You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2003/07/23 05:52:59 UTC
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE13Factory.java JSSESocketFactory.java
billbarker 2003/07/22 20:52:59
Modified: util/java/org/apache/tomcat/util/net/jsse Tag: coyote_10
JSSE13Factory.java JSSESocketFactory.java
Added: util/java/org/apache/tomcat/util/net/jsse Tag: coyote_10
JSSE13SocketFactory.java
Log:
Porting non-Sun vendor re-factoring from HEAD branch.
From the users list, it seems that there are people using IBM's JVM, so I'm porting this a bit earlier than I normally would (so it is easier for them to find). However, since it's a pure re-factor, it shouldn't cause any problems.
Revision Changes Path
No revision
No revision
1.1.2.2 +1 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java
Index: JSSE13Factory.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- JSSE13Factory.java 1 Jul 2003 05:27:12 -0000 1.1.2.1
+++ JSSE13Factory.java 23 Jul 2003 03:52:58 -0000 1.1.2.2
@@ -77,7 +77,7 @@
}
public ServerSocketFactory getSocketFactory() {
- return new JSSESocketFactory();
+ return new JSSE13SocketFactory();
}
public SSLSupport getSSLSupport(Socket socket) {
1.1.2.4 +2 -86 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- JSSESocketFactory.java 1 Jul 2003 05:27:12 -0000 1.1.2.3
+++ JSSESocketFactory.java 23 Jul 2003 03:52:58 -0000 1.1.2.4
@@ -89,7 +89,7 @@
* @author Stefan Freyr Stefansson
* @author EKR -- renamed to JSSESocketFactory
*/
-public class JSSESocketFactory
+public abstract class JSSESocketFactory
extends org.apache.tomcat.util.net.ServerSocketFactory
{
String keystoreType;
@@ -146,91 +146,7 @@
// -------------------- Internal methods
/** Read the keystore, init the SSL socket factory
*/
- void initProxy() throws IOException {
- try {
- Security.addProvider (new sun.security.provider.Sun());
- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
-
- // Please don't change the name of the attribute - other
- // software may depend on it ( j2ee for sure )
- String keystoreFile=(String)attributes.get("keystore");
- if( keystoreFile==null) keystoreFile=defaultKeystoreFile;
-
- keystoreType=(String)attributes.get("keystoreType");
- if( keystoreType==null) keystoreType=defaultKeystoreType;
-
- //determine whether we want client authentication
- // the presence of the attribute enables client auth
- String clientAuthStr=(String)attributes.get("clientauth");
- if(clientAuthStr != null){
- if(clientAuthStr.equals("true")){
- clientAuth=true;
- } else if(clientAuthStr.equals("false")) {
- clientAuth=false;
- } else {
- throw new IOException("Invalid value '" +
- clientAuthStr +
- "' for 'clientauth' parameter:");
- }
- }
-
- String keyPass=(String)attributes.get("keypass");
- if( keyPass==null) keyPass=defaultKeyPass;
-
- String keystorePass=(String)attributes.get("keystorePass");
- if( keystorePass==null) keystorePass=keyPass;
-
- //protocol for the SSL ie - TLS, SSL v3 etc.
- String protocol = (String)attributes.get("protocol");
- if(protocol == null) protocol = defaultProtocol;
-
- //Algorithm used to encode the certificate ie - SunX509
- String algorithm = (String)attributes.get("algorithm");
- if(algorithm == null) algorithm = defaultAlgorithm;
-
- // You can't use ssl without a server certificate.
- // Create a KeyStore ( to get server certs )
- KeyStore kstore = initKeyStore( keystoreFile, keystorePass );
-
- // Create a SSLContext ( to create the ssl factory )
- // This is the only way to use server sockets with JSSE 1.0.1
- com.sun.net.ssl.SSLContext context =
- com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL
-
- // Key manager will extract the server key
- com.sun.net.ssl.KeyManagerFactory kmf =
- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
- kmf.init( kstore, keyPass.toCharArray());
-
- // set up TrustManager
- com.sun.net.ssl.TrustManager[] tm = null;
- String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
- String trustStorePassword =
- System.getProperty("javax.net.ssl.trustStorePassword");
- if ( trustStoreFile != null && trustStorePassword != null ){
- KeyStore trustStore = initKeyStore( trustStoreFile, trustStorePassword);
-
- com.sun.net.ssl.TrustManagerFactory tmf =
- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
-
- tmf.init(trustStore);
- tm = tmf.getTrustManagers();
- }
-
- // init context with the key managers
- context.init(kmf.getKeyManagers(), tm,
- new java.security.SecureRandom());
-
- // create proxy
- sslProxy = context.getServerSocketFactory();
-
- return;
- } catch(Exception e) {
- if( e instanceof IOException )
- throw (IOException)e;
- throw new IOException(e.getMessage());
- }
- }
+ abstract void initProxy() throws IOException;
public Socket acceptSocket(ServerSocket socket)
throws IOException
No revision
No revision
1.1.2.1 +88 -68 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
Index: JSSE13SocketFactory.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- JSSE13SocketFactory.java 18 Jul 2003 05:26:45 -0000 1.1
+++ JSSE13SocketFactory.java 23 Jul 2003 03:52:58 -0000 1.1.2.1
@@ -60,10 +60,10 @@
import java.io.*;
import java.net.*;
-import java.util.Vector;
+
import java.security.KeyStore;
+
import java.security.Security;
-import java.security.SecureRandom;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
@@ -90,77 +90,97 @@
* @author EKR -- renamed to JSSESocketFactory
* @author Bill Barker
*/
-public class JSSE13SocketFactory extends JSSESocketFactory
+public class JSSE13SocketFactory extends JSSESocketFactory
{
public JSSE13SocketFactory () {
- super();
}
-
- /**
- * Reads the keystore and initializes the SSL socket factory.
- *
- * NOTE: This method is identical in functionality to the method of the
- * same name in JSSE14SocketFactory, except that this method is used with
- * JSSE 1.0.x (which is an extension to the 1.3 JVM), whereas the other is
- * used with JSSE 1.1.x (which ships with the 1.4 JVM). Therefore, this
- * method uses classes in com.sun.net.ssl, which have since moved to
- * javax.net.ssl, and explicitly registers the required security providers,
- * which come standard in a 1.4 JVM.
+
+ // -------------------- Internal methods
+ /** Read the keystore, init the SSL socket factory
*/
- void init() throws IOException {
- try {
- Security.addProvider (new sun.security.provider.Sun());
- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
-
- String clientAuthStr = (String)attributes.get("clientauth");
- if (clientAuthStr != null){
- clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
- }
+ void initProxy() throws IOException {
+ try {
+ Security.addProvider (new sun.security.provider.Sun());
+ Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
+
+ // Please don't change the name of the attribute - other
+ // software may depend on it ( j2ee for sure )
+ String keystoreFile=(String)attributes.get("keystore");
+ if( keystoreFile==null) keystoreFile=defaultKeystoreFile;
+
+ keystoreType=(String)attributes.get("keystoreType");
+ if( keystoreType==null) keystoreType=defaultKeystoreType;
+
+ //determine whether we want client authentication
+ // the presence of the attribute enables client auth
+ String clientAuthStr=(String)attributes.get("clientauth");
+ if(clientAuthStr != null){
+ if(clientAuthStr.equals("true")){
+ clientAuth=true;
+ } else if(clientAuthStr.equals("false")) {
+ clientAuth=false;
+ } else {
+ throw new IOException("Invalid value '" +
+ clientAuthStr +
+ "' for 'clientauth' parameter:");
+ }
+ }
+
+ String keyPass=(String)attributes.get("keypass");
+ if( keyPass==null) keyPass=defaultKeyPass;
+
+ String keystorePass=(String)attributes.get("keystorePass");
+ if( keystorePass==null) keystorePass=keyPass;
+
+ //protocol for the SSL ie - TLS, SSL v3 etc.
+ String protocol = (String)attributes.get("protocol");
+ if(protocol == null) protocol = defaultProtocol;
+
+ //Algorithm used to encode the certificate ie - SunX509
+ String algorithm = (String)attributes.get("algorithm");
+ if(algorithm == null) algorithm = defaultAlgorithm;
+
+ // You can't use ssl without a server certificate.
+ // Create a KeyStore ( to get server certs )
+ KeyStore kstore = initKeyStore( keystoreFile, keystorePass );
+
+ // Create a SSLContext ( to create the ssl factory )
+ // This is the only way to use server sockets with JSSE 1.0.1
+ com.sun.net.ssl.SSLContext context =
+ com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL
+
+ // Key manager will extract the server key
+ com.sun.net.ssl.KeyManagerFactory kmf =
+ com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ kmf.init( kstore, keyPass.toCharArray());
+
+ // set up TrustManager
+ com.sun.net.ssl.TrustManager[] tm = null;
+ String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
+ String trustStorePassword =
+ System.getProperty("javax.net.ssl.trustStorePassword");
+ if ( trustStoreFile != null && trustStorePassword != null ){
+ KeyStore trustStore = initKeyStore( trustStoreFile, trustStorePassword);
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
- String protocol = (String)attributes.get("protocol");
- if (protocol == null) protocol = defaultProtocol;
-
- // Certificate encoding algorithm (e.g., SunX509)
- String algorithm = (String)attributes.get("algorithm");
- if (algorithm == null) algorithm = defaultAlgorithm;
-
- // Set up KeyManager, which will extract server key
- com.sun.net.ssl.KeyManagerFactory kmf =
- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
- String keystoreType = (String)attributes.get("keystoreType");
- if (keystoreType == null) {
- keystoreType = defaultKeystoreType;
- }
- String keystorePass = getKeystorePassword();
- kmf.init(getKeystore(keystoreType, keystorePass),
- keystorePass.toCharArray());
-
- // Set up TrustManager
- com.sun.net.ssl.TrustManager[] tm = null;
- KeyStore trustStore = getTrustStore(keystoreType);
- if (trustStore != null) {
- com.sun.net.ssl.TrustManagerFactory tmf =
- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
- tmf.init(trustStore);
- tm = tmf.getTrustManagers();
- }
-
- // Create and init SSLContext
- com.sun.net.ssl.SSLContext context =
- com.sun.net.ssl.SSLContext.getInstance(protocol);
- context.init(kmf.getKeyManagers(), tm, new SecureRandom());
-
- // Create proxy
- sslProxy = context.getServerSocketFactory();
-
- // Determine which cipher suites to enable
- enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites());
-
- } catch(Exception e) {
- if( e instanceof IOException )
- throw (IOException)e;
- throw new IOException(e.getMessage());
+ com.sun.net.ssl.TrustManagerFactory tmf =
+ com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
+
+ tmf.init(trustStore);
+ tm = tmf.getTrustManagers();
}
+
+ // init context with the key managers
+ context.init(kmf.getKeyManagers(), tm,
+ new java.security.SecureRandom());
+
+ // create proxy
+ sslProxy = context.getServerSocketFactory();
+
+ return;
+ } catch(Exception e) {
+ if( e instanceof IOException )
+ throw (IOException)e;
+ throw new IOException(e.getMessage());
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org