Author: fhanik
Date: Tue Mar 1 20:04:26 2011
New Revision: 1076008
URL: http://svn.apache.org/viewvc?rev=1076008&view=rev
Log:
Implement renegotiation for SSL cert authentication
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1076008&r1=1076007&r2=1076008&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Tue Mar
1 20:04:26 2011
@@ -23,6 +23,8 @@ import java.nio.channels.SelectionKey;
import java.util.Locale;
import java.util.concurrent.Executor;
+import javax.net.ssl.SSLEngine;
+
import org.apache.coyote.ActionCode;
import org.apache.coyote.Request;
import org.apache.coyote.RequestInfo;
@@ -42,7 +44,9 @@ import org.apache.tomcat.util.net.NioCha
import org.apache.tomcat.util.net.NioEndpoint;
import org.apache.tomcat.util.net.NioEndpoint.KeyAttachment;
import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.SecureNioChannel;
import org.apache.tomcat.util.net.SocketStatus;
+import org.apache.tomcat.util.net.jsse.JSSEFactory;
/**
@@ -625,6 +629,19 @@ public class Http11NioProcessor extends
.setLimit(maxSavePostSize);
inputBuffer.addActiveFilter
(inputFilters[Constants.BUFFERED_FILTER]);
+ SecureNioChannel sslChannel = (SecureNioChannel) socket;
+ SSLEngine engine = sslChannel.getSslEngine();
+ if (!engine.getNeedClientAuth()) {
+ // Need to re-negotiate SSL connection
+ engine.setNeedClientAuth(true);
+ try {
+ sslChannel.rehandshake(endpoint.getSoTimeout());
+ sslSupport = (new
JSSEFactory()).getSSLSupport(engine.getSession());
+ } catch (IOException ioe) {
+
log.warn(sm.getString("http11processor.socket.sslreneg",ioe));
+ }
+ }
+
try {
Object sslO = sslSupport.getPeerCertificateChain(true);
if( sslO != null) {
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1076008&r1=1076007&r2=1076008&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Mar 1
20:04:26 2011
@@ -103,9 +103,6 @@ public class TestClientCert extends Tomc
Tomcat tomcat = getTomcatInstance();
String protocol = tomcat.getConnector().getProtocolHandlerClassName();
- if (protocol.indexOf("Nio") != -1) {
- return; // Not supported yet (2011-03-01)
- }
if (protocol.indexOf("Apr") != -1) {
return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
