Author: markt
Date: Fri Jun 19 19:38:20 2015
New Revision: 1686490
URL: http://svn.apache.org/r1686490
Log:
Complete the JSSE configuration plumbing for multiple certificates per virtual
host
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1686490&r1=1686489&r2=1686490&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Jun 19
19:38:20 2015
@@ -75,11 +75,6 @@ public class SSLHostConfig {
private boolean honorCipherOrder = true;
private Set<String> protocols = new HashSet<>();
// JSSE
- private String certificateKeyAlias;
- private String certificateKeystorePassword = "changeit";
- private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
- private String certificateKeystoreProvider =
System.getProperty("javax.net.ssl.keyStoreProvider");
- private String certificateKeystoreType =
System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
private int sessionCacheSize = 0;
private int sessionTimeout = 86400;
@@ -103,10 +98,6 @@ public class SSLHostConfig {
public SSLHostConfig() {
// Set defaults that can't be (easily) set when defining the fields.
setProtocols(Constants.SSL_PROTO_ALL);
- // Configure fall-back defaults if system property is not set.
- if (certificateKeystoreType == null) {
- certificateKeystoreType = "JKS";
- }
}
@@ -132,7 +123,7 @@ public class SSLHostConfig {
}
- private void setProperty(String name, Type configType) {
+ void setProperty(String name, Type configType) {
if (this.configType == null) {
Set<String> properties = configuredProperties.get(configType);
if (properties == null) {
@@ -153,8 +144,8 @@ public class SSLHostConfig {
private void registerDefaultCertificate() {
if (defaultCertificate == null) {
- defaultCertificate =
- new
SSLHostConfigCertificate(SSLHostConfigCertificate.Type.UNDEFINED);
+ defaultCertificate = new SSLHostConfigCertificate(
+ this, SSLHostConfigCertificate.Type.UNDEFINED);
certificates.add(defaultCertificate);
}
}
@@ -193,7 +184,7 @@ public class SSLHostConfig {
// ----------------------------------------- Common configuration
properties
- // TODO: All of these SSL setters can be removed once it is no longer
+ // TODO: This certificate setter can be removed once it is no longer
// necessary to support the old configuration attributes (Tomcat 10?).
public void setCertificateKeyPassword(String certificateKeyPassword) {
@@ -344,58 +335,36 @@ public class SSLHostConfig {
// ---------------------------------- JSSE specific configuration
properties
- public void setCertificateKeyAlias(String certificateKeyAlias) {
- setProperty("certificateKeyAlias", Type.JSSE);
- this.certificateKeyAlias = certificateKeyAlias;
- }
-
+ // TODO: These certificate setters can be removed once it is no longer
+ // necessary to support the old configuration attributes (Tomcat 10?).
- public String getCertificateKeyAlias() {
- return certificateKeyAlias;
+ public void setCertificateKeyAlias(String certificateKeyAlias) {
+ registerDefaultCertificate();
+ defaultCertificate.setCertificateKeyAlias(certificateKeyAlias);
}
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
- setProperty("certificateKeystoreFile", Type.JSSE);
- this.certificateKeystoreFile = certificateKeystoreFile;
- }
-
-
- public String getCertificateKeystoreFile() {
- return certificateKeystoreFile;
+ registerDefaultCertificate();
+ defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile);
}
public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
- setProperty("certificateKeystorePassword", Type.JSSE);
- this.certificateKeystorePassword = certificateKeystorePassword;
- }
-
-
- public String getCertificateKeystorePassword() {
- return certificateKeystorePassword;
+ registerDefaultCertificate();
+
defaultCertificate.setCertificateKeystorePassword(certificateKeystorePassword);
}
public void setCertificateKeystoreProvider(String
certificateKeystoreProvider) {
- setProperty("certificateKeystoreProvider", Type.JSSE);
- this.certificateKeystoreProvider = certificateKeystoreProvider;
- }
-
-
- public String getCertificateKeystoreProvider() {
- return certificateKeystoreProvider;
+ registerDefaultCertificate();
+
defaultCertificate.setCertificateKeystoreProvider(certificateKeystoreProvider);
}
public void setCertificateKeystoreType(String certificateKeystoreType) {
- setProperty("certificateKeystoreType", Type.JSSE);
- this.certificateKeystoreType = certificateKeystoreType;
- }
-
-
- public String getCertificateKeystoreType() {
- return certificateKeystoreType;
+ registerDefaultCertificate();
+ defaultCertificate.setCertificateKeystoreType(certificateKeystoreType);
}
@@ -495,7 +464,11 @@ public class SSLHostConfig {
public String getTruststoreProvider() {
if (truststoreProvider == null) {
- return getCertificateKeystoreProvider();
+ if (defaultCertificate == null) {
+ return SSLHostConfigCertificate.DEFAULT_KEYSTORE_PROVIDER;
+ } else {
+ return defaultCertificate.getCertificateKeystoreProvider();
+ }
} else {
return truststoreProvider;
}
@@ -510,7 +483,11 @@ public class SSLHostConfig {
public String getTruststoreType() {
if (truststoreType == null) {
- return getCertificateKeystoreType();
+ if (defaultCertificate == null) {
+ return SSLHostConfigCertificate.DEFAULT_KEYSTORE_TYPE;
+ } else {
+ return defaultCertificate.getCertificateKeystoreType();
+ }
} else {
return truststoreType;
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1686490&r1=1686489&r2=1686490&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
Fri Jun 19 19:38:20 2015
@@ -21,16 +21,32 @@ public class SSLHostConfigCertificate {
public static final Type DEFAULT_TYPE = Type.UNDEFINED;
+ static final String DEFAULT_KEYSTORE_PROVIDER =
+ System.getProperty("javax.net.ssl.keyStoreProvider");
+ static final String DEFAULT_KEYSTORE_TYPE =
+ System.getProperty("javax.net.ssl.keyStoreType", "JKS");
+
// Common
+ private final SSLHostConfig sslHostConfig;
private final Type type;
private String certificateKeyPassword = null;
+ // JSSE
+ private String certificateKeyAlias;
+ private String certificateKeystorePassword = "changeit";
+ private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
+ private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;
+ private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE;
+
- public SSLHostConfigCertificate(Type type) {
+ public SSLHostConfigCertificate(SSLHostConfig sslHostConfig, Type type) {
+ this.sslHostConfig = sslHostConfig;
this.type = type;
}
+ // Common
+
public Type getType() {
return type;
}
@@ -46,6 +62,73 @@ public class SSLHostConfigCertificate {
}
+ // JSSE
+
+ public void setCertificateKeyAlias(String certificateKeyAlias) {
+ sslHostConfig.setProperty(
+ "Certificate.certificateKeyAlias", SSLHostConfig.Type.JSSE);
+ this.certificateKeyAlias = certificateKeyAlias;
+ }
+
+
+ public String getCertificateKeyAlias() {
+ return certificateKeyAlias;
+ }
+
+
+ public void setCertificateKeystoreFile(String certificateKeystoreFile) {
+ sslHostConfig.setProperty(
+ "Certificate.certificateKeystoreFile",
SSLHostConfig.Type.JSSE);
+ this.certificateKeystoreFile = certificateKeystoreFile;
+ }
+
+
+ public String getCertificateKeystoreFile() {
+ return certificateKeystoreFile;
+ }
+
+
+ public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
+ sslHostConfig.setProperty(
+ "Certificate.certificateKeystorePassword",
SSLHostConfig.Type.JSSE);
+ this.certificateKeystorePassword = certificateKeystorePassword;
+ }
+
+
+ public String getCertificateKeystorePassword() {
+ return certificateKeystorePassword;
+ }
+
+
+ public void setCertificateKeystoreProvider(String
certificateKeystoreProvider) {
+ sslHostConfig.setProperty(
+ "Certificate.certificateKeystoreProvider",
SSLHostConfig.Type.JSSE);
+ this.certificateKeystoreProvider = certificateKeystoreProvider;
+ }
+
+
+ public String getCertificateKeystoreProvider() {
+ return certificateKeystoreProvider;
+ }
+
+
+ public void setCertificateKeystoreType(String certificateKeystoreType) {
+ sslHostConfig.setProperty(
+ "Certificate.certificateKeystoreType",
SSLHostConfig.Type.JSSE);
+ this.certificateKeystoreType = certificateKeystoreType;
+ }
+
+
+ public String getCertificateKeystoreType() {
+ return certificateKeystoreType;
+ }
+
+
+ // OpenSSL
+
+
+ // Nested types
+
public static enum Type {
UNDEFINED,
RSA,
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1686490&r1=1686489&r2=1686490&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Fri Jun 19 19:38:20 2015
@@ -262,18 +262,18 @@ public class JSSESocketFactory implement
@Override
public KeyManager[] getKeyManagers() throws Exception {
- String keystoreType = sslHostConfig.getCertificateKeystoreType();
- String keystoreProvider =
sslHostConfig.getCertificateKeystoreProvider();
+ String keystoreType = certificate.getCertificateKeystoreType();
+ String keystoreProvider = certificate.getCertificateKeystoreProvider();
String keystoreFile = SSLHostConfig.adjustRelativePath(
- sslHostConfig.getCertificateKeystoreFile());
- String keystorePass = sslHostConfig.getCertificateKeystorePassword();
- String keyAlias = sslHostConfig.getCertificateKeyAlias();
+ certificate.getCertificateKeystoreFile());
+ String keystorePass = certificate.getCertificateKeystorePassword();
+ String keyAlias = certificate.getCertificateKeyAlias();
String algorithm = sslHostConfig.getKeyManagerAlgorithm();
String keyPass = certificate.getCertificateKeyPassword();
// This has to be here as it can't be moved to SSLHostConfig since the
// defaults vary between JSSE and OpenSSL.
if (keyPass == null) {
- keyPass = sslHostConfig.getCertificateKeystorePassword();
+ keyPass = certificate.getCertificateKeystorePassword();
}
KeyManager[] kms = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
