You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/11/05 00:41:30 UTC
svn commit: r1636781 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
DefaultServerSocketFactory.java SSLImplementation.java
ServerSocketFactory.java jsse/JSSEImplementation.java
jsse/JSSESocketFactory.java
Author: markt
Date: Tue Nov 4 23:41:30 2014
New Revision: 1636781
URL: http://svn.apache.org/r1636781
Log:
Remove BIo specific JSSE code
Removed:
tomcat/trunk/java/org/apache/tomcat/util/net/DefaultServerSocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/ServerSocketFactory.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java?rev=1636781&r1=1636780&r2=1636781&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java Tue Nov 4 23:41:30 2014
@@ -17,8 +17,6 @@
package org.apache.tomcat.util.net;
-import java.net.Socket;
-
import javax.net.ssl.SSLSession;
/* SSLImplementation:
@@ -80,11 +78,6 @@ public abstract class SSLImplementation
public abstract String getImplementationName();
- public abstract ServerSocketFactory getServerSocketFactory(
- AbstractEndpoint<?> endpoint);
-
- public abstract SSLSupport getSSLSupport(Socket sock);
-
public abstract SSLSupport getSSLSupport(SSLSession session);
public abstract SSLUtil getSSLUtil(AbstractEndpoint<?> ep);
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1636781&r1=1636780&r2=1636781&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java Tue Nov 4 23:41:30 2014
@@ -14,19 +14,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.util.net.jsse;
-import java.net.Socket;
-
import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
-import org.apache.tomcat.util.net.ServerSocketFactory;
/* JSSEImplementation:
@@ -43,16 +38,6 @@ public class JSSEImplementation extends
}
@Override
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
- return new JSSESocketFactory(endpoint);
- }
-
- @Override
- public SSLSupport getSSLSupport(Socket s) {
- return new JSSESupport((SSLSocket) s);
- }
-
- @Override
public SSLSupport getSSLSupport(SSLSession session) {
return new JSSESupport(session);
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1636781&r1=1636780&r2=1636781&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Nov 4 23:41:30 2014
@@ -22,10 +22,7 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.net.InetAddress;
import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
@@ -54,9 +51,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
@@ -64,7 +59,6 @@ import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLUtil;
-import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
@@ -80,7 +74,7 @@ import org.apache.tomcat.util.res.String
* @author EKR -- renamed to JSSESocketFactory
* @author Jan Luehe
*/
-public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
+public class JSSESocketFactory implements SSLUtil {
private static final org.apache.juli.logging.Log log =
org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
@@ -99,7 +93,6 @@ public class JSSESocketFactory implement
private AbstractEndpoint<?> endpoint;
- private final boolean rfc5746Supported;
private final String[] defaultServerProtocols;
private final String[] defaultServerCipherSuites;
@@ -137,21 +130,9 @@ public class JSSESocketFactory implement
throw new IllegalArgumentException(e);
}
- // Supported cipher suites aren't accessible directly from the
- // SSLContext so use the SSL server socket factory
- SSLServerSocketFactory ssf = context.getServerSocketFactory();
- String supportedCiphers[] = ssf.getSupportedCipherSuites();
- boolean found = false;
- for (String cipher : supportedCiphers) {
- if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
- found = true;
- break;
- }
- }
- rfc5746Supported = found;
-
// There is no standard way to determine the default protocols and
// cipher suites so create a server socket to see what the defaults are
+ SSLServerSocketFactory ssf = context.getServerSocketFactory();
SSLServerSocket socket;
try {
socket = (SSLServerSocket) ssf.createServerSocket();
@@ -189,64 +170,6 @@ public class JSSESocketFactory implement
@Override
- public ServerSocket createSocket (int port)
- throws IOException
- {
- init();
- ServerSocket socket = sslProxy.createServerSocket(port);
- initServerSocket(socket);
- return socket;
- }
-
- @Override
- public ServerSocket createSocket (int port, int backlog)
- throws IOException
- {
- init();
- ServerSocket socket = sslProxy.createServerSocket(port, backlog);
- initServerSocket(socket);
- return socket;
- }
-
- @Override
- public ServerSocket createSocket (int port, int backlog,
- InetAddress ifAddress)
- throws IOException
- {
- init();
- ServerSocket socket = sslProxy.createServerSocket(port, backlog,
- ifAddress);
- initServerSocket(socket);
- return socket;
- }
-
- @Override
- public Socket acceptSocket(ServerSocket socket)
- throws IOException
- {
- SSLSocket asock = null;
- try {
- asock = (SSLSocket)socket.accept();
- } catch (SSLException e){
- throw new SocketException("SSL handshake error" + e.toString());
- }
- return asock;
- }
-
- @Override
- public void handshake(Socket sock) throws IOException {
- // We do getSession instead of startHandshake() so we can call this multiple times
- SSLSession session = ((SSLSocket)sock).getSession();
- if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL"))
- throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
-
- if (!allowUnsafeLegacyRenegotiation && !rfc5746Supported) {
- // Prevent further handshakes by removing all cipher suites
- ((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
- }
- }
-
- @Override
public String[] getEnableableCiphers(SSLContext context) {
String requestedCiphersStr = endpoint.getCiphers();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org