Author: markt
Date: Mon Jan 8 11:44:24 2018
New Revision: 1820552
URL: http://svn.apache.org/viewvc?rev=1820552&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61566
Expose the currently in use certificate chain and list of trusted certificates
for all virtual hosts configured using the JSSE style (keystore) TLS
configuration via the Manager web application.
Added:
tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
- copied, changed from r1817997,
tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
- copied unchanged from r1817999,
tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml
tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jan 8 11:44:24 2018
@@ -1,2 +1,2 @@
/tomcat/tc8.0.x/trunk:1809644
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,176
8283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,1778061,1778138-
1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,1788543-1788544,1788548,17885
50,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,1793980,1794674,1794941-1794942,17
95278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799515,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297
,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811
329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1818179,1818184,1818711,1818919,1818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820265,1
820272,1820276,1820279,1820281,1820302
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,176
8283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,1778061,1778138-
1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,1788543-1788544,1788548,17885
50,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,1793980,1794674,1794941-1794942,17
95278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799515,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297
,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811
329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1817997,1817999-1818001,1818004,1818179,1818184,1818711,1818919,1818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1
820202,1820206,1820222,1820265,1820272,1820276,1820279,1820281,1820302
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Mon Jan 8 11:44:24 2018
@@ -85,6 +85,8 @@ public final class HTMLManagerServlet ex
static final String sessionsListJspPath = "/WEB-INF/jsp/sessionsList.jsp";
static final String sessionDetailJspPath =
"/WEB-INF/jsp/sessionDetail.jsp";
static final String connectorCiphersJspPath =
"/WEB-INF/jsp/connectorCiphers.jsp";
+ static final String connectorCertsJspPath =
"/WEB-INF/jsp/connectorCerts.jsp";
+ static final String connectorTrustedCertsJspPath =
"/WEB-INF/jsp/connectorTrustedCerts.jsp";
private boolean showProxySessions = false;
@@ -138,6 +140,10 @@ public final class HTMLManagerServlet ex
}
} else if (command.equals("/sslConnectorCiphers")) {
sslConnectorCiphers(request, response);
+ } else if (command.equals("/sslConnectorCerts")) {
+ sslConnectorCerts(request, response);
+ } else if (command.equals("/sslConnectorTrustedCerts")) {
+ sslConnectorTrustedCerts(request, response);
} else if (command.equals("/upload") || command.equals("/deploy") ||
command.equals("/reload") || command.equals("/undeploy") ||
command.equals("/expire") || command.equals("/start") ||
@@ -535,7 +541,7 @@ public final class HTMLManagerServlet ex
writer.print(MessageFormat.format(UPLOAD_SECTION, args));
// Diagnostics section
- args = new Object[9];
+ args = new Object[15];
args[0] = smClient.getString("htmlManagerServlet.diagnosticsTitle");
args[1] = smClient.getString("htmlManagerServlet.diagnosticsLeak");
args[2] = response.encodeURL(
@@ -547,6 +553,14 @@ public final class HTMLManagerServlet ex
request.getContextPath() + "/html/sslConnectorCiphers");
args[7] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherButton");
args[8] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherText");
+ args[9] = response.encodeURL(
+ request.getContextPath() + "/html/sslConnectorCerts");
+ args[10] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCertsButton");
+ args[11] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCertsText");
+ args[12] = response.encodeURL(
+ request.getContextPath() + "/html/sslConnectorTrustedCerts");
+ args[13] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorTrustedCertsButton");
+ args[14] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorTrustedCertsText");
writer.print(MessageFormat.format(DIAGNOSTICS_SECTION, args));
// Server Header Section
@@ -727,6 +741,23 @@ public final class HTMLManagerServlet ex
connectorCiphersJspPath).forward(request, response);
}
+
+ protected void sslConnectorCerts(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException
{
+ request.setAttribute("certList", getConnectorCerts());
+ getServletContext().getRequestDispatcher(
+ connectorCertsJspPath).forward(request, response);
+ }
+
+
+ protected void sslConnectorTrustedCerts(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException
{
+ request.setAttribute("trustedCertList", getConnectorTrustedCerts());
+ getServletContext().getRequestDispatcher(
+ connectorTrustedCertsJspPath).forward(request, response);
+ }
+
+
/**
* @see javax.servlet.Servlet#getServletInfo()
*/
@@ -1293,44 +1324,59 @@ public final class HTMLManagerServlet ex
"<tr>\n" +
" <td colspan=\"2\" class=\"title\">{0}</td>\n" +
"</tr>\n" +
+
"<tr>\n" +
" <td colspan=\"2\" class=\"header-left\"><small>{1}</small></td>\n" +
"</tr>\n" +
- "<tr>\n" +
- " <td colspan=\"2\">\n" +
- "<form method=\"post\" action=\"{2}\">\n" +
- "<table cellspacing=\"0\" cellpadding=\"3\">\n" +
+
"<tr>\n" +
" <td class=\"row-left\">\n" +
- " <input type=\"submit\" value=\"{4}\">\n" +
+ " <form method=\"post\" action=\"{2}\">\n" +
+ " <input type=\"submit\" value=\"{4}\">\n" +
+ " </form>\n" +
" </td>\n" +
" <td class=\"row-left\">\n" +
" <small>{3}</small>\n" +
" </td>\n" +
"</tr>\n" +
- "</table>\n" +
- "</form>\n" +
- "</td>\n" +
- "</tr>\n" +
+
"<tr>\n" +
" <td colspan=\"2\" class=\"header-left\"><small>{5}</small></td>\n" +
"</tr>\n" +
- "<tr>\n" +
- " <td colspan=\"2\">\n" +
- "<form method=\"post\" action=\"{6}\">\n" +
- "<table cellspacing=\"0\" cellpadding=\"3\">\n" +
+
"<tr>\n" +
" <td class=\"row-left\">\n" +
- " <input type=\"submit\" value=\"{7}\">\n" +
+ " <form method=\"post\" action=\"{6}\">\n" +
+ " <input type=\"submit\" value=\"{7}\">\n" +
+ " </form>\n" +
" </td>\n" +
" <td class=\"row-left\">\n" +
" <small>{8}</small>\n" +
" </td>\n" +
"</tr>\n" +
- "</table>\n" +
- "</form>\n" +
- "</td>\n" +
+
+ "<tr>\n" +
+ " <td class=\"row-left\">\n" +
+ " <form method=\"post\" action=\"{9}\">\n" +
+ " <input type=\"submit\" value=\"{10}\">\n" +
+ " </form>\n" +
+ " </td>\n" +
+ " <td class=\"row-left\">\n" +
+ " <small>{11}</small>\n" +
+ " </td>\n" +
+ "</tr>\n" +
+
+ "<tr>\n" +
+ " <td class=\"row-left\">\n" +
+ " <form method=\"post\" action=\"{12}\">\n" +
+ " <input type=\"submit\" value=\"{13}\">\n" +
+ " </form>\n" +
+ " </td>\n" +
+ " <td class=\"row-left\">\n" +
+ " <small>{14}</small>\n" +
+ " </td>\n" +
"</tr>\n" +
+
"</table>\n" +
"<br>";
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/LocalStrings.properties
Mon Jan 8 11:44:24 2018
@@ -48,9 +48,13 @@ htmlManagerServlet.deployWar=WAR or Dire
htmlManagerServlet.diagnosticsLeak=Check to see if a web application has
caused a memory leak on stop, reload or undeploy
htmlManagerServlet.diagnosticsLeakButton=Find leaks
htmlManagerServlet.diagnosticsLeakWarning=This diagnostic check will trigger a
full garbage collection. Use it with extreme caution on production systems.
-htmlManagerServlet.diagnosticsSsl=SSL connector configuration diagnostics
-htmlManagerServlet.diagnosticsSslConnectorCipherButton=Connector ciphers
-htmlManagerServlet.diagnosticsSslConnectorCipherText=List the configured
ciphers for each connector
+htmlManagerServlet.diagnosticsSsl=TLS connector configuration diagnostics
+htmlManagerServlet.diagnosticsSslConnectorCipherButton=Ciphers
+htmlManagerServlet.diagnosticsSslConnectorCipherText=List the configured TLS
virtual hosts and the ciphers for each.
+htmlManagerServlet.diagnosticsSslConnectorCertsButton=Certificates
+htmlManagerServlet.diagnosticsSslConnectorCertsText=List the configured TLS
virtual hosts and the certificate chain for each.
+htmlManagerServlet.diagnosticsSslConnectorTrustedCertsButton=Trusted
Certificates
+htmlManagerServlet.diagnosticsSslConnectorTrustedCertsText=List the configured
TLS virtual hosts and the trusted certificates for each.
htmlManagerServlet.diagnosticsTitle=Diagnostics
htmlManagerServlet.findleaksList=\
The following web applications were stopped (reloaded, undeployed), but
their\n\
@@ -72,6 +76,7 @@ htmlManagerServlet.serverTitle=Server In
htmlManagerServlet.serverVersion=Tomcat Version
htmlManagerServlet.title=Tomcat Web Application Manager
managerServlet.alreadyContext=FAIL - Application already exists at path [{0}]
+managerServlet.certsNotAvailable=Certificate information cannot be obtained
from this connector at runtime
managerServlet.deleteFail=FAIL - Unable to delete [{0}]. The continued
presence of this file may cause problems.
managerServlet.deployed=OK - Deployed application at context path [{0}]
managerServlet.deployFailed=FAIL - Failed to deploy application at context
path [{0}]
@@ -108,12 +113,15 @@ managerServlet.sessiontimeout.unlimited=
managerServlet.sessiontimeout.expired=[{0}] minutes: [{1}] sessions were
expired
managerServlet.sessions=OK - Session information for application at context
path [{0}]
managerServlet.sslConnectorCiphers=OK - Connector / SSL Cipher information
+managerServlet.sslConnectorCerts=OK - Connector / Certificate Chain information
+managerServlet.sslConnectorTrustedCerts=OK - Connector / Trusted Certificate
information
managerServlet.started=OK - Started application at context path [{0}]
managerServlet.startFailed=FAIL - Application at context path [{0}] could not
be started
managerServlet.stopped=OK - Stopped application at context path [{0}]
managerServlet.storeConfig.invalidMBean=FAIL - Unable to find the StoreConfig
Mbean. [{0}] is not a valid name for an MBean.
managerServlet.storeConfig.noMBean=FAIL - No StoreConfig MBean registered at
[{0}]. Registration is typically performed by the StoreConfigLifecycleListener.
managerServlet.threaddump=OK - JVM thread dump
+managerServlet.trustedCertsNotConfigured=No trusted certificates are
configured for this virtual host
managerServlet.undeployed=OK - Undeployed application at context path [{0}]
managerServlet.unknownCommand=FAIL - Unknown command [{0}]
managerServlet.vminfo=OK - VM info
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/manager/ManagerServlet.java
Mon Jan 8 11:44:24 2018
@@ -22,6 +22,8 @@ import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
@@ -30,6 +32,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
+import java.util.Set;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
@@ -62,7 +65,9 @@ import org.apache.catalina.util.ServerIn
import org.apache.tomcat.util.Diagnostics;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.modeler.Registry;
+import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.Escape;
@@ -370,6 +375,10 @@ public class ManagerServlet extends Http
threadDump(writer, smClient, request.getLocales());
} else if (command.equals("/sslConnectorCiphers")) {
sslConnectorCiphers(writer, smClient);
+ } else if (command.equals("/sslConnectorCerts")) {
+ sslConnectorCerts(writer, smClient);
+ } else if (command.equals("/sslConnectorTrustedCerts")) {
+ sslConnectorTrustedCerts(writer, smClient);
} else {
writer.println(smClient.getString("managerServlet.unknownCommand",
command));
@@ -562,10 +571,9 @@ public class ManagerServlet extends Http
writer.print(Diagnostics.getThreadDump(requestedLocales));
}
- protected void sslConnectorCiphers(PrintWriter writer,
- StringManager smClient) {
- writer.println(smClient.getString(
- "managerServlet.sslConnectorCiphers"));
+
+ protected void sslConnectorCiphers(PrintWriter writer, StringManager
smClient) {
+
writer.println(smClient.getString("managerServlet.sslConnectorCiphers"));
Map<String,List<String>> connectorCiphers = getConnectorCiphers();
for (Map.Entry<String,List<String>> entry :
connectorCiphers.entrySet()) {
writer.println(entry.getKey());
@@ -577,6 +585,30 @@ public class ManagerServlet extends Http
}
+ private void sslConnectorCerts(PrintWriter writer, StringManager smClient)
{
+ writer.println(smClient.getString("managerServlet.sslConnectorCerts"));
+ Map<String,List<String>> connectorCerts = getConnectorCerts();
+ for (Map.Entry<String,List<String>> entry : connectorCerts.entrySet())
{
+ writer.println(entry.getKey());
+ for (String cert : entry.getValue()) {
+ writer.println(cert);
+ }
+ }
+ }
+
+
+ private void sslConnectorTrustedCerts(PrintWriter writer, StringManager
smClient) {
+
writer.println(smClient.getString("managerServlet.sslConnectorTrustedCerts"));
+ Map<String,List<String>> connectorTrustedCerts =
getConnectorTrustedCerts();
+ for (Map.Entry<String,List<String>> entry :
connectorTrustedCerts.entrySet()) {
+ writer.println(entry.getKey());
+ for (String cert : entry.getValue()) {
+ writer.println(cert);
+ }
+ }
+ }
+
+
/**
* Store server configuration.
*
@@ -1712,4 +1744,84 @@ public class ManagerServlet extends Http
}
return result;
}
+
+
+ protected Map<String,List<String>> getConnectorCerts() {
+ Map<String,List<String>> result = new HashMap<>();
+
+ Engine e = (Engine) host.getParent();
+ Service s = e.getService();
+ Connector connectors[] = s.findConnectors();
+ for (Connector connector : connectors) {
+ if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
+ SSLHostConfig[] sslHostConfigs =
connector.getProtocolHandler().findSslHostConfigs();
+ for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+ Set<SSLHostConfigCertificate> sslHostConfigCerts =
+ sslHostConfig.getCertificates();
+ for (SSLHostConfigCertificate sslHostConfigCert :
sslHostConfigCerts) {
+ String name = connector.toString() + "-" +
sslHostConfig.getHostName() +
+ "-" + sslHostConfigCert.getType();
+ List<String> certList = new ArrayList<>();
+ SSLContext sslContext =
sslHostConfigCert.getSslContext();
+ String alias =
sslHostConfigCert.getCertificateKeyAlias();
+ if (alias == null) {
+ alias = "tomcat";
+ }
+ X509Certificate[] certs =
sslContext.getCertificateChain(alias);
+ if (certs == null) {
+
certList.add(sm.getString("managerServlet.certsNotAvailable"));
+ } else {
+ for (Certificate cert : certs) {
+ certList.add(cert.toString());
+ }
+ }
+ result.put(name, certList);
+ }
+ }
+ } else {
+ List<String> certList = new ArrayList<>(1);
+ certList.add(sm.getString("managerServlet.notSslConnector"));
+ result.put(connector.toString(), certList);
+ }
+ }
+
+ return result;
+ }
+
+
+ protected Map<String,List<String>> getConnectorTrustedCerts() {
+ Map<String,List<String>> result = new HashMap<>();
+
+ Engine e = (Engine) host.getParent();
+ Service s = e.getService();
+ Connector connectors[] = s.findConnectors();
+ for (Connector connector : connectors) {
+ if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
+ SSLHostConfig[] sslHostConfigs =
connector.getProtocolHandler().findSslHostConfigs();
+ for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+ String name = connector.toString() + "-" +
sslHostConfig.getHostName();
+ List<String> certList = new ArrayList<>();
+ SSLContext sslContext =
+
sslHostConfig.getCertificates().iterator().next().getSslContext();
+ X509Certificate[] certs = sslContext.getAcceptedIssuers();
+ if (certs == null) {
+
certList.add(sm.getString("managerServlet.certsNotAvailable"));
+ } else if (certs.length == 0) {
+
certList.add(sm.getString("managerServlet.trustedCertsNotConfigured"));
+ } else {
+ for (Certificate cert : certs) {
+ certList.add(cert.toString());
+ }
+ }
+ result.put(name, certList);
+ }
+ } else {
+ List<String> certList = new ArrayList<>(1);
+ certList.add(sm.getString("managerServlet.notSslConnector"));
+ result.put(connector.toString(), certList);
+ }
+ }
+
+ return result;
+ }
}
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLContext.java Mon
Jan 8 11:44:24 2018
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.net;
import java.security.KeyManagementException;
import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
@@ -47,4 +48,7 @@ public interface SSLContext {
public SSLParameters getSupportedSSLParameters();
+ public X509Certificate[] getCertificateChain(String alias);
+
+ public X509Certificate[] getAcceptedIssuers();
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
Mon Jan 8 11:44:24 2018
@@ -20,6 +20,9 @@ package org.apache.tomcat.util.net.jsse;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.HashSet;
+import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
@@ -27,12 +30,17 @@ import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.util.net.SSLContext;
class JSSESSLContext implements SSLContext {
private javax.net.ssl.SSLContext context;
+ private KeyManager[] kms;
+ private TrustManager[] tms;
+
JSSESSLContext(String protocol) throws NoSuchAlgorithmException {
context = javax.net.ssl.SSLContext.getInstance(protocol);
}
@@ -40,6 +48,8 @@ class JSSESSLContext implements SSLConte
@Override
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr)
throws KeyManagementException {
+ this.kms = kms;
+ this.tms = tms;
context.init(kms, tms, sr);
}
@@ -67,4 +77,34 @@ class JSSESSLContext implements SSLConte
return context.getSupportedSSLParameters();
}
+ @Override
+ public X509Certificate[] getCertificateChain(String alias) {
+ X509Certificate[] result = null;
+ if (kms != null) {
+ for (int i = 0; i < kms.length && result == null; i++) {
+ if (kms[i] instanceof X509KeyManager) {
+ result = ((X509KeyManager)
kms[i]).getCertificateChain(alias);
+ }
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ Set<X509Certificate> certs = new HashSet<>();
+ if (tms != null) {
+ for (TrustManager tm : tms) {
+ if (tm instanceof X509TrustManager) {
+ X509Certificate[] accepted = ((X509TrustManager)
tm).getAcceptedIssuers();
+ if (accepted != null) {
+ for (X509Certificate c : accepted) {
+ certs.add(c);
+ }
+ }
+ }
+ }
+ }
+ return certs.toArray(new X509Certificate[certs.size()]);
+ }
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Mon Jan 8 11:44:24 2018
@@ -70,6 +70,8 @@ public class OpenSSLContext implements o
private final SSLHostConfig sslHostConfig;
private final SSLHostConfigCertificate certificate;
private OpenSSLSessionContext sessionContext;
+ private X509KeyManager x509KeyManager;
+ private X509TrustManager x509TrustManager;
private final List<String> negotiableProtocols;
@@ -291,17 +293,17 @@ public class OpenSSLContext implements o
SSLHostConfig.adjustRelativePath(
sslHostConfig.getCertificateRevocationListPath()));
} else {
- X509KeyManager keyManager = chooseKeyManager(kms);
+ x509KeyManager = chooseKeyManager(kms);
String alias = certificate.getCertificateKeyAlias();
if (alias == null) {
alias = "tomcat";
}
- X509Certificate[] chain =
keyManager.getCertificateChain(alias);
+ X509Certificate[] chain =
x509KeyManager.getCertificateChain(alias);
if (chain == null) {
- alias = findAlias(keyManager, certificate);
- chain = keyManager.getCertificateChain(alias);
+ alias = findAlias(x509KeyManager, certificate);
+ chain = x509KeyManager.getCertificateChain(alias);
}
- PrivateKey key = keyManager.getPrivateKey(alias);
+ PrivateKey key = x509KeyManager.getPrivateKey(alias);
StringBuilder sb = new StringBuilder(BEGIN_KEY);
String encoded =
BASE64_ENCODER.encodeToString(key.getEncoded());
if (encoded.endsWith("\n")) {
@@ -334,13 +336,13 @@ public class OpenSSLContext implements o
if (tms != null) {
// Client certificate verification based on custom trust
managers
- final X509TrustManager manager = chooseTrustManager(tms);
+ x509TrustManager = chooseTrustManager(tms);
SSLContext.setCertVerifyCallback(ctx, new
CertificateVerifier() {
@Override
public boolean verify(long ssl, byte[][] chain, String
auth) {
X509Certificate[] peerCerts = certificates(chain);
try {
- manager.checkClientTrusted(peerCerts, auth);
+ x509TrustManager.checkClientTrusted(peerCerts,
auth);
return true;
} catch (Exception e) {
log.debug(sm.getString("openssl.certificateVerificationFailed"), e);
@@ -352,7 +354,7 @@ public class OpenSSLContext implements o
// certificate issuers, so that their subjects can be presented
// by the server during the handshake to allow the client
choosing
// an acceptable certificate
- for (X509Certificate caCert : manager.getAcceptedIssuers()) {
+ for (X509Certificate caCert :
x509TrustManager.getAcceptedIssuers()) {
SSLContext.addClientCACertificateRaw(ctx,
caCert.getEncoded());
if (log.isDebugEnabled())
log.debug(sm.getString("openssl.addedClientCaCert",
caCert.toString()));
@@ -523,6 +525,32 @@ public class OpenSSLContext implements o
}
@Override
+ public X509Certificate[] getCertificateChain(String alias) {
+ X509Certificate[] chain = null;
+ if (x509KeyManager != null) {
+ if (alias == null) {
+ alias = "tomcat";
+ }
+ chain = x509KeyManager.getCertificateChain(alias);
+ if (chain == null) {
+ alias = findAlias(x509KeyManager, certificate);
+ chain = x509KeyManager.getCertificateChain(alias);
+ }
+ }
+
+ return chain;
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ X509Certificate[] acceptedCerts = null;
+ if (x509TrustManager != null) {
+ acceptedCerts = x509TrustManager.getAcceptedIssuers();
+ }
+ return acceptedCerts;
+ }
+
+ @Override
protected void finalize() throws Throwable {
/*
* When an SSLHostConfig is replaced at runtime, it is not possible to
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Jan 8 11:44:24 2018
@@ -140,6 +140,12 @@
MBean documentation so users have a reference to use when constructing
mbeans-descriptiors.xml files for custom components. (markt)
</add>
+ <add>
+ <bug>61566</bug>: Expose the currently in use certificate chain and
list
+ of trusted certificates for all virtual hosts configured using the JSSE
+ style (keystore) TLS configuration via the Manager web application.
+ (markt)
+ </add>
<fix>
Partial fix for <bug>61886</bug>. Ensure that multiple threads do not
attempt to complete the <code>AsyncContext</code> if an I/O error
occurs
Modified: tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/manager-howto.xml Mon Jan 8 11:44:24 2018
@@ -851,7 +851,7 @@ has been reloaded several times, it may
</subsection>
-<subsection name="Connector SSL/TLS diagnostics">
+<subsection name="Connector SSL/TLS cipher information">
<source>http://localhost:8080/manager/text/sslConnectorCiphers</source>
@@ -871,6 +871,49 @@ Connector[HTTP/1.1-8443]
...</source>
</subsection>
+
+<subsection name="Connector SSL/TLS certificate chain information">
+
+<source>http://localhost:8080/manager/text/sslConnectorCerts</source>
+
+<p>The SSL Connector/Certs diagnostic lists the certificate chain that is
+currently configured for each virtual host.</p>
+
+<p>The response will look something like this:</p>
+<source>OK - Connector / Certificate Chain information
+Connector[HTTP/1.1-8080]
+SSL is not enabled for this connector
+Connector[HTTP/1.1-8443]-_default_-RSA
+[
+[
+ Version: V3
+ Subject: CN=localhost, OU=Apache Tomcat PMC, O=The Apache Software
Foundation, L=Wakefield, ST=MA, C=US
+ Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
+ ...</source>
+
+</subsection>
+
+<subsection name="Connector SSL/TLS trusted certificate information">
+
+<source>http://localhost:8080/manager/text/sslConnectorTrustedCerts</source>
+
+<p>The SSL Connector/Certs diagnostic lists the trusted certificates that are
+currently configured for each virtual host.</p>
+
+<p>The response will look something like this:</p>
+<source>OK - Connector / Trusted Certificate information
+Connector[HTTP/1.1-8080]
+SSL is not enabled for this connector
+Connector[AJP/1.3-8009]
+SSL is not enabled for this connector
+Connector[HTTP/1.1-8443]-_default_
+[
+[
+ Version: V3
+ Subject: CN=Apache Tomcat Test CA, OU=Apache Tomcat PMC, O=The Apache
Software Foundation, L=Wakefield, ST=MA, C=US
+ ...</source>
+
+</subsection>
<subsection name="Thread Dump">
Copied: tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
(from r1817997, tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp)
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp?p2=tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp&p1=tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp&r1=1817997&r2=1820552&rev=1820552&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp (original)
+++ tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCerts.jsp Mon Jan
8 11:44:24 2018
@@ -32,12 +32,12 @@
<meta http-equiv="cache-control" content="no-cache,must-revalidate"/><!--
HTTP 1.1 -->
<meta http-equiv="expires" content="0"/><!-- 0 is an invalid value and
should be treated as 'now' -->
<meta http-equiv="content-language" content="en"/>
- <meta name="copyright" content="copyright 2005-2017 the Apache Software
Foundation"/>
+ <meta name="copyright" content="copyright 2005-2018 the Apache Software
Foundation"/>
<meta name="robots" content="noindex,nofollow,noarchive"/>
<title>Configured certificate chains per Connector</title>
</head>
<body>
-<h1>Configured ciphers per Connector</h1>
+<h1>Configured certificate chains per Connector</h1>
<table border="1" cellpadding="2" cellspacing="2" width="100%">
<thead>
Modified: tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp?rev=1820552&r1=1820551&r2=1820552&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
(original)
+++ tomcat/tc8.5.x/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp Mon
Jan 8 11:44:24 2018
@@ -42,7 +42,7 @@
<table border="1" cellpadding="2" cellspacing="2" width="100%">
<thead>
<tr>
- <th>Connector</th>
+ <th>Connector / TLS Virtual Host</th>
<th>Enabled Ciphers</th>
</tr>
</thead>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
