svn commit: r1677881 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/

markt Tue, 05 May 2015 12:24:06 -0700

Author: markt
Date: Tue May  5 19:23:55 2015
New Revision: 1677881

URL: http://svn.apache.org/r1677881
Log:
Move crlFile/SSLCARevocationFile & SSLCARevocationPath to SSLHostConfig


Modified:
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
    tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/trunk/webapps/docs/config/http.xml

Modified: 
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
Tue May  5 19:23:55 2015
@@ -64,9 +64,6 @@ public abstract class AbstractHttp11Jsse
         return getEndpoint().getTruststoreAlgorithm();
     }
 
-    public void setCrlFile(String s){getEndpoint().setCrlFile(s);}
-    public String getCrlFile(){ return getEndpoint().getCrlFile();}
-
     public void setSessionCacheSize(String 
s){getEndpoint().setSessionCacheSize(s);}
     public String getSessionCacheSize(){ return 
getEndpoint().getSessionCacheSize();}
 

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Tue 
May  5 19:23:55 2015
@@ -445,6 +445,19 @@ public abstract class AbstractHttp11Prot
     }
 
 
+    public void setCrlFile(String certificateRevocationListFile){
+        registerDefaultSSLHostConfig();
+        
defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile);
+    }
+    public void setSSLCARevocationFile(String certificateRevocationListFile) {
+        registerDefaultSSLHostConfig();
+        
defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile);
+    }
+    public void setSSLCARevocationPath(String certificateRevocationListPath) {
+        registerDefaultSSLHostConfig();
+        
defaultSSLHostConfig.setCertificateRevocationListPath(certificateRevocationListPath);
+    }
+
 
     // ------------------------------------------------------------- Common 
code
 

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Tue May  
5 19:23:55 2015
@@ -94,20 +94,6 @@ public class Http11AprProtocol extends A
 
 
     /**
-     * SSL CA revocation path.
-     */
-    public String getSSLCARevocationPath() { return 
((AprEndpoint)getEndpoint()).getSSLCARevocationPath(); }
-    public void setSSLCARevocationPath(String SSLCARevocationPath) { 
((AprEndpoint)getEndpoint()).setSSLCARevocationPath(SSLCARevocationPath); }
-
-
-    /**
-     * SSL CA revocation file.
-     */
-    public String getSSLCARevocationFile() { return 
((AprEndpoint)getEndpoint()).getSSLCARevocationFile(); }
-    public void setSSLCARevocationFile(String SSLCARevocationFile) { 
((AprEndpoint)getEndpoint()).setSSLCARevocationFile(SSLCARevocationFile); }
-
-
-    /**
      * Disable SSL compression.
      */
     public boolean getSSLDisableCompression() { return 
((AprEndpoint)getEndpoint()).getSSLDisableCompression(); }

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue May  
5 19:23:55 2015
@@ -1037,12 +1037,6 @@ public abstract class AbstractEndpoint<S
         this.trustManagerClassName = trustManagerClassName;
     }
 
-    private String crlFile = null;
-    public String getCrlFile() {return crlFile;}
-    public void setCrlFile(String crlFile) {
-        this.crlFile = crlFile;
-    }
-
     private String sessionCacheSize = null;
     public String getSessionCacheSize() { return sessionCacheSize;}
     public void setSessionCacheSize(String s) { sessionCacheSize = s;}

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue May  5 
19:23:55 2015
@@ -233,21 +233,6 @@ public class AprEndpoint extends Abstrac
 
 
     /**
-     * SSL CA revocation path.
-     */
-    protected String SSLCARevocationPath = null;
-    public String getSSLCARevocationPath() { return SSLCARevocationPath; }
-    public void setSSLCARevocationPath(String SSLCARevocationPath) { 
this.SSLCARevocationPath = SSLCARevocationPath; }
-
-
-    /**
-     * SSL CA revocation file.
-     */
-    protected String SSLCARevocationFile = null;
-    public String getSSLCARevocationFile() { return SSLCARevocationFile; }
-    public void setSSLCARevocationFile(String SSLCARevocationFile) { 
this.SSLCARevocationFile = SSLCARevocationFile; }
-
-    /**
      * SSL disable TLS Session Tickets (RFC 4507).
      */
     protected boolean SSLDisableSessionTickets = false;
@@ -564,7 +549,8 @@ public class AprEndpoint extends Abstrac
                 // Support Client Certificates
                 SSLContext.setCACertificate(ctx, SSLCACertificateFile, 
SSLCACertificatePath);
                 // Set revocation
-                SSLContext.setCARevocation(ctx, SSLCARevocationFile, 
SSLCARevocationPath);
+                SSLContext.setCARevocation(ctx, 
sslHostConfig.getCertificateRevocationListFile(),
+                        sslHostConfig.getCertificateRevocationListPath());
                 // Client certificate verification
                 switch (sslHostConfig.getCertificateVerification()) {
                 case NONE:

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue May  5 
19:23:55 2015
@@ -50,8 +50,8 @@ public class SSLHostConfig {
     private int certificateVerificationDepth = 10;
     private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
     private boolean honorCipherOrder = false;
-
     private Set<String> protocols = new HashSet<>();
+    private String certificateRevocationListFile;
     // JSSE
     private String certificateKeystorePassword = "changeit";
     private String certificateKeystoreFile = 
System.getProperty("user.home")+"/.keystore";
@@ -59,6 +59,7 @@ public class SSLHostConfig {
     // OpenSSL
     private String certificateFile;
     private String certificateKeyFile;
+    private String certificateRevocationListPath;
 
     public SSLHostConfig() {
         // Set defaults that can't be (easily) set when defining the fields.
@@ -117,6 +118,16 @@ public class SSLHostConfig {
     }
 
 
+    public void setCertificateRevocationListFile(String 
certificateRevocationListFile) {
+        this.certificateRevocationListFile = certificateRevocationListFile;
+    }
+
+
+    public String getCertificateRevocationListFile() {
+        return certificateRevocationListFile;
+    }
+
+
     public void setCertificateVerification(String certificateVerification) {
         this.certificateVerification = 
CertificateVerification.fromString(certificateVerification);
     }
@@ -275,6 +286,17 @@ public class SSLHostConfig {
     }
 
 
+    public void setCertificateRevocationListPath(String 
certificateRevocationListPath) {
+        setProperty("certificateRevocationListPath", Type.OPENSSL);
+        this.certificateRevocationListPath = certificateRevocationListPath;
+    }
+
+
+    public String getCertificateRevocationListPath() {
+        return certificateRevocationListPath;
+    }
+
+
     // ----------------------------------------------------------- Inner 
classes
 
     public static enum Type {

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
Tue May  5 19:23:55 2015
@@ -435,7 +435,7 @@ public class JSSESocketFactory implement
     protected TrustManager[] getTrustManagers(String keystoreType,
             String keystoreProvider, String algorithm)
         throws Exception {
-        String crlf = endpoint.getCrlFile();
+        String crlf = sslHostConfig.getCertificateRevocationListFile();
 
         String className = endpoint.getTrustManagerClassName();
         if(className != null && className.length() > 0) {

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677881&r1=1677880&r2=1677881&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Tue May  5 19:23:55 2015
@@ -1069,6 +1069,20 @@
       behaviour is not to use a password.</p>
     </attribute>
 
+    <attribute name="certificateRevocationFile" required="false">
+      <p>Name of the file that contains the concatenated certificate revocation
+      lists for the certificate authorities. The format is PEM-encoded. If not
+      defined, client certificates will not be checked against a certificate
+      revocation list (unless an OpenSSl based connector is used and
+      <strong>certificateRevocationPath</strong> is defined).</p>
+    </attribute>
+
+    <attribute name="certificateRevocationPath" required="false">
+      <p>OpenSSL only.</p>
+      <p>Name of the directory that contains the certificate revocation lists
+      for the certificate authorities. The format is PEM-encoded.</p>
+    </attribute>
+
     <attribute name="certificateVerification" required="false">
       <p>Set to <code>required</code> if you want the SSL stack to require a
       valid certificate chain from the client before accepting a connection.
@@ -1173,9 +1187,9 @@
     </attribute>
 
     <attribute name="crlFile" required="false">
-      <p>The certificate revocation list to be used to verify client
-      certificates. If not defined, client certificates will not be checked
-      against a certificate revocation list.</p>
+      <p>This is an alias for the <code>certificateRevocationFile</code>
+      attribute of the default
+      <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element.</p>
     </attribute>
 
     <attribute name="keyAlias" required="false">
@@ -1350,13 +1364,15 @@
     </attribute>
 
     <attribute name="SSLCARevocationFile" required="false">
-      <p>Name of the file that contains the concatenated certificate revocation
-      lists for the certificate authorities. The format is PEM-encoded.</p>
+      <p>This is an alias for the <code>certificateRevocationFile</code>
+      attribute of the default
+      <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element.</p>
     </attribute>
 
     <attribute name="SSLCARevocationPath" required="false">
-      <p>Name of the directory that contains the certificate revocation lists
-      for the certificate authorities. The format is PEM-encoded.</p>
+      <p>This is an alias for the <code>certificateRevocationPath</code>
+      attribute of the default
+      <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element.</p>
     </attribute>
 
     <attribute name="SSLCertificateChainFile" required="false">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1677881 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/

Reply via email to