billbarker 01/12/06 20:38:26
Modified: src/share/org/apache/tomcat/modules/server
Http10Interceptor.java PoolTcpConnector.java
Log:
PureTLS support changes.
Submitted by: Eric Rescorla [EMAIL PROTECTED]
Revision Changes Path
1.28 +45 -7
jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10Interceptor.java
Index: Http10Interceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10Interceptor.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- Http10Interceptor.java 2001/11/02 03:14:03 1.27
+++ Http10Interceptor.java 2001/12/07 04:38:26 1.28
@@ -156,6 +156,10 @@
reqA.readNextRequest(resA);
if( secure ) {
reqA.scheme().setString( "https" );
+
+ // Load up the SSLSupport class
+ if(sslImplementation != null)
+ reqA.setSSLSupport(sslImplementation.getSSLSupport(socket));
}
cm.service( reqA, resA );
@@ -199,13 +203,47 @@
catch (IOException e) { /* ignore */ }
}
}
+
+ /**
+ getInfo calls for SSL data
+
+ @return the requested data
+ */
+ public Object getInfo( Context ctx, Request request,
+ int id, String key ) {
+ // The following code explicitly assumes that the only
+ // attributes hand;ed here are HTTP. If you change that
+ // you MUST change the test for sslSupport==null --EKR
+
+ HttpRequest httpReq;
+
+
+ try {
+ httpReq=(HttpRequest)request;
+ } catch (ClassCastException e){
+ return null;
+ }
+
+ if(key!=null && httpReq!=null && httpReq.sslSupport!=null){
+ try {
+ if(key.equals("javax.servlet.request.cipher_suite"))
+ return httpReq.sslSupport.getCipherSuite();
+ if(key.equals("javax.servlet.request.X509Certificate"))
+ return httpReq.sslSupport.getPeerCertificateChain();
+ } catch (Exception e){
+ log("Exception getting SSL attribute " + key,e,Log.WARNING);
+ return null;
+ }
+ }
+ return super.getInfo(ctx,request,id,key);
+ }
}
class HttpRequest extends Request {
Http10 http=new Http10();
private boolean moreRequests = false;
Socket socket;
- static CertCompat certcompat = CertCompat.getCertCompat();
+ SSLSupport sslSupport=null;
public HttpRequest() {
super();
@@ -214,12 +252,6 @@
remoteAddrMB.recycle();
remoteHostMB.recycle();
}
- public Object getAttribute(String name) {
- if (name.equals("javax.servlet.request.X509Certificate")) {
- return(certcompat.getX509Certificates(socket));
- }
- return(super.getAttribute(name));
- }
public void recycle() {
super.recycle();
@@ -227,6 +259,7 @@
// recycle these to remove the defaults
remoteAddrMB.recycle();
remoteHostMB.recycle();
+ sslSupport=null;
}
public void setSocket(Socket socket) throws IOException {
@@ -352,6 +385,11 @@
// log("No server name, defaulting to localhost");
serverNameMB.setString( getLocalHost() );
}
+
+ void setSSLSupport(SSLSupport s){
+ sslSupport=s;
+ }
+
}
1.13 +29 -27
jakarta-tomcat/src/share/org/apache/tomcat/modules/server/PoolTcpConnector.java
Index: PoolTcpConnector.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/PoolTcpConnector.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- PoolTcpConnector.java 2001/11/07 03:36:47 1.12
+++ PoolTcpConnector.java 2001/12/07 04:38:26 1.13
@@ -88,9 +88,11 @@
{
protected PoolTcpEndpoint ep;
protected ServerSocketFactory socketFactory;
+ protected SSLImplementation sslImplementation;
// socket factory attriubtes ( XXX replace with normal setters )
protected Hashtable attributes = new Hashtable();
protected String socketFactoryName=null;
+ protected String sslImplementationName=null;
protected boolean secure=false;
public PoolTcpConnector() {
@@ -187,33 +189,39 @@
*/
private void checkSocketFactory() throws TomcatException {
if(secure) {
- if(socketFactoryName == null)
- socketFactoryName = SSL_FACT;
- /* backwards compatibility */
- if(SSL_FACT.equals(socketFactoryName)) {
- try {
- Class c1=Class.forName( SSL_CHECK );
- } catch (Exception sslex) {
- throw new TomcatException("JSSE not installed.",sslex);
- }
- System.getProperties().put("java.protocol.handler.pkgs",
- "com.sun.net.ssl.internal.www.protocol");
- }
- }
- if(socketFactoryName != null) {
- try {
- socketFactory = string2SocketFactory(socketFactoryName);
- ep.setServerSocketFactory(socketFactory);
- } catch(Exception sfex) {
- throw new TomcatException("Error Loading Socket Factory " +
- socketFactoryName,
- sfex);
+ try {
+ // The SSL setup code has been moved into
+ // SSLImplementation since SocketFactory doesn't
+ // provide a wide enough interface
+ sslImplementation=SSLImplementation.getInstance
+ (sslImplementationName);
+ ep.setServerSocketFactory(sslImplementation.
+ getServerSocketFactory());
+ } catch (ClassNotFoundException e){
+ throw new TomcatException("Error loading SSLImplementation ",
+ e);
+ }
+ }
+ else {
+ if (socketFactoryName != null) {
+ try {
+ socketFactory = string2SocketFactory(socketFactoryName);
+ ep.setServerSocketFactory(socketFactory);
+ } catch(Exception sfex) {
+ throw new TomcatException("Error Loading Socket Factory " +
+ socketFactoryName,
+ sfex);
+ }
}
}
}
public void setSocketFactory( String valueS ) {
socketFactoryName = valueS;
}
+ public void setSSLImplementation( String valueS) {
+ sslImplementationName=valueS;
+ }
+
// -------------------- Socket options --------------------
@@ -271,12 +279,6 @@
public boolean isClientauthSet() {
return (attributes.get("clientauth") != null);
}
-
- public static final String SSL_CHECK=
- "javax.net.ssl.SSLServerSocketFactory";
- public static final String SSL_FACT=
- "org.apache.tomcat.util.net.SSLSocketFactory";
-
public void setSecure( boolean b ) {
secure=b;
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
