You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/01/30 00:45:56 UTC
svn commit: r1655885 -
/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Author: markt
Date: Thu Jan 29 23:45:56 2015
New Revision: 1655885
URL: http://svn.apache.org/r1655885
Log:
Remove more unused JSSE code identified by the UCDetector.
This all looks to be BIO code that is now unused.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1655885&r1=1655884&r2=1655885&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu Jan 29 23:45:56 2015
@@ -22,7 +22,6 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.net.ServerSocket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
@@ -48,7 +47,6 @@ import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
@@ -97,21 +95,6 @@ public class JSSESocketFactory implement
private final String[] defaultServerProtocols;
private final String[] defaultServerCipherSuites;
- protected SSLServerSocketFactory sslProxy = null;
- protected String[] enabledCiphers;
- protected String[] enabledProtocols;
- protected boolean allowUnsafeLegacyRenegotiation = false;
-
- /**
- * Flag to state that we require client authentication.
- */
- protected boolean requireClientAuth = false;
-
- /**
- * Flag to state that we would like client authentication.
- */
- protected boolean wantClientAuth = false;
-
public JSSESocketFactory (AbstractEndpoint<?> endpoint) {
this.endpoint = endpoint;
@@ -229,10 +212,6 @@ public class JSSESocketFactory implement
return ciphers.toArray(new String[ciphers.size()]);
}
- public String[] getEnabledCiphers() {
- return enabledCiphers;
- }
-
/*
* Gets the SSL server's keystore password.
*/
@@ -385,50 +364,6 @@ public class JSSESocketFactory implement
return ks;
}
- /**
- * Reads the keystore and initializes the SSL socket factory.
- */
- void init() throws IOException {
- try {
-
- String clientAuthStr = endpoint.getClientAuth();
- if("true".equalsIgnoreCase(clientAuthStr) ||
- "yes".equalsIgnoreCase(clientAuthStr)) {
- requireClientAuth = true;
- } else if("want".equalsIgnoreCase(clientAuthStr)) {
- wantClientAuth = true;
- }
-
- SSLContext context = createSSLContext();
- context.init(getKeyManagers(), getTrustManagers(), null);
-
- // Configure SSL session cache
- SSLSessionContext sessionContext =
- context.getServerSessionContext();
- if (sessionContext != null) {
- configureSessionContext(sessionContext);
- }
-
- // create proxy
- sslProxy = context.getServerSocketFactory();
-
- // Determine which cipher suites to enable
- enabledCiphers = getEnableableCiphers(context);
- enabledProtocols = getEnableableProtocols(context);
-
- allowUnsafeLegacyRenegotiation = "true".equals(
- endpoint.getAllowUnsafeLegacyRenegotiation());
-
- // Check the SSL config is OK
- checkConfig();
-
- } catch(Exception e) {
- if( e instanceof IOException )
- throw (IOException)e;
- throw new IOException(e.getMessage(), e);
- }
- }
-
@Override
public SSLContext createSSLContext() throws Exception {
@@ -681,77 +616,4 @@ public class JSSESocketFactory implement
}
return protocols.toArray(new String[protocols.size()]);
}
-
- /**
- * Configure Client authentication for this version of JSSE. The
- * JSSE included in Java 1.4 supports the 'want' value. Prior
- * versions of JSSE will treat 'want' as 'false'.
- * @param socket the SSLServerSocket
- */
- protected void configureClientAuth(SSLServerSocket socket){
- if (wantClientAuth){
- socket.setWantClientAuth(wantClientAuth);
- } else {
- socket.setNeedClientAuth(requireClientAuth);
- }
- }
-
- /**
- * Configures the given SSL server socket with the requested cipher suites,
- * protocol versions, and need for client authentication
- */
- private void initServerSocket(ServerSocket ssocket) {
-
- SSLServerSocket socket = (SSLServerSocket) ssocket;
-
- socket.setEnabledCipherSuites(enabledCiphers);
- socket.setEnabledProtocols(enabledProtocols);
-
- // we don't know if client auth is needed -
- // after parsing the request we may re-handshake
- configureClientAuth(socket);
- }
-
- /**
- * Checks that the certificate is compatible with the enabled cipher suites.
- * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
- * See bug 45528.
- */
- private void checkConfig() throws IOException {
- // Create an unbound server socket
- ServerSocket socket = sslProxy.createServerSocket();
- initServerSocket(socket);
-
- try {
- // Set the timeout to 1ms as all we care about is if it throws an
- // SSLException on accept.
- socket.setSoTimeout(1);
-
- socket.accept();
- // Will never get here - no client can connect to an unbound port
- } catch (SSLException ssle) {
- // SSL configuration is invalid. Possibly cert doesn't match ciphers
- IOException ioe = new IOException(sm.getString(
- "jsse.invalid_ssl_conf", ssle.getMessage()));
- ioe.initCause(ssle);
- throw ioe;
- } catch (Exception e) {
- /*
- * Possible ways of getting here
- * socket.accept() throws a SecurityException
- * socket.setSoTimeout() throws a SocketException
- * socket.accept() throws some other exception (after a JDK change)
- * In these cases the test won't work so carry on - essentially
- * the behaviour before this patch
- * socket.accept() throws a SocketTimeoutException
- * In this case all is well so carry on
- */
- } finally {
- // Should be open here but just in case
- if (!socket.isClosed()) {
- socket.close();
- }
- }
-
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org