You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/11/08 21:08:47 UTC
svn commit: r1713286 - in /tomcat/trunk/java/org/apache/tomcat:
jni/SSLContext.java util/net/openssl/OpenSSLContext.java
Author: markt
Date: Sun Nov 8 20:08:47 2015
New Revision: 1713286
URL: http://svn.apache.org/viewvc?rev=1713286&view=rev
Log:
Checkstyle fixes
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java?rev=1713286&r1=1713285&r2=1713286&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java Sun Nov 8 20:08:47 2015
@@ -509,7 +509,7 @@ public final class SSLContext {
* @return {@code true} if success, {@code false} otherwise.
*/
public static native boolean setSessionIdContext(long ctx, byte[] sidCtx);
-
+
/**
* Set CertificateRaw
* <br>
@@ -517,7 +517,7 @@ public final class SSLContext {
* @param ctx Server or Client context to use.
* @param cert Byte array with the certificate in DER encoding.
* @param key Byte array with the Private Key file in PEM format.
- * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
+ * @param sslAidxRsa Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
*/
- public static native boolean setCertificateRaw(long ctx, byte[] cert, byte[] key, int sslAidxRsa);
+ public static native boolean setCertificateRaw(long ctx, byte[] cert, byte[] key, int sslAidxRsa);
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1713286&r1=1713285&r2=1713286&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Sun Nov 8 20:08:47 2015
@@ -18,10 +18,7 @@ package org.apache.tomcat.util.net.opens
import java.io.IOException;
import java.io.InputStream;
-import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
@@ -38,7 +35,6 @@ import java.security.spec.PKCS8EncodedKe
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
-import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
@@ -114,9 +110,9 @@ public class OpenSSLContext implements o
= AtomicIntegerFieldUpdater.newUpdater(OpenSSLContext.class, "aprPoolDestroyed");
static final CertificateFactory X509_CERT_FACTORY;
- private static final String BEGIN_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
+ private static final String BEGIN_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
- private static final Object END_KEY = "\n-----END RSA PRIVATE KEY-----";
+ private static final Object END_KEY = "\n-----END RSA PRIVATE KEY-----";
private boolean initialized = false;
static {
@@ -330,14 +326,14 @@ public class OpenSSLContext implements o
SSLContext.setCipherSuite(ctx, ciphers);
// Load Server key and certificate
if (certificate.getCertificateFile() != null) {
-
- SSLContext.setCertificate(ctx,
+
+ SSLContext.setCertificate(ctx,
SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()),
certificate.getCertificateKeyPassword(), SSL.SSL_AIDX_RSA);
-
+
// Support Client Certificates
-
+
SSLContext.setCACertificate(ctx,
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
@@ -354,10 +350,10 @@ public class OpenSSLContext implements o
X509Certificate certificate = keyManager.getCertificateChain(alias)[0];
PrivateKey key = keyManager.getPrivateKey(alias);
StringBuilder sb = new StringBuilder(BEGIN_KEY);
- sb.append(Base64.getMimeEncoder(64, new byte[] {'\n'}).encodeToString(key.getEncoded()));
+ sb.append(Base64.getMimeEncoder(64, new byte[] {'\n'}).encodeToString(key.getEncoded()));
sb.append(END_KEY);
SSLContext.setCertificateRaw(ctx, certificate.getEncoded(), sb.toString().getBytes(StandardCharsets.US_ASCII), SSL.SSL_AIDX_RSA);
-
+
}
// Client certificate verification
int value = 0;
@@ -413,40 +409,40 @@ public class OpenSSLContext implements o
}
String getJSSEAlias(SSLHostConfig sslHostConfig, X509KeyManager keyManager) {
- String alias = null;
- // TODO make sure we get the right one...
+ String alias = null;
+ // TODO make sure we get the right one...
if (certificate.getCertificateKeyAlias() != null)
- alias = certificate.getCertificateKeyAlias();
+ alias = certificate.getCertificateKeyAlias();
return alias;
}
/**
* get the JSSE key manager for the keystore
- * @throws KeyStoreException
- * @throws NoSuchAlgorithmException
- * @throws UnrecoverableKeyException
- * @throws IOException
- * @throws CertificateException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws IOException
+ * @throws CertificateException
*
*/
static X509KeyManager getJSSEKeyManager(SSLHostConfig sslHostConfig) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
- String keystoretype = null;
- String keystoreprovider = null;
- String keystorefile = null;
- String password = null;
- // TODO make sure we get the right one...
+ String keystoretype = null;
+ String keystoreprovider = null;
+ String keystorefile = null;
+ String password = null;
+ // TODO make sure we get the right one...
for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) {
if (certificate.getCertificateKeystoreFile() != null)
- keystorefile = certificate.getCertificateKeystoreFile();
- if (certificate.getCertificateKeystorePassword() != null)
- password = certificate.getCertificateKeystorePassword();
- if (certificate.getCertificateKeystoreType() != null)
- keystoretype = certificate.getCertificateKeystoreType();
+ keystorefile = certificate.getCertificateKeystoreFile();
+ if (certificate.getCertificateKeystorePassword() != null)
+ password = certificate.getCertificateKeystorePassword();
+ if (certificate.getCertificateKeystoreType() != null)
+ keystoretype = certificate.getCertificateKeystoreType();
if (certificate.getCertificateKeystoreProvider() != null)
- keystoreprovider = certificate.getCertificateKeystoreProvider();
+ keystoreprovider = certificate.getCertificateKeystoreProvider();
}
KeyStore ks = KeyStore.getInstance(keystoretype);
InputStream stream = ConfigFileLoader.getInputStream(keystorefile);
- ks.load(stream, password.toCharArray());
+ ks.load(stream, password.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(keystoreprovider);
kmf.init(ks, password.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org