Author: markt Date: Tue Jul 29 09:50:00 2014 New Revision: 1614297 URL: http://svn.apache.org/r1614297 Log: Rename enumeration to the singular form for consistency
Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java - copied, changed from r1614287, tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java Removed: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java Modified: tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java tomcat/trunk/res/checkstyle/org-import-control.xml Modified: tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java?rev=1614297&r1=1614296&r2=1614297&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java (original) +++ tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java Tue Jul 29 09:50:00 2014 @@ -16,14 +16,34 @@ */ package org.apache.tomcat.buildutil; +import java.io.ByteArrayOutputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.URL; import java.util.ArrayList; import java.util.List; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPConnection; +import javax.xml.soap.SOAPConnectionFactory; +import javax.xml.soap.SOAPConstants; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; + +import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tools.ant.BuildException; import org.apache.tools.ant.DirectoryScanner; import org.apache.tools.ant.Task; import org.apache.tools.ant.types.FileSet; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; /** * Ant task that submits a file to the Symantec code-signing service. @@ -32,6 +52,9 @@ public class SignCode extends Task { private final List<FileSet> filesets = new ArrayList<>(); + private static String USERNAME = "AOOAPI"; + private static String PASSWORD = "Demo1234!"; + private static String PARTNERCODE = "4615797APA95264"; public void addFileset(FileSet fileset) { filesets.add(fileset); @@ -53,9 +76,151 @@ public class SignCode extends Task { for (int i = 0; i < files.length; i++) { File file = new File(basedir, files[i]); filesToSign.add(file); - log("TODO: Sign " + file.getAbsolutePath()); } } } + + try { + // Construct the signing request + log("Constructing the code signing request"); + + // Create the SOAP message + MessageFactory factory = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL); + SOAPMessage message = factory.createMessage(); + + // Populate envelope + SOAPPart soapPart = message.getSOAPPart(); + SOAPEnvelope envelope = soapPart.getEnvelope(); + envelope.addNamespaceDeclaration("soapenv","http://schemas.xmlsoap.org/soap/envelope/"); + envelope.addNamespaceDeclaration("cod","http://api.ws.symantec.com/webtrust/codesigningservice"); + + SOAPBody body = envelope.getBody(); + + SOAPElement requestSigning = + body.addChildElement("requestSigning", "cod"); + + SOAPElement requestSigningRequest = + requestSigning.addChildElement("requestSigningRequest", "cod"); + + SOAPElement authToken = requestSigningRequest.addChildElement("authToken", "cod"); + SOAPElement userName = authToken.addChildElement("userName", "cod"); + userName.addTextNode(USERNAME); + SOAPElement password = authToken.addChildElement("password", "cod"); + password.addTextNode(PASSWORD); + SOAPElement partnerCode = authToken.addChildElement("partnerCode", "cod"); + partnerCode.addTextNode(PARTNERCODE); + + SOAPElement applicationName = + requestSigningRequest.addChildElement("applicationName", "cod"); + applicationName.addTextNode("Apache Tomcat"); + + SOAPElement applicationVersion = + requestSigningRequest.addChildElement("applicationVersion", "cod"); + applicationVersion.addTextNode("8.0.x trunk"); + + SOAPElement signingServiceName = + requestSigningRequest.addChildElement("signingServiceName", "cod"); + signingServiceName.addTextNode("Microsoft Signing"); + + SOAPElement commaDelimitedFileNames = + requestSigningRequest.addChildElement("commaDelimitedFileNames", "cod"); + commaDelimitedFileNames.addTextNode(getFileNames(filesToSign.size())); + + SOAPElement application = + requestSigningRequest.addChildElement("application", "cod"); + application.addTextNode(getApplicationString(filesToSign)); + + // Send the message + SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance(); + SOAPConnection connection = soapConnectionFactory.createConnection(); + java.net.URL endpoint = new URL("https://test-api.ws.symantec.com:443/webtrust/SigningService"); + + log("Sending siging request to server and waiting for reponse"); + SOAPMessage response = connection.call(message, endpoint); + + log("Processing response"); + SOAPElement responseBody = response.getSOAPBody(); + log(responseBody.getTextContent()); + + // Should come back signed + NodeList bodyNodes = responseBody.getChildNodes(); + NodeList requestSigningResponseNodes = bodyNodes.item(0).getChildNodes(); + NodeList returnNodes = requestSigningResponseNodes.item(0).getChildNodes(); + + String signingSetID = null; + String signingSetStatus = null; + + for (int i = 0; i < returnNodes.getLength(); i++) { + Node returnNode = returnNodes.item(i); + if (returnNode.getLocalName().equals("signingSetID")) { + signingSetID = returnNode.getTextContent(); + } else if (returnNode.getLocalName().equals("signingSetStatus")) { + signingSetStatus = returnNode.getTextContent(); + } + } + + if (!"SIGNED".equals(signingSetStatus)) { + throw new BuildException("Signing failed. Status was: " + signingSetStatus); + } + + log("TODO: Download signingSet: " + signingSetID); + + + } catch (SOAPException | IOException e) { + throw new BuildException(e); + } + } + + /** + * Signing service requires unique files names. Since files will be returned + * in order, use dummy names that we know are unique. + */ + private String getFileNames(int fileCount) { + StringBuilder sb = new StringBuilder(); + + boolean first = true; + + for (int i = 0; i < fileCount; i++) { + if (first) { + first = false; + } else { + sb.append(','); + } + sb.append(Integer.toString(i)); + } + return sb.toString(); + } + + /** + * Zips the files, base 64 encodes the resulting zip and then returns the + * string. It would be far more efficient to stream this directly to the + * signing server but the files that need to be signed are relatively small + * and this simpler to write. + * + * @param files Files to be signed + */ + private String getApplicationString(List<File> files) throws IOException { + // 10 MB should be more than enough for Tomcat + ByteArrayOutputStream baos = new ByteArrayOutputStream(10 * 1024 * 1024); + try (ZipOutputStream zos = new ZipOutputStream(baos)) { + + byte[] buf = new byte[32 * 1024]; + + for (int i = 0; i < files.size() ; i++) { + try (FileInputStream fis = new FileInputStream(files.get(i))) { + ZipEntry zipEntry = new ZipEntry(Integer.toString(i)); + zos.putNextEntry(zipEntry); + + int numRead; + while ( (numRead = fis.read(buf) ) >= 0) { + zos.write(buf, 0, numRead); + } + } + } + } + + log("" + baos.size()); + + return Base64.encodeBase64String(baos.toByteArray()); } } Copied: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java (from r1614287, tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java) URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?p2=tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java&p1=tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java&r1=1614287&r2=1614297&rev=1614297&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Tue Jul 29 09:50:00 2014 @@ -20,7 +20,7 @@ package org.apache.tomcat.util.net.jsse. /** * All Ciphers for SSL/TSL. */ -enum Ciphers { +enum Cipher { /* The RSA ciphers */ // Cipher 01 SSL_RSA_WITH_NULL_MD5("NULL-MD5", @@ -2235,7 +2235,7 @@ enum Ciphers { */ private final int alg_bits; - Ciphers(String openSSLAlias, KeyExchange kx, Authentication au, + Cipher(String openSSLAlias, KeyExchange kx, Authentication au, Encryption enc, MessageDigest mac, Protocol protocol, boolean export, EncryptionLevel level, boolean fipsCompatible, int strength_bits, int alg_bits) { Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1614297&r1=1614296&r2=1614297&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java Tue Jul 29 09:50:00 2014 @@ -72,7 +72,7 @@ public class OpenSSLCipherConfigurationP /** * All ciphers by their openssl alias name. */ - private static final Map<String, List<Ciphers>> aliases = new LinkedHashMap<>(); + private static final Map<String, List<Cipher>> aliases = new LinkedHashMap<>(); /** * the 'NULL' ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk @@ -361,20 +361,20 @@ public class OpenSSLCipherConfigurationP private static final void init() { - for (Ciphers cipher : Ciphers.values()) { + for (Cipher cipher : Cipher.values()) { String alias = cipher.getOpenSSLAlias(); if (aliases.containsKey(alias)) { aliases.get(alias).add(cipher); } else { - List<Ciphers> list = new ArrayList<>(); + List<Cipher> list = new ArrayList<>(); list.add(cipher); aliases.put(alias, list); } aliases.put(cipher.name(), Collections.singletonList(cipher)); } - List<Ciphers> allCiphers = Arrays.asList(Ciphers.values()); + List<Cipher> allCiphers = Arrays.asList(Cipher.values()); Collections.reverse(allCiphers); - LinkedHashSet<Ciphers> all = defaultSort(new LinkedHashSet<>(allCiphers)); + LinkedHashSet<Cipher> all = defaultSort(new LinkedHashSet<>(allCiphers)); addListAlias(ALL, all); addListAlias(HIGH, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.HIGH))); addListAlias(MEDIUM, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.MEDIUM))); @@ -392,7 +392,7 @@ public class OpenSSLCipherConfigurationP addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA), Collections.singleton(Authentication.RSA), null, null, null)); addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH))); addListAlias(kDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH))); - Set<Ciphers> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); + Set<Cipher> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); edh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.DH))); addListAlias(EDH, edh); addListAlias(DHE, edh); @@ -411,7 +411,7 @@ public class OpenSSLCipherConfigurationP addListAlias(aDSS, filterByAuthentication(all, Collections.singleton(Authentication.DSS))); aliases.put("DSS", aliases.get(aDSS)); addListAlias(aDH, filterByAuthentication(all, Collections.singleton(Authentication.DH))); - Set<Ciphers> aecdh = filterByKeyExchange(all, new HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))); + Set<Cipher> aecdh = filterByKeyExchange(all, new HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))); aecdh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL))); addListAlias(AECDH, aecdh); addListAlias(aECDH, filterByAuthentication(all, Collections.singleton(Authentication.ECDH))); @@ -427,7 +427,7 @@ public class OpenSSLCipherConfigurationP addListAlias(SSLv3, filterByProtocol(all, Collections.singleton(Protocol.SSLv3))); addListAlias(SSLv2, filterByProtocol(all, Collections.singleton(Protocol.SSLv2))); addListAlias(DH, filterByKeyExchange(all, new HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH)))); - Set<Ciphers> adh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); + Set<Cipher> adh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); adh.retainAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL))); addListAlias(ADH, adh); addListAlias(AES128, filterByEncryption(all, new HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM)))); @@ -459,56 +459,56 @@ public class OpenSSLCipherConfigurationP initialized = true; String defaultExpression = System.getProperty(DEFAULT_EXPRESSION_KEY, "ALL:!eNULL:!aNULL"); addListAlias(DEFAULT, parse(defaultExpression)); - LinkedHashSet<Ciphers> complementOfDefault = new LinkedHashSet<>(all); + LinkedHashSet<Cipher> complementOfDefault = new LinkedHashSet<>(all); complementOfDefault.removeAll(aliases.get(DEFAULT)); addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault); } - static void addListAlias(String alias, Set<Ciphers> ciphers) { + static void addListAlias(String alias, Set<Cipher> ciphers) { aliases.put(alias, new ArrayList<>(ciphers)); } - static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final String alias) { + static void moveToEnd(final LinkedHashSet<Cipher> ciphers, final String alias) { moveToEnd(ciphers, aliases.get(alias)); } - static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final Collection<Ciphers> toBeMovedCiphers) { - List<Ciphers> movedCiphers = new ArrayList<>(toBeMovedCiphers); + static void moveToEnd(final LinkedHashSet<Cipher> ciphers, final Collection<Cipher> toBeMovedCiphers) { + List<Cipher> movedCiphers = new ArrayList<>(toBeMovedCiphers); movedCiphers.retainAll(ciphers); ciphers.removeAll(movedCiphers); ciphers.addAll(movedCiphers); } - static void add(final LinkedHashSet<Ciphers> ciphers, final String alias) { + static void add(final LinkedHashSet<Cipher> ciphers, final String alias) { ciphers.addAll(aliases.get(alias)); } - static void remove(final LinkedHashSet<Ciphers> ciphers, final String alias) { + static void remove(final LinkedHashSet<Cipher> ciphers, final String alias) { ciphers.removeAll(aliases.get(alias)); } - static LinkedHashSet<Ciphers> strengthSort(final LinkedHashSet<Ciphers> ciphers) { + static LinkedHashSet<Cipher> strengthSort(final LinkedHashSet<Cipher> ciphers) { /* * This routine sorts the ciphers with descending strength. The sorting * must keep the pre-sorted sequence, so we apply the normal sorting * routine as '+' movement to the end of the list. */ Set<Integer> keySizes = new HashSet<>(); - for (Ciphers cipher : ciphers) { + for (Cipher cipher : ciphers) { keySizes.add(Integer.valueOf(cipher.getStrength_bits())); } List<Integer> strength_bits = new ArrayList<>(keySizes); Collections.sort(strength_bits); Collections.reverse(strength_bits); - final LinkedHashSet<Ciphers> result = new LinkedHashSet<>(ciphers); + final LinkedHashSet<Cipher> result = new LinkedHashSet<>(ciphers); for (int strength : strength_bits) { moveToEnd(result, filterByStrengthBits(ciphers, strength)); } return result; } - static LinkedHashSet<Ciphers> defaultSort(final LinkedHashSet<Ciphers> ciphers) { - final LinkedHashSet<Ciphers> result = new LinkedHashSet<>(ciphers.size()); + static LinkedHashSet<Cipher> defaultSort(final LinkedHashSet<Cipher> ciphers) { + final LinkedHashSet<Cipher> result = new LinkedHashSet<>(ciphers.size()); /* Now arrange all ciphers by preference: */ /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ @@ -538,9 +538,9 @@ public class OpenSSLCipherConfigurationP return strengthSort(result); } - static Set<Ciphers> filterByStrengthBits(Set<Ciphers> ciphers, int strength_bits) { - Set<Ciphers> result = new LinkedHashSet<>(ciphers.size()); - for (Ciphers cipher : ciphers) { + static Set<Cipher> filterByStrengthBits(Set<Cipher> ciphers, int strength_bits) { + Set<Cipher> result = new LinkedHashSet<>(ciphers.size()); + for (Cipher cipher : ciphers) { if (cipher.getStrength_bits() == strength_bits) { result.add(cipher); } @@ -548,34 +548,34 @@ public class OpenSSLCipherConfigurationP return result; } - static Set<Ciphers> filterByProtocol(Set<Ciphers> ciphers, Set<Protocol> protocol) { + static Set<Cipher> filterByProtocol(Set<Cipher> ciphers, Set<Protocol> protocol) { return filter(ciphers, protocol, null, null, null, null, null); } - static Set<Ciphers> filterByKeyExchange(Set<Ciphers> ciphers, Set<KeyExchange> kx) { + static Set<Cipher> filterByKeyExchange(Set<Cipher> ciphers, Set<KeyExchange> kx) { return filter(ciphers, null, kx, null, null, null, null); } - static Set<Ciphers> filterByAuthentication(Set<Ciphers> ciphers, Set<Authentication> au) { + static Set<Cipher> filterByAuthentication(Set<Cipher> ciphers, Set<Authentication> au) { return filter(ciphers, null, null, au, null, null, null); } - static Set<Ciphers> filterByEncryption(Set<Ciphers> ciphers, Set<Encryption> enc) { + static Set<Cipher> filterByEncryption(Set<Cipher> ciphers, Set<Encryption> enc) { return filter(ciphers, null, null, null, enc, null, null); } - static Set<Ciphers> filterByEncryptionLevel(Set<Ciphers> ciphers, Set<EncryptionLevel> level) { + static Set<Cipher> filterByEncryptionLevel(Set<Cipher> ciphers, Set<EncryptionLevel> level) { return filter(ciphers, null, null, null, null, level, null); } - static Set<Ciphers> filterByMessageDigest(Set<Ciphers> ciphers, Set<MessageDigest> mac) { + static Set<Cipher> filterByMessageDigest(Set<Cipher> ciphers, Set<MessageDigest> mac) { return filter(ciphers, null, null, null, null, null, mac); } - static Set<Ciphers> filter(Set<Ciphers> ciphers, Set<Protocol> protocol, Set<KeyExchange> kx, + static Set<Cipher> filter(Set<Cipher> ciphers, Set<Protocol> protocol, Set<KeyExchange> kx, Set<Authentication> au, Set<Encryption> enc, Set<EncryptionLevel> level, Set<MessageDigest> mac) { - Set<Ciphers> result = new LinkedHashSet<>(ciphers.size()); - for (Ciphers cipher : ciphers) { + Set<Cipher> result = new LinkedHashSet<>(ciphers.size()); + for (Cipher cipher : ciphers) { if (protocol != null && protocol.contains(cipher.getProtocol())) { result.add(cipher); } @@ -598,13 +598,13 @@ public class OpenSSLCipherConfigurationP return result; } - static LinkedHashSet<Ciphers> parse(String expression) { + static LinkedHashSet<Cipher> parse(String expression) { if (!initialized) { init(); } String[] elements = expression.split(SEPARATOR); - LinkedHashSet<Ciphers> ciphers = new LinkedHashSet<>(); - Set<Ciphers> removedCiphers = new HashSet<>(); + LinkedHashSet<Cipher> ciphers = new LinkedHashSet<>(); + Set<Cipher> removedCiphers = new HashSet<>(); for (String element : elements) { if (element.startsWith(DELETE)) { String alias = element.substring(1); @@ -631,7 +631,7 @@ public class OpenSSLCipherConfigurationP } else if (element.contains(AND)) { String[] intersections = element.split("\\" + AND); if(intersections.length > 0) { - List<Ciphers> result = new ArrayList<>(aliases.get(intersections[0])); + List<Cipher> result = new ArrayList<>(aliases.get(intersections[0])); for(int i = 1; i < intersections.length; i++) { if(aliases.containsKey(intersections[i])) { result.retainAll(aliases.get(intersections[i])); @@ -645,9 +645,9 @@ public class OpenSSLCipherConfigurationP return defaultSort(ciphers); } - static List<String> convertForJSSE(Collection<Ciphers> ciphers) { + static List<String> convertForJSSE(Collection<Cipher> ciphers) { List<String> result = new ArrayList<>(ciphers.size()); - for (Ciphers cipher : ciphers) { + for (Cipher cipher : ciphers) { result.add(cipher.name()); } if (log.isDebugEnabled()) { @@ -666,12 +666,12 @@ public class OpenSSLCipherConfigurationP return convertForJSSE(parse(expression)); } - static String displayResult(Collection<Ciphers> ciphers, boolean useJSSEFormat, String separator) { + static String displayResult(Collection<Cipher> ciphers, boolean useJSSEFormat, String separator) { if (ciphers.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(ciphers.size() * 16); - for (Ciphers cipher : ciphers) { + for (Cipher cipher : ciphers) { if (useJSSEFormat) { builder.append(cipher.name()); } else { Modified: tomcat/trunk/res/checkstyle/org-import-control.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/checkstyle/org-import-control.xml?rev=1614297&r1=1614296&r2=1614297&view=diff ============================================================================== --- tomcat/trunk/res/checkstyle/org-import-control.xml (original) +++ tomcat/trunk/res/checkstyle/org-import-control.xml Tue Jul 29 09:50:00 2014 @@ -124,6 +124,7 @@ <allow pkg="javax.servlet"/> <subpackage name="buildutil"> <allow pkg="org.apache.tools.ant"/> + <allow pkg="org.apache.tomcat.util"/> </subpackage> <subpackage name="dbcp"> <allow pkg="org.apache.juli"/> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org