You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2001/10/22 23:44:21 UTC
cvs commit: jakarta-tomcat-connectors/webapp/lib pr_warp.c
jfclere 01/10/22 14:44:21
Modified: webapp/apache-1.3 mod_webapp.c
webapp/java Constants.java.in Makefile.in WarpConnector.java
WarpRequest.java
webapp/lib pr_warp.c
Added: webapp/java WarpCertificates.java
Log:
Add logic for Client Certificate (Add Constantes for the rest of SSL support).
Also fix the ServerSocketFactory (due to changes in TC4.0).
Revision Changes Path
1.25 +4 -1 jakarta-tomcat-connectors/webapp/apache-1.3/mod_webapp.c
Index: mod_webapp.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/apache-1.3/mod_webapp.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mod_webapp.c 2001/10/09 10:41:25 1.24
+++ mod_webapp.c 2001/10/22 21:44:21 1.25
@@ -57,7 +57,7 @@
/**
* @author Pier Fumagalli <ma...@eng.sun.com>
- * @version $Id: mod_webapp.c,v 1.24 2001/10/09 10:41:25 jfclere Exp $
+ * @version $Id: mod_webapp.c,v 1.25 2001/10/22 21:44:21 jfclere Exp $
*/
#include <httpd.h>
@@ -462,6 +462,9 @@
req->clen=0;
req->ctyp="\0";
req->rlen=0;
+ req->ssld=(wa_ssldata *) apr_palloc(r->pool,sizeof(wa_ssldata));
+ req->ssld->ssl = (char *)ap_table_get(
+ r->subprocess_env,"SSL_CLIENT_CERT");
/* Copy headers into webapp request structure */
if (r->headers_in!=NULL) {
1.12 +44 -0 jakarta-tomcat-connectors/webapp/java/Constants.java.in
Index: Constants.java.in
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/Constants.java.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- Constants.java.in 2001/08/09 20:02:15 1.11
+++ Constants.java.in 2001/10/22 21:44:21 1.12
@@ -363,4 +363,48 @@
* No payload.<br>
*/
public static final int TYPE_CBK_DONE=0x42;
+
+ /**
+ * ASK_SSL: The WARP server (Tomcat) asks the WARP client to
+ * transfer the basic SSL information (cypher, keysize and session).
+ * <br>
+ * No payload.<br>
+ */
+ public static final int TYPE_ASK_SSL=0x43;
+
+ /**
+ * ASK_SSL_CLIENT: The WARP server (Tomcat) asks the WARP server to
+ * transfer the client certificate.
+ * (just the first element of the chain and the webserver should request
+ * for it to the browser if possible).
+ * <br>
+ * No payload.<br>
+ */
+ public static final int TYPE_ASK_SSL_CLIENT=0x44;
+
+ /**
+ * REP_SSL_CERT: The client certificate (remote peer).
+ * <br>
+ * Payload description:<br>
+ * [string] The client certificate. (PEM format).
+ */
+ public static final int TYPE_REP_SSL_CERT=0x52;
+
+ /**
+ * REP_SSL: SSL information between
+ * <br>
+ * Payload description:<br>
+ * [string] The cipher_suite.
+ * [string] The ssl session. (That is not in the spec's).
+ * [ushort] size of the algorithm (56-128).
+ */
+ public static final int TYPE_REP_SSL=0x53;
+
+ /**
+ * REP_SSL_NO: Request SSL information is not available.
+ * <br>
+ * No payload.<br>
+ */
+ public static final int TYPE_REP_SSL_NO=0x5F;
}
+
1.4 +2 -1 jakarta-tomcat-connectors/webapp/java/Makefile.in
Index: Makefile.in
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/Makefile.in,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Makefile.in 2001/09/17 05:04:02 1.3
+++ Makefile.in 2001/10/22 21:44:21 1.4
@@ -56,7 +56,7 @@
# ========================================================================= #
# @author Pier Fumagalli <ma...@eng.sun.com>
-# @version $Id: Makefile.in,v 1.3 2001/09/17 05:04:02 pier Exp $
+# @version $Id: Makefile.in,v 1.4 2001/10/22 21:44:21 jfclere Exp $
include @TGTDIR@/Makedefs
@@ -70,6 +70,7 @@
WarpRequest.java \
WarpRequestHandler.java \
WarpResponse.java \
+ WarpCertificates.java
ARCHIVE = warp.jar
1.24 +1 -1 jakarta-tomcat-connectors/webapp/java/WarpConnector.java
Index: WarpConnector.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/WarpConnector.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- WarpConnector.java 2001/10/19 19:16:43 1.23
+++ WarpConnector.java 2001/10/22 21:44:21 1.24
@@ -74,7 +74,7 @@
import org.apache.catalina.Response;
import org.apache.catalina.Service;
import org.apache.catalina.net.DefaultServerSocketFactory;
-import org.apache.catalina.net.ServerSocketFactory;
+import org.apache.catalina.ServerSocketFactory;
import org.apache.catalina.util.LifecycleSupport;
public class WarpConnector implements Connector, Lifecycle, Runnable {
1.11 +33 -0 jakarta-tomcat-connectors/webapp/java/WarpRequest.java
Index: WarpRequest.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/WarpRequest.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- WarpRequest.java 2001/10/19 19:18:28 1.10
+++ WarpRequest.java 2001/10/22 21:44:21 1.11
@@ -77,6 +77,22 @@
this.setStream(this.localstream);
}
+ /** Process the SSL attributes */
+ public Object getAttribute(String name) {
+ if (name.equals("javax.servlet.request.X509Certificate")) {
+ WarpCertificates cert = null;
+ try {
+ cert = new WarpCertificates(localstream.getX509Certificates());
+ } catch (IOException e) {
+ return null;
+ }
+ // super.setAttribute("javax.servlet.request.X509Certificate",
+ // cert.getCertificates());
+ return(cert.getCertificates());
+ }
+ return(super.getAttribute(name));
+ }
+
public void setHost(Host host) {
this.host=host;
}
@@ -128,6 +144,7 @@
this.packet=new WarpPacket();
this.packet.setType(Constants.TYPE_CBK_DATA);
}
+
public int read()
throws IOException {
@@ -150,6 +167,22 @@
this.request.getConnection().recv(packet);
return(this.read());
}
+ public String getX509Certificates()
+ throws IOException {
+ if (closed) throw new IOException("Stream closed");
+ this.packet.reset();
+ this.packet.setType(Constants.TYPE_ASK_SSL_CLIENT);
+ this.request.getConnection().send(packet);
+ packet.reset();
+
+ this.request.getConnection().recv(packet);
+ if (closed) throw new IOException("Stream closed");
+ if (packet.getType()==Constants.TYPE_REP_SSL_NO) return(null);
+ if (packet.getType()!=Constants.TYPE_REP_SSL_CERT)
+ throw new IOException("Invalid WARP packet type for CC");
+ return(this.packet.readString());
+ }
+
public void close()
throws IOException {
1.1 jakarta-tomcat-connectors/webapp/java/WarpCertificates.java
Index: WarpCertificates.java
===================================================================
/* ========================================================================= *
* *
* The Apache Software License, Version 1.1 *
* *
* Copyright (c) 1999-2001 The Apache Software Foundation. *
* All rights reserved. *
* *
* ========================================================================= *
* *
* Redistribution and use in source and binary forms, with or without modi- *
* fication, are permitted provided that the following conditions are met: *
* *
* 1. Redistributions of source code must retain the above copyright notice *
* notice, this list of conditions and the following disclaimer. *
* *
* 2. Redistributions in binary form must reproduce the above copyright *
* notice, this list of conditions and the following disclaimer in the *
* documentation and/or other materials provided with the distribution. *
* *
* 3. The end-user documentation included with the redistribution, if any, *
* must include the following acknowlegement: *
* *
* "This product includes software developed by the Apache Software *
* Foundation <http://www.apache.org/>." *
* *
* Alternately, this acknowlegement may appear in the software itself, if *
* and wherever such third-party acknowlegements normally appear. *
* *
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software *
* Foundation" must not be used to endorse or promote products derived *
* from this software without prior written permission. For written *
* permission, please contact <ap...@apache.org>. *
* *
* 5. Products derived from this software may not be called "Apache" nor may *
* "Apache" appear in their names without prior written permission of the *
* Apache Software Foundation. *
* *
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES *
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY *
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL *
* THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY *
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, *
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN *
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE *
* POSSIBILITY OF SUCH DAMAGE. *
* *
* ========================================================================= *
* *
* This software consists of voluntary contributions made by many indivi- *
* duals on behalf of the Apache Software Foundation. For more information *
* on the Apache Software Foundation, please see <http://www.apache.org/>. *
* *
* ========================================================================= */
package org.apache.catalina.connector.warp;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.io.ByteArrayInputStream;
/*
* Certificates handling.
*/
public class WarpCertificates {
X509Certificate jsseCerts[] = null;
/**
* Create the certificate using the String.
*/
public WarpCertificates(String certString) {
byte[] certData = certString.getBytes();
ByteArrayInputStream bais = new ByteArrayInputStream(certData);
// Fill the first element.
try {
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)
cf.generateCertificate(bais);
jsseCerts = new X509Certificate[1];
jsseCerts[0] = cert;
} catch(java.security.cert.CertificateException e) {
// Certificate convertion failed.
return;
}
}
public X509Certificate [] getCertificates() {
return jsseCerts;
}
}
1.17 +18 -1 jakarta-tomcat-connectors/webapp/lib/pr_warp.c
Index: pr_warp.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/lib/pr_warp.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- pr_warp.c 2001/10/09 10:41:25 1.16
+++ pr_warp.c 2001/10/22 21:44:21 1.17
@@ -54,7 +54,7 @@
* *
* ========================================================================= */
-/* @version $Id: pr_warp.c,v 1.16 2001/10/09 10:41:25 jfclere Exp $ */
+/* @version $Id: pr_warp.c,v 1.17 2001/10/22 21:44:21 jfclere Exp $ */
#include "pr_warp.h"
/* Initialize this provider. */
@@ -422,6 +422,23 @@
p_write_string(pack,"Transfer interrupted");
}
wa_debug(WA_MARK,"Request body bytes: (Sent=%d)",pack->size);
+ if (n_send(conf->sock,pack)!=wa_true) {
+ n_disconnect(conn);
+ return(wa_rerror(WA_MARK,r,500,"Communitcation interrupted"));
+ }
+ break;
+ }
+ case TYPE_ASK_SSL_CLIENT: {
+ wa_log(WA_MARK,"TYPE_ASK_SSL_CLIENT");
+ /* Request for client certificate */
+ if (r->ssld->ssl_cert==NULL) {
+ pack->type=TYPE_REP_SSL_NO;
+ pack->size=0;
+ } else {
+ pack->type=TYPE_REP_SSL_CERT;
+ p_write_string(pack,r->ssld->ssl_cert);
+ }
+ wa_debug(WA_MARK,"CC bytes: (Sent=%d)",pack->size);
if (n_send(conf->sock,pack)!=wa_true) {
n_disconnect(conn);
return(wa_rerror(WA_MARK,r,500,"Communitcation interrupted"));