You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/12/07 21:19:38 UTC
svn commit: r1548962 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/tomcat/websocket/WsWebSocketContainer.java
webapps/docs/changelog.xml webapps/docs/web-socket-howto.xml
Author: markt
Date: Sat Dec 7 20:19:37 2013
New Revision: 1548962
URL: http://svn.apache.org/r1548962
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55801
Add the ability to use a custom SSLContext when creating client wss connections.
Patch provided by Maciej Lypik.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1548961
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java Sat Dec 7 20:19:37 2013
@@ -87,6 +87,13 @@ public class WsWebSocketContainer
public static final String SSL_TRUSTSTORE_PWD_PROPERTY =
"org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD";
public static final String SSL_TRUSTSTORE_PWD_DEFAULT = "changeit";
+ /**
+ * Property name to set to configure used SSLContext. The value should be an
+ * instance of SSLContext. If this property is present, the SSL_TRUSTSTORE*
+ * properties are ignored.
+ */
+ public static final String SSL_CONTEXT_PROPERTY =
+ "org.apache.tomcat.websocket.SSL_CONTEXT";
/**
* Property name to set to configure the timeout (in milliseconds) when
@@ -671,42 +678,48 @@ public class WsWebSocketContainer
throws DeploymentException {
try {
- // Create the SSL Context
- SSLContext sslContext = SSLContext.getInstance("TLS");
-
- // Trust store
- String sslTrustStoreValue =
- (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
- if (sslTrustStoreValue != null) {
- String sslTrustStorePwdValue = (String) userProperties.get(
- SSL_TRUSTSTORE_PWD_PROPERTY);
- if (sslTrustStorePwdValue == null) {
- sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
- }
-
- File keyStoreFile = new File(sslTrustStoreValue);
- KeyStore ks = KeyStore.getInstance("JKS");
- InputStream is = null;
- try {
- is = new FileInputStream(keyStoreFile);
- ks.load(is, sslTrustStorePwdValue.toCharArray());
- } finally {
- if (is != null) {
- try {
- is.close();
- } catch (IOException ioe) {
- // Ignore
+ // See if a custom SSLContext has been provided
+ SSLContext sslContext =
+ (SSLContext) userProperties.get(SSL_CONTEXT_PROPERTY);
+
+ if (sslContext == null) {
+ // Create the SSL Context
+ sslContext = SSLContext.getInstance("TLS");
+
+ // Trust store
+ String sslTrustStoreValue =
+ (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
+ if (sslTrustStoreValue != null) {
+ String sslTrustStorePwdValue = (String) userProperties.get(
+ SSL_TRUSTSTORE_PWD_PROPERTY);
+ if (sslTrustStorePwdValue == null) {
+ sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
+ }
+
+ File keyStoreFile = new File(sslTrustStoreValue);
+ KeyStore ks = KeyStore.getInstance("JKS");
+ InputStream is = null;
+ try {
+ is = new FileInputStream(keyStoreFile);
+ ks.load(is, sslTrustStorePwdValue.toCharArray());
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
}
}
- }
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(ks);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(ks);
- sslContext.init(null, tmf.getTrustManagers(), null);
- } else {
- sslContext.init(null, null, null);
+ sslContext.init(null, tmf.getTrustManagers(), null);
+ } else {
+ sslContext.init(null, null, null);
+ }
}
SSLEngine engine = sslContext.createSSLEngine();
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Dec 7 20:19:37 2013
@@ -189,6 +189,11 @@
Prevent an NPE in the WebSocket <code>ServerContainer</code> when
processing an HTTP session end event. (markt)
</fix>
+ <add>
+ <bug>55801</bug>: Add the ability to set a custom
+ <code>SSLContext</code> to use for client wss connections. Patch
+ provided by Maciej Lypik. (markt)
+ </add>
<fix>
<bug>55804</bug>: If the GSSCredential for the cached Principal expires
when using SPNEGO authentication, force a re-authentication. (markt)
Modified: tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml Sat Dec 7 20:19:37 2013
@@ -125,11 +125,16 @@
of the provided <code>javax.websocket.ClientEndpointConfig</code>. The
following user properties are supported:</p>
<ul>
+ <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li>
<li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
<li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
<li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
</ul>
<p>The default truststore password is <code>changeit</code>.</p>
+ <p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
+ set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
+ <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
+ will be ignored.</p>
</section>
<section name="Deprecated proprietary API">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org