Author: markt Date: Thu May 7 11:24:05 2015 New Revision: 1678169 URL: http://svn.apache.org/r1678169 Log: Retain the original configuration settings and use separate getters the absolute value for all file/path attributes
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1678169&r1=1678168&r2=1678169&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Thu May 7 11:24:05 2015 @@ -367,7 +367,7 @@ public class AprEndpoint extends Abstrac if (isSSLEnabled()) { for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) { - if (sslHostConfig.getCertificateFile() == null) { + if (sslHostConfig.getCertificateFileAbsolute() == null) { // This is required throw new Exception(sm.getString("endpoint.apr.noSslCertFile")); } @@ -485,18 +485,19 @@ public class AprEndpoint extends Abstrac // List the ciphers that the client is permitted to negotiate SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers()); // Load Server key and certificate - SSLContext.setCertificate(ctx, sslHostConfig.getCertificateFile(), - sslHostConfig.getCertificateKeyFile(), + SSLContext.setCertificate(ctx, sslHostConfig.getCertificateFileAbsolute(), + sslHostConfig.getCertificateKeyFileAbsolute(), sslHostConfig.getCertificateKeyPassword(), SSL.SSL_AIDX_RSA); // Set certificate chain file SSLContext.setCertificateChainFile( - ctx, sslHostConfig.getCertificateChainFile(), false); + ctx, sslHostConfig.getCertificateChainFileAbsolute(), false); // Support Client Certificates - SSLContext.setCACertificate(ctx, sslHostConfig.getCaCertificateFile(), - sslHostConfig.getCaCertificatePath()); + SSLContext.setCACertificate(ctx, sslHostConfig.getCaCertificateFileAbsolute(), + sslHostConfig.getCaCertificatePathAbsolute()); // Set revocation - SSLContext.setCARevocation(ctx, sslHostConfig.getCertificateRevocationListFile(), - sslHostConfig.getCertificateRevocationListPath()); + SSLContext.setCARevocation(ctx, + sslHostConfig.getCertificateRevocationListFileAbsolute(), + sslHostConfig.getCertificateRevocationListPathAbsolute()); // Client certificate verification switch (sslHostConfig.getCertificateVerification()) { case NONE: Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678169&r1=1678168&r2=1678169&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7 11:24:05 2015 @@ -52,6 +52,7 @@ public class SSLHostConfig { // Common private String certificateKeyPassword = null; private String certificateRevocationListFile; + private String certificateRevocationListFileAbsolute; private CertificateVerification certificateVerification = CertificateVerification.NONE; private int certificateVerificationDepth = 10; private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"; @@ -61,6 +62,7 @@ public class SSLHostConfig { private String certificateKeyAlias; private String certificateKeystorePassword = "changeit"; private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore"; + private String certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile); private String certificateKeystoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider"); private String certificateKeystoreType = System.getProperty("javax.net.ssl.keyStoreType"); private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); @@ -70,16 +72,23 @@ public class SSLHostConfig { private String trustManagerClassName; private String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); private String truststoreFile = System.getProperty("javax.net.ssl.trustStore"); + private String truststoreFileAbsolute = adjustRelativePath(truststoreFile); private String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); private String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); private String truststoreType = System.getProperty("javax.net.ssl.trustStoreType"); // OpenSSL private String certificateChainFile; + private String certificateChainFileAbsolute; private String certificateFile; + private String certificateFileAbsolute; private String certificateKeyFile; + private String certificateKeyFileAbsolute; private String certificateRevocationListPath; + private String certificateRevocationListPathAbsolute; private String caCertificateFile; + private String caCertificateFileAbsolute; private String caCertificatePath; + private String caCertificatePathAbsolute; private boolean disableCompression = true; private boolean disableSessionTickets = false; private boolean insecureRenegotiation = false; @@ -146,13 +155,20 @@ public class SSLHostConfig { public void setCertificateRevocationListFile(String certificateRevocationListFile) { - this.certificateRevocationListFile = adjustRelativePath(certificateRevocationListFile); + this.certificateRevocationListFile = certificateRevocationListFile; + this.certificateRevocationListFileAbsolute = + adjustRelativePath(certificateRevocationListFile); } public String getCertificateRevocationListFile() { return certificateRevocationListFile; } + public String getCertificateRevocationListFileAbsolute() { + return certificateRevocationListFileAbsolute; + } + + public void setCertificateVerification(String certificateVerification) { @@ -270,13 +286,17 @@ public class SSLHostConfig { public void setCertificateKeystoreFile(String certificateKeystoreFile) { setProperty("certificateKeystoreFile", Type.JSSE); - this.certificateKeystoreFile = adjustRelativePath(certificateKeystoreFile); + this.certificateKeystoreFile = certificateKeystoreFile; + this.certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile); } public String getCertificateKeystoreFile() { return certificateKeystoreFile; } + public String getCertificateKeystoreFileAbsolute() { + return certificateKeystoreFileAbsolute; + } public void setCertificateKeystorePassword(String certificateKeystorePassword) { @@ -380,13 +400,17 @@ public class SSLHostConfig { public void setTruststoreFile(String truststoreFile) { setProperty("truststoreFile", Type.JSSE); - this.truststoreFile = adjustRelativePath(truststoreFile); + this.truststoreFile = truststoreFile; + this.truststoreFileAbsolute = adjustRelativePath(truststoreFile); } public String getTruststoreFile() { return truststoreFile; } + public String getTruststoreFileAbsolute() { + return truststoreFileAbsolute; + } public void setTruststorePassword(String truststorePassword) { @@ -434,67 +458,93 @@ public class SSLHostConfig { public void setCertificateChainFile(String certificateChainFile) { setProperty("certificateChainFile", Type.OPENSSL); - this.certificateChainFile = adjustRelativePath(certificateChainFile); + this.certificateChainFile = certificateChainFile; + this.certificateChainFileAbsolute = adjustRelativePath(certificateChainFile); } + public String getCertificateChainFile() { return certificateChainFile; } + public String getCertificateChainFileAbsolute() { + return certificateChainFileAbsolute; + } public void setCertificateFile(String certificateFile) { setProperty("certificateFile", Type.OPENSSL); - this.certificateFile = adjustRelativePath(certificateFile); + this.certificateFile = certificateFile; + this.certificateFileAbsolute = adjustRelativePath(certificateFile); } public String getCertificateFile() { return certificateFile; } + public String getCertificateFileAbsolute() { + return certificateFileAbsolute; + } public void setCertificateKeyFile(String certificateKeyFile) { setProperty("certificateKeyFile", Type.OPENSSL); - this.certificateKeyFile = adjustRelativePath(certificateKeyFile); + this.certificateKeyFile = certificateKeyFile; + this.certificateKeyFileAbsolute = adjustRelativePath(certificateKeyFile); } public String getCertificateKeyFile() { return certificateKeyFile; } + public String getCertificateKeyFileAbsolute() { + return certificateKeyFileAbsolute; + } public void setCertificateRevocationListPath(String certificateRevocationListPath) { setProperty("certificateRevocationListPath", Type.OPENSSL); - this.certificateRevocationListPath = adjustRelativePath(certificateRevocationListPath); + this.certificateRevocationListPath = certificateRevocationListPath; + this.certificateRevocationListPathAbsolute = + adjustRelativePath(certificateRevocationListPath); } public String getCertificateRevocationListPath() { return certificateRevocationListPath; } + public String getCertificateRevocationListPathAbsolute() { + return certificateRevocationListPathAbsolute; + } public void setCaCertificateFile(String caCertificateFile) { setProperty("caCertificateFile", Type.OPENSSL); - this.caCertificateFile = adjustRelativePath(caCertificateFile); + this.caCertificateFile = caCertificateFile; + this.caCertificateFileAbsolute = adjustRelativePath(caCertificateFile); } public String getCaCertificateFile() { return caCertificateFile; } + public String getCaCertificateFileAbsolute() { + return caCertificateFileAbsolute; + } public void setCaCertificatePath(String caCertificatePath) { setProperty("caCertificatePath", Type.OPENSSL); - this.caCertificatePath = adjustRelativePath(caCertificatePath); + this.caCertificatePath = caCertificatePath; + this.caCertificatePathAbsolute = adjustRelativePath(caCertificatePath); } public String getCaCertificatePath() { return caCertificatePath; } + public String getCaCertificatePathAbsolute() { + return caCertificatePathAbsolute; + } public void setDisableCompression(boolean disableCompression) { Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678169&r1=1678168&r2=1678169&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu May 7 11:24:05 2015 @@ -170,7 +170,7 @@ public class JSSESocketFactory implement protected KeyStore getTrustStore() throws IOException { KeyStore trustStore = null; - String truststoreFile = sslHostConfig.getTruststoreFile(); + String truststoreFile = sslHostConfig.getTruststoreFileAbsolute(); String truststoreType = sslHostConfig.getTruststoreType(); String truststoreProvider = sslHostConfig.getTruststoreProvider(); @@ -261,7 +261,7 @@ public class JSSESocketFactory implement public KeyManager[] getKeyManagers() throws Exception { String keystoreType = sslHostConfig.getCertificateKeystoreType(); String keystoreProvider = sslHostConfig.getCertificateKeystoreProvider(); - String keystoreFile = sslHostConfig.getCertificateKeystoreFile(); + String keystoreFile = sslHostConfig.getCertificateKeystoreFileAbsolute(); String keystorePass = sslHostConfig.getCertificateKeystorePassword(); String keyAlias = sslHostConfig.getCertificateKeyAlias(); String algorithm = sslHostConfig.getKeyManagerAlgorithm(); @@ -301,7 +301,7 @@ public class JSSESocketFactory implement public TrustManager[] getTrustManagers() throws Exception { String algorithm = sslHostConfig.getTruststoreAlgorithm(); - String crlf = sslHostConfig.getCertificateRevocationListFile(); + String crlf = sslHostConfig.getCertificateRevocationListFileAbsolute(); String className = sslHostConfig.getTrustManagerClassName(); if(className != null && className.length() > 0) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org