You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ol...@apache.org on 2011/12/20 00:50:50 UTC
svn commit: r1221023 - in
/tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner:
PasswordUtil.java Tomcat7Runner.java Tomcat7RunnerCli.java
Author: olamy
Date: Mon Dec 19 23:50:50 2011
New Revision: 1221023
URL: http://svn.apache.org/viewvc?rev=1221023&view=rev
Log:
[MTOMCAT-108] The httpsPort flag starts another http thread not an https thread
Submitted by Brad Giaccio.
Added:
tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java (with props)
Modified:
tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7Runner.java
tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7RunnerCli.java
Added: tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java
URL: http://svn.apache.org/viewvc/tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java?rev=1221023&view=auto
==============================================================================
--- tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java (added)
+++ tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java Mon Dec 19 23:50:50 2011
@@ -0,0 +1,131 @@
+package org.apache.tomcat.maven.runner;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Properties;
+
+
+/**
+ * Password obfuscate utility class. Lifted from Jetty org.mortbay.jetty.security.Password
+ * <p/>
+ * <p/>
+ * Passwords that begin with OBF: are de obfuscated.
+ * <p/>
+ * Passwords can be obfuscated by running Obfuscate as a main class. Obfuscated password are required if a system needs
+ * to recover the full password (eg. so that it may be passed to another system).
+ * <p/>
+ * They are not secure, but prevent casual observation.
+ *
+ * @see <a
+ * href="http://grepcode.com/file_/repo1.maven.org/maven2/org.mortbay.jetty/jetty/6.1.11/org/mortbay/jetty/security/Password.java/?v=source"
+ * >Jetty Source org.mortbay.jetty.security.Password</a>
+ * @since 2.0
+ */
+public class PasswordUtil
+{
+ public static final String __OBFUSCATE = "OBF:";
+
+ /* ------------------------------------------------------------ */
+ public static String obfuscate( String s )
+ {
+ StringBuilder buf = new StringBuilder();
+ byte[] b = s.getBytes();
+
+ buf.append( __OBFUSCATE );
+ for ( int i = 0; i < b.length; i++ )
+ {
+ byte b1 = b[i];
+ byte b2 = b[s.length() - ( i + 1 )];
+ int i1 = 127 + b1 + b2;
+ int i2 = 127 + b1 - b2;
+ int i0 = i1 * 256 + i2;
+ String x = Integer.toString( i0, 36 );
+
+ switch ( x.length() )
+ {
+ case 1:
+ buf.append( '0' );
+ case 2:
+ buf.append( '0' );
+ case 3:
+ buf.append( '0' );
+ default:
+ buf.append( x );
+ }
+ }
+ return buf.toString();
+
+ }
+
+ /* ------------------------------------------------------------ */
+ public static String deobfuscate( String s )
+ {
+ if ( s.startsWith( __OBFUSCATE ) )
+ {
+ s = s.substring( __OBFUSCATE.length() );
+
+ byte[] b = new byte[s.length() / 2];
+ int l = 0;
+ for ( int i = 0; i < s.length(); i += 4 )
+ {
+ String x = s.substring( i, i + 4 );
+ int i0 = Integer.parseInt( x, 36 );
+ int i1 = ( i0 / 256 );
+ int i2 = ( i0 % 256 );
+ b[l++] = (byte) ( ( i1 + i2 - 254 ) / 2 );
+ }
+ return new String( b, 0, l );
+ }
+ else
+ {
+ return s;
+ }
+
+ }
+
+ public static void deobfuscateSystemProps()
+ {
+ Properties props = System.getProperties();
+ for ( Object obj : props.keySet() )
+ {
+ if ( obj instanceof String )
+ {
+ String key = (String) obj;
+ String value = (String) props.getProperty( key );
+ if ( value != null && value.startsWith( __OBFUSCATE ) )
+ {
+ System.setProperty( key, deobfuscate( value ) );
+ }
+ }
+ }
+ }
+
+ public static void main( String[] args )
+ {
+ if ( args[0].startsWith( __OBFUSCATE ) )
+ {
+ System.out.println( PasswordUtil.deobfuscate( args[1] ) );
+ }
+ else
+ {
+ System.out.println( PasswordUtil.obfuscate( args[1] ) );
+ }
+ }
+}
Propchange: tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/PasswordUtil.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7Runner.java
URL: http://svn.apache.org/viewvc/tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7Runner.java?rev=1221023&r1=1221022&r2=1221023&view=diff
==============================================================================
--- tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7Runner.java (original)
+++ tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7Runner.java Mon Dec 19 23:50:50 2011
@@ -77,6 +77,10 @@ public class Tomcat7Runner
public boolean debug = false;
+ public boolean clientAuth = false;
+
+ public String keyAlias = null;
+
public String httpProtocol;
public File extractDirectory = new File( ".extract" );
@@ -99,6 +103,8 @@ public class Tomcat7Runner
throws Exception
{
+ PasswordUtil.deobfuscateSystemProps();
+
// do we have to extract content
if ( !new File( ".extract" ).exists() || resetExtract )
{
@@ -159,19 +165,22 @@ public class Tomcat7Runner
debugMessage( "use connectorHttpProtocol:" + connectorHttpProtocol );
- Connector connector = new Connector( connectorHttpProtocol );
- connector.setPort( httpPort );
-
- if ( httpsPort > 0 )
- {
- connector.setRedirectPort( httpsPort );
- }
- // FIXME parameter for that def ? ISO-8859-1
- //connector.setURIEncoding(uriEncoding);
+ if (httpPort > 0)
+ {
+ Connector connector = new Connector( connectorHttpProtocol );
+ connector.setPort( httpPort );
+
+ if ( httpsPort > 0 )
+ {
+ connector.setRedirectPort( httpsPort );
+ }
+ // FIXME parameter for that def ? ISO-8859-1
+ //connector.setURIEncoding(uriEncoding);
- tomcat.getService().addConnector( connector );
+ tomcat.getService().addConnector( connector );
- tomcat.setConnector( connector );
+ tomcat.setConnector( connector );
+ }
// add a default acces log valve
AccessLogValve alv = new AccessLogValve();
@@ -182,10 +191,16 @@ public class Tomcat7Runner
// create https connector
if ( httpsPort > 0 )
{
- Connector httpsConnector = new Connector( "HTTP/1.1" );
+ Connector httpsConnector = new Connector( connectorHttpProtocol );
httpsConnector.setPort( httpsPort );
- // FIXME parameters for that !!
- /*
+ httpsConnector.setSecure(true);
+ httpsConnector.setProperty("SSLEnabled", "true");
+ httpsConnector.setProperty("sslProtocol", "TLS");
+
+ String keystoreFile = System.getProperty("javax.net.ssl.keyStore");
+ String keystorePass = System.getProperty("javax.net.ssl.keyStorePassword");
+ String keystoreType = System.getProperty("javax.net.ssl.keyStoreType", "jks");
+
if ( keystoreFile != null )
{
httpsConnector.setAttribute("keystoreFile", keystoreFile);
@@ -193,9 +208,28 @@ public class Tomcat7Runner
if ( keystorePass != null )
{
httpsConnector.setAttribute("keystorePass", keystorePass);
- }*/
+ }
+ httpsConnector.setAttribute("keystoreType", keystoreType);
+
+ String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
+ String truststorePass = System.getProperty("javax.net.ssl.trustStorePassword");
+ String truststoreType = System.getProperty("javax.net.ssl.trustStoreType", "jks");
+ if ( truststoreFile != null )
+ {
+ httpsConnector.setAttribute("truststoreFile", truststoreFile);
+ }
+ if ( truststorePass != null )
+ {
+ httpsConnector.setAttribute("truststorePass", truststorePass);
+ }
+ httpsConnector.setAttribute("truststoreType", truststoreType);
+
+ httpsConnector.setAttribute("clientAuth", clientAuth);
+ httpsConnector.setAttribute("keyAlias", keyAlias);
+
tomcat.getService().addConnector( httpsConnector );
-
+
+ if (httpPort <= 0) tomcat.setConnector( httpsConnector );
}
// create ajp connector
Modified: tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7RunnerCli.java
URL: http://svn.apache.org/viewvc/tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7RunnerCli.java?rev=1221023&r1=1221022&r2=1221023&view=diff
==============================================================================
--- tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7RunnerCli.java (original)
+++ tomcat/maven-plugin/trunk/tomcat7-war-runner/src/main/java/org/apache/tomcat/maven/runner/Tomcat7RunnerCli.java Mon Dec 19 23:50:50 2011
@@ -36,6 +36,7 @@ import java.util.Properties;
* @author Olivier Lamy
* @since 2.0
*/
+@SuppressWarnings("static-access")
public class Tomcat7RunnerCli
{
@@ -65,15 +66,29 @@ public class Tomcat7RunnerCli
static Option sysProps = OptionBuilder.withDescription( "use value for given property" ).hasArgs().withDescription(
"key=value" ).withValueSeparator().create( 'D' );
+ static Option clientAuth =
+ OptionBuilder.withArgName( "clientAuth" ).withDescription( "enable client authentication for https" ).create(
+ "clientAuth" );
+
+ static Option keyAlias =
+ OptionBuilder.withArgName( "keyAlias" ).hasArgs().withDescription( "alias from keystore for ssl" ).create(
+ "keyAlias" );
+
+ static Option obfuscate =
+ OptionBuilder.withArgName( "password" ).hasArgs().withDescription( "obfuscate the password and exit" ).create(
+ "obfuscate" );
+
static Option httpProtocol = OptionBuilder.withArgName( "httpProtocol" ).hasArg().withDescription(
"http protocol to use: HTTP/1.1 or org.apache.coyote.http11.Http11NioProtocol" ).create( "httpProtocol" );
+
static Options options = new Options();
static
{
options.addOption( httpPort ).addOption( httpsPort ).addOption( ajpPort ).addOption( serverXmlPath ).addOption(
- resetExtract ).addOption( help ).addOption( debug ).addOption( sysProps ).addOption( httpProtocol );
+ resetExtract ).addOption( help ).addOption( debug ).addOption( sysProps ).addOption( httpProtocol )
+ .addOption(clientAuth).addOption(keyAlias).addOption(obfuscate);
}
@@ -101,6 +116,11 @@ public class Tomcat7RunnerCli
System.exit( 0 );
}
+ if ( line.hasOption( obfuscate.getOpt() ) )
+ {
+ System.out.println( PasswordUtil.obfuscate( line.getOptionValue( obfuscate.getOpt() ) ) );
+ System.exit( 0 );
+ }
Tomcat7Runner tomcat7Runner = new Tomcat7Runner();
tomcat7Runner.runtimeProperties = buildStandaloneProperties();
@@ -147,7 +167,14 @@ public class Tomcat7RunnerCli
}
}
}
-
+ if ( line.hasOption( clientAuth.getOpt() ) )
+ {
+ tomcat7Runner.clientAuth = true;
+ }
+ if ( line.hasOption( keyAlias.getOpt() ) )
+ {
+ tomcat7Runner.keyAlias = line.getOptionValue( keyAlias.getOpt() );
+ }
// here we go
tomcat7Runner.run();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org