Author: markt
Date: Tue Mar 15 22:51:10 2011
New Revision: 1081969
URL: http://svn.apache.org/viewvc?rev=1081969&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50928
Don't ignore keyPass attribute
Added:
tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt (with
props)
tomcat/trunk/test/org/apache/tomcat/util/net/localhost-copy1.jks (with
props)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1081969&r1=1081968&r2=1081969&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue Mar 15 22:51:10 2011
@@ -565,7 +565,11 @@ public class JSSESocketFactory implement
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- kmf.init(ks, keystorePass.toCharArray());
+ String keyPass = endpoint.getKeyPass();
+ if (keyPass == null) {
+ keyPass = keystorePass;
+ }
+ kmf.init(ks, keyPass.toCharArray());
kms = kmf.getKeyManagers();
if (keyAlias != null) {
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1081969&r1=1081968&r2=1081969&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Tue Mar 15
22:51:10 2011
@@ -57,6 +57,24 @@ public class TestSsl extends TomcatBaseT
assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
}
+ public void testKeyPass() throws Exception {
+ TesterSupport.configureClientSsl();
+
+ Tomcat tomcat = getTomcatInstance();
+
+ File appDir = new File(getBuildDirectory(), "webapps/examples");
+ tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
+
+ TesterSupport.initSsl(tomcat, "localhost-copy1.jks", "changeit",
+ "tomcatpass");
+
+ tomcat.start();
+ ByteChunk res = getUrl("https://localhost:"; + getPort() +
+ "/examples/servlets/servlet/HelloWorldExample");
+ assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
+ }
+
+
boolean handshakeDone = false;
public void testRenegotiateFail() throws Exception {
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1081969&r1=1081968&r2=1081969&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue Mar 15
22:51:10 2011
@@ -40,6 +40,7 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.Context;
import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.connector.Connector;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityCollection;
import org.apache.catalina.deploy.SecurityConstraint;
@@ -73,17 +74,30 @@ public final class TesterSupport {
}
protected static void initSsl(Tomcat tomcat) {
+ initSsl(tomcat, "localhost.jks", null, null);
+ }
+
+ protected static void initSsl(Tomcat tomcat, String keystore,
+ String keystorePass, String keyPass) {
+
String protocol = tomcat.getConnector().getProtocolHandlerClassName();
if (protocol.indexOf("Apr") == -1) {
- tomcat.getConnector().setProperty("sslProtocol", "tls");
- File keystoreFile = new File(
- "test/org/apache/tomcat/util/net/localhost.jks");
- tomcat.getConnector().setAttribute("keystoreFile",
+ Connector connector = tomcat.getConnector();
+ connector.setProperty("sslProtocol", "tls");
+ File keystoreFile =
+ new File("test/org/apache/tomcat/util/net/" + keystore);
+ connector.setAttribute("keystoreFile",
keystoreFile.getAbsolutePath());
File truststoreFile = new File(
"test/org/apache/tomcat/util/net/ca.jks");
- tomcat.getConnector().setAttribute("truststoreFile",
+ connector.setAttribute("truststoreFile",
truststoreFile.getAbsolutePath());
+ if (keystorePass != null) {
+ connector.setAttribute("keystorePass", keystorePass);
+ }
+ if (keyPass != null) {
+ connector.setAttribute("keyPass", keyPass);
+ }
} else {
File keystoreFile = new File(
"test/org/apache/tomcat/util/net/localhost-cert.pem");
Added: tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt?rev=1081969&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt (added)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt Tue Mar 15
22:51:10 2011
@@ -0,0 +1,28 @@
+================================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+================================================================================
+
+ca.jks (changeit)
+ ca CN=ca-test.tomcat.apache.org
+
+localhost.jks (changeit)
+ tomcat CN=ca-test.tomcat.apache.org
+
+localhost-copy1.jks (changeit)
+ tomcat CN=ca-test.tomcat.apache.org (tomcatpass)
+
+user1.jks (changeit)
+ user1 CN=user1
Propchange: tomcat/trunk/test/org/apache/tomcat/util/net/keystore-info.txt
------------------------------------------------------------------------------
svn:eol-style = native
Added: tomcat/trunk/test/org/apache/tomcat/util/net/localhost-copy1.jks
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/localhost-copy1.jks?rev=1081969&view=auto
==============================================================================
Binary file - no diff available.
Propchange: tomcat/trunk/test/org/apache/tomcat/util/net/localhost-copy1.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1081969&r1=1081968&r2=1081969&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 15 22:51:10 2011
@@ -87,6 +87,10 @@
processed. Requests where processing has started will continue to
completion. (markt)
</fix>
+ <fix>
+ <bug>50928</bug>: Don't ignore keyPass attribute for HTTP BIO and
+ NIO connectors. Based on a patch provided by sebb. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
