Author: markt
Date: Sat Sep 15 22:21:31 2012
New Revision: 1385195
URL: http://svn.apache.org/viewvc?rev=1385195&view=rev
Log:
Sync changes from trunk
Added:
tomcat/sandbox/trunk-resources/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
- copied unchanged from r1385194,
tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
Modified:
tomcat/sandbox/trunk-resources/ (props changed)
tomcat/sandbox/trunk-resources/java/org/apache/catalina/connector/mbeans-descriptors.xml
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/HTMLManagerServlet.java
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/LocalStrings.properties
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/ManagerServlet.java
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/JIoEndpoint.java
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/sandbox/trunk-resources/webapps/docs/changelog.xml
tomcat/sandbox/trunk-resources/webapps/docs/manager-howto.xml
Propchange: tomcat/sandbox/trunk-resources/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1384081-1385194
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/catalina/connector/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/catalina/connector/mbeans-descriptors.xml?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/catalina/connector/mbeans-descriptors.xml
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/catalina/connector/mbeans-descriptors.xml
Sat Sep 15 22:21:31 2012
@@ -44,6 +44,15 @@
description="Allow disabling TRACE method"
type="boolean"/>
+ <attribute name="ciphers"
+ description="Comma-separated list of requested cipher suites"
+ type="java.lang.String"/>
+
+ <attribute name="ciphersUsed"
+ description="Array of ciphers suites in use"
+ type="[Ljava.lang.String;"
+ writeable="false"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/HTMLManagerServlet.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/HTMLManagerServlet.java
Sat Sep 15 22:21:31 2012
@@ -89,8 +89,12 @@ public final class HTMLManagerServlet ex
protected static final String APPLICATION_MESSAGE = "message";
protected static final String APPLICATION_ERROR = "error";
- protected static final String sessionsListJspPath =
"/WEB-INF/jsp/sessionsList.jsp";
- protected static final String sessionDetailJspPath =
"/WEB-INF/jsp/sessionDetail.jsp";
+ protected static final String sessionsListJspPath =
+ "/WEB-INF/jsp/sessionsList.jsp";
+ protected static final String sessionDetailJspPath =
+ "/WEB-INF/jsp/sessionDetail.jsp";
+ protected static final String connectorCiphersJspPath =
+ "/WEB-INF/jsp/connectorCiphers.jsp";
static {
URL_ENCODER = new URLEncoder();
@@ -147,6 +151,8 @@ public final class HTMLManagerServlet ex
message = smClient.getString("managerServlet.exception",
e.toString());
}
+ } else if (command.equals("/sslConnectorCiphers")) {
+ sslConnectorCiphers(request, response);
} else if (command.equals("/upload") || command.equals("/deploy") ||
command.equals("/reload") || command.equals("/undeploy") ||
command.equals("/expire") || command.equals("/start") ||
@@ -589,13 +595,18 @@ public final class HTMLManagerServlet ex
writer.print(MessageFormat.format(UPLOAD_SECTION, args));
// Diagnostics section
- args = new Object[5];
+ args = new Object[9];
args[0] = smClient.getString("htmlManagerServlet.diagnosticsTitle");
args[1] = smClient.getString("htmlManagerServlet.diagnosticsLeak");
args[2] = response.encodeURL(
request.getContextPath() + "/html/findleaks");
args[3] =
smClient.getString("htmlManagerServlet.diagnosticsLeakWarning");
args[4] =
smClient.getString("htmlManagerServlet.diagnosticsLeakButton");
+ args[5] = smClient.getString("htmlManagerServlet.diagnosticsSsl");
+ args[6] = response.encodeURL(
+ request.getContextPath() + "/html/sslConnectorCiphers");
+ args[7] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherButton");
+ args[8] =
smClient.getString("htmlManagerServlet.diagnosticsSslConnectorCipherText");
writer.print(MessageFormat.format(DIAGNOSTICS_SECTION, args));
// Server Header Section
@@ -769,6 +780,13 @@ public final class HTMLManagerServlet ex
}
+ protected void sslConnectorCiphers(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException
{
+ request.setAttribute("cipherList", getConnectorCiphers());
+ getServletContext().getRequestDispatcher(
+ connectorCiphersJspPath).forward(request, response);
+ }
+
/**
* @see javax.servlet.Servlet#getServletInfo()
*/
@@ -1347,6 +1365,25 @@ public final class HTMLManagerServlet ex
"</form>\n" +
"</td>\n" +
"</tr>\n" +
+ "<tr>\n" +
+ " <td colspan=\"2\" class=\"header-left\"><small>{5}</small></td>\n" +
+ "</tr>\n" +
+ "<tr>\n" +
+ " <td colspan=\"2\">\n" +
+ "<form method=\"post\" action=\"{6}\">\n" +
+ "<table cellspacing=\"0\" cellpadding=\"3\">\n" +
+ "<tr>\n" +
+ " <td class=\"row-left\">\n" +
+ " <input type=\"submit\" value=\"{7}\">\n" +
+ " </td>\n" +
+ " <td class=\"row-left\">\n" +
+ " <small>{8}</small>\n" +
+ " </td>\n" +
+ "</tr>\n" +
+ "</table>\n" +
+ "</form>\n" +
+ "</td>\n" +
+ "</tr>\n" +
"</table>\n" +
"<br>";
}
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/LocalStrings.properties?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/LocalStrings.properties
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/LocalStrings.properties
Sat Sep 15 22:21:31 2012
@@ -48,6 +48,9 @@ htmlManagerServlet.deployWar=WAR or Dire
htmlManagerServlet.diagnosticsLeak=Check to see if a web application has
caused a memory leak on stop, reload or undeploy
htmlManagerServlet.diagnosticsLeakButton=Find leaks
htmlManagerServlet.diagnosticsLeakWarning=This diagnostic check will trigger a
full garbage collection. Use it with extreme caution on production systems.
+htmlManagerServlet.diagnosticsSsl=SSL connector configuration diagnostics
+htmlManagerServlet.diagnosticsSslConnectorCipherButton=Connector ciphers
+htmlManagerServlet.diagnosticsSslConnectorCipherText=List the configured
ciphers for each connector
htmlManagerServlet.diagnosticsTitle=Diagnostics
htmlManagerServlet.findleaksList=\
The following web applications were stopped (reloaded, undeployed), but
their\n\
@@ -88,6 +91,7 @@ managerServlet.noManager=FAIL - No manag
managerServlet.noSelf=FAIL - The manager can not reload, undeploy, stop, or
undeploy itself
managerServlet.noWrapper=Container has not called setWrapper() for this servlet
managerServlet.notDeployed=FAIL - Context {0} is defined in server.xml and may
not be undeployed
+managerServlet.notSslConnector=SSL is not enabled for this connector
managerServlet.objectNameFail=FAIL - Unable to register object name [{0}] for
Manager Servlet
managerServlet.postCommand=FAIL - Tried to use command {0} via a GET request
but POST is required
managerServlet.reloaded=OK - Reloaded application at context path {0}
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/ManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/ManagerServlet.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/ManagerServlet.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/catalina/manager/ManagerServlet.java
Sat Sep 15 22:21:31 2012
@@ -23,7 +23,11 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
import javax.management.MBeanServer;
import javax.management.ObjectName;
@@ -44,8 +48,10 @@ import org.apache.catalina.Engine;
import org.apache.catalina.Host;
import org.apache.catalina.Manager;
import org.apache.catalina.Server;
+import org.apache.catalina.Service;
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardHost;
import org.apache.catalina.core.StandardServer;
import org.apache.catalina.util.ContextName;
@@ -360,6 +366,8 @@ public class ManagerServlet extends Http
undeploy(writer, cn, smClient);
} else if (command.equals("/findleaks")) {
findleaks(statusLine, writer, smClient);
+ } else if (command.equals("/sslConnectorCiphers")) {
+ sslConnectorCiphers(writer);
} else {
writer.println(smClient.getString("managerServlet.unknownCommand",
command));
@@ -524,6 +532,19 @@ public class ManagerServlet extends Http
}
+ protected void sslConnectorCiphers(PrintWriter writer) {
+ writer.println("OK - Connector / SSL Cipher information");
+ Map<String,Set<String>> connectorCiphers = getConnectorCiphers();
+ for (Map.Entry<String,Set<String>> entry :
connectorCiphers.entrySet()) {
+ writer.println(entry.getKey());
+ for (String cipher : entry.getValue()) {
+ writer.print(" ");
+ writer.println(cipher);
+ }
+ }
+ }
+
+
/**
* Store server configuration.
*
@@ -1621,8 +1642,28 @@ public class ManagerServlet extends Http
}
}
return result;
-
}
+ protected Map<String,Set<String>> getConnectorCiphers() {
+ Map<String,Set<String>> result = new HashMap<>();
+
+ Engine e = (Engine) host.getParent();
+ Service s = e.getService();
+ Connector connectors[] = s.findConnectors();
+ for (Connector connector : connectors) {
+ Set<String> cipherList = new HashSet<>();
+ if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
+ String[] ciphersUsed =
+ (String[]) connector.getProperty("ciphersUsed");
+ for (String cipherUsed : ciphersUsed) {
+ cipherList.add(cipherUsed);
+ }
+ } else {
+ cipherList.add(sm.getString("managerServlet.notSslConnector"));
+ }
+ result.put(connector.toString(), cipherList);
+ }
+ return result;
+ }
}
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Sat Sep 15 22:21:31 2012
@@ -50,6 +50,7 @@ public abstract class AbstractHttp11Jsse
public String getCiphers() { return endpoint.getCiphers();}
public void setCiphers(String s) { endpoint.setCiphers(s);}
+ public String[] getCiphersUsed() { return endpoint.getCiphersUsed();}
public String getKeyAlias() { return endpoint.getKeyAlias();}
public void setKeyAlias(String s ) { endpoint.setKeyAlias(s);}
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/Http11AprProtocol.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/coyote/http11/Http11AprProtocol.java
Sat Sep 15 22:21:31 2012
@@ -115,7 +115,7 @@ public class Http11AprProtocol extends A
*/
public String getSSLCipherSuite() { return
((AprEndpoint)endpoint).getSSLCipherSuite(); }
public void setSSLCipherSuite(String SSLCipherSuite) {
((AprEndpoint)endpoint).setSSLCipherSuite(SSLCipherSuite); }
-
+ public String[] getCiphersUsed() { return endpoint.getCiphersUsed();}
/**
* SSL honor cipher order.
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Sat Sep 15 22:21:31 2012
@@ -811,6 +811,10 @@ public abstract class AbstractEndpoint {
for (int i=0; i<ciphersarr.length; i++ ) ciphersarr[i] =
t.nextToken();
}
}
+ /**
+ * @return The ciphers in use by this Endpoint
+ */
+ public abstract String[] getCiphersUsed();
private String keyAlias = null;
public String getKeyAlias() { return keyAlias;}
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AprEndpoint.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/AprEndpoint.java
Sat Sep 15 22:21:31 2012
@@ -349,6 +349,14 @@ public class AprEndpoint extends Abstrac
}
+ @Override
+ public String[] getCiphersUsed() {
+ // TODO : Investigate if it is possible to extract the current list of
+ // available ciphers. Native code changes will be required.
+ return new String[] { getSSLCipherSuite() };
+ }
+
+
// --------------------------------------------------------- Public Methods
/**
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/JIoEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/JIoEndpoint.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/JIoEndpoint.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/JIoEndpoint.java
Sat Sep 15 22:21:31 2012
@@ -32,6 +32,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
+import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
/**
@@ -102,6 +103,16 @@ public class JIoEndpoint extends Abstrac
}
}
+
+ @Override
+ public String[] getCiphersUsed() {
+ if (serverSocketFactory instanceof JSSESocketFactory) {
+ return ((JSSESocketFactory)
serverSocketFactory).getEnabledCiphers();
+ }
+ return new String[0];
+ }
+
+
/*
* Optional feature support.
*/
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/NioEndpoint.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/NioEndpoint.java
Sat Sep 15 22:21:31 2012
@@ -408,6 +408,21 @@ public class NioEndpoint extends Abstrac
}
+ @Override
+ public String[] getCiphersUsed() {
+ SSLContext sslContext = getSSLContext();
+ if (sslContext != null) {
+ SSLEngine engine = getSSLContext().createSSLEngine();
+ if (getCiphersArray().length > 0) {
+ engine.setEnabledCipherSuites(getCiphersArray());
+ }
+ return engine.getEnabledCipherSuites();
+ } else {
+ return new String[0];
+ }
+ }
+
+
// --------------------------------------------------------- OOM Parachute
Methods
protected void checkParachute() {
Modified:
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
---
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/sandbox/trunk-resources/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Sat Sep 15 22:21:31 2012
@@ -279,6 +279,10 @@ public class JSSESocketFactory implement
return result;
}
+ public String[] getEnabledCiphers() {
+ return enabledCiphers;
+ }
+
/*
* Gets the SSL server's keystore password.
*/
Modified: tomcat/sandbox/trunk-resources/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/webapps/docs/changelog.xml?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
--- tomcat/sandbox/trunk-resources/webapps/docs/changelog.xml (original)
+++ tomcat/sandbox/trunk-resources/webapps/docs/changelog.xml Sat Sep 15
22:21:31 2012
@@ -107,6 +107,15 @@
</scode>
</changelog>
</subsection>
+ <subsection name="Web applications">
+ <changelog>
+ <add>
+ Extend the diagnostic information provided by the Manager web
+ application to include details of the configured SSL ciphers suites for
+ each connector. (markt)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Tribes">
<changelog>
<scode>
Modified: tomcat/sandbox/trunk-resources/webapps/docs/manager-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/webapps/docs/manager-howto.xml?rev=1385195&r1=1385194&r2=1385195&view=diff
==============================================================================
--- tomcat/sandbox/trunk-resources/webapps/docs/manager-howto.xml (original)
+++ tomcat/sandbox/trunk-resources/webapps/docs/manager-howto.xml Sat Sep 15
22:21:31 2012
@@ -881,6 +881,31 @@ has been reloaded several times, it may
</subsection>
+<subsection name="Connector SSL diagnostics">
+
+<source>
+http://localhost:8080/manager/text/sslConnectorCiphers
+</source>
+
+<p>The SSL Connector/Ciphers diagnostic lists the SSL ciphers that are
currently
+configured for each connector. For BIO and NIO, the names of the individual
+cipher suites are listed. For APR, the value of SSLCipherSuite is returned.</p>
+
+<p>The response will ook something like this:</p>
+<source>
+OK - Connector / SSL Cipher information
+Connector[HTTP/1.1-8080]
+ SSL is not enabled for this connector
+Connector[HTTP/1.1-8443]
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ ...
+</source>
+
+</subsection>
+
<subsection name="Server Status">
<p>From this link , you can view information about the server.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
