Author: fhanik
Date: Tue Nov 25 12:14:30 2008
New Revision: 720587
URL: http://svn.apache.org/viewvc?rev=720587&view=rev
Log:
Add an extended key manager to handle a forced server alias on the tomcat NIO
connector
Added:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=720587&r1=720586&r2=720587&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Tue Nov 25
12:14:30 2008
@@ -55,9 +55,8 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.net.JIoEndpoint.Worker;
import org.apache.tomcat.util.net.SecureNioChannel.ApplicationBufferHandler;
-import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
+import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -785,8 +784,7 @@
ks.load(new FileInputStream(getKeystoreFile()), passphrase);
KeyStore ts = null;
if (getTruststoreFile()==null) {
-// ts = KeyStore.getInstance(getKeystoreType());
-// ts.load(new FileInputStream(getKeystoreFile()), passphrase);
+ //no op, same as for BIO connector
}else {
ts = KeyStore.getInstance(ttype);
ts.load(new FileInputStream(getTruststoreFile()), tpassphrase);
@@ -809,17 +807,16 @@
}
public KeyManager[] wrap(KeyManager[] managers) {
- return managers;
-// if (managers==null) return null;
-// KeyManager[] result = new KeyManager[managers.length];
-// for (int i=0; i<result.length; i++) {
-// if (managers[i] instanceof X509KeyManager &&
getKeyAlias()!=null) {
-// result[i] = new
JSSEKeyManager((X509KeyManager)managers[i],getKeyAlias());
-// } else {
-// result[i] = managers[i];
-// }
-// }
-// return result;
+ if (managers==null) return null;
+ KeyManager[] result = new KeyManager[managers.length];
+ for (int i=0; i<result.length; i++) {
+ if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
+ result[i] = new
NioX509KeyManager((X509KeyManager)managers[i],getKeyAlias());
+ } else {
+ result[i] = managers[i];
+ }
+ }
+ return result;
}
Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java?rev=720587&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
(added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
Tue Nov 25 12:14:30 2008
@@ -0,0 +1,69 @@
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509KeyManager;
+
+public class NioX509KeyManager extends X509ExtendedKeyManager {
+
+ private X509KeyManager delegate;
+ private String serverKeyAlias;
+
+ /**
+ * Constructor.
+ *
+ * @param mgr The X509KeyManager used as a delegate
+ * @param serverKeyAlias The alias name of the server's keypair and
+ * supporting certificate chain
+ */
+ public NioX509KeyManager(X509KeyManager mgr, String serverKeyAlias) {
+ this.delegate = mgr;
+ this.serverKeyAlias = serverKeyAlias;
+ }
+
+ public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
+ return delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
+ if (serverKeyAlias!=null) {
+ return serverKeyAlias;
+ } else {
+ return delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+ }
+
+ public X509Certificate[] getCertificateChain(String alias) {
+ return delegate.getCertificateChain(alias);
+ }
+
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ return delegate.getPrivateKey(alias);
+ }
+
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+ @Override
+ public String chooseEngineServerAlias(String keyType, Principal[] issuers,
SSLEngine engine) {
+ if (serverKeyAlias!=null) {
+ return serverKeyAlias;
+ } else {
+ return super.chooseEngineServerAlias(keyType, issuers, engine);
+ }
+ }
+
+
+
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
