geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ammul...@apache.org
Subject svn commit: r354734 - in /geronimo/trunk: applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/ modules/tomcat/src/java/org/apache/geronimo/tomcat/
Date Wed, 07 Dec 2005 06:15:03 GMT
Author: ammulder
Date: Tue Dec  6 22:14:55 2005
New Revision: 354734

URL: http://svn.apache.org/viewcvs?rev=354734&view=rev
Log:
Better trust store settings and information GERONIMO-1181  GERONIMO-1071
  (Thanks Vamsavardhana!)

Added:
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatSecureConnector.java
Modified:
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
    geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/HttpsConnectorGBean.java

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java?rev=354734&r1=354733&r2=354734&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
(original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
Tue Dec  6 22:14:55 2005
@@ -107,6 +107,9 @@
                 String keystorePass = actionRequest.getParameter("keystorePassword");
                 String secureProtocol = actionRequest.getParameter("secureProtocol");
                 String algorithm = actionRequest.getParameter("algorithm");
+                String truststoreType = actionRequest.getParameter("truststoreType");
+                String truststoreFile = actionRequest.getParameter("truststoreFile");
+                String truststorePass = actionRequest.getParameter("truststorePassword");
                 boolean clientAuth = isValid(actionRequest.getParameter("clientAuth"));
                 SecureConnector secure = (SecureConnector) connector;
                 if(isValid(keystoreType)) {secure.setKeystoreType(keystoreType);}
@@ -119,7 +122,9 @@
                     if(isValid(privateKeyPass)) {setProperty(secure, "keyPassword", privateKeyPass);}
                 }
                 else if (server.equals(WEB_SERVER_TOMCAT)) {
-                    //todo:   Any Tomcat specific processing?
+                    if(isValid(truststoreType)) {setProperty(secure, "truststoreType", truststoreType);}
+                    if(isValid(truststoreFile)) {setProperty(secure, "truststoreFileName",
truststoreFile);}
+                    if(isValid(truststorePass)) {setProperty(secure, "truststorePassword",
truststorePass);}
                 }
                 else {
                     //todo:   Handle "should not occur" condition
@@ -172,6 +177,9 @@
                     String keystorePass = actionRequest.getParameter("keystorePassword");
                     String secureProtocol = actionRequest.getParameter("secureProtocol");
                     String algorithm = actionRequest.getParameter("algorithm");
+                    String truststoreType = actionRequest.getParameter("truststoreType");
+                    String truststoreFile = actionRequest.getParameter("truststoreFile");
+                    String truststorePass = actionRequest.getParameter("truststorePassword");
                     boolean clientAuth = isValid(actionRequest.getParameter("clientAuth"));
                     SecureConnector secure = (SecureConnector) connector;
                     if(isValid(keystoreType)) {secure.setKeystoreType(keystoreType);}
@@ -184,7 +192,9 @@
                         if(isValid(privateKeyPass)) {setProperty(secure, "keyPassword", privateKeyPass);}
                     }
                     else if (server.equals(WEB_SERVER_TOMCAT)) {
-                        //todo:   Any Tomcat specific processing?
+                        if(isValid(truststoreType)) {setProperty(secure, "truststoreType",
truststoreType);}
+                        if(isValid(truststorePass)) {setProperty(secure, "truststorePassword",
truststorePass);}
+                        if(isValid(truststoreFile)) {setProperty(secure, "truststoreFileName",
truststoreFile);}
                     }
                     else {
                         //todo:   Handle "should not occur" condition
@@ -342,6 +352,12 @@
                         renderRequest.setAttribute("secureProtocol",secure.getSecureProtocol());
                         if(secure.isClientAuthRequired()) {
                             renderRequest.setAttribute("clientAuth", Boolean.TRUE);
+                        }
+                        if(server.equals(WEB_SERVER_TOMCAT)) {
+                            String truststoreFile = (String)getProperty(secure, "truststoreFileName");
+                            String truststoreType = (String)getProperty(secure, "truststoreType");
+                            renderRequest.setAttribute("truststoreFile", truststoreFile);
+                            renderRequest.setAttribute("truststoreType", truststoreType);
                         }
                     }
 

Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp?rev=354734&r1=354733&r2=354734&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
(original)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
Tue Dec  6 22:14:55 2005
@@ -138,6 +138,51 @@
       the keystore type.  There is normally no reason not to use the default (<tt>JKS</tt>).</td>
   </tr>
 
+<!-- Trust material (Tomcat only) -->
+<c:if test="${server eq 'tomcat'}">
+<!-- Truststore File Field -->
+  <tr>
+    <td><div align="right">Truststore File: </div></td>
+    <td>
+      <input name="truststoreFile" type="text" size="30" value="${truststoreFile}">
+    </td>
+  </tr>
+  <tr>
+    <td><div align="right"></div></td>
+    <td>The file that holds the truststore (relative to the Geronimo install dir)</td>
+  </tr>
+
+<!-- Truststore Password Field -->
+  <tr>
+    <td><div align="right"><c:if test="${mode eq 'save'}">Change </c:if>Truststore
Password: </div></td>
+    <td>
+      <input name="truststorePassword" type="password" size="10">
+    </td>
+  </tr>
+  <tr>
+    <td><div align="right"></div></td>
+    <td><c:choose><c:when test="${mode eq 'save'}">Change</c:when><c:otherwise>Set</c:otherwise></c:choose>
+      the password used to verify the truststore file.<c:if test="${mode eq 'save'}">
 Leave
+      this empty if you don't want to change the current password.</c:if></td>
+  </tr>
+
+<!-- Truststore Type Field -->
+  <tr>
+    <td><div align="right">Truststore Type: </div></td>
+    <td>
+      <select name="truststoreType">
+        <option<c:if test="${truststoreType eq 'JKS' || logLevel eq ''}"> selected</c:if>>JKS</option>
+        <option<c:if test="${truststoreType eq 'PKCS12'}"> selected</c:if>>PKCS12</option>
+      </select>
+    </td>
+  </tr>
+  <tr>
+    <td><div align="right"></div></td>
+    <td><c:choose><c:when test="${mode eq 'save'}">Change</c:when><c:otherwise>Set</c:otherwise></c:choose>
+      the truststore type.  There is normally no reason not to use the default (<tt>JKS</tt>).</td>
+  </tr>
+</c:if>
+
 <!-- Algorithm Field -->
   <tr>
     <td><div align="right">HTTPS Algorithm: </div></td>
@@ -180,9 +225,17 @@
   </tr>
   <tr>
     <td><div align="right"></div></td>
-    <td>If set, then clients connecting through this connector must supply a valid
client certificate.  By default, the
-      validity is based on the CA certificates in the server keystore (<i>need to confirm
not the JVM default
-      trust keystore</i>).</td>
+    <td>If set, then clients connecting through this connector must supply a valid
client certificate.  The
+        validity is checked using the CA certificates stored in the first of these to be
found:
+        <ol>
+          <c:if test="${server eq 'tomcat'}">
+            <li>The trust store configured above</li>
+          </c:if>
+            <li>A keystore file specified by the <tt>javax.net.ssl.trustStore</tt>
system property</li>
+            <li><i>java-home</i><tt>/lib/security/jssecacerts</tt></li>
+            <li><i>java-home</i><tt>/lib/security/cacerts</tt></li>
+        </ol>
+    </td>
   </tr>
 
 

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/HttpsConnectorGBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/HttpsConnectorGBean.java?rev=354734&r1=354733&r2=354734&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/HttpsConnectorGBean.java
(original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/HttpsConnectorGBean.java
Tue Dec  6 22:14:55 2005
@@ -16,7 +16,7 @@
  *
  * @version $Revision: 1.0$
  */
-public class HttpsConnectorGBean extends ConnectorGBean implements SecureConnector {
+public class HttpsConnectorGBean extends ConnectorGBean implements TomcatSecureConnector
{
     private final ServerInfo serverInfo;
     private String keystoreFileName;
     private String truststoreFileName;
@@ -82,7 +82,7 @@
         truststoreFileName = name;
         connector.setAttribute("truststoreFile", serverInfo.resolvePath(truststoreFileName));
     }
-    
+
     /**
      * Sets the password used to access the keystore, and by default, used to
      * access the server private key inside the keystore.  Not all connectors
@@ -123,7 +123,7 @@
     public void setTruststoreType(String type) {
         connector.setAttribute("truststoreType", type);
     }
-    
+
     /**
      * Gets the certificate algorithm used to access the keystore.  This may
      * be different for different JVM vendors, but should not usually be
@@ -206,7 +206,7 @@
         infoFactory.addAttribute("keystoreType", String.class, true, true);
         infoFactory.addAttribute("truststoreType", String.class, true, true);
         infoFactory.addAttribute("clientAuthRequired", boolean.class, true, true);
-        infoFactory.addInterface(SecureConnector.class);
+        infoFactory.addInterface(TomcatSecureConnector.class);
 
         infoFactory.addReference("ServerInfo", ServerInfo.class, "GBean");
         infoFactory.setConstructor(new String[] { "name", "protocol", "host", "port", "TomcatContainer",
"ServerInfo"});

Added: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatSecureConnector.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatSecureConnector.java?rev=354734&view=auto
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatSecureConnector.java
(added)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatSecureConnector.java
Tue Dec  6 22:14:55 2005
@@ -0,0 +1,53 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import org.apache.geronimo.management.geronimo.SecureConnector;
+
+/**
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface TomcatSecureConnector extends SecureConnector {
+    /**
+     * Gets the name of the keystore file that holds the trusted CA certificates
+     * used for client certificate authentication.
+     * This is relative to the Geronimo home directory.
+     */
+    public String getTruststoreFileName();
+    /**
+     * Sets the name of the keystore file that holds the trusted CA certificates
+     * used for client certificate authentication.
+     * This is relative to the Geronimo home directory.
+     */
+    public void setTruststoreFileName(String name);
+    /**
+     * Sets the password used to verify integrity of truststore.
+     */
+    public void setTruststorePassword(String password);
+    /**
+     * Gets the format of the entries in the keystore.  The default format for
+     * Java keystores is JKS, though some connector implementations support
+     * PCKS12 (and possibly other formats).
+     */
+    public String getTruststoreType();
+    /**
+     * Sets the format of the entries in the keystore.  The default format for
+     * Java keystores is JKS, though some connector implementations support
+     * PCKS12 (and possibly other formats).
+     */
+    public void setTruststoreType(String type);
+}



Mime
View raw message