Author: markt Date: Fri Jun 19 19:38:20 2015 New Revision: 1686490 URL: http://svn.apache.org/r1686490 Log: Complete the JSSE configuration plumbing for multiple certificates per virtual host
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1686490&r1=1686489&r2=1686490&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Jun 19 19:38:20 2015 @@ -75,11 +75,6 @@ public class SSLHostConfig { private boolean honorCipherOrder = true; private Set<String> protocols = new HashSet<>(); // JSSE - private String certificateKeyAlias; - private String certificateKeystorePassword = "changeit"; - private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore"; - private String certificateKeystoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider"); - private String certificateKeystoreType = System.getProperty("javax.net.ssl.keyStoreType"); private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); private int sessionCacheSize = 0; private int sessionTimeout = 86400; @@ -103,10 +98,6 @@ public class SSLHostConfig { public SSLHostConfig() { // Set defaults that can't be (easily) set when defining the fields. setProtocols(Constants.SSL_PROTO_ALL); - // Configure fall-back defaults if system property is not set. - if (certificateKeystoreType == null) { - certificateKeystoreType = "JKS"; - } } @@ -132,7 +123,7 @@ public class SSLHostConfig { } - private void setProperty(String name, Type configType) { + void setProperty(String name, Type configType) { if (this.configType == null) { Set<String> properties = configuredProperties.get(configType); if (properties == null) { @@ -153,8 +144,8 @@ public class SSLHostConfig { private void registerDefaultCertificate() { if (defaultCertificate == null) { - defaultCertificate = - new SSLHostConfigCertificate(SSLHostConfigCertificate.Type.UNDEFINED); + defaultCertificate = new SSLHostConfigCertificate( + this, SSLHostConfigCertificate.Type.UNDEFINED); certificates.add(defaultCertificate); } } @@ -193,7 +184,7 @@ public class SSLHostConfig { // ----------------------------------------- Common configuration properties - // TODO: All of these SSL setters can be removed once it is no longer + // TODO: This certificate setter can be removed once it is no longer // necessary to support the old configuration attributes (Tomcat 10?). public void setCertificateKeyPassword(String certificateKeyPassword) { @@ -344,58 +335,36 @@ public class SSLHostConfig { // ---------------------------------- JSSE specific configuration properties - public void setCertificateKeyAlias(String certificateKeyAlias) { - setProperty("certificateKeyAlias", Type.JSSE); - this.certificateKeyAlias = certificateKeyAlias; - } - + // TODO: These certificate setters can be removed once it is no longer + // necessary to support the old configuration attributes (Tomcat 10?). - public String getCertificateKeyAlias() { - return certificateKeyAlias; + public void setCertificateKeyAlias(String certificateKeyAlias) { + registerDefaultCertificate(); + defaultCertificate.setCertificateKeyAlias(certificateKeyAlias); } public void setCertificateKeystoreFile(String certificateKeystoreFile) { - setProperty("certificateKeystoreFile", Type.JSSE); - this.certificateKeystoreFile = certificateKeystoreFile; - } - - - public String getCertificateKeystoreFile() { - return certificateKeystoreFile; + registerDefaultCertificate(); + defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile); } public void setCertificateKeystorePassword(String certificateKeystorePassword) { - setProperty("certificateKeystorePassword", Type.JSSE); - this.certificateKeystorePassword = certificateKeystorePassword; - } - - - public String getCertificateKeystorePassword() { - return certificateKeystorePassword; + registerDefaultCertificate(); + defaultCertificate.setCertificateKeystorePassword(certificateKeystorePassword); } public void setCertificateKeystoreProvider(String certificateKeystoreProvider) { - setProperty("certificateKeystoreProvider", Type.JSSE); - this.certificateKeystoreProvider = certificateKeystoreProvider; - } - - - public String getCertificateKeystoreProvider() { - return certificateKeystoreProvider; + registerDefaultCertificate(); + defaultCertificate.setCertificateKeystoreProvider(certificateKeystoreProvider); } public void setCertificateKeystoreType(String certificateKeystoreType) { - setProperty("certificateKeystoreType", Type.JSSE); - this.certificateKeystoreType = certificateKeystoreType; - } - - - public String getCertificateKeystoreType() { - return certificateKeystoreType; + registerDefaultCertificate(); + defaultCertificate.setCertificateKeystoreType(certificateKeystoreType); } @@ -495,7 +464,11 @@ public class SSLHostConfig { public String getTruststoreProvider() { if (truststoreProvider == null) { - return getCertificateKeystoreProvider(); + if (defaultCertificate == null) { + return SSLHostConfigCertificate.DEFAULT_KEYSTORE_PROVIDER; + } else { + return defaultCertificate.getCertificateKeystoreProvider(); + } } else { return truststoreProvider; } @@ -510,7 +483,11 @@ public class SSLHostConfig { public String getTruststoreType() { if (truststoreType == null) { - return getCertificateKeystoreType(); + if (defaultCertificate == null) { + return SSLHostConfigCertificate.DEFAULT_KEYSTORE_TYPE; + } else { + return defaultCertificate.getCertificateKeystoreType(); + } } else { return truststoreType; } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1686490&r1=1686489&r2=1686490&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java Fri Jun 19 19:38:20 2015 @@ -21,16 +21,32 @@ public class SSLHostConfigCertificate { public static final Type DEFAULT_TYPE = Type.UNDEFINED; + static final String DEFAULT_KEYSTORE_PROVIDER = + System.getProperty("javax.net.ssl.keyStoreProvider"); + static final String DEFAULT_KEYSTORE_TYPE = + System.getProperty("javax.net.ssl.keyStoreType", "JKS"); + // Common + private final SSLHostConfig sslHostConfig; private final Type type; private String certificateKeyPassword = null; + // JSSE + private String certificateKeyAlias; + private String certificateKeystorePassword = "changeit"; + private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore"; + private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER; + private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE; + - public SSLHostConfigCertificate(Type type) { + public SSLHostConfigCertificate(SSLHostConfig sslHostConfig, Type type) { + this.sslHostConfig = sslHostConfig; this.type = type; } + // Common + public Type getType() { return type; } @@ -46,6 +62,73 @@ public class SSLHostConfigCertificate { } + // JSSE + + public void setCertificateKeyAlias(String certificateKeyAlias) { + sslHostConfig.setProperty( + "Certificate.certificateKeyAlias", SSLHostConfig.Type.JSSE); + this.certificateKeyAlias = certificateKeyAlias; + } + + + public String getCertificateKeyAlias() { + return certificateKeyAlias; + } + + + public void setCertificateKeystoreFile(String certificateKeystoreFile) { + sslHostConfig.setProperty( + "Certificate.certificateKeystoreFile", SSLHostConfig.Type.JSSE); + this.certificateKeystoreFile = certificateKeystoreFile; + } + + + public String getCertificateKeystoreFile() { + return certificateKeystoreFile; + } + + + public void setCertificateKeystorePassword(String certificateKeystorePassword) { + sslHostConfig.setProperty( + "Certificate.certificateKeystorePassword", SSLHostConfig.Type.JSSE); + this.certificateKeystorePassword = certificateKeystorePassword; + } + + + public String getCertificateKeystorePassword() { + return certificateKeystorePassword; + } + + + public void setCertificateKeystoreProvider(String certificateKeystoreProvider) { + sslHostConfig.setProperty( + "Certificate.certificateKeystoreProvider", SSLHostConfig.Type.JSSE); + this.certificateKeystoreProvider = certificateKeystoreProvider; + } + + + public String getCertificateKeystoreProvider() { + return certificateKeystoreProvider; + } + + + public void setCertificateKeystoreType(String certificateKeystoreType) { + sslHostConfig.setProperty( + "Certificate.certificateKeystoreType", SSLHostConfig.Type.JSSE); + this.certificateKeystoreType = certificateKeystoreType; + } + + + public String getCertificateKeystoreType() { + return certificateKeystoreType; + } + + + // OpenSSL + + + // Nested types + public static enum Type { UNDEFINED, RSA, Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1686490&r1=1686489&r2=1686490&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Fri Jun 19 19:38:20 2015 @@ -262,18 +262,18 @@ public class JSSESocketFactory implement @Override public KeyManager[] getKeyManagers() throws Exception { - String keystoreType = sslHostConfig.getCertificateKeystoreType(); - String keystoreProvider = sslHostConfig.getCertificateKeystoreProvider(); + String keystoreType = certificate.getCertificateKeystoreType(); + String keystoreProvider = certificate.getCertificateKeystoreProvider(); String keystoreFile = SSLHostConfig.adjustRelativePath( - sslHostConfig.getCertificateKeystoreFile()); - String keystorePass = sslHostConfig.getCertificateKeystorePassword(); - String keyAlias = sslHostConfig.getCertificateKeyAlias(); + certificate.getCertificateKeystoreFile()); + String keystorePass = certificate.getCertificateKeystorePassword(); + String keyAlias = certificate.getCertificateKeyAlias(); String algorithm = sslHostConfig.getKeyManagerAlgorithm(); String keyPass = certificate.getCertificateKeyPassword(); // This has to be here as it can't be moved to SSLHostConfig since the // defaults vary between JSSE and OpenSSL. if (keyPass == null) { - keyPass = sslHostConfig.getCertificateKeystorePassword(); + keyPass = certificate.getCertificateKeystorePassword(); } KeyManager[] kms = null; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org