You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/06/14 13:21:53 UTC
svn commit: r1135489 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
webapps/docs/changelog.xml webapps/docs/config/http.xml
Author: markt
Date: Tue Jun 14 11:21:53 2011
New Revision: 1135489
URL: http://svn.apache.org/viewvc?rev=1135489&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48208
Provide an option to specify a custom trust manager
Based on a patch by Luciana Moreira.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jun 14 11:21:53 2011
@@ -97,15 +97,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kfujino, markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48208
- Provide an option to specify a custom trust manager
- https://issues.apache.org/bugzilla/attachment.cgi?id=26732
- Based on a patch by Luciana Moreira.
- +1: markt
- +1: kkolinko, rjung: if a typo in the code is corrected:
- s/get("trustManageClassName")/get("trustManagerClassName")/
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50854
Allow shared manager app when running under a security manager
https://issues.apache.org/bugzilla/attachment.cgi?id=26758
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Jun 14 11:21:53 2011
@@ -577,19 +577,48 @@ public class JSSESocketFactory
if (crlf == null) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(trustStore);
- tms = tmf.getTrustManagers();
+ tms = getTrustManagers(tmf);
} else {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(algorithm, crlf, trustStore);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
- tms = tmf.getTrustManagers();
+ tms = getTrustManagers(tmf);
}
}
return tms;
}
-
+
+ /**
+ * Gets the TrustManagers either from Connector's
+ * <code>trustManagerClassName</code> attribute (if set) else from the
+ * {@link TrustManagerFactory}.
+ * @return The TrustManagers to use for this connector.
+ * @throws NoSuchAlgorithmException
+ * @throws ClassNotFoundException
+ * @throws IllegalAccessException
+ * @throws InstantiationException
+ */
+ protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
+ throws NoSuchAlgorithmException, ClassNotFoundException,
+ InstantiationException, IllegalAccessException {
+
+ String className = (String) attributes.get("trustManagerClassName");
+ if(className != null && className.length() > 0) {
+ ClassLoader classLoader = getClass().getClassLoader();
+ Class<?> clazz = classLoader.loadClass(className);
+ if(!(TrustManager.class.isAssignableFrom(clazz))){
+ throw new InstantiationException(sm.getString(
+ "jsse.invalidTrustManagerClassName", className));
+ }
+ Object trustManagerObject = clazz.newInstance();
+ TrustManager trustManager = (TrustManager) trustManagerObject;
+ return new TrustManager[]{ trustManager };
+ }
+ return tmf.getTrustManagers();
+ }
+
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Tue Jun 14 11:21:53 2011
@@ -16,3 +16,4 @@
jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
+jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Jun 14 11:21:53 2011
@@ -119,6 +119,11 @@
INFO. (kkolinko)
</fix>
<add>
+ <bug>48208</bug>: Provide an option to specify a custom trust manager
+ for BIO and NIO HTTP connectors using SSL. Based on a patch by Luciana
+ Moreira. (markt)
+ </add>
+ <add>
<bug>50887</bug>: Enable the provider to be configured when generating
SSL certs. Based on a patch by pknopp. (markt)
</add>
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=1135489&r1=1135488&r2=1135489&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Tue Jun 14 11:21:53 2011
@@ -752,6 +752,14 @@
specified the first key read in the keystore will be used.</p>
</attribute>
+ <attribute name="trustManagerClassName" required="false">
+ <p>The name of a custom trust manager class to use to validate client
+ certificates. The class must have a zero argument constructor and must
+ also implement <code>javax.net.ssl.X509TrustManager</code>. If this
+ attribute is set, the trust store attributes may be ignored.
+ </p>
+ </attribute>
+
<attribute name="truststoreFile" required="false">
<p>The trust store file to use to validate client certificates. The
default is the value of the <code>javax.net.ssl.trustStore</code> system
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org