2015-11-23 9:43 GMT+03:00 <jfcl...@apache.org>:
> Author: jfclere
> Date: Mon Nov 23 06:43:01 2015
> New Revision: 1715732
>
> URL: http://svn.apache.org/viewvc?rev=1715732&view=rev
> Log:
> Add the JSSE one.
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java?rev=1715732&r1=1715731&r2=1715732&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
> (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java Mon
> Nov 23 06:43:01 2015
> @@ -16,11 +16,15 @@
> */
> package org.apache.tomcat.util.net.openssl;
>
> +import java.io.FileInputStream;
> +import java.io.InputStream;
> +import java.security.KeyStore;
> import java.util.List;
>
> import javax.net.ssl.KeyManager;
> import javax.net.ssl.SSLSessionContext;
> import javax.net.ssl.TrustManager;
> +import javax.net.ssl.TrustManagerFactory;
>
> import org.apache.tomcat.util.net.SSLContext;
> import org.apache.tomcat.util.net.SSLHostConfig;
> @@ -54,10 +58,40 @@ public class OpenSSLUtil implements SSLU
> return managers;
> }
>
> + /* In fact we can use the JSSE one for the moment */
> @Override
> public TrustManager[] getTrustManagers() throws Exception {
> - return null;
> + String storefile = System.getProperty("java.home") +
> "/lib/security/cacerts";
> + String password = "changeit";
> + String type = "jks";
> + String provider = null;
> + if (sslHostConfig.getTruststoreFile() != null) {
> + storefile = sslHostConfig.getTruststoreFile();
> + }
> + if (sslHostConfig.getTruststorePassword() != null) {
> + password = sslHostConfig.getTruststorePassword();
> + }
> + if (sslHostConfig.getTruststoreType() != null) {
> + type = sslHostConfig.getTruststoreType();
> + }
> + if (sslHostConfig.getTruststoreProvider() != null) {
> + provider = sslHostConfig.getTruststoreProvider();
> + }
> +
> + TrustManagerFactory factory;
> + if (provider == null)
> + factory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> + else
> + factory = TrustManagerFactory.getInstance(provider);
Why "provider" on the above line?
I guess it should be sslHostConfig.getTruststoreAlgorithm()
For example: JSSESocketFactory.getTrustManagers()
> + KeyStore keystore = KeyStore.getInstance(type);
> + InputStream stream = new FileInputStream(storefile);
There is a new feature to allow random URLs as storefile.
The code will be
stream = ConfigFileLoader.getInputStream(storefile);
For example: JSSESocketFactory.getStore(...)
> + keystore.load(stream, password.toCharArray());
It also needs finally { if (stream != null) stream.close() }.
> + factory.init(keystore);
> + TrustManager[] managers = factory.getTrustManagers();
> + return managers;
> }
> +
>
> @Override
> public void configureSessionContext(SSLSessionContext sslSessionContext)
> {
BTW, a changelog, documentation =?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
