You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Warner Onstine <on...@intalio.com> on 2000/07/01 21:28:43 UTC

[patch] Patch for SSL

Hi all,
I have added some variables and cleaned up some stuff in Costin's code.  It
has been now set up for Client Auth.

--------------------------------------------------
Index: SSLSocketFactory.java

===================================================================

RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/net/SSLSocketFact
ory.java,v

retrieving revision 1.1

diff -r1.1 SSLSocketFactory.java

96a97

> private String keystore;

102a104,107

> static String defaultKeystore = "JKS";

> static String defaultProtocol = "TLS";

> static String defaultAlgorithm = "SunX509";

> static boolean defaultClientAuth = false;

151c156,157

< String keystoreFile=(String)attributes.get("keystore");

---

> //Where is the server certificate at?

> String keystoreFile=(String)attributes.get("keystoreFile");

153a160

> //Password for the server certificate

156a164,186

> //This is the type of keystore ie - JKS

> keystore = (String)attributes.get("keystore");

> if(keystore == null) keystore=defaultKeystore;

>

> //determine whether we want client authentication

> String clientAuthBool = (String)attributes.get("clientauth");

>

>
clientAuthBool==null){ 

> clientAuth=defaultClientAuth;

> } else if(clientAuthBool.equalsIgnoreCase("true")){

> clientAuth = true;

> } else{

> clientAuth = false;

> }

> 

> //protocol for the SSL ie - TLS, SSL v3 etc.

> String protocol = (String)attributes.get("protocol");

> if(protocol == null) protocol = defaultProtocol;

> 

> //Algorithm used to encode the certificate ie - SunX509

> String algorithm = (String)attributes.get("algorithm");

> if(algorithm == null) algorithm = defaultAlgorithm;

> 

164c194

< com.sun.net.ssl.SSLContext.getInstance("TLS"); //SSL

---

> com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL

168c198

< com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");

---

> com.sun.net.ssl.KeyManagerFactory.getInstance(algo
rithm);

177c207

< context.init(kmf.getKeyManagers(), null, null);

---

> context.init(kmf.getKeyManagers(), null, new
java.security.SecureRandom());

203c233

< socket.setNeedClientAuth(false);

---

> socket.setNeedClientAuth(clientAuth);

212c242

< KeyStore kstore=KeyStore.getInstance( "JKS" );

---

> KeyStore kstore=KeyStore.getInstance(keystore);

Re: [patch] Patch for SSL

Posted by Warner Onstine <on...@intalio.com>.

Sorry my e-mail client mangled the patch, I have attached it.

-warner
----- Original Message -----
From: "Warner Onstine" <on...@intalio.com>
To: <to...@jakarta.apache.org>
Sent: Saturday, July 01, 2000 12:28 PM
Subject: [patch] Patch for SSL


> Hi all,
> I have added some variables and cleaned up some stuff in Costin's code.
It
> has been now set up for Client Auth.
>
> --------------------------------------------------
> Index: SSLSocketFactory.java
>
> ===================================================================
>
> RCS file:
>
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/net/SSLSocketFact
> ory.java,v
>
> retrieving revision 1.1
>
> diff -r1.1 SSLSocketFactory.java
>
> 96a97
>
> > private String keystore;
>
> 102a104,107
>
> > static String defaultKeystore = "JKS";
>
> > static String defaultProtocol = "TLS";
>
> > static String defaultAlgorithm = "SunX509";
>
> > static boolean defaultClientAuth = false;
>
> 151c156,157
>
> < String keystoreFile=(String)attributes.get("keystore");
>
> ---
>
> > file://Where is the server certificate at?
>
> > String keystoreFile=(String)attributes.get("keystoreFile");
>
> 153a160
>
> > file://Password for the server certificate
>
> 156a164,186
>
> > file://This is the type of keystore ie - JKS
>
> > keystore = (String)attributes.get("keystore");
>
> > if(keystore == null) keystore=defaultKeystore;
>
> >
>
> > file://determine whether we want client authentication
>
> > String clientAuthBool = (String)attributes.get("clientauth");
>
> >
>
> >
>
entAuthBool==null){ 
> 
> > clientAuth=defaultClientAuth;
> 
> > } else if(clientAuthBool.equalsIgnoreCase("true")){
> 
> > clientAuth = true;
> 
> > } else{
> 
> > clientAuth = false;
> 
> > }
> 
> > 
> 
> > file://protocol for the SSL ie - TLS, SSL v3 etc.
> 
> > String protocol = (String)attributes.get("protocol");
> 
> > if(protocol == null) protocol = defaultProtocol;
> 
> > 

>
> > file://Algorithm used to encode the certificate ie - SunX509
>
> > String algorithm = (String)attributes.get("algorithm");
>
> > if(algorithm == null) algorithm = defaultAlgorithm;
>
> >
>
> 164c194
>
> < com.sun.net.ssl.SSLContext.getInstance("TLS"); file://SSL
>
> ---
>
> > com.sun.net.ssl.SSLContext.getInstance(protocol); file://SSL
>
> 168c198
>
> < com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
>
> ---
>
> > com.sun.net.ssl.KeyManagerFactory.getInstance(algo
> rithm);
>
> 177c207
>
> < context.init(kmf.getKeyManagers(), null, null);
>
> ---
>
> > context.init(kmf.getKeyManagers(), null, new
> java.security.SecureRandom());
>
> 203c233
>
> < socket.setNeedClientAuth(false);
>
> ---
>
> > socket.setNeedClientAuth(clientAuth);
>
> 212c242
>
> < KeyStore kstore=KeyStore.getInstance( "JKS" );
>
> ---
>
> > KeyStore kstore=KeyStore.getInstance(keystore);
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Using xerces/jaxp with Tomcat

Posted by Bob Jamison <rj...@lincom-asg.com>.

A few days ago, I saw a posting here about using xerces by
including the jar file before other parser libraries.  Sun's JAXP,
however, defaults to com.sun.xml...... ,  so if jaxp.jar is used,
I have found that this property definition works for xerces1.1.2:

-Djavax.xml.parsers.SAXParserFactory=
org.apache.xerces.jaxp.SAXParserFactoryImpl

This class appears to be a recent arrival, and is not in 1.1.1.

Also,  xerces 1.1.2 has its own jaxp implementation,
with (apparently) a default to its own ParserFactories.
So xerces.jar without jaxp.jar, and without the property
setting seems to work also.

Since Jasper-jsp still has hardcoded com.sun.xml dependencies,
it is still necessary to include parser.jar.

So the following two methods seem to work for me:
1.  Copy xerces.jar into the /lib directory, set the -D property
in the startup scripts somewhere.

2.  Copy xerces.jar into the /lib directory, remove jaxp.jar.



Hope this helps.  This should aid those interested in using
some of the other Apache/XML projects in Tomcat,
which might have conflicted with ProjectX.



Bob Jamison
LinCom Corp