Author: markt
Date: Wed Apr 29 13:47:20 2015
New Revision: 1676745
URL: http://svn.apache.org/r1676745
Log:
Add an SSLContext object to SSLHostConfig so the endpoints do not need to
maintain a separate map of SNI host name to some SSLContext object
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1676745&r1=1676744&r2=1676745&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Apr
29 13:47:20 2015
@@ -43,8 +43,8 @@ import org.apache.tomcat.util.threads.Re
import org.apache.tomcat.util.threads.TaskQueue;
import org.apache.tomcat.util.threads.TaskThreadFactory;
import org.apache.tomcat.util.threads.ThreadPoolExecutor;
+
/**
- *
* @author Mladen Turk
* @author Remy Maucherat
*/
@@ -231,6 +231,34 @@ public abstract class AbstractEndpoint<S
}
protected abstract SSLHostConfig.Type getSslConfigType();
+ protected SSLHostConfig getSSLHostConfig(String sniHostName) {
+ SSLHostConfig result = null;
+
+ if (sniHostName != null) {
+ // First choice - direct match
+ result = sslHostConfigs.get(sniHostName);
+ if (result != null) {
+ return result;
+ }
+ // Second choice, wildcard match
+ int indexOfDot = sniHostName.indexOf('.');
+ if (indexOfDot > -1) {
+ result = sslHostConfigs.get("*" +
sniHostName.substring(indexOfDot));
+ }
+ }
+
+ // Fall-back. Use the default
+ if (result == null) {
+ result = sslHostConfigs.get(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
+ }
+ if (result == null) {
+ // Should never happen.
+ throw new IllegalStateException();
+ }
+ return result;
+ }
+
+
/**
* Has the user requested that send file be used where possible?
*/
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1676745&r1=1676744&r2=1676745&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed
Apr 29 13:47:20 2015
@@ -16,9 +16,7 @@
*/
package org.apache.tomcat.util.net;
-import java.util.HashMap;
import java.util.Locale;
-import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
@@ -32,7 +30,6 @@ import org.apache.tomcat.util.net.jsse.N
public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
private SSLImplementation sslImplementation = null;
- private Map<String,SSLContextWrapper> sslContexts = new HashMap<>();
public SSLImplementation getSslImplementation() {
return sslImplementation;
@@ -69,14 +66,19 @@ public abstract class AbstractJsseEndpoi
sslUtil.configureSessionContext(sessionContext);
}
SSLContextWrapper sslContextWrapper = new
SSLContextWrapper(sslContext, sslUtil);
- sslContexts.put(sslHostConfig.getHostName(),
sslContextWrapper);
+ sslHostConfig.setSslContext(sslContextWrapper);
}
}
}
protected SSLEngine createSSLEngine(String sniHostName) {
- SSLContextWrapper sslContextWrapper =
getSSLContextWrapper(sniHostName);
+ SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
+ SSLContextWrapper sslContextWrapper = (SSLContextWrapper)
sslHostConfig.getSslContext();
+ if (sslContextWrapper == null) {
+ // TODO i18n
+ throw new IllegalStateException();
+ }
SSLEngine engine = sslContextWrapper.getSSLContext().createSSLEngine();
if ("false".equals(getClientAuth())) {
@@ -97,10 +99,11 @@ public abstract class AbstractJsseEndpoi
}
-
@Override
public void unbind() throws Exception {
- sslContexts.clear();
+ for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
+ sslHostConfig.setSslContext(null);
+ }
}
@@ -139,34 +142,6 @@ public abstract class AbstractJsseEndpoi
}
return result;
}
-
-
- private SSLContextWrapper getSSLContextWrapper(String sniHostName) {
- SSLContextWrapper result = null;
-
- if (sniHostName != null) {
- // First choice - direct match
- result = sslContexts.get(sniHostName);
- if (result != null) {
- return result;
- }
- // Second choice, wildcard match
- int indexOfDot = sniHostName.indexOf('.');
- if (indexOfDot > -1) {
- result = sslContexts.get("*" +
sniHostName.substring(indexOfDot));
- }
- }
-
- // Fall-back. Use the default
- if (result == null) {
- result = sslContexts.get(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
- }
- if (result == null) {
- // Should never happen.
- throw new IllegalStateException();
- }
- return result;
- }
private static class SSLContextWrapper {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1676745&r1=1676744&r2=1676745&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Wed Apr 29
13:47:20 2015
@@ -37,6 +37,10 @@ public class SSLHostConfig {
private String hostName = DEFAULT_SSL_HOST_NAME;
+ private Object sslContext;
+
+ // Configuration properties
+
// Common
private Set<String> protocols = new HashSet<>();
// JSSE
@@ -51,6 +55,16 @@ public class SSLHostConfig {
}
+ public Object getSslContext() {
+ return sslContext;
+ }
+
+
+ public void setSslContext(Object sslContext) {
+ this.sslContext = sslContext;
+ }
+
+
public void setConfigType(Type configType) {
this.configType = configType;
configuredProperties.remove(configType);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
