tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfcl...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/webapp/lib pr_warp.c
Date Mon, 29 Oct 2001 14:21:05 GMT
jfclere     01/10/29 06:21:05

  Modified:    webapp/apache-1.3 mod_webapp.c
               webapp/include wa_request.h
               webapp/java Makefile.in WarpCertificates.java
                        WarpRequest.java WarpRequestHandler.java
               webapp/lib pr_warp.c
  Added:       webapp/java WarpSSLData.java
  Log:
  Add missing part for SSL client support.
  
  Revision  Changes    Path
  1.27      +22 -4     jakarta-tomcat-connectors/webapp/apache-1.3/mod_webapp.c
  
  Index: mod_webapp.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/apache-1.3/mod_webapp.c,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- mod_webapp.c	2001/10/22 22:11:14	1.26
  +++ mod_webapp.c	2001/10/29 14:21:05	1.27
  @@ -57,7 +57,7 @@
   
   /**
    * @author  Pier Fumagalli <mailto:pier.fumagalli@eng.sun.com>
  - * @version $Id: mod_webapp.c,v 1.26 2001/10/22 22:11:14 jfclere Exp $
  + * @version $Id: mod_webapp.c,v 1.27 2001/10/29 14:21:05 jfclere Exp $
    */
   
   #include <httpd.h>
  @@ -422,6 +422,7 @@
       const char *msg=NULL;
       char *stmp=NULL;
       char *ctmp=NULL;
  +    char *ssl_temp;
       int ret=0;
   
       /* Paranoid check */
  @@ -462,9 +463,26 @@
       req->clen=0;
       req->ctyp="\0";
       req->rlen=0;
  -    req->ssld=(wa_ssldata *) apr_palloc(req->pool,sizeof(wa_ssldata));
  -    req->ssld->cert = (char *)ap_table_get(
  -        r->subprocess_env,"SSL_CLIENT_CERT");
  +
  +    /* SSL logic */
  +    ssl_temp = (char *)ap_table_get(r->subprocess_env,"HTTPS");
  +    if ( ssl_temp && !strcasecmp(ssl_temp, "on")) {
  +        req->ssld=(wa_ssldata *) apr_palloc(req->pool,sizeof(wa_ssldata));
  +
  +        req->ssld->ciph = (char *)ap_table_get(
  +            r->subprocess_env,"SSL_CIPHER");
  +        req->ssld->sess = (char *)ap_table_get(
  +            r->subprocess_env,"SSL_SESSION_ID");
  +
  +        ssl_temp = (char *)ap_table_get(
  +            r->subprocess_env,"SSL_CIPHER_USEKEYSIZE");
  +        req->ssld->size = atoi(ssl_temp);
  +
  +        req->ssld->cert = (char *)ap_table_get(
  +            r->subprocess_env,"SSL_CLIENT_CERT");
  +    } else {
  +        req->ssld=NULL;
  +    }
   
       /* Copy headers into webapp request structure */
       if (r->headers_in!=NULL) {
  
  
  
  1.8       +3 -1      jakarta-tomcat-connectors/webapp/include/wa_request.h
  
  Index: wa_request.h
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/include/wa_request.h,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- wa_request.h	2001/10/19 20:04:58	1.7
  +++ wa_request.h	2001/10/29 14:21:05	1.8
  @@ -58,7 +58,7 @@
   /**
    * @package Request Handling
    * @author  Pier Fumagalli <mailto:pier.fumagalli@eng.sun.com>
  - * @version $Id: wa_request.h,v 1.7 2001/10/19 20:04:58 pier Exp $
  + * @version $Id: wa_request.h,v 1.8 2001/10/29 14:21:05 jfclere Exp $
    */
   #ifndef _WA_REQUEST_H_
   #define _WA_REQUEST_H_
  @@ -144,6 +144,8 @@
       wa_ssldata *ssld;
       /** The current headers table. */
       apr_table_t *hdrs;
  +    /** The client certificate string */
  +    char *ssl_cert;
   };
   
   /**
  
  
  
  1.5       +3 -2      jakarta-tomcat-connectors/webapp/java/Makefile.in
  
  Index: Makefile.in
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/Makefile.in,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- Makefile.in	2001/10/22 21:44:21	1.4
  +++ Makefile.in	2001/10/29 14:21:05	1.5
  @@ -56,7 +56,7 @@
   # ========================================================================= #
   
   # @author  Pier Fumagalli <mailto:pier.fumagalli@eng.sun.com>
  -# @version $Id: Makefile.in,v 1.4 2001/10/22 21:44:21 jfclere Exp $
  +# @version $Id: Makefile.in,v 1.5 2001/10/29 14:21:05 jfclere Exp $
   
   include @TGTDIR@/Makedefs
   
  @@ -70,7 +70,8 @@
   	WarpRequest.java \
   	WarpRequestHandler.java \
   	WarpResponse.java \
  -	WarpCertificates.java
  +	WarpCertificates.java \
  +	WarpSSLData.java
   
   ARCHIVE = warp.jar
   
  
  
  
  1.2       +2 -0      jakarta-tomcat-connectors/webapp/java/WarpCertificates.java
  
  Index: WarpCertificates.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/WarpCertificates.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- WarpCertificates.java	2001/10/22 21:44:21	1.1
  +++ WarpCertificates.java	2001/10/29 14:21:05	1.2
  @@ -72,6 +72,8 @@
        * Create the certificate using the String.
        */
       public WarpCertificates(String certString) {
  +        if (certString == null) return;
  +
           byte[] certData = certString.getBytes();
           ByteArrayInputStream bais = new ByteArrayInputStream(certData);
    
  
  
  
  1.12      +56 -3     jakarta-tomcat-connectors/webapp/java/WarpRequest.java
  
  Index: WarpRequest.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/WarpRequest.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- WarpRequest.java	2001/10/22 21:44:21	1.11
  +++ WarpRequest.java	2001/10/29 14:21:05	1.12
  @@ -79,16 +79,45 @@
   
       /** Process the SSL attributes */
       public Object getAttribute(String name) {
  +
  +        /* Use cached values */
  +        Object object = super.getAttribute(name);
  +	if (object != null)
  +            return object;
  +
  +	/* Fill the cache and return value if possible */
  +        if (!localstream.request.isSecure()) return null;
  +
  +        /* Client Certificate */
           if (name.equals("javax.servlet.request.X509Certificate")) {
               WarpCertificates cert = null;
               try {
                   cert = new WarpCertificates(localstream.getX509Certificates());
               } catch (IOException e) {
                   return null;
  +            }
  +            super.setAttribute("javax.servlet.request.X509Certificate",
  +                cert.getCertificates());
  +        }
  +
  +        /* other ssl parameters */
  +        if (name.equals("javax.servlet.request.cipher_suite") ||
  +            name.equals("javax.servlet.request.key_size") ||
  +            name.equals("javax.servlet.request.ssl_session")) {
  +            WarpSSLData ssldata = null;
  +            try {
  +                ssldata = localstream.getSSL();
  +            } catch (IOException e) {
  +                return null;
               }
  -            // super.setAttribute("javax.servlet.request.X509Certificate",
  -            //     cert.getCertificates());
  -            return(cert.getCertificates());
  +            if (ssldata == null) return null;
  +
  +            super.setAttribute("javax.servlet.request.cipher_suite",
  +                ssldata.ciph);
  +            super.setAttribute("javax.servlet.request.key_size",
  +                new Integer (ssldata.size));
  +            super.setAttribute("javax.servlet.request.ssl_session",
  +                ssldata.sess);
           }
           return(super.getAttribute(name));
       }
  @@ -167,6 +196,7 @@
               this.request.getConnection().recv(packet);
               return(this.read());
           }
  +
           public String getX509Certificates()
           throws IOException {
               if (closed) throw new IOException("Stream closed");
  @@ -182,6 +212,29 @@
                  throw new IOException("Invalid WARP packet type for CC");
               return(this.packet.readString());
           }
  +
  +        /** Read the data from the SSL environment. */
  +        public WarpSSLData getSSL()
  +        throws IOException {
  +          
  +            if (closed) throw new IOException("Stream closed");
  +            this.packet.reset();
  +            this.packet.setType(Constants.TYPE_ASK_SSL);
  +            this.request.getConnection().send(packet);
  +            packet.reset();
  +
  +            this.request.getConnection().recv(packet);
  +            if (closed) throw new IOException("Stream closed");
  +            if (packet.getType()==Constants.TYPE_REP_SSL_NO) return(null);
  +            if (packet.getType()!=Constants.TYPE_REP_SSL)
  +               throw new IOException("Invalid WARP packet type for SSL data");
  +            WarpSSLData ssldata  = new WarpSSLData();
  +            ssldata.ciph = this.packet.readString();
  +            ssldata.sess = this.packet.readString();
  +            ssldata.size = this.packet.readInteger();
  +            return(ssldata);
  +        }
  +
   
           
           public void close()
  
  
  
  1.18      +2 -0      jakarta-tomcat-connectors/webapp/java/WarpRequestHandler.java
  
  Index: WarpRequestHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/java/WarpRequestHandler.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- WarpRequestHandler.java	2001/09/17 22:56:58	1.17
  +++ WarpRequestHandler.java	2001/10/29 14:21:05	1.18
  @@ -159,6 +159,8 @@
                       if (Constants.DEBUG)
                           logger.debug("Request scheme="+schm);
                       request.setScheme(schm);
  +                    if (schm.equals("https"))
  +                       request.setSecure(true);
                       break;
                   }
   
  
  
  
  1.1                  jakarta-tomcat-connectors/webapp/java/WarpSSLData.java
  
  Index: WarpSSLData.java
  ===================================================================
  /* ========================================================================= *
   *                                                                           *
   *                 The Apache Software License,  Version 1.1                 *
   *                                                                           *
   *          Copyright (c) 1999-2001 The Apache Software Foundation.          *
   *                           All rights reserved.                            *
   *                                                                           *
   * ========================================================================= *
   *                                                                           *
   * Redistribution and use in source and binary forms,  with or without modi- *
   * fication, are permitted provided that the following conditions are met:   *
   *                                                                           *
   * 1. Redistributions of source code  must retain the above copyright notice *
   *    notice, this list of conditions and the following disclaimer.          *
   *                                                                           *
   * 2. Redistributions  in binary  form  must  reproduce the  above copyright *
   *    notice,  this list of conditions  and the following  disclaimer in the *
   *    documentation and/or other materials provided with the distribution.   *
   *                                                                           *
   * 3. The end-user documentation  included with the redistribution,  if any, *
   *    must include the following acknowlegement:                             *
   *                                                                           *
   *       "This product includes  software developed  by the Apache  Software *
   *        Foundation <http://www.apache.org/>."                              *
   *                                                                           *
   *    Alternately, this acknowlegement may appear in the software itself, if *
   *    and wherever such third-party acknowlegements normally appear.         *
   *                                                                           *
   * 4. The names  "The  Jakarta  Project",  "Tomcat",  and  "Apache  Software *
   *    Foundation"  must not be used  to endorse or promote  products derived *
   *    from this  software without  prior  written  permission.  For  written *
   *    permission, please contact <apache@apache.org>.                        *
   *                                                                           *
   * 5. Products derived from this software may not be called "Apache" nor may *
   *    "Apache" appear in their names without prior written permission of the *
   *    Apache Software Foundation.                                            *
   *                                                                           *
   * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES *
   * INCLUDING, BUT NOT LIMITED TO,  THE IMPLIED WARRANTIES OF MERCHANTABILITY *
   * AND FITNESS FOR  A PARTICULAR PURPOSE  ARE DISCLAIMED.  IN NO EVENT SHALL *
   * THE APACHE  SOFTWARE  FOUNDATION OR  ITS CONTRIBUTORS  BE LIABLE  FOR ANY *
   * DIRECT,  INDIRECT,   INCIDENTAL,  SPECIAL,  EXEMPLARY,  OR  CONSEQUENTIAL *
   * DAMAGES (INCLUDING,  BUT NOT LIMITED TO,  PROCUREMENT OF SUBSTITUTE GOODS *
   * OR SERVICES;  LOSS OF USE,  DATA,  OR PROFITS;  OR BUSINESS INTERRUPTION) *
   * HOWEVER CAUSED AND  ON ANY  THEORY  OF  LIABILITY,  WHETHER IN  CONTRACT, *
   * STRICT LIABILITY, OR TORT  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN *
   * ANY  WAY  OUT OF  THE  USE OF  THIS  SOFTWARE,  EVEN  IF  ADVISED  OF THE *
   * POSSIBILITY OF SUCH DAMAGE.                                               *
   *                                                                           *
   * ========================================================================= *
   *                                                                           *
   * This software  consists of voluntary  contributions made  by many indivi- *
   * duals on behalf of the  Apache Software Foundation.  For more information *
   * on the Apache Software Foundation, please see <http://www.apache.org/>.   *
   *                                                                           *
   * ========================================================================= */
  
  package org.apache.catalina.connector.warp;
   
  /*
   * SSL message handling.
   */
   
  public class WarpSSLData {
      /**
       * Cipher use by the SSL.
       */
      String ciph;
      /**
       * SSL session.
       */
      String sess;
      /**
       * Size of the algorithm. (56-128)
       */
      int size;
  }
  
  
  
  1.19      +21 -2     jakarta-tomcat-connectors/webapp/lib/pr_warp.c
  
  Index: pr_warp.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/webapp/lib/pr_warp.c,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- pr_warp.c	2001/10/22 22:00:04	1.18
  +++ pr_warp.c	2001/10/29 14:21:05	1.19
  @@ -54,7 +54,7 @@
    *                                                                           *
    * ========================================================================= */
   
  -/* @version $Id: pr_warp.c,v 1.18 2001/10/22 22:00:04 jfclere Exp $ */
  +/* @version $Id: pr_warp.c,v 1.19 2001/10/29 14:21:05 jfclere Exp $ */
   #include "pr_warp.h"
   
   /* Initialize this provider. */
  @@ -428,10 +428,29 @@
                   }
                   break;
               }
  +            case TYPE_ASK_SSL: {
  +                wa_log(WA_MARK,"TYPE_ASK_SSL");
  +                /* Request for client certificate */
  +                if (r->ssld==NULL) {
  +                    pack->type=TYPE_REP_SSL_NO;
  +                    pack->size=0;
  +                } else {
  +                    pack->type=TYPE_REP_SSL;
  +                    p_write_string(pack,r->ssld->ciph);
  +                    p_write_string(pack,r->ssld->sess);
  +                    p_write_int(pack,r->ssld->size);
  +                }
  +                wa_debug(WA_MARK,"CC bytes: (Sent=%d)",pack->size);
  +                if (n_send(conf->sock,pack)!=wa_true) {
  +                    n_disconnect(conn);
  +                    return(wa_rerror(WA_MARK,r,500,"Communitcation interrupted"));
  +                }
  +                break;
  +            }
               case TYPE_ASK_SSL_CLIENT: {
                   wa_log(WA_MARK,"TYPE_ASK_SSL_CLIENT");
                   /* Request for client certificate */
  -                if (r->ssld->cert==NULL) {
  +                if (r->ssld==NULL || r->ssld->cert==NULL) {
                       pack->type=TYPE_REP_SSL_NO;
                       pack->size=0;
                   } else {
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message