Author: markt
Date: Thu May 7 08:18:11 2015
New Revision: 1678142
URL: http://svn.apache.org/r1678142
Log:
Move the remaining Host specific ssl settings (sessionCacheSize and
sessionTiemout) to SSLHostConfig
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
tomcat/trunk/webapps/docs/config/http.xml
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Thu May 7 08:18:11 2015
@@ -25,12 +25,6 @@ public abstract class AbstractHttp11Jsse
super(endpoint);
}
- public void setSessionCacheSize(String
s){getEndpoint().setSessionCacheSize(s);}
- public String getSessionCacheSize(){ return
getEndpoint().getSessionCacheSize();}
-
- public void setSessionTimeout(String
s){getEndpoint().setSessionTimeout(s);}
- public String getSessionTimeout(){ return
getEndpoint().getSessionTimeout();}
-
public String getSslImplementationName() { return
getEndpoint().getSslImplementationName(); }
public void setSslImplementationName(String s) {
getEndpoint().setSslImplementationName(s); }
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Thu
May 7 08:18:11 2015
@@ -512,6 +512,18 @@ public abstract class AbstractHttp11Prot
}
+ public void setSessionCacheSize(int sessionCacheSize){
+ registerDefaultSSLHostConfig();
+ defaultSSLHostConfig.setSessionCacheSize(sessionCacheSize);
+ }
+
+
+ public void setSessionTimeout(int sessionTimeout){
+ registerDefaultSSLHostConfig();
+ defaultSSLHostConfig.setSessionTimeout(sessionTimeout);
+ }
+
+
// ------------------------------------------------------------- Common
code
// Common configuration required for all new HTTP11 processors
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Thu May
7 08:18:11 2015
@@ -963,14 +963,6 @@ public abstract class AbstractEndpoint<S
this.sslImplementationName = s;
}
- private String sessionCacheSize = null;
- public String getSessionCacheSize() { return sessionCacheSize;}
- public void setSessionCacheSize(String s) { sessionCacheSize = s;}
-
- private String sessionTimeout = "86400";
- public String getSessionTimeout() { return sessionTimeout;}
- public void setSessionTimeout(String s) { sessionTimeout = s;}
-
protected final Set<SocketWrapperBase<S>> waitingRequests = Collections
.newSetFromMap(new ConcurrentHashMap<SocketWrapperBase<S>,
Boolean>());
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu
May 7 08:18:11 2015
@@ -46,22 +46,13 @@ public abstract class AbstractJsseEndpoi
if (isSSLEnabled()) {
sslImplementation =
SSLImplementation.getInstance(getSslImplementationName());
- // TODO: Temp code until config refactoring is complete. Remove
once
- // refactoring is complete.
- if (sslHostConfigs.size() == 0) {
- SSLHostConfig defaultSslHostConfig = new SSLHostConfig();
-
defaultSslHostConfig.setHostName(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
- sslHostConfigs.put(SSLHostConfig.DEFAULT_SSL_HOST_NAME,
defaultSslHostConfig);
- }
-
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
- SSLUtil sslUtil = sslImplementation.getSSLUtil(this,
sslHostConfig);
+ SSLUtil sslUtil = sslImplementation.getSSLUtil(sslHostConfig);
SSLContext sslContext = sslUtil.createSSLContext();
sslContext.init(wrap(sslUtil.getKeyManagers(), sslHostConfig),
sslUtil.getTrustManagers(), null);
- SSLSessionContext sessionContext =
- sslContext.getServerSessionContext();
+ SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext != null) {
sslUtil.configureSessionContext(sessionContext);
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7
08:18:11 2015
@@ -64,6 +64,8 @@ public class SSLHostConfig {
private String certificateKeystoreProvider =
System.getProperty("javax.net.ssl.keyStoreProvider");
private String certificateKeystoreType =
System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
+ private int sessionCacheSize = 0;
+ private int sessionTimeout = 86400;
private String sslProtocol = "TLS";
private String trustManagerClassName;
private String truststoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
@@ -316,6 +318,28 @@ public class SSLHostConfig {
}
+ public void setSessionCacheSize(int sessionCacheSize) {
+ setProperty("sessionCacheSize", Type.JSSE);
+ this.sessionCacheSize = sessionCacheSize;
+ }
+
+
+ public int getSessionCacheSize() {
+ return sessionCacheSize;
+ }
+
+
+ public void setSessionTimeout(int sessionTimeout) {
+ setProperty("sessionTimeout", Type.JSSE);
+ this.sessionTimeout = sessionTimeout;
+ }
+
+
+ public int getSessionTimeout() {
+ return sessionTimeout;
+ }
+
+
public void setSslProtocol(String sslProtocol) {
setProperty("sslProtocol", Type.JSSE);
this.sslProtocol = sslProtocol;
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java Thu May
7 08:18:11 2015
@@ -71,5 +71,5 @@ public abstract class SSLImplementation
public abstract SSLSupport getSSLSupport(SSLSession session);
- public abstract SSLUtil getSSLUtil(AbstractEndpoint<?> ep, SSLHostConfig
sslHostConfig);
+ public abstract SSLUtil getSSLUtil(SSLHostConfig sslHostConfig);
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
Thu May 7 08:18:11 2015
@@ -18,7 +18,6 @@ package org.apache.tomcat.util.net.jsse;
import javax.net.ssl.SSLSession;
-import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
@@ -51,7 +50,7 @@ public class JSSEImplementation extends
}
@Override
- public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint, SSLHostConfig
sslHostConfig) {
- return new JSSESocketFactory(endpoint, sslHostConfig);
+ public SSLUtil getSSLUtil(SSLHostConfig sslHostConfig) {
+ return new JSSESocketFactory(sslHostConfig);
}
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Thu May 7 08:18:11 2015
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.util.net.jsse;
import java.io.File;
@@ -55,8 +54,6 @@ import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLUtil;
@@ -81,17 +78,12 @@ public class JSSESocketFactory implement
private static final StringManager sm =
StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
- private static final int defaultSessionCacheSize = 0;
- private static final int defaultSessionTimeout = 86400;
-
- private final AbstractEndpoint<?> endpoint;
private final SSLHostConfig sslHostConfig;
private final String[] defaultServerProtocols;
- public JSSESocketFactory (AbstractEndpoint<?> endpoint, SSLHostConfig
sslHostConfig) {
- this.endpoint = endpoint;
+ public JSSESocketFactory (SSLHostConfig sslHostConfig) {
this.sslHostConfig = sslHostConfig;
SSLContext context;
@@ -115,7 +107,7 @@ public class JSSESocketFactory implement
// the JSSE implementation just doesn't like creating unbound
// sockets so allow the code to proceed.
defaultServerProtocols = new String[0];
- log.warn(sm.getString("jsse.noDefaultProtocols",
endpoint.getName()));
+ log.warn(sm.getString("jsse.noDefaultProtocols",
sslHostConfig.getHostName()));
return;
}
@@ -126,17 +118,15 @@ public class JSSESocketFactory implement
List<String> filteredProtocols = new ArrayList<>();
for (String protocol : socket.getEnabledProtocols()) {
if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
- log.debug(sm.getString("jsse.excludeDefaultProtocol",
- protocol));
+ log.debug(sm.getString("jsse.excludeDefaultProtocol",
protocol));
continue;
}
filteredProtocols.add(protocol);
}
- defaultServerProtocols = filteredProtocols
- .toArray(new String[filteredProtocols.size()]);
+ defaultServerProtocols =
+ filteredProtocols.toArray(new
String[filteredProtocols.size()]);
if (defaultServerProtocols.length == 0) {
- log.warn(sm.getString("jsse.noDefaultProtocols",
- endpoint.getName()));
+ log.warn(sm.getString("jsse.noDefaultProtocols",
sslHostConfig.getHostName()));
}
} finally {
try {
@@ -287,8 +277,7 @@ public class JSSESocketFactory implement
KeyStore ks = getStore(keystoreType, keystoreProvider, keystoreFile,
keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
- throw new IOException(
- sm.getString("jsse.alias_no_key_entry", keyAlias));
+ throw new IOException(sm.getString("jsse.alias_no_key_entry",
keyAlias));
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
@@ -350,23 +339,8 @@ public class JSSESocketFactory implement
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
- int sessionCacheSize;
- if (endpoint.getSessionCacheSize() != null) {
- sessionCacheSize = Integer.parseInt(
- endpoint.getSessionCacheSize());
- } else {
- sessionCacheSize = defaultSessionCacheSize;
- }
-
- int sessionTimeout;
- if (endpoint.getSessionTimeout() != null) {
- sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
- } else {
- sessionTimeout = defaultSessionTimeout;
- }
-
- sslSessionContext.setSessionCacheSize(sessionCacheSize);
- sslSessionContext.setSessionTimeout(sessionTimeout);
+
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
+ sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
}
@@ -406,10 +380,6 @@ public class JSSESocketFactory implement
throws IOException, CRLException, CertificateException {
File crlFile = new File(crlf);
- if( !crlFile.isAbsolute() ) {
- crlFile = new File(
- System.getProperty(Constants.CATALINA_BASE_PROP), crlf);
- }
Collection<? extends CRL> crls = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java Thu May 7
08:18:11 2015
@@ -58,6 +58,9 @@ public class TestCustomSsl extends Tomca
connector.setProperty("sslImplementationName",
"org.apache.tomcat.util.net.jsse.TesterBug50640SslImpl");
+
+ // This setting will break ssl configuration unless the custom
+ // implementation is used.
connector.setProperty(TesterBug50640SslImpl.PROPERTY_NAME,
TesterBug50640SslImpl.PROPERTY_VALUE);
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
Thu May 7 08:18:11 2015
@@ -16,21 +16,21 @@
*/
package org.apache.tomcat.util.net.jsse;
-import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLUtil;
public class TesterBug50640SslImpl extends JSSEImplementation {
- public static final String PROPERTY_NAME = "bug50640";
- public static final String PROPERTY_VALUE = "pass";
+ public static final String PROPERTY_NAME = "sslEnabledProtocols";
+ public static final String PROPERTY_VALUE = "magic";
@Override
- public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint, SSLHostConfig
sslHostConfig) {
- String flag = endpoint.getProperty(PROPERTY_NAME);
- if (PROPERTY_VALUE.equals(flag)) {
- return super.getSSLUtil(endpoint, sslHostConfig);
+ public SSLUtil getSSLUtil(SSLHostConfig sslHostConfig) {
+ if (sslHostConfig.getProtocols().size() == 1 &&
+ sslHostConfig.getProtocols().contains(PROPERTY_VALUE)) {
+ sslHostConfig.setProtocols("TLSv1,TLSv1.1,TLSv1.2");
+ return super.getSSLUtil(sslHostConfig);
} else {
return null;
}
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1678142&r1=1678141&r2=1678142&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu May 7 08:18:11 2015
@@ -1197,6 +1197,20 @@
used.</p>
</attribute>
+ <attribute name="sessionCacheSize" required="false">
+ <p>JSSE only.</p>
+ <p>The number of SSL sessions to maintain in the session cache. Use 0 to
+ specify an unlimited cache size. If not specified, a default of 0 is
+ used.</p>
+ </attribute>
+
+ <attribute name="sessionTimeout" required="false">
+ <p>JSSE only.</p>
+ <p>The time, in seconds, after the creation of an SSL session that it
will
+ timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ default of 86400 (24 hours) is used.</p>
+ </attribute>
+
<attribute name="sslProtocol" required="false">
<p>JSSE only.</p>
<p>The the SSL protocol(s) to use (a single value may enable multiple
@@ -1336,15 +1350,15 @@
</attribute>
<attribute name="sessionCacheSize" required="false">
- <p>The number of SSL sessions to maintain in the session cache. Use 0 to
- specify an unlimited cache size. If not specified, a default of 0 is
- used.</p>
+ <p>This is an alias for the <code>sessionCacheSize</code> attribute of
the
+ default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+ element.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
- <p>The time, in seconds, after the creation of an SSL session that it
will
- timeout. Use 0 to specify an unlimited timeout. If not specified, a
- default of 86400 (24 hours) is used.</p>
+ <p>This is an alias for the <code>sessionTimeout</code> attribute of the
+ default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+ element.</p>
</attribute>
<attribute name="sslEnabledProtocols" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
