Author: fhanik
Date: Fri Sep 14 14:10:11 2007
New Revision: 575793
URL: http://svn.apache.org/viewvc?rev=575793&view=rev
Log:
Use a truststore if defined bz
http://issues.apache.org/bugzilla/show_bug.cgi?id=43356
Modified:
tomcat/sandbox/gdev6x/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/sandbox/gdev6x/java/org/apache/tomcat/util/net/NioEndpoint.java
Modified:
tomcat/sandbox/gdev6x/java/org/apache/coyote/http11/Http11NioProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/gdev6x/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=575793&r1=575792&r2=575793&view=diff
==============================================================================
--- tomcat/sandbox/gdev6x/java/org/apache/coyote/http11/Http11NioProtocol.java
(original)
+++ tomcat/sandbox/gdev6x/java/org/apache/coyote/http11/Http11NioProtocol.java
Fri Sep 14 14:10:11 2007
@@ -547,17 +547,25 @@
public String getAlgorithm() { return ep.getAlgorithm();}
public void setAlgorithm(String s ) { ep.setAlgorithm(s);}
- public boolean getClientAuth() { return ep.getClientAuth();}
- public void setClientAuth(boolean b ) { ep.setClientAuth(b);}
+ public void setClientauth(String s) {setClientAuth(s);}
+ public String getClientauth(){ return getClientAuth();}
+ public String getClientAuth() { return ep.getClientAuth();}
+ public void setClientAuth(String s ) { ep.setClientAuth(s);}
public String getKeystorePass() { return ep.getKeystorePass();}
public void setKeystorePass(String s ) { ep.setKeystorePass(s);}
public void setKeypass(String s) { setKeystorePass(s);}
public String getKeypass() { return getKeystorePass();}
-
-
public String getKeystoreType() { return ep.getKeystoreType();}
public void setKeystoreType(String s ) { ep.setKeystoreType(s);}
+
+ public void setTruststoreFile(String f){ep.setTruststoreFile(f);}
+ public String getTruststoreFile(){return ep.getTruststoreFile();}
+ public void setTruststorePass(String p){ep.setTruststorePass(p);}
+ public String getTruststorePass(){return ep.getTruststorePass();}
+ public void setTruststoreType(String t){ep.setTruststoreType(t);}
+ public String getTruststoreType(){ return ep.getTruststoreType();}
+
public String getSslProtocol() { return ep.getSslProtocol();}
public void setSslProtocol(String s) { ep.setSslProtocol(s);}
Modified: tomcat/sandbox/gdev6x/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/gdev6x/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=575793&r1=575792&r2=575793&view=diff
==============================================================================
--- tomcat/sandbox/gdev6x/java/org/apache/tomcat/util/net/NioEndpoint.java
(original)
+++ tomcat/sandbox/gdev6x/java/org/apache/tomcat/util/net/NioEndpoint.java Fri
Sep 14 14:10:11 2007
@@ -518,10 +518,42 @@
}
+ public String adjustRelativePath(String path, String relativeTo) {
+ File f = new File(path);
+ if ( !f.isAbsolute()) {
+ path = relativeTo + File.separator + path;
+ f = new File(path);
+ }
+ if (!f.exists()) {
+ log.warn("configured file:["+path+"] does not exist.");
+ }
+ return path;
+ }
+
+ public String defaultIfNull(String val, String defaultValue) {
+ if (val==null) return defaultValue;
+ else return val;
+ }
// -------------------- SSL related properties --------------------
+ protected String truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
+ public void setTruststoreFile(String s) {
+ s = adjustRelativePath(s,System.getProperty("catalina.base"));
+ this.truststoreFile = s;
+ }
+ public String getTruststoreFile() {return truststoreFile;}
+ protected String truststorePass =
System.getProperty("javax.net.ssl.trustStorePassword");
+ public void setTruststorePass(String truststorePass) {this.truststorePass
= truststorePass;}
+ public String getTruststorePass() {return truststorePass;}
+ protected String truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
+ public void setTruststoreType(String truststoreType) {this.truststoreType
= truststoreType;}
+ public String getTruststoreType() {return truststoreType;}
+
protected String keystoreFile =
System.getProperty("user.home")+"/.keystore";
public String getKeystoreFile() { return keystoreFile;}
- public void setKeystoreFile(String s ) { this.keystoreFile = s; }
+ public void setKeystoreFile(String s ) {
+ s = adjustRelativePath(s,System.getProperty("catalina.base"));
+ this.keystoreFile = s;
+ }
public void setKeystore(String s ) { setKeystoreFile(s);}
public String getKeystore() { return getKeystoreFile();}
@@ -529,9 +561,9 @@
public String getAlgorithm() { return algorithm;}
public void setAlgorithm(String s ) { this.algorithm = s;}
- protected boolean clientAuth = false;
- public boolean getClientAuth() { return clientAuth;}
- public void setClientAuth(boolean b ) { this.clientAuth = b;}
+ protected String clientAuth = "false";
+ public String getClientAuth() { return clientAuth;}
+ public void setClientAuth(String s ) { this.clientAuth = s;}
protected String keystorePass = "changeit";
public String getKeystorePass() { return keystorePass;}
@@ -601,6 +633,7 @@
this.oomParachuteData = oomParachuteData;
}
+
protected SSLContext sslContext = null;
public SSLContext getSSLContext() { return sslContext;}
public void setSSLContext(SSLContext c) { sslContext = c;}
@@ -723,10 +756,19 @@
// Initialize SSL
char[] passphrase = getKeystorePass().toCharArray();
+ char[] tpassphrase =
(getTruststorePass()!=null)?getTruststorePass().toCharArray():passphrase;
+ String ttype =
(getTruststoreType()!=null)?getTruststoreType():getKeystoreType();
+
KeyStore ks = KeyStore.getInstance(getKeystoreType());
ks.load(new FileInputStream(getKeystoreFile()), passphrase);
- KeyStore ts = KeyStore.getInstance(getKeystoreType());
- ts.load(new FileInputStream(getKeystoreFile()), passphrase);
+ KeyStore ts = null;
+ if (getTruststoreFile()==null) {
+ ts = KeyStore.getInstance(getKeystoreType());
+ ts.load(new FileInputStream(getKeystoreFile()), passphrase);
+ }else {
+ ts = KeyStore.getInstance(ttype);
+ ts.load(new FileInputStream(getTruststoreFile()), tpassphrase);
+ }
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(getAlgorithm());
kmf.init(ks, passphrase);
@@ -736,7 +778,6 @@
sslContext = SSLContext.getInstance(getSslProtocol());
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
null);
-
}
if (oomParachute>0) reclaimParachute(true);
@@ -896,6 +937,7 @@
return oomParachuteData;
}
+
/**
* Unlock the server socket accept using a bogus connection.
*/
@@ -978,7 +1020,14 @@
protected SSLEngine createSSLEngine() {
SSLEngine engine = sslContext.createSSLEngine();
- engine.setNeedClientAuth(getClientAuth());
+ if ("false".equals(getClientAuth())) {
+ engine.setNeedClientAuth(false);
+ engine.setWantClientAuth(false);
+ } else if ("true".equals(getClientAuth()) ||
"yes".equals(getClientAuth())){
+ engine.setNeedClientAuth(true);
+ } else if ("want".equals(getClientAuth())) {
+ engine.setWantClientAuth(true);
+ }
engine.setUseClientMode(false);
if ( ciphersarr.length > 0 ) engine.setEnabledCipherSuites(ciphersarr);
if ( sslEnabledProtocolsarr.length > 0 )
engine.setEnabledProtocols(sslEnabledProtocolsarr);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
