tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Rescorla <...@rtfm.com>
Subject Re: Tomcat to support other keystore types?
Date Wed, 07 Nov 2001 23:30:09 GMT
<cmanolache@yahoo.com> writes:
> On 7 Nov 2001, Eric Rescorla wrote:
> This seems reasonable and it's an improvement over what we have.
> 
> But I would prefer something like:
> 
> interface SSLSupport {
> 	.....
> }
> 
> And then the HTTP module will set a note/attribute on the request with a
> SSLSupport object ( which can be or wrap the socket object ), while Ajp
> will use it's own impl.
That seems reasonable.

> > Then, all Tomcat code can just do (for instance):
> > 	java.security.cert.Certificate[] certs;
> >
> > 	certs=((SSLSocketExtensions)socket).getCertificateChain();
> 
> > Does this seem acceptable?
> 
> I don't like the last part ( casting the socket ), but it is acceptable.
I don't really see a way around it, though, since the rest of
the code slings Sockets around. If we want to get the SSLSupport from
the Socket we'll need to cast it to some other type. I suppose we
could always do:

interface SSLSupportGetter {
	SSLSupport getSSLSupport();
}

and then do:
SSLSupport suppport=((SSLSupportGetter)socket).getSSLSupport();

I'm not sure what this would really buy us though except one extra
class. Of course, the more classes the better :)

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message