You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/04/14 22:27:58 UTC
svn commit: r1673552 - in /tomcat/trunk/java/org/apache: catalina/connector/
catalina/startup/ coyote/ coyote/ajp/ coyote/http11/ coyote/spdy/
tomcat/util/net/ tomcat/util/net/jsse/
Author: markt
Date: Tue Apr 14 20:27:58 2015
New Revision: 1673552
URL: http://svn.apache.org/r1673552
Log:
Add plumbing to parse SSLHostConfig from server.xml
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Connector.java
tomcat/trunk/java/org/apache/catalina/startup/Catalina.java
tomcat/trunk/java/org/apache/coyote/ProtocolHandler.java
tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
tomcat/trunk/java/org/apache/coyote/ajp/LocalStrings.properties
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/Connector.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Connector.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Connector.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Connector.java Tue Apr 14 20:27:58 2015
@@ -35,6 +35,7 @@ import org.apache.coyote.ProtocolHandler
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.res.StringManager;
@@ -851,6 +852,10 @@ public class Connector extends Lifecycle
return "Internal";
}
+
+ public void addSslHostConfig(SSLHostConfig sslHostConfig) {
+ protocolHandler.addSslHostConfig(sslHostConfig);
+ }
// --------------------------------------------------------- Public Methods
Modified: tomcat/trunk/java/org/apache/catalina/startup/Catalina.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Catalina.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/Catalina.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/Catalina.java Tue Apr 14 20:27:58 2015
@@ -336,6 +336,12 @@ public class Catalina {
"addConnector",
"org.apache.catalina.connector.Connector");
+ digester.addObjectCreate("Server/Service/Connector/SSLHostConfig",
+ "org.apache.tomcat.util.net.SSLHostConfig");
+ digester.addSetProperties("Server/Service/Connector/SSLHostConfig");
+ digester.addSetNext("Server/Service/Connector/SSLHostConfig",
+ "addSslHostConfig",
+ "org.apache.tomcat.util.net.SSLHostConfig");
digester.addObjectCreate("Server/Service/Connector/Listener",
null, // MUST be specified in the element
Modified: tomcat/trunk/java/org/apache/coyote/ProtocolHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ProtocolHandler.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ProtocolHandler.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ProtocolHandler.java Tue Apr 14 20:27:58 2015
@@ -19,6 +19,8 @@ package org.apache.coyote;
import java.util.concurrent.Executor;
+import org.apache.tomcat.util.net.SSLHostConfig;
+
/**
* Abstract the protocol implementation, including threading, etc.
@@ -94,4 +96,7 @@ public interface ProtocolHandler {
* Does this ProtocolHandler support sendfile?
*/
public boolean isSendfileSupported();
+
+
+ public void addSslHostConfig(SSLHostConfig sslHostConfig);
}
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java Tue Apr 14 20:27:58 2015
@@ -24,6 +24,7 @@ import org.apache.coyote.AbstractProtoco
import org.apache.coyote.Processor;
import org.apache.coyote.UpgradeProtocol;
import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SocketWrapperBase;
import org.apache.tomcat.util.res.StringManager;
@@ -126,6 +127,15 @@ public abstract class AbstractAjpProtoco
}
}
+
+ // --------------------------------------------- SSL is not supported in AJP
+
+ @Override
+ public void addSslHostConfig(SSLHostConfig sslHostConfig) {
+ getLog().warn(sm.getString("ajpprotocol.noSSL", sslHostConfig.getHostName()));
+ }
+
+
protected void configureProcessor(AjpProcessor processor) {
processor.setAdapter(getAdapter());
processor.setTomcatAuthentication(getTomcatAuthentication());
Modified: tomcat/trunk/java/org/apache/coyote/ajp/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/LocalStrings.properties?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/LocalStrings.properties Tue Apr 14 20:27:58 2015
@@ -12,6 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored
+
ajpnioprotocol.releaseStart=Iterating through our connections to release a socket channel [{0}]
ajpnioprotocol.releaseEnd=Done iterating through our connections to release a socket channel [{0}] released [{1}]
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Tue Apr 14 20:27:58 2015
@@ -327,12 +327,18 @@ public abstract class AbstractHttp11Prot
// ----------------------------------------------- HTTPS specific properties
// -------------------------------------------- Handled via an SSLHostConfig
+ @Override
+ public void addSslHostConfig(SSLHostConfig sslHostConfig) {
+ getEndpoint().addSslHostConfig(sslHostConfig);
+ }
+
+
private SSLHostConfig defaultSSLHostConfig = null;
private void registerDefaultSSLHostConfig() {
if (defaultSSLHostConfig == null) {
defaultSSLHostConfig = new SSLHostConfig();
defaultSSLHostConfig.setHostName(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
- getEndpoint().addHostConfig(defaultSSLHostConfig);
+ getEndpoint().addSslHostConfig(defaultSSLHostConfig);
}
}
Modified: tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/spdy/SpdyProxyProtocol.java Tue Apr 14 20:27:58 2015
@@ -31,6 +31,7 @@ import org.apache.tomcat.spdy.SpdyContex
import org.apache.tomcat.spdy.SpdyStream;
import org.apache.tomcat.util.net.NioChannel;
import org.apache.tomcat.util.net.NioEndpoint;
+import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SocketStatus;
import org.apache.tomcat.util.net.SocketWrapperBase;
@@ -143,4 +144,9 @@ public class SpdyProxyProtocol extends A
// TODO Auto-generated method stub
return null;
}
+
+ @Override
+ public void addSslHostConfig(SSLHostConfig sslHostConfig) {
+ // TODO Auto-generated method stub
+ }
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue Apr 14 20:27:58 2015
@@ -216,7 +216,7 @@ public abstract class AbstractEndpoint<S
// ----------------------------------------------------------------- Properties
protected Map<String,SSLHostConfig> sslHostConfigs = new ConcurrentHashMap<>();
- public void addHostConfig(SSLHostConfig sslHostConfig) {
+ public void addSslHostConfig(SSLHostConfig sslHostConfig) {
String key = sslHostConfig.getHostName();
if (key == null || key.length() == 0) {
// TODO i18n
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue Apr 14 20:27:58 2015
@@ -493,10 +493,10 @@ public class AprEndpoint extends Abstrac
// SSL protocol
int value = SSL.SSL_PROTOCOL_NONE;
- if (sslHostConfig.getSslProtocols().size() == 0) {
+ if (sslHostConfig.getProtocols().size() == 0) {
value = SSL.SSL_PROTOCOL_ALL;
} else {
- for (String protocol : sslHostConfig.getSslProtocols()) {
+ for (String protocol : sslHostConfig.getProtocols()) {
if ("SSLv2".equalsIgnoreCase(protocol)) {
value |= SSL.SSL_PROTOCOL_SSLV2;
} else if ("SSLv3".equalsIgnoreCase(protocol)) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue Apr 14 20:27:58 2015
@@ -25,7 +25,7 @@ public class SSLHostConfig {
private String hostName;
- private Set<String> sslProtocols = new HashSet<>();
+ private Set<String> protocols = new HashSet<>();
public void setHostName(String hostName) {
@@ -38,24 +38,24 @@ public class SSLHostConfig {
}
- public void setProtocols(String protocols) {
+ public void setProtocols(String input) {
// OpenSSL and JSSE use the same names.
- if (protocols.trim().equalsIgnoreCase("all")) {
- protocols = "TLSv1+TLSv1.1+TLSv1.2";
+ if (input.trim().equalsIgnoreCase("all")) {
+ input = "TLSv1+TLSv1.1+TLSv1.2";
}
- String[] values = protocols.split(",|\\+");
+ String[] values = input.split(",|\\+");
for (String value: values) {
String trimmed = value.trim();
if (trimmed.length() > 0) {
- sslProtocols.add(trimmed);
+ protocols.add(trimmed);
}
}
}
- public Set<String> getSslProtocols() {
- return sslProtocols;
+ public Set<String> getProtocols() {
+ return protocols;
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1673552&r1=1673551&r2=1673552&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Apr 14 20:27:58 2015
@@ -594,24 +594,24 @@ public class JSSESocketFactory implement
@Override
public String[] getEnableableProtocols(SSLContext context) {
- if (sslHostConfig.getSslProtocols().size() == 0) {
+ if (sslHostConfig.getProtocols().size() == 0) {
return defaultServerProtocols;
}
List<String> protocols = new ArrayList<>();
- protocols.addAll(sslHostConfig.getSslProtocols());
+ protocols.addAll(sslHostConfig.getProtocols());
protocols.retainAll(Arrays.asList(context.getSupportedSSLParameters()
.getProtocols()));
if (protocols.isEmpty()) {
log.warn(sm.getString("jsse.requested_protocols_not_supported",
- sslHostConfig.getSslProtocols()));
+ sslHostConfig.getProtocols()));
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsse.enableable_protocols", protocols));
- if (protocols.size() != sslHostConfig.getSslProtocols().size()) {
+ if (protocols.size() != sslHostConfig.getProtocols().size()) {
List<String> skipped = new ArrayList<>();
- skipped.addAll(sslHostConfig.getSslProtocols());
+ skipped.addAll(sslHostConfig.getProtocols());
skipped.removeAll(protocols);
log.debug(sm.getString("jsse.unsupported_protocols", skipped));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org