You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/05/29 15:25:36 UTC
[tomcat] 01/04: WIP for more TLS env resolution
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ddc3027029dae386221d355686278dde608c60ee
Author: remm <re...@apache.org>
AuthorDate: Thu May 28 16:28:19 2020 +0200
WIP for more TLS env resolution
Make explicit each missing env value, to help eventual documenting.
---
.../catalina/valves/rewrite/ResolverImpl.java | 107 +++++++++++++++++++--
1 file changed, 97 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
index 8c108ab..b9749e0 100644
--- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
+++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
@@ -16,10 +16,12 @@
*/
package org.apache.catalina.valves.rewrite;
+import java.io.IOException;
import java.nio.charset.Charset;
+import java.security.cert.X509Certificate;
import java.util.Calendar;
+import java.util.concurrent.TimeUnit;
-import org.apache.catalina.Globals;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.Request;
@@ -135,16 +137,101 @@ public class ResolverImpl extends Resolver {
@Override
public String resolveSsl(String key) {
- if (key.equals("SSL_PROTOCOL")) {
- return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY));
- } else if (key.equals("SSL_SESSION_ID")) {
- return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR));
- } else if (key.equals("SSL_CIPHER")) {
- return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR));
- } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) {
- return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR));
+ SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR);
+ try {
+ // FIXME SSL_SESSION_RESUMED
+ // FIXME SSL_SECURE_RENEG
+ // FIXME SSL_CIPHER_EXPORT
+ // FIXME SSL_CIPHER_ALGKEYSIZE
+ // FIXME SSL_COMPRESS_METHOD
+ // FIXME SSL_SRP_USER
+ // FIXME SSL_SRP_USERINFO
+ // FIXME SSL_TLS_SNI
+ if (key.equals("SSL_PROTOCOL")) {
+ return sslSupport.getProtocol();
+ } else if (key.equals("SSL_SESSION_ID")) {
+ return sslSupport.getSessionId();
+ } else if (key.equals("SSL_CIPHER")) {
+ return sslSupport.getCipherSuite();
+ } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) {
+ return sslSupport.getKeySize().toString();
+ } else if (key.startsWith("SSL_CLIENT_")) {
+ X509Certificate[] certificates = sslSupport.getPeerCertificateChain();
+ if (certificates != null && certificates.length > 0) {
+ key = key.substring("SSL_CLIENT_".length());
+ String result = resolveSslCertificates(key, certificates);
+ if (result != null) {
+ return result;
+ } else if (key.startsWith("SAN_OTHER_msUPN_")) {
+ key = key.substring("SAN_OTHER_msUPN_".length());
+ // FIXME return certificates[0].getSubjectAlternativeNames()
+ } else if (key.equals("CERT_RFC4523_CEA")) {
+ // FIXME return certificates[0];
+ } else if (key.equals("VERIFY")) {
+ // FIXME return certificates[0];
+ }
+ }
+ } else if (key.startsWith("SSL_SERVER_")) {
+ X509Certificate[] certificates = sslSupport.getLocalCertificateChain();
+ if (certificates != null && certificates.length > 0) {
+ key = key.substring("SSL_SERVER_".length());
+ String result = resolveSslCertificates(key, certificates);
+ if (result != null) {
+ return result;
+ } else if (key.startsWith("SAN_OTHER_dnsSRV_")) {
+ key = key.substring("SAN_OTHER_dnsSRV_".length());
+ // FIXME return certificates[0].getSubjectAlternativeNames()
+ }
+ }
+ }
+ } catch (IOException e) {
+ // TLS access error
+ }
+ return null;
+ }
+
+ private String resolveSslCertificates(String key, X509Certificate[] certificates) {
+ if (key.equals("M_VERSION")) {
+ return String.valueOf(certificates[0].getVersion());
+ } else if (key.equals("M_SERIAL")) {
+ return certificates[0].getSerialNumber().toString();
+ } else if (key.equals("S_DN")) {
+ return certificates[0].getSubjectDN().getName();
+ } else if (key.startsWith("S_DN_")) {
+ key = key.substring("S_DN_".length());
+ // FIXME return certificates[0].getSubjectX500Principal().?;
+ } else if (key.startsWith("SAN_Email_")) {
+ key = key.substring("SAN_Email_".length());
+ // FIXME return certificates[0].getSubjectAlternativeNames()
+ } else if (key.startsWith("SAN_DNS_")) {
+ key = key.substring("SAN_DNS_".length());
+ // FIXME return certificates[0].getSubjectAlternativeNames()
+ } else if (key.equals("I_DN")) {
+ return certificates[0].getIssuerDN().getName();
+ } else if (key.startsWith("I_DN_")) {
+ key = key.substring("I_DN_".length());
+ // FIXME return certificates[0].getIssuerX500Principal().?;
+ } else if (key.equals("V_START")) {
+ return String.valueOf(certificates[0].getNotBefore().getTime());
+ } else if (key.equals("V_END")) {
+ return String.valueOf(certificates[0].getNotAfter().getTime());
+ } else if (key.equals("V_REMAIN")) {
+ long remain = certificates[0].getNotAfter().getTime() - System.currentTimeMillis();
+ if (remain < 0) {
+ remain = 0L;
+ }
+ // Return remaining days
+ return String.valueOf(TimeUnit.MILLISECONDS.toDays(remain));
+ } else if (key.equals("A_SIG")) {
+ return certificates[0].getSigAlgName();
+ } else if (key.equals("A_KEY")) {
+ return certificates[0].getPublicKey().getAlgorithm();
+ } else if (key.equals("CERT")) {
+ // FIXME return certificates[0] to pem
+ } else if (key.startsWith("CERT_CHAIN_")) {
+ key = key.substring("CERT_CHAIN_".length());
+ // FIXME return certificates[n] to pem
}
- // FIXME: Implement other SSL environment variables when possible
return null;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] 01/04: WIP for more TLS env resolution
Posted by Rémy Maucherat <re...@apache.org>.
On Sun, May 31, 2020 at 2:53 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Rémy,
>
> On 5/29/20 11:25, remm@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git
> > repository.
> >
> > remm pushed a commit to branch 8.5.x in repository
> > https://gitbox.apache.org/repos/asf/tomcat.git
> >
> > commit ddc3027029dae386221d355686278dde608c60ee Author: remm
> > <re...@apache.org> AuthorDate: Thu May 28 16:28:19 2020 +0200
> >
> > WIP for more TLS env resolution
> >
> > Make explicit each missing env value, to help eventual
> > documenting. --- .../catalina/valves/rewrite/ResolverImpl.java
> > | 107 +++++++++++++++++++-- 1 file changed, 97 insertions(+), 10
> > deletions(-)
> >
> > diff --git
> > a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
> > b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index
> > 8c108ab..b9749e0 100644 ---
> > a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++
> > b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@
> > -16,10 +16,12 @@ */ package org.apache.catalina.valves.rewrite;
> >
> > +import java.io.IOException; import java.nio.charset.Charset;
> > +import java.security.cert.X509Certificate; import
> > java.util.Calendar; +import java.util.concurrent.TimeUnit;
> >
> > -import org.apache.catalina.Globals; import
> > org.apache.catalina.WebResource; import
> > org.apache.catalina.WebResourceRoot; import
> > org.apache.catalina.connector.Request; @@ -135,16 +137,101 @@
> > public class ResolverImpl extends Resolver {
> >
> > @Override public String resolveSsl(String key) { - if
> > (key.equals("SSL_PROTOCOL")) { - return
> > String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY));
> >
> >
> - - } else if (key.equals("SSL_SESSION_ID")) {
> > - return
> > String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR));
> > - } else if (key.equals("SSL_CIPHER")) { - return
> > String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); -
> > } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { -
> > return
> > String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); +
> > SSLSupport sslSupport = (SSLSupport)
> > request.getAttribute(SSLSupport.SESSION_MGR); + try { +
> > // FIXME SSL_SESSION_RESUMED + // FIXME
> > SSL_SECURE_RENEG + // FIXME SSL_CIPHER_EXPORT +
> > // FIXME SSL_CIPHER_ALGKEYSIZE + // FIXME
> > SSL_COMPRESS_METHOD + // FIXME SSL_SRP_USER +
> > // FIXME SSL_SRP_USERINFO + // FIXME SSL_TLS_SNI +
> > if (key.equals("SSL_PROTOCOL")) { + return
> > sslSupport.getProtocol(); + } else if
> > (key.equals("SSL_SESSION_ID")) { + return
> > sslSupport.getSessionId(); + } else if
> > (key.equals("SSL_CIPHER")) { + return
> > sslSupport.getCipherSuite(); + } else if
> > (key.equals("SSL_CIPHER_USEKEYSIZE")) { + return
> > sslSupport.getKeySize().toString();
>
> These above lines are now within the try/catch block which reduces
> performance somewhat for the attributes that don't need try/catch. Any
> reason to bring them under the try/catch?
>
I don't think there can be any measurable performance impact here,
everything is quite expensive. I'm just addressing some old FIXMEs here,
and looking at APIs I never used before, BTW.
>
> In fact... which exceptions can actually be thrown, here? Or is the
> issue that Java might parse the certificates at this stage in the
> pipeline instead of already having been done (because it's rewrite, it
> might be "early").
>
It's for APR's SSLSupport. Not sure overall, I don't really care much about
it.
Rémy
>
> - -chris
>
>
> > + } else if (key.startsWith("SSL_CLIENT_")) { +
> > X509Certificate[] certificates =
> > sslSupport.getPeerCertificateChain(); + if
> > (certificates != null && certificates.length > 0) { +
> > key = key.substring("SSL_CLIENT_".length()); +
> > String result = resolveSslCertificates(key, certificates); +
> > if (result != null) { + return result; +
> > } else if (key.startsWith("SAN_OTHER_msUPN_")) { +
> > key = key.substring("SAN_OTHER_msUPN_".length()); +
> > // FIXME return certificates[0].getSubjectAlternativeNames() +
> > } else if (key.equals("CERT_RFC4523_CEA")) { +
> > // FIXME return certificates[0]; + } else if
> > (key.equals("VERIFY")) { + // FIXME return
> > certificates[0]; + } + } +
> > } else if (key.startsWith("SSL_SERVER_")) { +
> > X509Certificate[] certificates =
> > sslSupport.getLocalCertificateChain(); + if
> > (certificates != null && certificates.length > 0) { +
> > key = key.substring("SSL_SERVER_".length()); +
> > String result = resolveSslCertificates(key, certificates); +
> > if (result != null) { + return result; +
> > } else if (key.startsWith("SAN_OTHER_dnsSRV_")) { +
> > key = key.substring("SAN_OTHER_dnsSRV_".length()); +
> > // FIXME return certificates[0].getSubjectAlternativeNames() +
> > } + } + } + } catch (IOException
> > e) { + // TLS access error + } + return
> > null; + } + + private String resolveSslCertificates(String
> > key, X509Certificate[] certificates) { + if
> > (key.equals("M_VERSION")) { + return
> > String.valueOf(certificates[0].getVersion()); + } else if
> > (key.equals("M_SERIAL")) { + return
> > certificates[0].getSerialNumber().toString(); + } else if
> > (key.equals("S_DN")) { + return
> > certificates[0].getSubjectDN().getName(); + } else if
> > (key.startsWith("S_DN_")) { + key =
> > key.substring("S_DN_".length()); + // FIXME return
> > certificates[0].getSubjectX500Principal().?; + } else if
> > (key.startsWith("SAN_Email_")) { + key =
> > key.substring("SAN_Email_".length()); + // FIXME return
> > certificates[0].getSubjectAlternativeNames() + } else if
> > (key.startsWith("SAN_DNS_")) { + key =
> > key.substring("SAN_DNS_".length()); + // FIXME return
> > certificates[0].getSubjectAlternativeNames() + } else if
> > (key.equals("I_DN")) { + return
> > certificates[0].getIssuerDN().getName(); + } else if
> > (key.startsWith("I_DN_")) { + key =
> > key.substring("I_DN_".length()); + // FIXME return
> > certificates[0].getIssuerX500Principal().?; + } else if
> > (key.equals("V_START")) { + return
> > String.valueOf(certificates[0].getNotBefore().getTime()); +
> > } else if (key.equals("V_END")) { + return
> > String.valueOf(certificates[0].getNotAfter().getTime()); + }
> > else if (key.equals("V_REMAIN")) { + long remain =
> > certificates[0].getNotAfter().getTime() -
> > System.currentTimeMillis(); + if (remain < 0) { +
> > remain = 0L; + } + // Return remaining days +
> > return String.valueOf(TimeUnit.MILLISECONDS.toDays(remain)); +
> > } else if (key.equals("A_SIG")) { + return
> > certificates[0].getSigAlgName(); + } else if
> > (key.equals("A_KEY")) { + return
> > certificates[0].getPublicKey().getAlgorithm(); + } else if
> > (key.equals("CERT")) { + // FIXME return certificates[0]
> > to pem + } else if (key.startsWith("CERT_CHAIN_")) { +
> > key = key.substring("CERT_CHAIN_".length()); + // FIXME
> > return certificates[n] to pem } - // FIXME: Implement other
> > SSL environment variables when possible return null; }
> >
> >
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: dev-help@tomcat.apache.org
> >
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7TqMcACgkQHPApP6U8
> pFithQ/9F6M+P/JZUskwIe9Uk7P4AohAyn71uM4FScziqPOb4CyplSVZLMi0Xv2R
> 7i406BTv/KfmPTSKfPUVAdsEp0LRlT8Rxj/SiB00NwfYeN0Hn9O/Fk7ap0lmnBhN
> M0hajxvKgXZjCDq3kE6uQs4a2QKwjZDeDzMC8mNLmbSgX6Wvaj/LmL+5QkYC4Gbi
> 2ihPVfjUdgq7pSd2hT/FeGswyZ0/t1VDZ+b5AJcnsq/H2rrkjesI7/j32thcAoUq
> ZN+2yphU6lOMAog4y9y8WqBtMdAML6Uh8KJiX4qvM1XIWiaAgMPHPGT4t3ymectD
> IA3nWf1778ECXbi4KiaFtHE9Q1YWokzSmuSKOhvykjO57oVuervL2+0tBOcE5Pgn
> kxwMnswEbSlAov0vaIRt6EXqC8OuykwTgG92EAQzPuNbmvYTIjhZUksiV2VYXP2p
> Cz8Rv1CEOISHVYtXWF9tlBcw1ezwYW47tX5jPDWObKDK4sYoC5HNMWOs5C7BtAG4
> OVG5UKQLiu0eLLr0zydRBzoHn2aJqwUqb6reGoRtLUQqPQ+SpzDHk1PnX1YvX57t
> HlqwQqSVk7cSuMh9S7iRIf/RIBZe8feqBgw5rm5e00PoYEjoScRoE6ojbp34Sj11
> fmJA3XJkzlwJoc79a1zStAIsR1ovdbrp+oWYGRw7+UXoUFIvCvw=
> =Gap0
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: [tomcat] 01/04: WIP for more TLS env resolution
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rémy,
On 5/29/20 11:25, remm@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> remm pushed a commit to branch 8.5.x in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit ddc3027029dae386221d355686278dde608c60ee Author: remm
> <re...@apache.org> AuthorDate: Thu May 28 16:28:19 2020 +0200
>
> WIP for more TLS env resolution
>
> Make explicit each missing env value, to help eventual
> documenting. --- .../catalina/valves/rewrite/ResolverImpl.java
> | 107 +++++++++++++++++++-- 1 file changed, 97 insertions(+), 10
> deletions(-)
>
> diff --git
> a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
> b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index
> 8c108ab..b9749e0 100644 ---
> a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++
> b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@
> -16,10 +16,12 @@ */ package org.apache.catalina.valves.rewrite;
>
> +import java.io.IOException; import java.nio.charset.Charset;
> +import java.security.cert.X509Certificate; import
> java.util.Calendar; +import java.util.concurrent.TimeUnit;
>
> -import org.apache.catalina.Globals; import
> org.apache.catalina.WebResource; import
> org.apache.catalina.WebResourceRoot; import
> org.apache.catalina.connector.Request; @@ -135,16 +137,101 @@
> public class ResolverImpl extends Resolver {
>
> @Override public String resolveSsl(String key) { - if
> (key.equals("SSL_PROTOCOL")) { - return
> String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY));
>
>
- - } else if (key.equals("SSL_SESSION_ID")) {
> - return
> String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR));
> - } else if (key.equals("SSL_CIPHER")) { - return
> String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); -
> } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { -
> return
> String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); +
> SSLSupport sslSupport = (SSLSupport)
> request.getAttribute(SSLSupport.SESSION_MGR); + try { +
> // FIXME SSL_SESSION_RESUMED + // FIXME
> SSL_SECURE_RENEG + // FIXME SSL_CIPHER_EXPORT +
> // FIXME SSL_CIPHER_ALGKEYSIZE + // FIXME
> SSL_COMPRESS_METHOD + // FIXME SSL_SRP_USER +
> // FIXME SSL_SRP_USERINFO + // FIXME SSL_TLS_SNI +
> if (key.equals("SSL_PROTOCOL")) { + return
> sslSupport.getProtocol(); + } else if
> (key.equals("SSL_SESSION_ID")) { + return
> sslSupport.getSessionId(); + } else if
> (key.equals("SSL_CIPHER")) { + return
> sslSupport.getCipherSuite(); + } else if
> (key.equals("SSL_CIPHER_USEKEYSIZE")) { + return
> sslSupport.getKeySize().toString();
These above lines are now within the try/catch block which reduces
performance somewhat for the attributes that don't need try/catch. Any
reason to bring them under the try/catch?
In fact... which exceptions can actually be thrown, here? Or is the
issue that Java might parse the certificates at this stage in the
pipeline instead of already having been done (because it's rewrite, it
might be "early").
- -chris
> + } else if (key.startsWith("SSL_CLIENT_")) { +
> X509Certificate[] certificates =
> sslSupport.getPeerCertificateChain(); + if
> (certificates != null && certificates.length > 0) { +
> key = key.substring("SSL_CLIENT_".length()); +
> String result = resolveSslCertificates(key, certificates); +
> if (result != null) { + return result; +
> } else if (key.startsWith("SAN_OTHER_msUPN_")) { +
> key = key.substring("SAN_OTHER_msUPN_".length()); +
> // FIXME return certificates[0].getSubjectAlternativeNames() +
> } else if (key.equals("CERT_RFC4523_CEA")) { +
> // FIXME return certificates[0]; + } else if
> (key.equals("VERIFY")) { + // FIXME return
> certificates[0]; + } + } +
> } else if (key.startsWith("SSL_SERVER_")) { +
> X509Certificate[] certificates =
> sslSupport.getLocalCertificateChain(); + if
> (certificates != null && certificates.length > 0) { +
> key = key.substring("SSL_SERVER_".length()); +
> String result = resolveSslCertificates(key, certificates); +
> if (result != null) { + return result; +
> } else if (key.startsWith("SAN_OTHER_dnsSRV_")) { +
> key = key.substring("SAN_OTHER_dnsSRV_".length()); +
> // FIXME return certificates[0].getSubjectAlternativeNames() +
> } + } + } + } catch (IOException
> e) { + // TLS access error + } + return
> null; + } + + private String resolveSslCertificates(String
> key, X509Certificate[] certificates) { + if
> (key.equals("M_VERSION")) { + return
> String.valueOf(certificates[0].getVersion()); + } else if
> (key.equals("M_SERIAL")) { + return
> certificates[0].getSerialNumber().toString(); + } else if
> (key.equals("S_DN")) { + return
> certificates[0].getSubjectDN().getName(); + } else if
> (key.startsWith("S_DN_")) { + key =
> key.substring("S_DN_".length()); + // FIXME return
> certificates[0].getSubjectX500Principal().?; + } else if
> (key.startsWith("SAN_Email_")) { + key =
> key.substring("SAN_Email_".length()); + // FIXME return
> certificates[0].getSubjectAlternativeNames() + } else if
> (key.startsWith("SAN_DNS_")) { + key =
> key.substring("SAN_DNS_".length()); + // FIXME return
> certificates[0].getSubjectAlternativeNames() + } else if
> (key.equals("I_DN")) { + return
> certificates[0].getIssuerDN().getName(); + } else if
> (key.startsWith("I_DN_")) { + key =
> key.substring("I_DN_".length()); + // FIXME return
> certificates[0].getIssuerX500Principal().?; + } else if
> (key.equals("V_START")) { + return
> String.valueOf(certificates[0].getNotBefore().getTime()); +
> } else if (key.equals("V_END")) { + return
> String.valueOf(certificates[0].getNotAfter().getTime()); + }
> else if (key.equals("V_REMAIN")) { + long remain =
> certificates[0].getNotAfter().getTime() -
> System.currentTimeMillis(); + if (remain < 0) { +
> remain = 0L; + } + // Return remaining days +
> return String.valueOf(TimeUnit.MILLISECONDS.toDays(remain)); +
> } else if (key.equals("A_SIG")) { + return
> certificates[0].getSigAlgName(); + } else if
> (key.equals("A_KEY")) { + return
> certificates[0].getPublicKey().getAlgorithm(); + } else if
> (key.equals("CERT")) { + // FIXME return certificates[0]
> to pem + } else if (key.startsWith("CERT_CHAIN_")) { +
> key = key.substring("CERT_CHAIN_".length()); + // FIXME
> return certificates[n] to pem } - // FIXME: Implement other
> SSL environment variables when possible return null; }
>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7TqMcACgkQHPApP6U8
pFithQ/9F6M+P/JZUskwIe9Uk7P4AohAyn71uM4FScziqPOb4CyplSVZLMi0Xv2R
7i406BTv/KfmPTSKfPUVAdsEp0LRlT8Rxj/SiB00NwfYeN0Hn9O/Fk7ap0lmnBhN
M0hajxvKgXZjCDq3kE6uQs4a2QKwjZDeDzMC8mNLmbSgX6Wvaj/LmL+5QkYC4Gbi
2ihPVfjUdgq7pSd2hT/FeGswyZ0/t1VDZ+b5AJcnsq/H2rrkjesI7/j32thcAoUq
ZN+2yphU6lOMAog4y9y8WqBtMdAML6Uh8KJiX4qvM1XIWiaAgMPHPGT4t3ymectD
IA3nWf1778ECXbi4KiaFtHE9Q1YWokzSmuSKOhvykjO57oVuervL2+0tBOcE5Pgn
kxwMnswEbSlAov0vaIRt6EXqC8OuykwTgG92EAQzPuNbmvYTIjhZUksiV2VYXP2p
Cz8Rv1CEOISHVYtXWF9tlBcw1ezwYW47tX5jPDWObKDK4sYoC5HNMWOs5C7BtAG4
OVG5UKQLiu0eLLr0zydRBzoHn2aJqwUqb6reGoRtLUQqPQ+SpzDHk1PnX1YvX57t
HlqwQqSVk7cSuMh9S7iRIf/RIBZe8feqBgw5rm5e00PoYEjoScRoE6ojbp34Sj11
fmJA3XJkzlwJoc79a1zStAIsR1ovdbrp+oWYGRw7+UXoUFIvCvw=
=Gap0
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org