You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2007/01/18 18:58:18 UTC
svn commit: r497516 - in /tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11:
Http11AprProcessor.java InternalAprInputBuffer.java
Author: remm
Date: Thu Jan 18 09:58:17 2007
New Revision: 497516
URL: http://svn.apache.org/viewvc?view=rev&rev=497516
Log:
- 37869: Refix getting certificates.
- 40960: Throw a timeout exception when getting a timeout.
- Submitted by Christophe Pierret.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?view=diff&rev=497516&r1=497515&r2=497516
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Thu Jan 18 09:58:17 2007
@@ -1130,46 +1130,33 @@
// Cipher suite
Object sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_CIPHER);
if (sslO != null) {
- request.setAttribute
- (AprEndpoint.CIPHER_SUITE_KEY, sslO);
+ request.setAttribute(AprEndpoint.CIPHER_SUITE_KEY, sslO);
}
- // Client certificate chain if present
+ // Get client certificate and the certificate chain if present
int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
+ byte[] clientCert = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
X509Certificate[] certs = null;
- if (certLength > 0) {
- certs = new X509Certificate[certLength];
+ if (clientCert != null) {
+ certs = new X509Certificate[certLength + 1];
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
for (int i = 0; i < certLength; i++) {
byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(data);
- certs[i] = (X509Certificate) cf.generateCertificate(stream);
- }
- } else if (certLength == 0) {
- byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
- if (data != null) {
- certs = new X509Certificate[1];
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(data);
- certs[0] = (X509Certificate) cf.generateCertificate(stream);
+ certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
}
}
if (certs != null) {
- request.setAttribute
- (AprEndpoint.CERTIFICATE_KEY, certs);
+ request.setAttribute(AprEndpoint.CERTIFICATE_KEY, certs);
}
// User key size
sslO = new Integer(SSLSocket.getInfoI(socket, SSL.SSL_INFO_CIPHER_USEKEYSIZE));
if (sslO != null) {
- request.setAttribute
- (AprEndpoint.KEY_SIZE_KEY, sslO);
+ request.setAttribute(AprEndpoint.KEY_SIZE_KEY, sslO);
}
// SSL session ID
sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_SESSION_ID);
if (sslO != null) {
- request.setAttribute
- (AprEndpoint.SESSION_ID_KEY, sslO);
+ request.setAttribute(AprEndpoint.SESSION_ID_KEY, sslO);
}
} catch (Exception e) {
log.warn(sm.getString("http11processor.socket.ssl"), e);
@@ -1182,38 +1169,26 @@
// Consume and buffer the request body, so that it does not
// interfere with the client's handshake messages
InputFilter[] inputFilters = inputBuffer.getFilters();
- ((BufferedInputFilter) inputFilters[Constants.BUFFERED_FILTER])
- .setLimit(maxSavePostSize);
- inputBuffer.addActiveFilter
- (inputFilters[Constants.BUFFERED_FILTER]);
+ ((BufferedInputFilter) inputFilters[Constants.BUFFERED_FILTER]).setLimit(maxSavePostSize);
+ inputBuffer.addActiveFilter(inputFilters[Constants.BUFFERED_FILTER]);
try {
// Renegociate certificates
SSLSocket.renegotiate(socket);
- // Client certificate chain if present
+ // Get client certificate and the certificate chain if present
int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
+ byte[] clientCert = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
X509Certificate[] certs = null;
- if (certLength > 0) {
- certs = new X509Certificate[certLength];
+ if (clientCert != null) {
+ certs = new X509Certificate[certLength + 1];
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
for (int i = 0; i < certLength; i++) {
byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(data);
- certs[i] = (X509Certificate) cf.generateCertificate(stream);
- }
- } else if (certLength == 0) {
- byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
- if (data != null) {
- certs = new X509Certificate[1];
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(data);
- certs[0] = (X509Certificate) cf.generateCertificate(stream);
+ certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
}
}
if (certs != null) {
- request.setAttribute
- (AprEndpoint.CERTIFICATE_KEY, certs);
+ request.setAttribute(AprEndpoint.CERTIFICATE_KEY, certs);
}
} catch (Exception e) {
log.warn(sm.getString("http11processor.socket.ssl"), e);
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java?view=diff&rev=497516&r1=497515&r2=497516
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java Thu Jan 18 09:58:17 2007
@@ -20,6 +20,7 @@
import java.io.IOException;
import java.io.EOFException;
+import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import org.apache.tomcat.jni.Socket;
@@ -792,7 +793,11 @@
bbuf.get(buf, pos, nRead);
lastValid = pos + nRead;
} else {
- throw new IOException(sm.getString("iib.failedread"));
+ if ((-nRead) == Status.ETIMEDOUT || (-nRead) == Status.TIMEUP) {
+ throw new SocketTimeoutException(sm.getString("iib.failedread"));
+ } else {
+ throw new IOException(sm.getString("iib.failedread"));
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org