Author: markt Date: Mon Jan 8 11:44:24 2018 New Revision: 1820552 URL: http://svn.apache.org/viewvc?rev=1820552&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61566 Expose the currently in use certificate chain and list of trusted certificates for all virtual hosts configured using the JSSE style (keystore) TLS configuration via the Manager web application.
Added: tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp - copied, changed from r1817997, tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp - copied unchanged from r1817999, tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp Propchange: tomcat/tc8.5.x/trunk/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jan 8 11:44:24 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205 3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,176 8283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,1778061,1778138- 1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,1788543-1788544,1788548,17885 50,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,1793980,1794674,1794941-1794942,17 95278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799515,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297 ,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811 329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1818179,1818184,1818711,1818919,1818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820265,1 820272,1820276,1820279,1820281,1820302 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205 3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,176 8283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,1778061,1778138- 1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,1788543-1788544,1788548,17885 50,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,1793980,1794674,1794941-1794942,17 95278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799515,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297 ,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811 329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1817997,1817999-1818001,1818004,1818179,1818184,1818711,1818919,1818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1 820202,1820206,1820222,1820265,1820272,1820276,1820279,1820281,1820302 Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Mon Jan 8 11:44:24 2018 @@ -85,6 +85,8 @@ public final class HTMLManagerServlet ex static final String sessionsListJspPath = "/WEB-INF/jsp/sessionsList.jsp"; static final String sessionDetailJspPath = "/WEB-INF/jsp/sessionDetail.jsp"; static final String connectorCiphersJspPath = "/WEB-INF/jsp/connectorCiphers.jsp"; + static final String connectorCertsJspPath = "/WEB-INF/jsp/connectorCerts.jsp"; + static final String connectorTrustedCertsJspPath = "/WEB-INF/jsp/connectorTrustedCerts.jsp"; private boolean showProxySessions = false; @@ -138,6 +140,10 @@ public final class HTMLManagerServlet ex } } else if (command.equals("/sslConnectorCiphers")) { sslConnectorCiphers(request, response); + } else if (command.equals("/sslConnectorCerts")) { + sslConnectorCerts(request, response); + } else if (command.equals("/sslConnectorTrustedCerts")) { + sslConnectorTrustedCerts(request, response); } else if (command.equals("/upload") || command.equals("/deploy") || command.equals("/reload") || command.equals("/undeploy") || command.equals("/expire") || command.equals("/start") || @@ -535,7 +541,7 @@ public final class HTMLManagerServlet ex writer.print(MessageFormat.format(UPLOAD_SECTION, args)); // Diagnostics section - args = new Object[9]; + args = new Object[15]; args[0] = smClient.getString("htmlManagerServlet.diagnosticsTitle"); args[1] = smClient.getString("htmlManagerServlet.diagnosticsLeak"); args[2] = response.encodeURL( @@ -547,6 +553,14 @@ public final class HTMLManagerServlet ex request.getContextPath() + "/html/sslConnectorCiphers"); args[7] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherButton"); args[8] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherText"); + args[9] = response.encodeURL( + request.getContextPath() + "/html/sslConnectorCerts"); + args[10] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCertsButton"); + args[11] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCertsText"); + args[12] = response.encodeURL( + request.getContextPath() + "/html/sslConnectorTrustedCerts"); + args[13] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorTrustedCertsButton"); + args[14] = smClient.getString("htmlManagerServlet.diagnosticsSslConnectorTrustedCertsText"); writer.print(MessageFormat.format(DIAGNOSTICS_SECTION, args)); // Server Header Section @@ -727,6 +741,23 @@ public final class HTMLManagerServlet ex connectorCiphersJspPath).forward(request, response); } + + protected void sslConnectorCerts(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + request.setAttribute("certList", getConnectorCerts()); + getServletContext().getRequestDispatcher( + connectorCertsJspPath).forward(request, response); + } + + + protected void sslConnectorTrustedCerts(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + request.setAttribute("trustedCertList", getConnectorTrustedCerts()); + getServletContext().getRequestDispatcher( + connectorTrustedCertsJspPath).forward(request, response); + } + + /** * @see javax.servlet.Servlet#getServletInfo() */ @@ -1293,44 +1324,59 @@ public final class HTMLManagerServlet ex "<tr>\n" + " <td colspan=\"2\" class=\"title\">{0}</td>\n" + "</tr>\n" + + "<tr>\n" + " <td colspan=\"2\" class=\"header-left\"><small>{1}</small></td>\n" + "</tr>\n" + - "<tr>\n" + - " <td colspan=\"2\">\n" + - "<form method=\"post\" action=\"{2}\">\n" + - "<table cellspacing=\"0\" cellpadding=\"3\">\n" + + "<tr>\n" + " <td class=\"row-left\">\n" + - " <input type=\"submit\" value=\"{4}\">\n" + + " <form method=\"post\" action=\"{2}\">\n" + + " <input type=\"submit\" value=\"{4}\">\n" + + " </form>\n" + " </td>\n" + " <td class=\"row-left\">\n" + " <small>{3}</small>\n" + " </td>\n" + "</tr>\n" + - "</table>\n" + - "</form>\n" + - "</td>\n" + - "</tr>\n" + + "<tr>\n" + " <td colspan=\"2\" class=\"header-left\"><small>{5}</small></td>\n" + "</tr>\n" + - "<tr>\n" + - " <td colspan=\"2\">\n" + - "<form method=\"post\" action=\"{6}\">\n" + - "<table cellspacing=\"0\" cellpadding=\"3\">\n" + + "<tr>\n" + " <td class=\"row-left\">\n" + - " <input type=\"submit\" value=\"{7}\">\n" + + " <form method=\"post\" action=\"{6}\">\n" + + " <input type=\"submit\" value=\"{7}\">\n" + + " </form>\n" + " </td>\n" + " <td class=\"row-left\">\n" + " <small>{8}</small>\n" + " </td>\n" + "</tr>\n" + - "</table>\n" + - "</form>\n" + - "</td>\n" + + + "<tr>\n" + + " <td class=\"row-left\">\n" + + " <form method=\"post\" action=\"{9}\">\n" + + " <input type=\"submit\" value=\"{10}\">\n" + + " </form>\n" + + " </td>\n" + + " <td class=\"row-left\">\n" + + " <small>{11}</small>\n" + + " </td>\n" + + "</tr>\n" + + + "<tr>\n" + + " <td class=\"row-left\">\n" + + " <form method=\"post\" action=\"{12}\">\n" + + " <input type=\"submit\" value=\"{13}\">\n" + + " </form>\n" + + " </td>\n" + + " <td class=\"row-left\">\n" + + " <small>{14}</small>\n" + + " </td>\n" + "</tr>\n" + + "</table>\n" + "<br>"; } Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties Mon Jan 8 11:44:24 2018 @@ -48,9 +48,13 @@ htmlManagerServlet.deployWar=WAR or Dire htmlManagerServlet.diagnosticsLeak=Check to see if a web application has caused a memory leak on stop, reload or undeploy htmlManagerServlet.diagnosticsLeakButton=Find leaks htmlManagerServlet.diagnosticsLeakWarning=This diagnostic check will trigger a full garbage collection. Use it with extreme caution on production systems. -htmlManagerServlet.diagnosticsSsl=SSL connector configuration diagnostics -htmlManagerServlet.diagnosticsSslConnectorCipherButton=Connector ciphers -htmlManagerServlet.diagnosticsSslConnectorCipherText=List the configured ciphers for each connector +htmlManagerServlet.diagnosticsSsl=TLS connector configuration diagnostics +htmlManagerServlet.diagnosticsSslConnectorCipherButton=Ciphers +htmlManagerServlet.diagnosticsSslConnectorCipherText=List the configured TLS virtual hosts and the ciphers for each. +htmlManagerServlet.diagnosticsSslConnectorCertsButton=Certificates +htmlManagerServlet.diagnosticsSslConnectorCertsText=List the configured TLS virtual hosts and the certificate chain for each. +htmlManagerServlet.diagnosticsSslConnectorTrustedCertsButton=Trusted Certificates +htmlManagerServlet.diagnosticsSslConnectorTrustedCertsText=List the configured TLS virtual hosts and the trusted certificates for each. htmlManagerServlet.diagnosticsTitle=Diagnostics htmlManagerServlet.findleaksList=\ The following web applications were stopped (reloaded, undeployed), but their\n\ @@ -72,6 +76,7 @@ htmlManagerServlet.serverTitle=Server In htmlManagerServlet.serverVersion=Tomcat Version htmlManagerServlet.title=Tomcat Web Application Manager managerServlet.alreadyContext=FAIL - Application already exists at path [{0}] +managerServlet.certsNotAvailable=Certificate information cannot be obtained from this connector at runtime managerServlet.deleteFail=FAIL - Unable to delete [{0}]. The continued presence of this file may cause problems. managerServlet.deployed=OK - Deployed application at context path [{0}] managerServlet.deployFailed=FAIL - Failed to deploy application at context path [{0}] @@ -108,12 +113,15 @@ managerServlet.sessiontimeout.unlimited= managerServlet.sessiontimeout.expired=[{0}] minutes: [{1}] sessions were expired managerServlet.sessions=OK - Session information for application at context path [{0}] managerServlet.sslConnectorCiphers=OK - Connector / SSL Cipher information +managerServlet.sslConnectorCerts=OK - Connector / Certificate Chain information +managerServlet.sslConnectorTrustedCerts=OK - Connector / Trusted Certificate information managerServlet.started=OK - Started application at context path [{0}] managerServlet.startFailed=FAIL - Application at context path [{0}] could not be started managerServlet.stopped=OK - Stopped application at context path [{0}] managerServlet.storeConfig.invalidMBean=FAIL - Unable to find the StoreConfig Mbean. [{0}] is not a valid name for an MBean. managerServlet.storeConfig.noMBean=FAIL - No StoreConfig MBean registered at [{0}]. Registration is typically performed by the StoreConfigLifecycleListener. managerServlet.threaddump=OK - JVM thread dump +managerServlet.trustedCertsNotConfigured=No trusted certificates are configured for this virtual host managerServlet.undeployed=OK - Undeployed application at context path [{0}] managerServlet.unknownCommand=FAIL - Unknown command [{0}] managerServlet.vminfo=OK - VM info Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java Mon Jan 8 11:44:24 2018 @@ -22,6 +22,8 @@ import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; @@ -30,6 +32,7 @@ import java.util.LinkedHashSet; import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Set; import javax.management.MBeanServer; import javax.management.MalformedObjectNameException; @@ -62,7 +65,9 @@ import org.apache.catalina.util.ServerIn import org.apache.tomcat.util.Diagnostics; import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.modeler.Registry; +import org.apache.tomcat.util.net.SSLContext; import org.apache.tomcat.util.net.SSLHostConfig; +import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.res.StringManager; import org.apache.tomcat.util.security.Escape; @@ -370,6 +375,10 @@ public class ManagerServlet extends Http threadDump(writer, smClient, request.getLocales()); } else if (command.equals("/sslConnectorCiphers")) { sslConnectorCiphers(writer, smClient); + } else if (command.equals("/sslConnectorCerts")) { + sslConnectorCerts(writer, smClient); + } else if (command.equals("/sslConnectorTrustedCerts")) { + sslConnectorTrustedCerts(writer, smClient); } else { writer.println(smClient.getString("managerServlet.unknownCommand", command)); @@ -562,10 +571,9 @@ public class ManagerServlet extends Http writer.print(Diagnostics.getThreadDump(requestedLocales)); } - protected void sslConnectorCiphers(PrintWriter writer, - StringManager smClient) { - writer.println(smClient.getString( - "managerServlet.sslConnectorCiphers")); + + protected void sslConnectorCiphers(PrintWriter writer, StringManager smClient) { + writer.println(smClient.getString("managerServlet.sslConnectorCiphers")); Map<String,List<String>> connectorCiphers = getConnectorCiphers(); for (Map.Entry<String,List<String>> entry : connectorCiphers.entrySet()) { writer.println(entry.getKey()); @@ -577,6 +585,30 @@ public class ManagerServlet extends Http } + private void sslConnectorCerts(PrintWriter writer, StringManager smClient) { + writer.println(smClient.getString("managerServlet.sslConnectorCerts")); + Map<String,List<String>> connectorCerts = getConnectorCerts(); + for (Map.Entry<String,List<String>> entry : connectorCerts.entrySet()) { + writer.println(entry.getKey()); + for (String cert : entry.getValue()) { + writer.println(cert); + } + } + } + + + private void sslConnectorTrustedCerts(PrintWriter writer, StringManager smClient) { + writer.println(smClient.getString("managerServlet.sslConnectorTrustedCerts")); + Map<String,List<String>> connectorTrustedCerts = getConnectorTrustedCerts(); + for (Map.Entry<String,List<String>> entry : connectorTrustedCerts.entrySet()) { + writer.println(entry.getKey()); + for (String cert : entry.getValue()) { + writer.println(cert); + } + } + } + + /** * Store server configuration. * @@ -1712,4 +1744,84 @@ public class ManagerServlet extends Http } return result; } + + + protected Map<String,List<String>> getConnectorCerts() { + Map<String,List<String>> result = new HashMap<>(); + + Engine e = (Engine) host.getParent(); + Service s = e.getService(); + Connector connectors[] = s.findConnectors(); + for (Connector connector : connectors) { + if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) { + SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs(); + for (SSLHostConfig sslHostConfig : sslHostConfigs) { + Set<SSLHostConfigCertificate> sslHostConfigCerts = + sslHostConfig.getCertificates(); + for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) { + String name = connector.toString() + "-" + sslHostConfig.getHostName() + + "-" + sslHostConfigCert.getType(); + List<String> certList = new ArrayList<>(); + SSLContext sslContext = sslHostConfigCert.getSslContext(); + String alias = sslHostConfigCert.getCertificateKeyAlias(); + if (alias == null) { + alias = "tomcat"; + } + X509Certificate[] certs = sslContext.getCertificateChain(alias); + if (certs == null) { + certList.add(sm.getString("managerServlet.certsNotAvailable")); + } else { + for (Certificate cert : certs) { + certList.add(cert.toString()); + } + } + result.put(name, certList); + } + } + } else { + List<String> certList = new ArrayList<>(1); + certList.add(sm.getString("managerServlet.notSslConnector")); + result.put(connector.toString(), certList); + } + } + + return result; + } + + + protected Map<String,List<String>> getConnectorTrustedCerts() { + Map<String,List<String>> result = new HashMap<>(); + + Engine e = (Engine) host.getParent(); + Service s = e.getService(); + Connector connectors[] = s.findConnectors(); + for (Connector connector : connectors) { + if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) { + SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs(); + for (SSLHostConfig sslHostConfig : sslHostConfigs) { + String name = connector.toString() + "-" + sslHostConfig.getHostName(); + List<String> certList = new ArrayList<>(); + SSLContext sslContext = + sslHostConfig.getCertificates().iterator().next().getSslContext(); + X509Certificate[] certs = sslContext.getAcceptedIssuers(); + if (certs == null) { + certList.add(sm.getString("managerServlet.certsNotAvailable")); + } else if (certs.length == 0) { + certList.add(sm.getString("managerServlet.trustedCertsNotConfigured")); + } else { + for (Certificate cert : certs) { + certList.add(cert.toString()); + } + } + result.put(name, certList); + } + } else { + List<String> certList = new ArrayList<>(1); + certList.add(sm.getString("managerServlet.notSslConnector")); + result.put(connector.toString(), certList); + } + } + + return result; + } } Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java Mon Jan 8 11:44:24 2018 @@ -19,6 +19,7 @@ package org.apache.tomcat.util.net; import java.security.KeyManagementException; import java.security.SecureRandom; +import java.security.cert.X509Certificate; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLEngine; @@ -47,4 +48,7 @@ public interface SSLContext { public SSLParameters getSupportedSSLParameters(); + public X509Certificate[] getCertificateChain(String alias); + + public X509Certificate[] getAcceptedIssuers(); } Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java Mon Jan 8 11:44:24 2018 @@ -20,6 +20,9 @@ package org.apache.tomcat.util.net.jsse; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.cert.X509Certificate; +import java.util.HashSet; +import java.util.Set; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLEngine; @@ -27,12 +30,17 @@ import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.TrustManager; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import org.apache.tomcat.util.net.SSLContext; class JSSESSLContext implements SSLContext { private javax.net.ssl.SSLContext context; + private KeyManager[] kms; + private TrustManager[] tms; + JSSESSLContext(String protocol) throws NoSuchAlgorithmException { context = javax.net.ssl.SSLContext.getInstance(protocol); } @@ -40,6 +48,8 @@ class JSSESSLContext implements SSLConte @Override public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException { + this.kms = kms; + this.tms = tms; context.init(kms, tms, sr); } @@ -67,4 +77,34 @@ class JSSESSLContext implements SSLConte return context.getSupportedSSLParameters(); } + @Override + public X509Certificate[] getCertificateChain(String alias) { + X509Certificate[] result = null; + if (kms != null) { + for (int i = 0; i < kms.length && result == null; i++) { + if (kms[i] instanceof X509KeyManager) { + result = ((X509KeyManager) kms[i]).getCertificateChain(alias); + } + } + } + return result; + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + Set<X509Certificate> certs = new HashSet<>(); + if (tms != null) { + for (TrustManager tm : tms) { + if (tm instanceof X509TrustManager) { + X509Certificate[] accepted = ((X509TrustManager) tm).getAcceptedIssuers(); + if (accepted != null) { + for (X509Certificate c : accepted) { + certs.add(c); + } + } + } + } + } + return certs.toArray(new X509Certificate[certs.size()]); + } } Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Mon Jan 8 11:44:24 2018 @@ -70,6 +70,8 @@ public class OpenSSLContext implements o private final SSLHostConfig sslHostConfig; private final SSLHostConfigCertificate certificate; private OpenSSLSessionContext sessionContext; + private X509KeyManager x509KeyManager; + private X509TrustManager x509TrustManager; private final List<String> negotiableProtocols; @@ -291,17 +293,17 @@ public class OpenSSLContext implements o SSLHostConfig.adjustRelativePath( sslHostConfig.getCertificateRevocationListPath())); } else { - X509KeyManager keyManager = chooseKeyManager(kms); + x509KeyManager = chooseKeyManager(kms); String alias = certificate.getCertificateKeyAlias(); if (alias == null) { alias = "tomcat"; } - X509Certificate[] chain = keyManager.getCertificateChain(alias); + X509Certificate[] chain = x509KeyManager.getCertificateChain(alias); if (chain == null) { - alias = findAlias(keyManager, certificate); - chain = keyManager.getCertificateChain(alias); + alias = findAlias(x509KeyManager, certificate); + chain = x509KeyManager.getCertificateChain(alias); } - PrivateKey key = keyManager.getPrivateKey(alias); + PrivateKey key = x509KeyManager.getPrivateKey(alias); StringBuilder sb = new StringBuilder(BEGIN_KEY); String encoded = BASE64_ENCODER.encodeToString(key.getEncoded()); if (encoded.endsWith("\n")) { @@ -334,13 +336,13 @@ public class OpenSSLContext implements o if (tms != null) { // Client certificate verification based on custom trust managers - final X509TrustManager manager = chooseTrustManager(tms); + x509TrustManager = chooseTrustManager(tms); SSLContext.setCertVerifyCallback(ctx, new CertificateVerifier() { @Override public boolean verify(long ssl, byte[][] chain, String auth) { X509Certificate[] peerCerts = certificates(chain); try { - manager.checkClientTrusted(peerCerts, auth); + x509TrustManager.checkClientTrusted(peerCerts, auth); return true; } catch (Exception e) { log.debug(sm.getString("openssl.certificateVerificationFailed"), e); @@ -352,7 +354,7 @@ public class OpenSSLContext implements o // certificate issuers, so that their subjects can be presented // by the server during the handshake to allow the client choosing // an acceptable certificate - for (X509Certificate caCert : manager.getAcceptedIssuers()) { + for (X509Certificate caCert : x509TrustManager.getAcceptedIssuers()) { SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded()); if (log.isDebugEnabled()) log.debug(sm.getString("openssl.addedClientCaCert", caCert.toString())); @@ -523,6 +525,32 @@ public class OpenSSLContext implements o } @Override + public X509Certificate[] getCertificateChain(String alias) { + X509Certificate[] chain = null; + if (x509KeyManager != null) { + if (alias == null) { + alias = "tomcat"; + } + chain = x509KeyManager.getCertificateChain(alias); + if (chain == null) { + alias = findAlias(x509KeyManager, certificate); + chain = x509KeyManager.getCertificateChain(alias); + } + } + + return chain; + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + X509Certificate[] acceptedCerts = null; + if (x509TrustManager != null) { + acceptedCerts = x509TrustManager.getAcceptedIssuers(); + } + return acceptedCerts; + } + + @Override protected void finalize() throws Throwable { /* * When an SSLHostConfig is replaced at runtime, it is not possible to Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Jan 8 11:44:24 2018 @@ -140,6 +140,12 @@ MBean documentation so users have a reference to use when constructing mbeans-descriptiors.xml files for custom components. (markt) </add> + <add> + <bug>61566</bug>: Expose the currently in use certificate chain and list + of trusted certificates for all virtual hosts configured using the JSSE + style (keystore) TLS configuration via the Manager web application. + (markt) + </add> <fix> Partial fix for <bug>61886</bug>. Ensure that multiple threads do not attempt to complete the <code>AsyncContext</code> if an I/O error occurs Modified: tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml (original) +++ tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml Mon Jan 8 11:44:24 2018 @@ -851,7 +851,7 @@ has been reloaded several times, it may </subsection> -<subsection name="Connector SSL/TLS diagnostics"> +<subsection name="Connector SSL/TLS cipher information"> <source>http://localhost:8080/manager/text/sslConnectorCiphers</source> @@ -871,6 +871,49 @@ Connector[HTTP/1.1-8443] ...</source> </subsection> + +<subsection name="Connector SSL/TLS certificate chain information"> + +<source>http://localhost:8080/manager/text/sslConnectorCerts</source> + +<p>The SSL Connector/Certs diagnostic lists the certificate chain that is +currently configured for each virtual host.</p> + +<p>The response will look something like this:</p> +<source>OK - Connector / Certificate Chain information +Connector[HTTP/1.1-8080] +SSL is not enabled for this connector +Connector[HTTP/1.1-8443]-_default_-RSA +[ +[ + Version: V3 + Subject: CN=localhost, OU=Apache Tomcat PMC, O=The Apache Software Foundation, L=Wakefield, ST=MA, C=US + Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 + ...</source> + +</subsection> + +<subsection name="Connector SSL/TLS trusted certificate information"> + +<source>http://localhost:8080/manager/text/sslConnectorTrustedCerts</source> + +<p>The SSL Connector/Certs diagnostic lists the trusted certificates that are +currently configured for each virtual host.</p> + +<p>The response will look something like this:</p> +<source>OK - Connector / Trusted Certificate information +Connector[HTTP/1.1-8080] +SSL is not enabled for this connector +Connector[AJP/1.3-8009] +SSL is not enabled for this connector +Connector[HTTP/1.1-8443]-_default_ +[ +[ + Version: V3 + Subject: CN=Apache Tomcat Test CA, OU=Apache Tomcat PMC, O=The Apache Software Foundation, L=Wakefield, ST=MA, C=US + ...</source> + +</subsection> <subsection name="Thread Dump"> Copied: tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp (from r1817997, tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp) URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp?p2=tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp&p1=tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp&r1=1817997&r2=1820552&rev=1820552&view=diff ============================================================================== --- tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp (original) +++ tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp Mon Jan 8 11:44:24 2018 @@ -32,12 +32,12 @@ <meta http-equiv="cache-control" content="no-cache,must-revalidate"/><!-- HTTP 1.1 --> <meta http-equiv="expires" content="0"/><!-- 0 is an invalid value and should be treated as 'now' --> <meta http-equiv="content-language" content="en"/> - <meta name="copyright" content="copyright 2005-2017 the Apache Software Foundation"/> + <meta name="copyright" content="copyright 2005-2018 the Apache Software Foundation"/> <meta name="robots" content="noindex,nofollow,noarchive"/> <title>Configured certificate chains per Connector</title> </head> <body> -<h1>Configured ciphers per Connector</h1> +<h1>Configured certificate chains per Connector</h1> <table border="1" cellpadding="2" cellspacing="2" width="100%"> <thead> Modified: tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp?rev=1820552&r1=1820551&r2=1820552&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp (original) +++ tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp Mon Jan 8 11:44:24 2018 @@ -42,7 +42,7 @@ <table border="1" cellpadding="2" cellspacing="2" width="100%"> <thead> <tr> - <th>Connector</th> + <th>Connector / TLS Virtual Host</th> <th>Enabled Ciphers</th> </tr> </thead> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org