You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/06/26 16:11:44 UTC
[tomcat] 01/03: Add equivalent of openssl ciphers command
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 44035e99349d7a5d8aa07e0a32aee30ee424ca66
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 26 17:05:16 2019 +0100
Add equivalent of openssl ciphers command
Backport of f8e8361 by schultz
---
bin/ciphers.bat | 58 +++++++++++++++++
bin/ciphers.sh | 60 ++++++++++++++++++
.../ciphers/OpenSSLCipherConfigurationParser.java | 72 ++++++++++++++++++++++
3 files changed, 190 insertions(+)
diff --git a/bin/ciphers.bat b/bin/ciphers.bat
new file mode 100755
index 0000000..914181b
--- /dev/null
+++ b/bin/ciphers.bat
@@ -0,0 +1,58 @@
+@echo off
+rem Licensed to the Apache Software Foundation (ASF) under one or more
+rem contributor license agreements. See the NOTICE file distributed with
+rem this work for additional information regarding copyright ownership.
+rem The ASF licenses this file to You under the Apache License, Version 2.0
+rem (the "License"); you may not use this file except in compliance with
+rem the License. You may obtain a copy of the License at
+rem
+rem http://www.apache.org/licenses/LICENSE-2.0
+rem
+rem Unless required by applicable law or agreed to in writing, software
+rem distributed under the License is distributed on an "AS IS" BASIS,
+rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+rem See the License for the specific language governing permissions and
+rem limitations under the License.
+
+rem ---------------------------------------------------------------------------
+rem Script to digest password using the algorithm specified
+rem ---------------------------------------------------------------------------
+
+setlocal
+
+rem Guess CATALINA_HOME if not defined
+set "CURRENT_DIR=%cd%"
+if not "%CATALINA_HOME%" == "" goto gotHome
+set "CATALINA_HOME=%CURRENT_DIR%"
+if exist "%CATALINA_HOME%\bin\tool-wrapper.bat" goto okHome
+cd ..
+set "CATALINA_HOME=%cd%"
+cd "%CURRENT_DIR%"
+:gotHome
+if exist "%CATALINA_HOME%\bin\tool-wrapper.bat" goto okHome
+echo The CATALINA_HOME environment variable is not defined correctly
+echo This environment variable is needed to run this program
+goto end
+:okHome
+
+set "EXECUTABLE=%CATALINA_HOME%\bin\tool-wrapper.bat"
+
+rem Check that target executable exists
+if exist "%EXECUTABLE%" goto okExec
+echo Cannot find "%EXECUTABLE%"
+echo This file is needed to run this program
+goto end
+:okExec
+
+rem Get remaining unshifted command line arguments and save them in the
+set CMD_LINE_ARGS=
+:setArgs
+if ""%1""=="""" goto doneSetArgs
+set CMD_LINE_ARGS=%CMD_LINE_ARGS% %1
+shift
+goto setArgs
+:doneSetArgs
+
+call "%EXECUTABLE%" org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser %CMD_LINE_ARGS%
+
+:end
diff --git a/bin/ciphers.sh b/bin/ciphers.sh
new file mode 100755
index 0000000..d4a87b5
--- /dev/null
+++ b/bin/ciphers.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# -----------------------------------------------------------------------------
+# Script to digest password using the algorithm specified
+# -----------------------------------------------------------------------------
+
+# Better OS/400 detection: see Bugzilla 31132
+os400=false
+case "`uname`" in
+OS400*) os400=true;;
+esac
+
+# resolve links - $0 may be a softlink
+PRG="$0"
+
+while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG=`dirname "$PRG"`/"$link"
+ fi
+done
+
+PRGDIR=`dirname "$PRG"`
+EXECUTABLE=tool-wrapper.sh
+
+# Check that target executable exists
+if $os400; then
+ # -x will Only work on the os400 if the files are:
+ # 1. owned by the user
+ # 2. owned by the PRIMARY group of the user
+ # this will not work if the user belongs in secondary groups
+ eval
+else
+ if [ ! -x "$PRGDIR"/"$EXECUTABLE" ]; then
+ echo "Cannot find $PRGDIR/$EXECUTABLE"
+ echo "The file is absent or does not have execute permission"
+ echo "This file is needed to run this program"
+ exit 1
+ fi
+fi
+
+exec "$PRGDIR"/"$EXECUTABLE" org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser "$@"
diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index ef8ab36..60433db 100644
--- a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++ b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -840,4 +840,76 @@ public class OpenSSLCipherConfigurationParser {
}
return builder.toString().substring(0, builder.length() - 1);
}
+
+ public static void usage() {
+ System.out.println("Usage: java " + OpenSSLCipherConfigurationParser.class.getName() + " [options] cipherspec");
+ System.out.println();
+ System.out.println("Displays the TLS cipher suites matching the cipherspec.");
+ System.out.println();
+ System.out.println(" --help,");
+ System.out.println(" -h Print this help message");
+ System.out.println(" --openssl Show OpenSSL cipher suite names instead of IANA cipher suite names.");
+ System.out.println(" --verbose,");
+ System.out.println(" -v Provide detailed cipher listing");
+ }
+
+ public static void main(String[] args) throws Exception
+ {
+ boolean verbose = false;
+ boolean useOpenSSLNames = false;
+ int argindex;
+ for(argindex = 0; argindex < args.length; ++argindex)
+ {
+ String arg = args[argindex];
+ if("--verbose".equals(arg) || "-v".equals(arg))
+ verbose = true;
+ else if("--openssl".equals(arg))
+ useOpenSSLNames = true;
+ else if("--help".equals(arg) || "-h".equals(arg)) {
+ usage();
+ System.exit(0);
+ }
+ else if("--".equals(arg)) {
+ ++argindex;
+ break;
+ } else if(arg.startsWith("-")) {
+ System.out.println("Unknown option: " + arg);
+ usage();
+ System.exit(1);
+ } else {
+ // Non-switch argument... probably the cipher spec
+ break;
+ }
+ }
+
+ String cipherSpec;
+ if(argindex < args.length) {
+ cipherSpec = args[argindex];
+ } else {
+ cipherSpec = "DEFAULT";
+ }
+ Set<Cipher> ciphers = parse(cipherSpec);
+ boolean first = true;
+ if(null != ciphers && 0 < ciphers.size()) {
+ for(Cipher cipher : ciphers)
+ {
+ if(first) {
+ first = false;
+ } else {
+ if(!verbose)
+ System.out.print(',');
+ }
+ if(useOpenSSLNames)
+ System.out.print(cipher.getOpenSSLAlias());
+ else
+ System.out.print(cipher.name());
+ if(verbose) {
+ System.out.println("\t" + cipher.getProtocol() + "\tKx=" + cipher.getKx() + "\tAu=" + cipher.getAu() + "\tEnc=" + cipher.getEnc() + "\tMac=" + cipher.getMac());
+ }
+ }
+ System.out.println();
+ } else {
+ System.out.println("No ciphers match '" + cipherSpec + "'");
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] 01/03: Add equivalent of openssl ciphers command
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 6/26/19 12:11, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> markt pushed a commit to branch 8.5.x in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit 44035e99349d7a5d8aa07e0a32aee30ee424ca66 Author: Mark Thomas
> <ma...@apache.org> AuthorDate: Wed Jun 26 17:05:16 2019 +0100
>
> Add equivalent of openssl ciphers command
>
> Backport of f8e8361 by schultz --- bin/ciphers.bat
> | 58 +++++++++++++++++ bin/ciphers.sh
> | 60 ++++++++++++++++++
> .../ciphers/OpenSSLCipherConfigurationParser.java | 72
> ++++++++++++++++++++++ 3 files changed, 190 insertions(+)
>
> diff --git a/bin/ciphers.bat b/bin/ciphers.bat new file mode
> 100755 index 0000000..914181b --- /dev/null +++ b/bin/ciphers.bat
> @@ -0,0 +1,58 @@ +@echo off +rem Licensed to the Apache Software
> Foundation (ASF) under one or more +rem contributor license
> agreements. See the NOTICE file distributed with +rem this work
> for additional information regarding copyright ownership. +rem The
> ASF licenses this file to You under the Apache License, Version
> 2.0 +rem (the "License"); you may not use this file except in
> compliance with +rem the License. You may obtain a copy of the
> License at +rem +rem
> http://www.apache.org/licenses/LICENSE-2.0 +rem +rem Unless
> required by applicable law or agreed to in writing, software +rem
> distributed under the License is distributed on an "AS IS" BASIS,
> +rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or implied. +rem See the License for the specific language
> governing permissions and +rem limitations under the License. +
> +rem
> ----------------------------------------------------------------------
- -----
>
>
+rem Script to digest password using the algorithm specified
> +rem
> ----------------------------------------------------------------------
- -----
>
>
+
I realize that this was originally my patch, but the above comment is
incorrect. It's a copy/paste remnant of the original file
(digest.bat). I'll fix it unless you get to it, first.
[...]
> diff --git a/bin/ciphers.sh b/bin/ciphers.sh [...] + +#
> ----------------------------------------------------------------------
- -------
>
>
+# Script to digest password using the algorithm specified
> +#
> ----------------------------------------------------------------------
- -------
Same
>
here.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0VccgACgkQHPApP6U8
pFgFFA//Ru4t+NBCtAWZfKmsgkufMAbL71+8/KOorMtRM5spw9BP36zv0bkH0Xy1
5JWry/NJY/917lI1hDg0lAxr30nHG+M7eItNta46CRyG2Cm7fSI/bEQRR1BraflE
stx1BLVdAXx8LT9rC1bJY3ZsEJL/stIVgm4Qi09fmSywQQIAh/vk4vls5rQFCO8A
MKFlEV1E+CwMhcpaS1dTvjUywnDLGQoxrb+FMAIC3sqjI+Wb5Q4diQXwsdGQ1eO2
GkeyIkbZqNV4oJx/Da3xolqw/O5kQNhqooJtptkDk0J65V6+Bo2DhF4+d4LYDTJL
7v8V/L2vS7Yvc53zblcCm2NIJeV/uU289WQFzPDvO78MaZ1OFaXINyJy2vY9aYZ0
d915S5BkoNktPtkgOc8mCo/Ndsy+HveIfSYq3ZNToSkDYDEFbI1J+C3FniTOIBiR
uMoZ6eMfyimkFteonoG+JcDf9w8yspH4A5FeiVWnttFgT0EDELJjINVScxdVagix
dSMjh44+rcbxuPBr3vgLQrIW6U6iZQ/aErvRmcRaAYVE0SAXik4IAQl6pq8Lgruw
1jQrMJ85s4nTiEaVfLsY3BHVVLyWXxnXyrpk96Fe7Tj4Mqp14Kv8I3/SJajXYIMs
spVAywbx+9E71lGCg4/sHmFfJ609S0aDCHEkb6hgpNXYRCT0lRE=
=Xw5Y
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org