You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/09/21 16:16:07 UTC

svn commit: r1173660 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java webapps/docs/changelog.xml

Author: markt
Date: Wed Sep 21 14:16:07 2011
New Revision: 1173660

URL: http://svn.apache.org/viewvc?rev=1173660&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51860
Fix issues when using NIO, SSL and a custom SSLImplementation.
Based on a suggestion by Roman Tsirulnikov.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep 21 14:16:07 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173096,1173241,1173256,1173288,1173614,1173630
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173096,1173241,1173256,1173288,1173614,1173630,1173659

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java?rev=1173660&r1=1173659&r2=1173660&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java Wed Sep 21 14:16:07 2011
@@ -22,6 +22,8 @@ import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509KeyManager;
 
 /**
@@ -31,7 +33,7 @@ import javax.net.ssl.X509KeyManager;
  *
  * @author Jan Luehe
  */
-public final class JSSEKeyManager implements X509KeyManager {
+public final class JSSEKeyManager extends X509ExtendedKeyManager {
 
     private X509KeyManager delegate;
     private String serverKeyAlias;
@@ -44,6 +46,7 @@ public final class JSSEKeyManager implem
      * supporting certificate chain
      */
     public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) {
+        super();
         this.delegate = mgr;
         this.serverKeyAlias = serverKeyAlias;
     }
@@ -74,12 +77,9 @@ public final class JSSEKeyManager implem
      * Returns this key manager's server key alias that was provided in the
      * constructor.
      *
-     * @param keyType The key algorithm type name (ignored)
-     * @param issuers The list of acceptable CA issuer subject names, or null
-     * if it does not matter which issuers are used (ignored)
-     * @param socket The socket to be used for this connection. This parameter
-     * can be null, in which case this method will return the most generic
-     * alias to use (ignored)
+     * @param keyType Ignored
+     * @param issuers Ignored
+     * @param socket Ignored
      *
      * @return Alias name for the desired key
      */
@@ -148,4 +148,40 @@ public final class JSSEKeyManager implem
     public PrivateKey getPrivateKey(String alias) {
         return delegate.getPrivateKey(alias);
     }
+
+    /**
+     * Choose an alias to authenticate the client side of a secure socket,
+     * given the public key type and the list of certificate issuer authorities
+     * recognized by the peer (if any).
+     *
+     * @param keyType The key algorithm type name(s), ordered with the
+     * most-preferred key type first
+     * @param issuers The list of acceptable CA issuer subject names, or null
+     * if it does not matter which issuers are used
+     * @param engine Ignored
+     *
+     * @return The alias name for the desired key, or null if there are no
+     * matches
+     */
+    @Override
+    public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
+            SSLEngine engine) {
+        return delegate.chooseClientAlias(keyType, issuers, null);
+    }
+
+    /**
+     * Returns this key manager's server key alias that was provided in the
+     * constructor.
+     *
+     * @param keyType Ignored
+     * @param issuers Ignored
+     * @param engine Ignored
+     *
+     * @return Alias name for the desired key
+     */
+    @Override
+    public String chooseEngineServerAlias(String keyType, Principal[] issuers,
+            SSLEngine engine) {
+        return serverKeyAlias;
+    }
 }

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1173660&r1=1173659&r2=1173660&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Sep 21 14:16:07 2011
@@ -149,6 +149,10 @@
         Replace unneeded call that iterated events queue in NioEndpoint.Poller.
         (kkolinko)
       </fix>
+      <fix>
+        <bug>51860</bug>: Fix issues if using NIO with a custom
+        SSLImplementation. Based on a suggestion by Roman Tsirulnikov. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org