Author: markt
Date: Tue Mar 8 15:19:19 2011
New Revision: 1079387
URL: http://svn.apache.org/viewvc?rev=1079387&view=rev
Log:
Align SSL init for BIO and NIO.
Fixes https://issues.apache.org/bugzilla/show_bug.cgi?id=48208 for NIO.
Adds support for keyPass, truststoreProvider & keystoreProvider
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1079387&r1=1079386&r2=1079387&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Tue Mar 8
15:19:19 2011
@@ -31,7 +31,6 @@ import java.nio.channels.Selector;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.WritableByteChannel;
-import java.security.KeyStore;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
@@ -42,11 +41,9 @@ import java.util.concurrent.atomic.Atomi
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
@@ -55,7 +52,6 @@ import org.apache.tomcat.util.ExceptionU
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SecureNioChannel.ApplicationBufferHandler;
-import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
/**
@@ -94,8 +90,6 @@ public class NioEndpoint extends Abstrac
*/
protected ServerSocketChannel serverSock = null;
- protected SSLUtil sslUtil = null;
-
/**
* use send file
*/
@@ -479,68 +473,16 @@ public class NioEndpoint extends Abstrac
// Initialize SSL if needed
if (isSSLEnabled()) {
- if (sslUtil == null) {
- sslUtil = handler.getSslImplementation().getSSLUtil(this);
- }
- // Initialize SSL
- String keystorePass = getKeystorePass();
- if (keystorePass == null) {
- keystorePass = JSSESocketFactory.DEFAULT_KEY_PASS;
- }
- char[] passphrase = keystorePass.toCharArray();
-
- char[] tpassphrase =
(getTruststorePass()!=null)?getTruststorePass().toCharArray():passphrase;
- String ttype =
(getTruststoreType()!=null)?getTruststoreType():getKeystoreType();
-
- KeyStore ks = KeyStore.getInstance(getKeystoreType());
- FileInputStream fisKeyStore = null;
- try {
- fisKeyStore = new FileInputStream(getKeystoreFile());
- ks.load(fisKeyStore, passphrase);
- } finally {
- if (fisKeyStore != null) {
- try {
- fisKeyStore.close();
- } catch (IOException ioe) {/*Ignore*/}
- }
- }
- KeyStore ts = null;
- if (getTruststoreFile()==null) {
- //no op, same as for BIO connector
- }else {
- ts = KeyStore.getInstance(ttype);
- FileInputStream fisTrustStore = null;
- try {
- fisTrustStore = new FileInputStream(getTruststoreFile());
- ts.load(fisTrustStore, tpassphrase);
- } finally {
- if (fisTrustStore != null) {
- try {
- fisTrustStore.close();
- } catch (IOException ioe) {/*Ignore*/}
- }
- }
- }
+ SSLUtil sslUtil = handler.getSslImplementation().getSSLUtil(this);
- KeyManagerFactory kmf =
KeyManagerFactory.getInstance(getAlgorithm());
- kmf.init(ks, passphrase);
+ sslContext = sslUtil.createSSLContext();
+ sslContext.init(wrap(sslUtil.getKeyManagers()),
+ sslUtil.getTrustManagers(), null);
- TrustManagerFactory tmf =
TrustManagerFactory.getInstance(getAlgorithm());
- tmf.init(ts);
-
- sslContext = SSLContext.getInstance(getSslProtocol());
- sslContext.init(wrap(kmf.getKeyManagers()),
tmf.getTrustManagers(), null);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext != null) {
- if (getSessionCacheSize() != null) {
- sessionContext.setSessionCacheSize(
- Integer.parseInt(getSessionCacheSize()));
- }
- if (getSessionTimeout() != null) {
- sessionContext.setSessionTimeout(
- Integer.parseInt(getSessionTimeout()));
- }
+ sslUtil.configureSessionContext(sessionContext);
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java?rev=1079387&r1=1079386&r2=1079387&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java Tue Mar 8
15:19:19 2011
@@ -16,6 +16,18 @@
*/
package org.apache.tomcat.util.net;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.TrustManager;
+
public interface SSLUtil {
+ public SSLContext createSSLContext() throws Exception;
+
+ public KeyManager[] getKeyManagers() throws Exception;
+
+ public TrustManager[] getTrustManagers() throws Exception;
+
+ public void configureSessionContext(SSLSessionContext sslSessionContext);
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1079387&r1=1079386&r2=1079387&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue Mar 8 15:19:19 2011
@@ -444,58 +444,14 @@ public class JSSESocketFactory implement
wantClientAuth = true;
}
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
- String protocol = endpoint.getSslProtocol();
- if (protocol == null) {
- protocol = defaultProtocol;
- }
-
- // Certificate encoding algorithm (e.g., SunX509)
- String algorithm = endpoint.getAlgorithm();
- if (algorithm == null) {
- algorithm = KeyManagerFactory.getDefaultAlgorithm();
- }
-
- String keystoreType = endpoint.getKeystoreType();
- if (keystoreType == null) {
- keystoreType = defaultKeystoreType;
- }
-
- String keystoreProvider = endpoint.getKeystoreProvider();
-
- String trustAlgorithm = endpoint.getTruststoreAlgorithm();
- if( trustAlgorithm == null ) {
- trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- }
-
- // Create and init SSLContext
- SSLContext context = SSLContext.getInstance(protocol);
- context.init(getKeyManagers(keystoreType, keystoreProvider,
- algorithm,
- endpoint.getKeyAlias()),
- getTrustManagers(keystoreType, keystoreProvider,
- trustAlgorithm),
- new SecureRandom());
+ SSLContext context = createSSLContext();
+ context.init(getKeyManagers(), getTrustManagers(), null);
// Configure SSL session cache
- int sessionCacheSize;
- if (endpoint.getSessionCacheSize() != null) {
- sessionCacheSize = Integer.parseInt(
- endpoint.getSessionCacheSize());
- } else {
- sessionCacheSize = defaultSessionCacheSize;
- }
- int sessionTimeout;
- if (endpoint.getSessionTimeout() != null) {
- sessionTimeout =
Integer.parseInt(endpoint.getSessionTimeout());
- } else {
- sessionTimeout = defaultSessionTimeout;
- }
SSLSessionContext sessionContext =
context.getServerSessionContext();
if (sessionContext != null) {
- sessionContext.setSessionCacheSize(sessionCacheSize);
- sessionContext.setSessionTimeout(sessionTimeout);
+ configureSessionContext(sessionContext);
}
// create proxy
@@ -519,6 +475,73 @@ public class JSSESocketFactory implement
}
}
+ @Override
+ public SSLContext createSSLContext() throws Exception {
+
+ // SSL protocol variant (e.g., TLS, SSL v3, etc.)
+ String protocol = endpoint.getSslProtocol();
+ if (protocol == null) {
+ protocol = defaultProtocol;
+ }
+
+ SSLContext context = SSLContext.getInstance(protocol);
+
+ return context;
+ }
+
+ @Override
+ public KeyManager[] getKeyManagers() throws Exception {
+ String keystoreType = endpoint.getKeystoreType();
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+ }
+
+ String algorithm = endpoint.getAlgorithm();
+ if (algorithm == null) {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(),
+ algorithm, endpoint.getKeyAlias());
+ }
+
+ @Override
+ public TrustManager[] getTrustManagers() throws Exception {
+ String keystoreType = endpoint.getKeystoreType();
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+ }
+
+ String algorithm = endpoint.getAlgorithm();
+ if (algorithm == null) {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ return getTrustManagers(keystoreType, endpoint.getKeystoreProvider(),
+ algorithm);
+ }
+
+ @Override
+ public void configureSessionContext(SSLSessionContext sslSessionContext) {
+ int sessionCacheSize;
+ if (endpoint.getSessionCacheSize() != null) {
+ sessionCacheSize = Integer.parseInt(
+ endpoint.getSessionCacheSize());
+ } else {
+ sessionCacheSize = defaultSessionCacheSize;
+ }
+
+ int sessionTimeout;
+ if (endpoint.getSessionTimeout() != null) {
+ sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
+ } else {
+ sessionTimeout = defaultSessionTimeout;
+ }
+
+ sslSessionContext.setSessionCacheSize(sessionCacheSize);
+ sslSessionContext.setSessionTimeout(sessionTimeout);
+ }
+
/**
* Gets the initialized key managers.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
