Author: markt
Date: Thu May 7 11:24:05 2015
New Revision: 1678169
URL: http://svn.apache.org/r1678169
Log:
Retain the original configuration settings and use separate getters the
absolute value for all file/path attributes
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1678169&r1=1678168&r2=1678169&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Thu May 7
11:24:05 2015
@@ -367,7 +367,7 @@ public class AprEndpoint extends Abstrac
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
- if (sslHostConfig.getCertificateFile() == null) {
+ if (sslHostConfig.getCertificateFileAbsolute() == null) {
// This is required
throw new
Exception(sm.getString("endpoint.apr.noSslCertFile"));
}
@@ -485,18 +485,19 @@ public class AprEndpoint extends Abstrac
// List the ciphers that the client is permitted to negotiate
SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers());
// Load Server key and certificate
- SSLContext.setCertificate(ctx,
sslHostConfig.getCertificateFile(),
- sslHostConfig.getCertificateKeyFile(),
+ SSLContext.setCertificate(ctx,
sslHostConfig.getCertificateFileAbsolute(),
+ sslHostConfig.getCertificateKeyFileAbsolute(),
sslHostConfig.getCertificateKeyPassword(),
SSL.SSL_AIDX_RSA);
// Set certificate chain file
SSLContext.setCertificateChainFile(
- ctx, sslHostConfig.getCertificateChainFile(), false);
+ ctx, sslHostConfig.getCertificateChainFileAbsolute(),
false);
// Support Client Certificates
- SSLContext.setCACertificate(ctx,
sslHostConfig.getCaCertificateFile(),
- sslHostConfig.getCaCertificatePath());
+ SSLContext.setCACertificate(ctx,
sslHostConfig.getCaCertificateFileAbsolute(),
+ sslHostConfig.getCaCertificatePathAbsolute());
// Set revocation
- SSLContext.setCARevocation(ctx,
sslHostConfig.getCertificateRevocationListFile(),
- sslHostConfig.getCertificateRevocationListPath());
+ SSLContext.setCARevocation(ctx,
+
sslHostConfig.getCertificateRevocationListFileAbsolute(),
+
sslHostConfig.getCertificateRevocationListPathAbsolute());
// Client certificate verification
switch (sslHostConfig.getCertificateVerification()) {
case NONE:
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678169&r1=1678168&r2=1678169&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7
11:24:05 2015
@@ -52,6 +52,7 @@ public class SSLHostConfig {
// Common
private String certificateKeyPassword = null;
private String certificateRevocationListFile;
+ private String certificateRevocationListFileAbsolute;
private CertificateVerification certificateVerification =
CertificateVerification.NONE;
private int certificateVerificationDepth = 10;
private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
@@ -61,6 +62,7 @@ public class SSLHostConfig {
private String certificateKeyAlias;
private String certificateKeystorePassword = "changeit";
private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
+ private String certificateKeystoreFileAbsolute =
adjustRelativePath(certificateKeystoreFile);
private String certificateKeystoreProvider =
System.getProperty("javax.net.ssl.keyStoreProvider");
private String certificateKeystoreType =
System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
@@ -70,16 +72,23 @@ public class SSLHostConfig {
private String trustManagerClassName;
private String truststoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
private String truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
+ private String truststoreFileAbsolute = adjustRelativePath(truststoreFile);
private String truststorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
private String truststoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider");
private String truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
// OpenSSL
private String certificateChainFile;
+ private String certificateChainFileAbsolute;
private String certificateFile;
+ private String certificateFileAbsolute;
private String certificateKeyFile;
+ private String certificateKeyFileAbsolute;
private String certificateRevocationListPath;
+ private String certificateRevocationListPathAbsolute;
private String caCertificateFile;
+ private String caCertificateFileAbsolute;
private String caCertificatePath;
+ private String caCertificatePathAbsolute;
private boolean disableCompression = true;
private boolean disableSessionTickets = false;
private boolean insecureRenegotiation = false;
@@ -146,13 +155,20 @@ public class SSLHostConfig {
public void setCertificateRevocationListFile(String
certificateRevocationListFile) {
- this.certificateRevocationListFile =
adjustRelativePath(certificateRevocationListFile);
+ this.certificateRevocationListFile = certificateRevocationListFile;
+ this.certificateRevocationListFileAbsolute =
+ adjustRelativePath(certificateRevocationListFile);
}
public String getCertificateRevocationListFile() {
return certificateRevocationListFile;
}
+ public String getCertificateRevocationListFileAbsolute() {
+ return certificateRevocationListFileAbsolute;
+ }
+
+
public void setCertificateVerification(String certificateVerification) {
@@ -270,13 +286,17 @@ public class SSLHostConfig {
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
setProperty("certificateKeystoreFile", Type.JSSE);
- this.certificateKeystoreFile =
adjustRelativePath(certificateKeystoreFile);
+ this.certificateKeystoreFile = certificateKeystoreFile;
+ this.certificateKeystoreFileAbsolute =
adjustRelativePath(certificateKeystoreFile);
}
public String getCertificateKeystoreFile() {
return certificateKeystoreFile;
}
+ public String getCertificateKeystoreFileAbsolute() {
+ return certificateKeystoreFileAbsolute;
+ }
public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
@@ -380,13 +400,17 @@ public class SSLHostConfig {
public void setTruststoreFile(String truststoreFile) {
setProperty("truststoreFile", Type.JSSE);
- this.truststoreFile = adjustRelativePath(truststoreFile);
+ this.truststoreFile = truststoreFile;
+ this.truststoreFileAbsolute = adjustRelativePath(truststoreFile);
}
public String getTruststoreFile() {
return truststoreFile;
}
+ public String getTruststoreFileAbsolute() {
+ return truststoreFileAbsolute;
+ }
public void setTruststorePassword(String truststorePassword) {
@@ -434,67 +458,93 @@ public class SSLHostConfig {
public void setCertificateChainFile(String certificateChainFile) {
setProperty("certificateChainFile", Type.OPENSSL);
- this.certificateChainFile = adjustRelativePath(certificateChainFile);
+ this.certificateChainFile = certificateChainFile;
+ this.certificateChainFileAbsolute =
adjustRelativePath(certificateChainFile);
}
+
public String getCertificateChainFile() {
return certificateChainFile;
}
+ public String getCertificateChainFileAbsolute() {
+ return certificateChainFileAbsolute;
+ }
public void setCertificateFile(String certificateFile) {
setProperty("certificateFile", Type.OPENSSL);
- this.certificateFile = adjustRelativePath(certificateFile);
+ this.certificateFile = certificateFile;
+ this.certificateFileAbsolute = adjustRelativePath(certificateFile);
}
public String getCertificateFile() {
return certificateFile;
}
+ public String getCertificateFileAbsolute() {
+ return certificateFileAbsolute;
+ }
public void setCertificateKeyFile(String certificateKeyFile) {
setProperty("certificateKeyFile", Type.OPENSSL);
- this.certificateKeyFile = adjustRelativePath(certificateKeyFile);
+ this.certificateKeyFile = certificateKeyFile;
+ this.certificateKeyFileAbsolute =
adjustRelativePath(certificateKeyFile);
}
public String getCertificateKeyFile() {
return certificateKeyFile;
}
+ public String getCertificateKeyFileAbsolute() {
+ return certificateKeyFileAbsolute;
+ }
public void setCertificateRevocationListPath(String
certificateRevocationListPath) {
setProperty("certificateRevocationListPath", Type.OPENSSL);
- this.certificateRevocationListPath =
adjustRelativePath(certificateRevocationListPath);
+ this.certificateRevocationListPath = certificateRevocationListPath;
+ this.certificateRevocationListPathAbsolute =
+ adjustRelativePath(certificateRevocationListPath);
}
public String getCertificateRevocationListPath() {
return certificateRevocationListPath;
}
+ public String getCertificateRevocationListPathAbsolute() {
+ return certificateRevocationListPathAbsolute;
+ }
public void setCaCertificateFile(String caCertificateFile) {
setProperty("caCertificateFile", Type.OPENSSL);
- this.caCertificateFile = adjustRelativePath(caCertificateFile);
+ this.caCertificateFile = caCertificateFile;
+ this.caCertificateFileAbsolute = adjustRelativePath(caCertificateFile);
}
public String getCaCertificateFile() {
return caCertificateFile;
}
+ public String getCaCertificateFileAbsolute() {
+ return caCertificateFileAbsolute;
+ }
public void setCaCertificatePath(String caCertificatePath) {
setProperty("caCertificatePath", Type.OPENSSL);
- this.caCertificatePath = adjustRelativePath(caCertificatePath);
+ this.caCertificatePath = caCertificatePath;
+ this.caCertificatePathAbsolute = adjustRelativePath(caCertificatePath);
}
public String getCaCertificatePath() {
return caCertificatePath;
}
+ public String getCaCertificatePathAbsolute() {
+ return caCertificatePathAbsolute;
+ }
public void setDisableCompression(boolean disableCompression) {
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678169&r1=1678168&r2=1678169&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Thu May 7 11:24:05 2015
@@ -170,7 +170,7 @@ public class JSSESocketFactory implement
protected KeyStore getTrustStore() throws IOException {
KeyStore trustStore = null;
- String truststoreFile = sslHostConfig.getTruststoreFile();
+ String truststoreFile = sslHostConfig.getTruststoreFileAbsolute();
String truststoreType = sslHostConfig.getTruststoreType();
String truststoreProvider = sslHostConfig.getTruststoreProvider();
@@ -261,7 +261,7 @@ public class JSSESocketFactory implement
public KeyManager[] getKeyManagers() throws Exception {
String keystoreType = sslHostConfig.getCertificateKeystoreType();
String keystoreProvider =
sslHostConfig.getCertificateKeystoreProvider();
- String keystoreFile = sslHostConfig.getCertificateKeystoreFile();
+ String keystoreFile =
sslHostConfig.getCertificateKeystoreFileAbsolute();
String keystorePass = sslHostConfig.getCertificateKeystorePassword();
String keyAlias = sslHostConfig.getCertificateKeyAlias();
String algorithm = sslHostConfig.getKeyManagerAlgorithm();
@@ -301,7 +301,7 @@ public class JSSESocketFactory implement
public TrustManager[] getTrustManagers() throws Exception {
String algorithm = sslHostConfig.getTruststoreAlgorithm();
- String crlf = sslHostConfig.getCertificateRevocationListFile();
+ String crlf = sslHostConfig.getCertificateRevocationListFileAbsolute();
String className = sslHostConfig.getTrustManagerClassName();
if(className != null && className.length() > 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
