You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Warner Onstine <on...@intalio.com> on 2000/07/01 21:28:43 UTC
[patch] Patch for SSL
Hi all,
I have added some variables and cleaned up some stuff in Costin's code. It
has been now set up for Client Auth.
--------------------------------------------------
Index: SSLSocketFactory.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/net/SSLSocketFact
ory.java,v
retrieving revision 1.1
diff -r1.1 SSLSocketFactory.java
96a97
> private String keystore;
102a104,107
> static String defaultKeystore = "JKS";
> static String defaultProtocol = "TLS";
> static String defaultAlgorithm = "SunX509";
> static boolean defaultClientAuth = false;
151c156,157
< String keystoreFile=(String)attributes.get("keystore");
---
> //Where is the server certificate at?
> String keystoreFile=(String)attributes.get("keystoreFile");
153a160
> //Password for the server certificate
156a164,186
> //This is the type of keystore ie - JKS
> keystore = (String)attributes.get("keystore");
> if(keystore == null) keystore=defaultKeystore;
>
> //determine whether we want client authentication
> String clientAuthBool = (String)attributes.get("clientauth");
>
>
clientAuthBool==null){
> clientAuth=defaultClientAuth;
> } else if(clientAuthBool.equalsIgnoreCase("true")){
> clientAuth = true;
> } else{
> clientAuth = false;
> }
>
> //protocol for the SSL ie - TLS, SSL v3 etc.
> String protocol = (String)attributes.get("protocol");
> if(protocol == null) protocol = defaultProtocol;
>
> //Algorithm used to encode the certificate ie - SunX509
> String algorithm = (String)attributes.get("algorithm");
> if(algorithm == null) algorithm = defaultAlgorithm;
>
164c194
< com.sun.net.ssl.SSLContext.getInstance("TLS"); //SSL
---
> com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL
168c198
< com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
---
> com.sun.net.ssl.KeyManagerFactory.getInstance(algo
rithm);
177c207
< context.init(kmf.getKeyManagers(), null, null);
---
> context.init(kmf.getKeyManagers(), null, new
java.security.SecureRandom());
203c233
< socket.setNeedClientAuth(false);
---
> socket.setNeedClientAuth(clientAuth);
212c242
< KeyStore kstore=KeyStore.getInstance( "JKS" );
---
> KeyStore kstore=KeyStore.getInstance(keystore);
Re: [patch] Patch for SSL
Posted by Warner Onstine <on...@intalio.com>.
Sorry my e-mail client mangled the patch, I have attached it.
-warner
----- Original Message -----
From: "Warner Onstine" <on...@intalio.com>
To: <to...@jakarta.apache.org>
Sent: Saturday, July 01, 2000 12:28 PM
Subject: [patch] Patch for SSL
> Hi all,
> I have added some variables and cleaned up some stuff in Costin's code.
It
> has been now set up for Client Auth.
>
> --------------------------------------------------
> Index: SSLSocketFactory.java
>
> ===================================================================
>
> RCS file:
>
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/net/SSLSocketFact
> ory.java,v
>
> retrieving revision 1.1
>
> diff -r1.1 SSLSocketFactory.java
>
> 96a97
>
> > private String keystore;
>
> 102a104,107
>
> > static String defaultKeystore = "JKS";
>
> > static String defaultProtocol = "TLS";
>
> > static String defaultAlgorithm = "SunX509";
>
> > static boolean defaultClientAuth = false;
>
> 151c156,157
>
> < String keystoreFile=(String)attributes.get("keystore");
>
> ---
>
> > file://Where is the server certificate at?
>
> > String keystoreFile=(String)attributes.get("keystoreFile");
>
> 153a160
>
> > file://Password for the server certificate
>
> 156a164,186
>
> > file://This is the type of keystore ie - JKS
>
> > keystore = (String)attributes.get("keystore");
>
> > if(keystore == null) keystore=defaultKeystore;
>
> >
>
> > file://determine whether we want client authentication
>
> > String clientAuthBool = (String)attributes.get("clientauth");
>
> >
>
> >
>
entAuthBool==null){
>
> > clientAuth=defaultClientAuth;
>
> > } else if(clientAuthBool.equalsIgnoreCase("true")){
>
> > clientAuth = true;
>
> > } else{
>
> > clientAuth = false;
>
> > }
>
> >
>
> > file://protocol for the SSL ie - TLS, SSL v3 etc.
>
> > String protocol = (String)attributes.get("protocol");
>
> > if(protocol == null) protocol = defaultProtocol;
>
> >
>
> > file://Algorithm used to encode the certificate ie - SunX509
>
> > String algorithm = (String)attributes.get("algorithm");
>
> > if(algorithm == null) algorithm = defaultAlgorithm;
>
> >
>
> 164c194
>
> < com.sun.net.ssl.SSLContext.getInstance("TLS"); file://SSL
>
> ---
>
> > com.sun.net.ssl.SSLContext.getInstance(protocol); file://SSL
>
> 168c198
>
> < com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
>
> ---
>
> > com.sun.net.ssl.KeyManagerFactory.getInstance(algo
> rithm);
>
> 177c207
>
> < context.init(kmf.getKeyManagers(), null, null);
>
> ---
>
> > context.init(kmf.getKeyManagers(), null, new
> java.security.SecureRandom());
>
> 203c233
>
> < socket.setNeedClientAuth(false);
>
> ---
>
> > socket.setNeedClientAuth(clientAuth);
>
> 212c242
>
> < KeyStore kstore=KeyStore.getInstance( "JKS" );
>
> ---
>
> > KeyStore kstore=KeyStore.getInstance(keystore);
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Using xerces/jaxp with Tomcat
Posted by Bob Jamison <rj...@lincom-asg.com>.
A few days ago, I saw a posting here about using xerces by
including the jar file before other parser libraries. Sun's JAXP,
however, defaults to com.sun.xml...... , so if jaxp.jar is used,
I have found that this property definition works for xerces1.1.2:
-Djavax.xml.parsers.SAXParserFactory=
org.apache.xerces.jaxp.SAXParserFactoryImpl
This class appears to be a recent arrival, and is not in 1.1.1.
Also, xerces 1.1.2 has its own jaxp implementation,
with (apparently) a default to its own ParserFactories.
So xerces.jar without jaxp.jar, and without the property
setting seems to work also.
Since Jasper-jsp still has hardcoded com.sun.xml dependencies,
it is still necessary to include parser.jar.
So the following two methods seem to work for me:
1. Copy xerces.jar into the /lib directory, set the -D property
in the startup scripts somewhere.
2. Copy xerces.jar into the /lib directory, remove jaxp.jar.
Hope this helps. This should aid those interested in using
some of the other Apache/XML projects in Tomcat,
which might have conflicted with ProjectX.
Bob Jamison
LinCom Corp