svn commit: r1731247 - in /tomcat/trunk: java/org/apache/tomcat/util/net/openssl/ webapps/docs/

Fri, 19 Feb 2016 06:27:36 -0800 

Author: remm
Date: Fri Feb 19 14:27:05 2016
New Revision: 1731247

URL: http://svn.apache.org/viewvc?rev=1731247&view=rev
Log:
Remove class hierarchy complexity (no client mode), and pass the JSSE session 
options to OpenSSL.

Removed:
    
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java
Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1731247&r1=1731246&r2=1731247&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Fri Feb 19 14:27:05 2016
@@ -63,7 +63,7 @@ public class OpenSSLContext implements o
 
     private final SSLHostConfig sslHostConfig;
     private final SSLHostConfigCertificate certificate;
-    private OpenSSLServerSessionContext sessionContext;
+    private OpenSSLSessionContext sessionContext;
 
     private final List<String> negotiableProtocols;
 
@@ -373,7 +373,7 @@ public class OpenSSLContext implements o
                 SSLContext.setNpnProtos(ctx, protocolsArray, 
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
             }
 
-            sessionContext = new OpenSSLServerSessionContext(ctx);
+            sessionContext = new OpenSSLSessionContext(ctx);
             sslHostConfig.setOpenSslContext(Long.valueOf(ctx));
             initialized = true;
         } catch (Exception e) {

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.java?rev=1731247&r1=1731246&r2=1731247&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.java 
(original)
+++ 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.java 
Fri Feb 19 14:27:05 2016
@@ -22,18 +22,19 @@ import java.util.NoSuchElementException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 
+import org.apache.tomcat.jni.SSL;
 import org.apache.tomcat.jni.SSLContext;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
  * OpenSSL specific {@link SSLSessionContext} implementation.
  */
-public abstract class OpenSSLSessionContext implements SSLSessionContext {
+public class OpenSSLSessionContext implements SSLSessionContext {
     private static final StringManager sm = 
StringManager.getManager(OpenSSLSessionContext.class);
     private static final Enumeration<byte[]> EMPTY = new EmptyEnumeration();
 
     private final OpenSSLSessionStats stats;
-    final long context;
+    private final long context;
 
     OpenSSLSessionContext(long context) {
         this.context = context;
@@ -67,13 +68,18 @@ public abstract class OpenSSLSessionCont
      *
      * @param enabled {@code true} to enable caching, {@code false} to disable
      */
-    public abstract void setSessionCacheEnabled(boolean enabled);
+    public void setSessionCacheEnabled(boolean enabled) {
+        long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : 
SSL.SSL_SESS_CACHE_OFF;
+        SSLContext.setSessionCacheMode(context, mode);
+    }
 
     /**
      * @return {@code true} if caching of SSL sessions is enabled, {@code 
false}
      *         otherwise.
      */
-    public abstract boolean isSessionCacheEnabled();
+    public boolean isSessionCacheEnabled() {
+        return SSLContext.getSessionCacheMode(context) == 
SSL.SSL_SESS_CACHE_SERVER;
+    }
 
     /**
      * @return The statistics for this context.
@@ -82,6 +88,45 @@ public abstract class OpenSSLSessionCont
         return stats;
     }
 
+    @Override
+    public void setSessionTimeout(int seconds) {
+        if (seconds < 0) {
+            throw new IllegalArgumentException();
+        }
+        SSLContext.setSessionCacheTimeout(context, seconds);
+    }
+
+    @Override
+    public int getSessionTimeout() {
+        return (int) SSLContext.getSessionCacheTimeout(context);
+    }
+
+    @Override
+    public void setSessionCacheSize(int size) {
+        if (size < 0) {
+            throw new IllegalArgumentException();
+        }
+        SSLContext.setSessionCacheSize(context, size);
+    }
+
+    @Override
+    public int getSessionCacheSize() {
+        return (int) SSLContext.getSessionCacheSize(context);
+    }
+
+    /**
+     * Set the context within which session be reused (server side only)
+     * See <a 
href="http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html";>
+     *     man SSL_CTX_set_session_id_context</a>
+     *
+     * @param sidCtx can be any kind of binary data, it is therefore possible 
to use e.g. the name
+     *               of the application and/or the hostname and/or service name
+     * @return {@code true} if success, {@code false} otherwise.
+     */
+    public boolean setSessionIdContext(byte[] sidCtx) {
+        return SSLContext.setSessionIdContext(context, sidCtx);
+    }
+
     private static final class EmptyEnumeration implements Enumeration<byte[]> 
{
         @Override
         public boolean hasMoreElements() {

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java?rev=1731247&r1=1731246&r2=1731247&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java Fri 
Feb 19 14:27:05 2016
@@ -98,6 +98,8 @@ public class OpenSSLUtil extends SSLUtil
 
     @Override
     public void configureSessionContext(SSLSessionContext sslSessionContext) {
-        // do nothing. configuration is done in the init phase
+        if (jsseUtil != null) {
+            jsseUtil.configureSessionContext(sslSessionContext);
+        }
     }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1731247&r1=1731246&r2=1731247&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Feb 19 14:27:05 2016
@@ -110,6 +110,9 @@
       <fix>
         Bad processing of handshake errors in NIO2. (remm)
       </fix>
+      <fix>
+        Use JSSE session configuration options with OpenSSL. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to