You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/06/14 13:21:53 UTC

svn commit: r1135489 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties webapps/docs/changelog.xml webapps/docs/config/http.xml

Author: markt
Date: Tue Jun 14 11:21:53 2011
New Revision: 1135489

URL: http://svn.apache.org/viewvc?rev=1135489&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48208
Provide an option to specify a custom trust manager
Based on a patch by Luciana Moreira.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jun 14 11:21:53 2011
@@ -97,15 +97,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: kfujino, markt
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48208
-  Provide an option to specify a custom trust manager
-  https://issues.apache.org/bugzilla/attachment.cgi?id=26732
-  Based on a patch by Luciana Moreira.
-  +1: markt
-  +1: kkolinko, rjung: if a typo in the code is corrected:
-    s/get("trustManageClassName")/get("trustManagerClassName")/
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50854
   Allow shared manager app when running under a security manager
   https://issues.apache.org/bugzilla/attachment.cgi?id=26758

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Jun 14 11:21:53 2011
@@ -577,19 +577,48 @@ public class JSSESocketFactory
             if (crlf == null) {
                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                 tmf.init(trustStore);
-                tms = tmf.getTrustManagers();
+                tms = getTrustManagers(tmf);
             } else {
                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                 CertPathParameters params = getParameters(algorithm, crlf, trustStore);
                 ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
                 tmf.init(mfp);
-                tms = tmf.getTrustManagers();
+                tms = getTrustManagers(tmf);
             }
         }
         
         return tms;
     }
-    
+
+    /**
+     * Gets the TrustManagers either from Connector's
+     * <code>trustManagerClassName</code> attribute (if set) else from the
+     * {@link TrustManagerFactory}.
+     * @return The TrustManagers to use for this connector.
+     * @throws NoSuchAlgorithmException 
+     * @throws ClassNotFoundException 
+     * @throws IllegalAccessException 
+     * @throws InstantiationException 
+    */
+    protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
+            throws NoSuchAlgorithmException, ClassNotFoundException,
+            InstantiationException, IllegalAccessException {
+
+        String className = (String) attributes.get("trustManagerClassName");
+        if(className != null && className.length() > 0) {
+            ClassLoader classLoader = getClass().getClassLoader();
+            Class<?> clazz = classLoader.loadClass(className);
+            if(!(TrustManager.class.isAssignableFrom(clazz))){
+                throw new InstantiationException(sm.getString(
+                        "jsse.invalidTrustManagerClassName", className));
+            }
+            Object trustManagerObject = clazz.newInstance();
+            TrustManager trustManager = (TrustManager) trustManagerObject;
+            return new TrustManager[]{ trustManager };
+        }      
+        return tmf.getTrustManagers();
+    }
+
     /**
      * Return the initialization parameters for the TrustManager.
      * Currently, only the default <code>PKIX</code> is supported.

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Tue Jun 14 11:21:53 2011
@@ -16,3 +16,4 @@
 jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
 jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
 jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
+jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Jun 14 11:21:53 2011
@@ -119,6 +119,11 @@
         INFO. (kkolinko) 
       </fix>
       <add>
+        <bug>48208</bug>: Provide an option to specify a custom trust manager
+        for BIO and NIO HTTP connectors using SSL. Based on a patch by Luciana
+        Moreira. (markt)
+      </add>
+      <add>
         <bug>50887</bug>: Enable the provider to be configured when generating
         SSL certs. Based on a patch by pknopp. (markt)
       </add>

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Tue Jun 14 11:21:53 2011
@@ -752,6 +752,14 @@
       specified the first key read in the keystore will be used.</p>
     </attribute>
 
+    <attribute name="trustManagerClassName" required="false">
+      <p>The name of a custom trust manager class to use to validate client
+      certificates. The class must have a zero argument constructor and must
+      also implement <code>javax.net.ssl.X509TrustManager</code>. If this
+      attribute is set, the trust store attributes may be ignored.
+      </p>
+    </attribute>
+
     <attribute name="truststoreFile" required="false">
       <p>The trust store file to use to validate client certificates. The
       default is the value of the <code>javax.net.ssl.trustStore</code> system



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org