploadTimeout(boolean isDisabled) { @@ -898,9 +896,6 @@ inputBuffer.recycle(); outputBuffer.recycle(); - // Recycle ssl info - sslSupport = null; - return openSocket; } @@ -1084,23 +1079,36 @@ } else if (actionCode == ActionCode.ACTION_REQ_SSL_ATTRIBUTE ) { try { - if (sslSupport != null) { - Object sslO = sslSupport.getCipherSuite(); + if (ssl) { + Object sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_CIPHER); if (sslO != null) request.setAttribute - (SSLSupport.CIPHER_SUITE_KEY, sslO); - sslO = sslSupport.getPeerCertificateChain(false); + ("javax.servlet.request.cipher_suite", sslO); + int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN); + X509Certificate[] certs = new X509Certificate[certLength]; + for (int i = 0; i < certLength; i++) { + byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i); + CertificateFactory cf = + CertificateFactory.getInstance("X.509"); + ByteArrayInputStream stream = new ByteArrayInputStream(data); + certs[i] = (X509Certificate) cf.generateCertificate(stream); + } + if (certLength > 0) { + sslO = certs; + } else { + sslO = null; + } if (sslO != null) request.setAttribute - (SSLSupport.CERTIFICATE_KEY, sslO); - sslO = sslSupport.getKeySize(); + ("javax.servlet.request.X509Certificate", sslO); + sslO = new Integer(SSLSocket.getInfoI(socket, SSL.SSL_INFO_CIPHER_USEKEYSIZE)); if (sslO != null) request.setAttribute - (SSLSupport.KEY_SIZE_KEY, sslO); - sslO = sslSupport.getSessionId(); + ("javax.servlet.request.key_size", sslO); + sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_SESSION_ID); if (sslO != null) request.setAttribute - (SSLSupport.SESSION_ID_KEY, sslO); + ("javax.servlet.request.ssl_session", sslO); } } catch (Exception e) { log.warn("Exception getting SSL attributes " ,e); @@ -1108,7 +1116,7 @@ } else if (actionCode == ActionCode.ACTION_REQ_SSL_CERTIFICATE) { - if( sslSupport != null) { + if (ssl) { /* * Consume and buffer the request body, so that it does not * interfere with the client's handshake messages @@ -1119,11 +1127,24 @@ inputBuffer.addActiveFilter (inputFilters[Constants.BUFFERED_FILTER]); try { - Object sslO = sslSupport.getPeerCertificateChain(true); - if( sslO != null) { - request.setAttribute - (SSLSupport.CERTIFICATE_KEY, sslO); + // FIXME: Verify this is the right thing to do + SSLSocket.renegotiate(socket); + int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN); + X509Certificate[] certs = new X509Certificate[certLength]; + for (int i = 0; i < certLength; i++) { + byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i); + CertificateFactory cf = + CertificateFactory.getInstance("X.509"); + ByteArrayInputStream stream = new ByteArrayInputStream(data); + certs[i] = (X509Certificate) cf.generateCertificate(stream); } + Object sslO = null; + if (certLength > 0) { + sslO = certs; + } + if (sslO != null) + request.setAttribute + ("javax.servlet.request.X509Certificate", sslO); } catch (Exception e) { log.warn("Exception getting SSL Cert", e); } @@ -1179,7 +1200,7 @@ contentDelimitation = false; expectation = false; sendfileData = null; - if (sslSupport != null) { + if (ssl) { request.scheme().setString("https"); } MessageBytes protocolMB = request.protocol(); @@ -1396,7 +1417,7 @@ } if (colonPos < 0) { - if (sslSupport == null) { + if (ssl) { // 80 - Default HTTTP port request.setServerPort(80); } else {
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]