Author: markt
Date: Mon Apr 4 21:27:27 2016
New Revision: 1737747
URL: http://svn.apache.org/viewvc?rev=1737747&view=rev
Log:
Use newly added JreCompat to handle setting of honorCipherOrder
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1737747&r1=1737746&r2=1737747&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Mon Apr 4 21:27:27 2016
@@ -17,8 +17,6 @@
package org.apache.tomcat.util.net;
import java.io.OutputStreamWriter;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.ArrayList;
@@ -33,10 +31,10 @@ import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint.Acceptor.AcceptorState;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.threads.LimitLatch;
@@ -745,29 +743,12 @@ public abstract class AbstractEndpoint<S
public abstract void stopInternal() throws Exception;
public final void init() throws Exception {
- testServerCipherSuitesOrderSupport();
if (bindOnInit) {
bind();
bindState = BindState.BOUND_ON_INIT;
}
}
- private void testServerCipherSuitesOrderSupport() {
- // Only test this feature if the user explicitly requested its use.
- if(!"".equals(getUseServerCipherSuitesOrder().trim())) {
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
- }
- catch (NoSuchMethodException nsme) {
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
- }
- }
- }
-
public final void start() throws Exception {
if (bindState == BindState.UNBOUND) {
bind();
@@ -1062,36 +1043,11 @@ public abstract class AbstractEndpoint<S
// Only use this feature if the user explicitly requested its use.
if(!"".equals(useServerCipherSuitesOrderStr)) {
- SSLParameters sslParameters = engine.getSSLParameters();
boolean useServerCipherSuitesOrder =
("true".equalsIgnoreCase(useServerCipherSuitesOrderStr)
||
"yes".equalsIgnoreCase(useServerCipherSuitesOrderStr));
-
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- Method m =
SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
-
- m.invoke(sslParameters,
Boolean.valueOf(useServerCipherSuitesOrder));
- }
- catch (NoSuchMethodException nsme) {
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
- } catch (InvocationTargetException ite) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- ite);
- } catch (IllegalArgumentException iae) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- iae);
- } catch (IllegalAccessException e) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- e);
- }
- engine.setSSLParameters(sslParameters);
+ JreCompat.getInstance().setUseServerCipherSuitesOrder(engine,
+ useServerCipherSuitesOrder);
}
}
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1737747&r1=1737746&r2=1737747&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Mon Apr 4 21:27:27 2016
@@ -20,8 +20,6 @@ package org.apache.tomcat.util.net.jsse;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
@@ -52,7 +50,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
@@ -62,6 +59,7 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.compat.JreVendor;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.net.AbstractEndpoint;
@@ -791,36 +789,10 @@ public class JSSESocketFactory implement
// Only use this feature if the user explicitly requested its use.
if(!"".equals(useServerCipherSuitesOrderStr)) {
- SSLParameters sslParameters = socket.getSSLParameters();
boolean useServerCipherSuitesOrder =
("true".equalsIgnoreCase(useServerCipherSuitesOrderStr)
||
"yes".equalsIgnoreCase(useServerCipherSuitesOrderStr));
-
- try {
- // This method is only available in Java 8+
- // Check to see if the method exists, and then call it.
- Method m =
SSLParameters.class.getMethod("setUseCipherSuitesOrder",
- Boolean.TYPE);
-
- m.invoke(sslParameters,
Boolean.valueOf(useServerCipherSuitesOrder));
- }
- catch (NoSuchMethodException nsme) {
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- nsme);
- } catch (InvocationTargetException ite) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- ite);
- } catch (IllegalArgumentException iae) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- iae);
- } catch (IllegalAccessException e) {
- // Should not happen
- throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- e);
- }
- socket.setSSLParameters(sslParameters);
+ JreCompat.getInstance().setUseServerCipherSuitesOrder(socket,
useServerCipherSuitesOrder);
}
}
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1737747&r1=1737746&r2=1737747&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
Mon Apr 4 21:27:27 2016
@@ -35,4 +35,3 @@ jsseSupport.serverRenegDisabled=SSL serv
jsseSupport.unexpectedData=Unexpected data read from input stream
jsse.openssl.unknownElement=Unknown element in cipher string: {0}
jsse.openssl.effectiveCiphers=Ciphers used: {0}
-jsse.cannotHonorServerCipherOrder=Java Runtime does not support
"useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1737747&r1=1737746&r2=1737747&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Mon Apr 4 21:27:27 2016
@@ -66,7 +66,6 @@ endpoint.apr.remoteport=APR socket [{0}]
endpoint.nio.selectorCloseFail=Failed to close selector when closing the poller
endpoint.nio.timeoutCme=Exception during processing of timeouts. The code has
been checked repeatedly and no concurrent modification has been found. If you
are able to repeat this error please open a Tomcat bug and provide the steps to
reproduce.
endpoint.nio2.exclusiveExecutor=The NIO2 connector requires an exclusive
executor to operate properly on shutdown
-endpoint.jsse.cannotHonorServerCipherOrder=Java Runtime does not support
"useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
channel.nio.interrupted=The current thread was interrupted
channel.nio.ssl.notHandshaking=NOT_HANDSHAKING during handshake
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
