You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/04/09 15:23:54 UTC
svn commit: r1672342 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
AbstractJsseEndpoint.java Nio2Endpoint.java NioEndpoint.java
Author: markt
Date: Thu Apr 9 13:23:53 2015
New Revision: 1672342
URL: http://svn.apache.org/r1672342
Log:
Pull up the common JSSE code.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1672342&r1=1672341&r2=1672342&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu Apr 9 13:23:53 2015
@@ -16,6 +16,92 @@
*/
package org.apache.tomcat.util.net;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.X509KeyManager;
+
+import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
+
public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
+ private SSLImplementation sslImplementation = null;
+ public SSLImplementation getSslImplementation() {
+ return sslImplementation;
+ }
+
+ private String[] enabledCiphers;
+ @Override
+ public String[] getCiphersUsed() {
+ return enabledCiphers;
+ }
+
+ private String[] enabledProtocols;
+
+ private SSLContext sslContext = null;
+ public SSLContext getSSLContext() { return sslContext;}
+ public void setSSLContext(SSLContext c) { sslContext = c;}
+
+
+ protected void initialiseSsl() throws Exception {
+ if (isSSLEnabled()) {
+ sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
+ SSLUtil sslUtil = sslImplementation.getSSLUtil(this);
+
+ sslContext = sslUtil.createSSLContext();
+ sslContext.init(wrap(sslUtil.getKeyManagers()),
+ sslUtil.getTrustManagers(), null);
+
+ SSLSessionContext sessionContext =
+ sslContext.getServerSessionContext();
+ if (sessionContext != null) {
+ sslUtil.configureSessionContext(sessionContext);
+ }
+ // Determine which cipher suites and protocols to enable
+ enabledCiphers = sslUtil.getEnableableCiphers(sslContext);
+ enabledProtocols = sslUtil.getEnableableProtocols(sslContext);
+ }
+ }
+
+
+ protected SSLEngine createSSLEngine() {
+ SSLEngine engine = sslContext.createSSLEngine();
+ if ("false".equals(getClientAuth())) {
+ engine.setNeedClientAuth(false);
+ engine.setWantClientAuth(false);
+ } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
+ engine.setNeedClientAuth(true);
+ } else if ("want".equals(getClientAuth())) {
+ engine.setWantClientAuth(true);
+ }
+ engine.setUseClientMode(false);
+ engine.setEnabledCipherSuites(enabledCiphers);
+ engine.setEnabledProtocols(enabledProtocols);
+
+ configureUseServerCipherSuitesOrder(engine);
+
+ return engine;
+ }
+
+
+
+ @Override
+ public void unbind() throws Exception {
+ sslContext = null;
+ }
+
+
+ private KeyManager[] wrap(KeyManager[] managers) {
+ if (managers==null) return null;
+ KeyManager[] result = new KeyManager[managers.length];
+ for (int i=0; i<result.length; i++) {
+ if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
+ result[i] = new NioX509KeyManager((X509KeyManager)managers[i],getKeyAlias());
+ } else {
+ result[i] = managers[i];
+ }
+ }
+ return result;
+ }
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java?rev=1672342&r1=1672341&r2=1672342&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java Thu Apr 9 13:23:53 2015
@@ -43,12 +43,8 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicInteger;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -57,7 +53,6 @@ import org.apache.tomcat.util.buf.ByteBu
import org.apache.tomcat.util.collections.SynchronizedStack;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.jsse.JSSESupport;
-import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
/**
* NIO2 endpoint.
@@ -165,13 +160,6 @@ public class Nio2Endpoint extends Abstra
}
- private SSLImplementation sslImplementation = null;
- private SSLContext sslContext = null;
- public SSLContext getSSLContext() { return sslContext;}
- public void setSSLContext(SSLContext c) { sslContext = c;}
- private String[] enabledCiphers;
- private String[] enabledProtocols;
-
/**
* Port in use.
*/
@@ -195,17 +183,6 @@ public class Nio2Endpoint extends Abstra
}
- public SSLImplementation getSslImplementation() {
- return sslImplementation;
- }
-
-
- @Override
- public String[] getCiphersUsed() {
- return enabledCiphers;
- }
-
-
// --------------------------------------------------------- OOM Parachute Methods
protected void checkParachute() {
@@ -283,40 +260,11 @@ public class Nio2Endpoint extends Abstra
}
// Initialize SSL if needed
- if (isSSLEnabled()) {
- sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
- SSLUtil sslUtil = sslImplementation.getSSLUtil(this);
-
- sslContext = sslUtil.createSSLContext();
- sslContext.init(wrap(sslUtil.getKeyManagers()),
- sslUtil.getTrustManagers(), null);
-
- SSLSessionContext sessionContext =
- sslContext.getServerSessionContext();
- if (sessionContext != null) {
- sslUtil.configureSessionContext(sessionContext);
- }
- // Determine which cipher suites and protocols to enable
- enabledCiphers = sslUtil.getEnableableCiphers(sslContext);
- enabledProtocols = sslUtil.getEnableableProtocols(sslContext);
- }
+ initialiseSsl();
if (oomParachute>0) reclaimParachute(true);
}
- public KeyManager[] wrap(KeyManager[] managers) {
- if (managers==null) return null;
- KeyManager[] result = new KeyManager[managers.length];
- for (int i=0; i<result.length; i++) {
- if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
- result[i] = new NioX509KeyManager((X509KeyManager)managers[i],getKeyAlias());
- } else {
- result[i] = managers[i];
- }
- }
- return result;
- }
-
/**
* Start the NIO endpoint, creating acceptor, poller threads.
@@ -336,8 +284,6 @@ public class Nio2Endpoint extends Abstra
socketProperties.getBufferPool());
}
- sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
-
// Create worker collection
if ( getExecutor() == null ) {
createExecutor();
@@ -406,7 +352,7 @@ public class Nio2Endpoint extends Abstra
// Close server socket
serverSock.close();
serverSock = null;
- sslContext = null;
+ super.unbind();
// Unlike other connectors, the thread pool is tied to the server socket
shutdownExecutor();
releaseCaches();
@@ -477,7 +423,7 @@ public class Nio2Endpoint extends Abstra
Nio2Channel channel = (useCaches) ? nioChannels.pop() : null;
if (channel == null) {
// SSL setup
- if (sslContext != null) {
+ if (isSSLEnabled()) {
SSLEngine engine = createSSLEngine();
int appBufferSize = engine.getSession().getApplicationBufferSize();
SocketBufferHandler bufhandler = new SocketBufferHandler(
@@ -493,7 +439,7 @@ public class Nio2Endpoint extends Abstra
channel = new Nio2Channel(bufhandler);
}
} else {
- if (sslContext != null) {
+ if (isSSLEnabled()) {
SSLEngine engine = createSSLEngine();
((SecureNio2Channel) channel).setSSLEngine(engine);
}
@@ -521,25 +467,6 @@ public class Nio2Endpoint extends Abstra
return true;
}
- protected SSLEngine createSSLEngine() {
- SSLEngine engine = sslContext.createSSLEngine();
- if ("false".equals(getClientAuth())) {
- engine.setNeedClientAuth(false);
- engine.setWantClientAuth(false);
- } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
- engine.setNeedClientAuth(true);
- } else if ("want".equals(getClientAuth())) {
- engine.setWantClientAuth(true);
- }
- engine.setUseClientMode(false);
- engine.setEnabledCipherSuites(enabledCiphers);
- engine.setEnabledProtocols(enabledProtocols);
-
- configureUseServerCipherSuitesOrder(engine);
-
- return engine;
- }
-
/**
* Returns true if a worker thread is available for processing.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1672342&r1=1672341&r2=1672342&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Thu Apr 9 13:23:53 2015
@@ -40,12 +40,8 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -55,7 +51,6 @@ import org.apache.tomcat.util.collection
import org.apache.tomcat.util.collections.SynchronizedStack;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.jsse.JSSESupport;
-import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
/**
* NIO tailored thread pool, providing the following services:
@@ -224,13 +219,6 @@ public class NioEndpoint extends Abstrac
}
- private SSLImplementation sslImplementation = null;
- private SSLContext sslContext = null;
- public SSLContext getSSLContext() { return sslContext;}
- public void setSSLContext(SSLContext c) { sslContext = c;}
- private String[] enabledCiphers;
- private String[] enabledProtocols;
-
/**
* Port in use.
*/
@@ -250,17 +238,6 @@ public class NioEndpoint extends Abstrac
}
- public SSLImplementation getSslImplementation() {
- return sslImplementation;
- }
-
-
- @Override
- public String[] getCiphersUsed() {
- return enabledCiphers;
- }
-
-
// --------------------------------------------------------- OOM Parachute Methods
protected void checkParachute() {
@@ -338,42 +315,12 @@ public class NioEndpoint extends Abstrac
stopLatch = new CountDownLatch(pollerThreadCount);
// Initialize SSL if needed
- if (isSSLEnabled()) {
- sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
- SSLUtil sslUtil = sslImplementation.getSSLUtil(this);
-
- sslContext = sslUtil.createSSLContext();
- sslContext.init(wrap(sslUtil.getKeyManagers()),
- sslUtil.getTrustManagers(), null);
-
- SSLSessionContext sessionContext =
- sslContext.getServerSessionContext();
- if (sessionContext != null) {
- sslUtil.configureSessionContext(sessionContext);
- }
- // Determine which cipher suites and protocols to enable
- enabledCiphers = sslUtil.getEnableableCiphers(sslContext);
- enabledProtocols = sslUtil.getEnableableProtocols(sslContext);
- }
+ initialiseSsl();
if (oomParachute>0) reclaimParachute(true);
selectorPool.open();
}
- public KeyManager[] wrap(KeyManager[] managers) {
- if (managers==null) return null;
- KeyManager[] result = new KeyManager[managers.length];
- for (int i=0; i<result.length; i++) {
- if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
- result[i] = new NioX509KeyManager((X509KeyManager)managers[i],getKeyAlias());
- } else {
- result[i] = managers[i];
- }
- }
- return result;
- }
-
-
/**
* Start the NIO endpoint, creating acceptor, poller threads.
*/
@@ -458,7 +405,7 @@ public class NioEndpoint extends Abstrac
serverSock.socket().close();
serverSock.close();
serverSock = null;
- sslContext = null;
+ super.unbind();
releaseCaches();
selectorPool.close();
if (log.isDebugEnabled()) {
@@ -511,7 +458,7 @@ public class NioEndpoint extends Abstrac
NioChannel channel = nioChannels.pop();
if ( channel == null ) {
// SSL setup
- if (sslContext != null) {
+ if (isSSLEnabled()) {
SSLEngine engine = createSSLEngine();
int appbufsize = engine.getSession().getApplicationBufferSize();
SocketBufferHandler bufhandler = new SocketBufferHandler(
@@ -550,25 +497,6 @@ public class NioEndpoint extends Abstrac
return true;
}
- protected SSLEngine createSSLEngine() {
- SSLEngine engine = sslContext.createSSLEngine();
- if ("false".equals(getClientAuth())) {
- engine.setNeedClientAuth(false);
- engine.setWantClientAuth(false);
- } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
- engine.setNeedClientAuth(true);
- } else if ("want".equals(getClientAuth())) {
- engine.setWantClientAuth(true);
- }
- engine.setUseClientMode(false);
- engine.setEnabledCipherSuites(enabledCiphers);
- engine.setEnabledProtocols(enabledProtocols);
-
- configureUseServerCipherSuitesOrder(engine);
-
- return engine;
- }
-
/**
* Returns true if a worker thread is available for processing.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org