web-socket-howto.xml

markt Sat, 07 Dec 2013 12:21:05 -0800

Author: markt
Date: Sat Dec  7 20:19:37 2013
New Revision: 1548962

URL: http://svn.apache.org/r1548962
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55801
Add the ability to use a custom SSLContext when creating client wss connections.
Patch provided by Maciej Lypik.


Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1548961

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java 
(original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java 
Sat Dec  7 20:19:37 2013
@@ -87,6 +87,13 @@ public class WsWebSocketContainer
     public static final String SSL_TRUSTSTORE_PWD_PROPERTY =
             "org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD";
     public static final String SSL_TRUSTSTORE_PWD_DEFAULT = "changeit";
+    /**
+     * Property name to set to configure used SSLContext. The value should be 
an
+     * instance of SSLContext. If this property is present, the SSL_TRUSTSTORE*
+     * properties are ignored.
+     */
+    public static final String SSL_CONTEXT_PROPERTY =
+            "org.apache.tomcat.websocket.SSL_CONTEXT";
 
     /**
      * Property name to set to configure the timeout (in milliseconds) when
@@ -671,42 +678,48 @@ public class WsWebSocketContainer
             throws DeploymentException {
 
         try {
-            // Create the SSL Context
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-
-            // Trust store
-            String sslTrustStoreValue =
-                    (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
-            if (sslTrustStoreValue != null) {
-                String sslTrustStorePwdValue = (String) userProperties.get(
-                        SSL_TRUSTSTORE_PWD_PROPERTY);
-                if (sslTrustStorePwdValue == null) {
-                    sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
-                }
-
-                File keyStoreFile = new File(sslTrustStoreValue);
-                KeyStore ks = KeyStore.getInstance("JKS");
-                InputStream is = null;
-                try {
-                    is = new FileInputStream(keyStoreFile);
-                    ks.load(is, sslTrustStorePwdValue.toCharArray());
-                } finally {
-                    if (is != null) {
-                        try {
-                            is.close();
-                        } catch (IOException ioe) {
-                           // Ignore
+            // See if a custom SSLContext has been provided
+            SSLContext sslContext =
+                    (SSLContext) userProperties.get(SSL_CONTEXT_PROPERTY);
+
+            if (sslContext == null) {
+                // Create the SSL Context
+                sslContext = SSLContext.getInstance("TLS");
+
+                // Trust store
+                String sslTrustStoreValue =
+                        (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
+                if (sslTrustStoreValue != null) {
+                    String sslTrustStorePwdValue = (String) userProperties.get(
+                            SSL_TRUSTSTORE_PWD_PROPERTY);
+                    if (sslTrustStorePwdValue == null) {
+                        sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
+                    }
+                    
+                    File keyStoreFile = new File(sslTrustStoreValue);
+                    KeyStore ks = KeyStore.getInstance("JKS");
+                    InputStream is = null;
+                    try {
+                        is = new FileInputStream(keyStoreFile);
+                        ks.load(is, sslTrustStorePwdValue.toCharArray());
+                    } finally {
+                        if (is != null) {
+                            try {
+                                is.close();
+                            } catch (IOException ioe) {
+                               // Ignore
+                            }
                         }
                     }
-                }
 
-                TrustManagerFactory tmf = TrustManagerFactory.getInstance(
-                        TrustManagerFactory.getDefaultAlgorithm());
-                tmf.init(ks);
+                    TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+                            TrustManagerFactory.getDefaultAlgorithm());
+                    tmf.init(ks);
 
-                sslContext.init(null, tmf.getTrustManagers(), null);
-            } else {
-                sslContext.init(null, null, null);
+                    sslContext.init(null, tmf.getTrustManagers(), null);
+                } else {
+                    sslContext.init(null, null, null);
+                }
             }
 
             SSLEngine engine = sslContext.createSSLEngine();

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Dec  7 20:19:37 2013
@@ -189,6 +189,11 @@
         Prevent an NPE in the WebSocket <code>ServerContainer</code> when
         processing an HTTP session end event. (markt)
       </fix>
+      <add>
+        <bug>55801</bug>: Add the ability to set a custom
+        <code>SSLContext</code> to use for client wss connections. Patch
+        provided by Maciej Lypik. (markt)
+      </add>
       <fix>
         <bug>55804</bug>: If the GSSCredential for the cached Principal expires
         when using SPNEGO authentication, force a re-authentication. (markt)

Modified: tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml?rev=1548962&r1=1548961&r2=1548962&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/web-socket-howto.xml Sat Dec  7 20:19:37 
2013
@@ -125,11 +125,16 @@
    of the provided <code>javax.websocket.ClientEndpointConfig</code>. The
    following user properties are supported:</p>
    <ul>
+     <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li>
      <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
      <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
      <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
    </ul>
    <p>The default truststore password is <code>changeit</code>.</p>
+   <p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
+      set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
+      <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
+      will be ignored.</p>
 </section>
 
 <section name="Deprecated proprietary API">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1548962 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/websocket/WsWebSocketContainer.java webapps/docs/changelog.xml webapps/docs/web-socket-howto.xml

Reply via email to