You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/28 20:38:31 UTC
svn commit: r1662994 - in
/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net:
AbstractEndpoint.java jsse/JSSESocketFactory.java
jsse/res/LocalStrings.properties
Author: markt
Date: Sat Feb 28 19:38:30 2015
New Revision: 1662994
URL: http://svn.apache.org/r1662994
Log:
Remove dependency on SSLServerSocket.getSSLParameters() which is only available from Java 7 onwards.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1662994&r1=1662993&r2=1662994&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Sat Feb 28 19:38:30 2015
@@ -18,8 +18,6 @@ package org.apache.tomcat.util.net;
import java.io.File;
import java.io.OutputStreamWriter;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.ArrayList;
@@ -30,10 +28,10 @@ import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint.Acceptor.AcceptorState;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.threads.LimitLatch;
@@ -656,15 +654,9 @@ public abstract class AbstractEndpoint<S
private void testServerCipherSuitesOrderSupport() {
// Only test this feature if the user explicitly requested its use.
if(!"".equals(getUseServerCipherSuitesOrder().trim())) {
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
- }
- catch (NoSuchMethodException nsme) {
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
+ if (JreCompat.isJre8Available()) {
+ throw new UnsupportedOperationException(
+ sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"));
}
}
}
@@ -979,36 +971,11 @@ public abstract class AbstractEndpoint<S
// Only use this feature if the user explicitly requested its use.
if(!"".equals(useServerCipherSuitesOrderStr)) {
- SSLParameters sslParameters = engine.getSSLParameters();
boolean useServerCipherSuitesOrder =
("true".equalsIgnoreCase(useServerCipherSuitesOrderStr)
|| "yes".equalsIgnoreCase(useServerCipherSuitesOrderStr));
-
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- Method m = SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
-
- m.invoke(sslParameters, Boolean.valueOf(useServerCipherSuitesOrder));
- }
- catch (NoSuchMethodException nsme) {
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
- } catch (InvocationTargetException ite) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- ite);
- } catch (IllegalArgumentException iae) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- iae);
- } catch (IllegalAccessException e) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- e);
- }
- engine.setSSLParameters(sslParameters);
+ JreCompat jreCompat = JreCompat.getInstance();
+ jreCompat.setUseServerCipherSuitesOrder(engine, useServerCipherSuitesOrder);
}
}
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1662994&r1=1662993&r2=1662994&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Sat Feb 28 19:38:30 2015
@@ -22,8 +22,6 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
@@ -54,7 +52,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
@@ -64,6 +61,7 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLUtil;
@@ -787,36 +785,11 @@ public class JSSESocketFactory implement
// Only use this feature if the user explicitly requested its use.
if(!"".equals(useServerCipherSuitesOrderStr)) {
- SSLParameters sslParameters = socket.getSSLParameters();
boolean useServerCipherSuitesOrder =
("true".equalsIgnoreCase(useServerCipherSuitesOrderStr)
|| "yes".equalsIgnoreCase(useServerCipherSuitesOrderStr));
-
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- Method m = SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
-
- m.invoke(sslParameters, Boolean.valueOf(useServerCipherSuitesOrder));
- }
- catch (NoSuchMethodException nsme) {
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
- } catch (InvocationTargetException ite) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- ite);
- } catch (IllegalArgumentException iae) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- iae);
- } catch (IllegalAccessException e) {
- // Should not happen
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- e);
- }
- socket.setSSLParameters(sslParameters);
+ JreCompat jreCompat = JreCompat.getInstance();
+ jreCompat.setUseServerCipherSuitesOrder(socket, useServerCipherSuitesOrder);
}
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1662994&r1=1662993&r2=1662994&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Sat Feb 28 19:38:30 2015
@@ -33,4 +33,3 @@ jseeSupport.certTranslationError=Error t
jsseSupport.noCertWant=No client certificate sent for want
jsseSupport.serverRenegDisabled=SSL server initiated renegotiation is disabled, closing connection
jsseSupport.unexpectedData=Unexpected data read from input stream
-jsse.cannotHonorServerCipherOrder=Java Runtime does not support "useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1662994 - in /tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net:
AbstractEndpoint.java jsse/JSSESocketFactory.java jsse/res/LocalStrings.properties
Posted by Mark Thomas <ma...@apache.org>.
On 01/03/2015 02:11, Christopher Schultz wrote:
> Mark,
>
> On 2/28/15 2:38 PM, markt@apache.org wrote:
>> Author: markt
>> Date: Sat Feb 28 19:38:30 2015
>> New Revision: 1662994
>>
>> URL: http://svn.apache.org/r1662994
<snip/>
> It may be a bit pedantic, but would it be better to check for the Java
> version (as above), or for the presence of the method?
I tend to look for the simplest / cleanest solution. An explicit method
check would duplicate code already in JreCompat.
> I feel like the
> availability of the method is more important than the runtime version of
> Java, though the API is much more well-defined than, say, Javascript
> where version-checking is always a bad idea.
The method is what is required but given how tightly defined Java's API
is a check for the presence of the method is functionally identical to
check the Java version (which we happen to do by looking for this method).
> I'm happy to leave it this way, but I feel it is a bit ... sloppy? I
> dunno... is mine just an academic concern?
I think it is more of a style choice at this stage. If the use of
JreCompat expands then I think the academic argument would lean towards
isJre8Available() on the grounds of simplicity / cleanness / etc.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1662994 - in
/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net: AbstractEndpoint.java
jsse/JSSESocketFactory.java jsse/res/LocalStrings.properties
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 2/28/15 2:38 PM, markt@apache.org wrote:
> Author: markt
> Date: Sat Feb 28 19:38:30 2015
> New Revision: 1662994
>
> URL: http://svn.apache.org/r1662994
> Log:
> Remove dependency on SSLServerSocket.getSSLParameters() which is only available from Java 7 onwards.
>
> Modified:
> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
>
> Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
> URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1662994&r1=1662993&r2=1662994&view=diff
> ==============================================================================
> --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original)
> +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Sat Feb 28 19:38:30 2015
> @@ -18,8 +18,6 @@ package org.apache.tomcat.util.net;
>
> import java.io.File;
> import java.io.OutputStreamWriter;
> -import java.lang.reflect.InvocationTargetException;
> -import java.lang.reflect.Method;
> import java.net.InetAddress;
> import java.net.InetSocketAddress;
> import java.util.ArrayList;
> @@ -30,10 +28,10 @@ import java.util.concurrent.TimeUnit;
>
> import javax.net.ssl.KeyManagerFactory;
> import javax.net.ssl.SSLEngine;
> -import javax.net.ssl.SSLParameters;
>
> import org.apache.juli.logging.Log;
> import org.apache.tomcat.util.IntrospectionUtils;
> +import org.apache.tomcat.util.compat.JreCompat;
> import org.apache.tomcat.util.net.AbstractEndpoint.Acceptor.AcceptorState;
> import org.apache.tomcat.util.res.StringManager;
> import org.apache.tomcat.util.threads.LimitLatch;
> @@ -656,15 +654,9 @@ public abstract class AbstractEndpoint<S
> private void testServerCipherSuitesOrderSupport() {
> // Only test this feature if the user explicitly requested its use.
> if(!"".equals(getUseServerCipherSuitesOrder().trim())) {
> - try {
> - // This method is only available in Java 8+
> - // Check to see if the method exists, and then call it.
> - SSLParameters.class.getMethod("setUseCipherSuitesOrder",
> - Boolean.TYPE);
> - }
> - catch (NoSuchMethodException nsme) {
> - throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
> - nsme);
> + if (JreCompat.isJre8Available()) {
> + throw new UnsupportedOperationException(
> + sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"));
It may be a bit pedantic, but would it be better to check for the Java
version (as above), or for the presence of the method? I feel like the
availability of the method is more important than the runtime version of
Java, though the API is much more well-defined than, say, Javascript
where version-checking is always a bad idea.
I'm happy to leave it this way, but I feel it is a bit ... sloppy? I
dunno... is mine just an academic concern?
-chris