You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/13 12:53:24 UTC
svn commit: r1659524 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
SSLSupport.java jsse/JSSEImplementation.java jsse/JSSESupport.java
jsse/openssl/Cipher.java
Author: markt
Date: Fri Feb 13 11:53:23 2015
New Revision: 1659524
URL: http://svn.apache.org/r1659524
Log:
We have the full list of SSL/TLS ciphers and the associated effective bit strength so use it.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java?rev=1659524&r1=1659523&r2=1659524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java Fri Feb 13 11:53:23 2015
@@ -57,24 +57,6 @@ public interface SSLSupport {
/**
- * A mapping table to determine the number of effective bits in the key
- * when using a cipher suite containing the specified cipher name. The
- * underlying data came from the TLS Specification (RFC 2246), Appendix C.
- */
- static final CipherData ciphers[] = {
- new CipherData("_WITH_NULL_", 0),
- new CipherData("_WITH_IDEA_CBC_", 128),
- new CipherData("_WITH_RC2_CBC_40_", 40),
- new CipherData("_WITH_RC4_40_", 40),
- new CipherData("_WITH_RC4_128_", 128),
- new CipherData("_WITH_DES40_CBC_", 40),
- new CipherData("_WITH_DES_CBC_", 56),
- new CipherData("_WITH_3DES_EDE_CBC_", 168),
- new CipherData("_WITH_AES_128_CBC_", 128),
- new CipherData("_WITH_AES_256_CBC_", 256)
- };
-
- /**
* The cipher suite being used on this connection.
*
* @return The name of the cipher suite as returned by the SSL/TLS
@@ -124,25 +106,5 @@ public interface SSLSupport {
* @throws IOException If an error occurs trying to obtain the session ID
*/
public String getSessionId() throws IOException;
-
- /**
- * Simple data class that represents the cipher being used, along with the
- * corresponding effective key size. The specified phrase must appear in the
- * name of the cipher suite to be recognized.
- */
-
- final class CipherData {
-
- public String phrase = null;
-
- public int keySize = 0;
-
- public CipherData(String phrase, int keySize) {
- this.phrase = phrase;
- this.keySize = keySize;
- }
-
- }
-
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1659524&r1=1659523&r2=1659524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java Fri Feb 13 11:53:23 2015
@@ -32,6 +32,13 @@ import org.apache.tomcat.util.net.SSLUti
public class JSSEImplementation extends SSLImplementation {
+ public JSSEImplementation() {
+ // Make sure the keySizeCache is loaded now as part of connector startup
+ // else the cache will be populated on first use which will slow that
+ // request down.
+ JSSESupport.init();
+ }
+
@Override
public String getImplementationName(){
return "JSSE";
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1659524&r1=1659523&r2=1659524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Feb 13 11:53:23 2015
@@ -21,8 +21,8 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
+import java.util.HashMap;
import java.util.Map;
-import java.util.WeakHashMap;
import javax.net.ssl.SSLSession;
@@ -30,6 +30,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.SSLSessionManager;
import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/** JSSESupport
@@ -52,7 +53,24 @@ public class JSSESupport implements SSLS
private static final StringManager sm =
StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
- private static final Map<SSLSession,Integer> keySizeCache = new WeakHashMap<>();
+ private static final Map<String,Integer> keySizeCache = new HashMap<>();
+
+ static {
+ for (Cipher cipher : Cipher.values()) {
+ for (String jsseName : cipher.getJsseNames()) {
+ keySizeCache.put(jsseName, Integer.valueOf(cipher.getStrength_bits()));
+ }
+ }
+ }
+
+ /*
+ * NO-OP method provided to make it easy for other classes in this package
+ * to trigger the loading of this class and the population of the
+ * keySizeCache.
+ */
+ static void init() {
+ // NO-OP
+ }
private SSLSession session;
@@ -120,33 +138,13 @@ public class JSSESupport implements SSLS
* This returns the effective bits for the current cipher suite.
*/
@Override
- public Integer getKeySize()
- throws IOException {
+ public Integer getKeySize() throws IOException {
// Look up the current SSLSession
- SSLSupport.CipherData c_aux[]=ciphers;
- if (session == null)
+ if (session == null) {
return null;
-
- Integer keySize = null;
- synchronized(keySizeCache) {
- keySize = keySizeCache.get(session);
}
- if (keySize == null) {
- int size = 0;
- String cipherSuite = session.getCipherSuite();
- for (int i = 0; i < c_aux.length; i++) {
- if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) {
- size = c_aux[i].keySize;
- break;
- }
- }
- keySize = Integer.valueOf(size);
- synchronized(keySizeCache) {
- keySizeCache.put(session, keySize);
- }
- }
- return keySize;
+ return keySizeCache.get(session.getCipherSuite());
}
@Override
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1659524&r1=1659523&r2=1659524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri Feb 13 11:53:23 2015
@@ -34,7 +34,7 @@ import java.util.Set;
* @see <a href="https://www.openssl.org/docs/apps/ciphers.html"
* >Mapping of OpenSSL cipher suites names to registry names</a>
*/
-enum Cipher {
+public enum Cipher {
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org