tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/net JSSEImplementation.java JSSESocketFactory.java JSSESupport.java PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java SSLImplementation.java SSLSupport.java DefaultServerSocketFactory.java PoolTcpEndpoint.java ServerSocketFactory.java SSLSocketFactory.java
Date Fri, 07 Dec 2001 04:40:06 GMT
billbarker    01/12/06 20:40:06

  Modified:    src/share/org/apache/tomcat/util/net
                        DefaultServerSocketFactory.java
                        PoolTcpEndpoint.java ServerSocketFactory.java
  Added:       src/share/org/apache/tomcat/util/net JSSEImplementation.java
                        JSSESocketFactory.java JSSESupport.java
                        PureTLSImplementation.java PureTLSSocket.java
                        PureTLSSocketFactory.java PureTLSSupport.java
                        SSLImplementation.java SSLSupport.java
  Removed:     src/share/org/apache/tomcat/util/net SSLSocketFactory.java
  Log:
  Adding support for PureTLS.
  This is the main re-factoring of support for SSL.
  Submitted by:	Eric Rescorla  ekr@rtfm.com
  
  Revision  Changes    Path
  1.2       +16 -4     jakarta-tomcat/src/share/org/apache/tomcat/util/net/DefaultServerSocketFactory.java
  
  Index: DefaultServerSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/DefaultServerSocketFactory.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- DefaultServerSocketFactory.java	2000/08/14 21:54:36	1.1
  +++ DefaultServerSocketFactory.java	2001/12/07 04:40:06	1.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/DefaultServerSocketFactory.java,v 1.1 2000/08/14 21:54:36 costin Exp $
  - * $Revision: 1.1 $
  - * $Date: 2000/08/14 21:54:36 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/DefaultServerSocketFactory.java,v 1.2 2001/12/07 04:40:06 billbarker Exp $
  + * $Revision: 1.2 $
  + * $Date: 2001/12/07 04:40:06 $
    *
    * ====================================================================
    *
  @@ -101,4 +101,16 @@
       throws IOException {
           return new ServerSocket (port, backlog, ifAddress);
       }
  -}
  + 
  +    public Socket acceptSocket(ServerSocket socket)
  + 	throws IOException {
  + 	return socket.accept();
  +    }
  + 
  +    public void handshake(Socket sock)
  + 	throws IOException {
  + 	; // NOOP
  +    }
  + 	    
  +        
  + }
  
  
  
  1.16      +19 -4     jakarta-tomcat/src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java
  
  Index: PoolTcpEndpoint.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- PoolTcpEndpoint.java	2001/08/31 04:13:12	1.15
  +++ PoolTcpEndpoint.java	2001/12/07 04:40:06	1.16
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java,v 1.15 2001/08/31 04:13:12 costin Exp $
  - * $Revision: 1.15 $
  - * $Date: 2001/08/31 04:13:12 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java,v 1.16 2001/12/07 04:40:06 billbarker Exp $
  + * $Revision: 1.16 $
  + * $Date: 2001/12/07 04:40:06 $
    *
    * ====================================================================
    *
  @@ -191,6 +191,10 @@
   	    this.factory=factory;
       }
   
  +   ServerSocketFactory getServerSocketFactory() {
  + 	    return factory;
  +   }
  +
       public void setConnectionHandler( TcpConnectionHandler handler ) {
       	this.handler=handler;
       }
  @@ -311,7 +315,12 @@
       	try {
       	    if (running) {
   		if(null!= serverSocket) {
  -		    accepted = serverSocket.accept();
  +                     if(factory==null){
  + 		        accepted = serverSocket.accept();
  + 		    }
  + 		    else {
  + 		        accepted = factory.acceptSocket(serverSocket);
  + 		    }
   		    if(!running) {
   			if(null != accepted) {
   			    accepted.close();  // rude, but unlikely!
  @@ -462,6 +471,10 @@
   		endpoint.tp.runIt(this);
   		
   		try {
  + 		    if(endpoint.getServerSocketFactory()!=null) {
  + 			endpoint.getServerSocketFactory().handshake(s);
  + 		    }
  + 
   		    if( usePool ) {
   			con=(TcpConnection)connectionCache.get();
   			if( con == null ) 
  @@ -475,6 +488,8 @@
   		    con.setSocket(s);
   		    endpoint.setSocketOptions( s );
   		    endpoint.getConnectionHandler().processConnection(con, perThrData);
  + 		} catch (IOException e){
  + 		    endpoint.log("Handshake failed",e,Log.ERROR);
                   } finally {
                       con.recycle();
                       if( usePool && con != null ) connectionCache.put(con);
  
  
  
  1.3       +18 -0     jakarta-tomcat/src/share/org/apache/tomcat/util/net/ServerSocketFactory.java
  
  Index: ServerSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/ServerSocketFactory.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ServerSocketFactory.java	2001/11/07 13:36:42	1.2
  +++ ServerSocketFactory.java	2001/12/07 04:40:06	1.3
  @@ -191,5 +191,23 @@
   
       public void initSocket( Socket s ) {
       }
  + 
  +     /**
  +       Wrapper function for accept(). This allows us to trap and
  +       translate exceptions if necessary
  + 
  +       @exception IOException;
  +     */ 
  +     public abstract Socket acceptSocket(ServerSocket socket)
  + 	throws IOException;
  + 
  +     /**
  +       Extra function to initiate the handshake. Sometimes necessary
  +       for SSL
  + 
  +       @exception IOException;
  +     */ 
  +     public abstract void handshake(Socket sock)
  + 	throws IOException;
   }
   
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/JSSEImplementation.java
  
  Index: JSSEImplementation.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.SSLSocket;
  
  /* JSSEImplementation:
  
     Concrete implementation class for JSSE
  
     @author EKR
  */
  	
  class JSSEImplementation extends SSLImplementation
  {
      JSSEImplementation() throws ClassNotFoundException {
  	// Check to see if JSSE is floating around somewhere
  	Class.forName("javax.net.ssl.SSLServerSocketFactory");
      }
  
  
      public String getImplementationName(){
        return "JSSE";
      }
        
      public ServerSocketFactory getServerSocketFactory()
      {
  	return new JSSESocketFactory();
      } 
  
      public SSLSupport getSSLSupport(Socket s)
      {
  	return new JSSESupport((SSLSocket)s);
      }
  
  
  
  }
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/JSSESocketFactory.java
  
  Index: JSSESocketFactory.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  import java.security.KeyStore;
  
  import java.security.Security;
  import javax.net.ServerSocketFactory;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLException;
  import javax.net.ssl.SSLServerSocketFactory;
  import javax.net.ssl.HandshakeCompletedListener;
  import javax.net.ssl.HandshakeCompletedEvent;
  
  /*
    1. Make the JSSE's jars available, either as an installed
       extension (copy them into jre/lib/ext) or by adding
       them to the Tomcat classpath.
    2. keytool -genkey -alias tomcat -keyalg RSA
       Use "changeit" as password ( this is the default we use )
   */
  
  /**
   * SSL server socket factory. It _requires_ a valid RSA key and
   * JSSE. 
   *
   * @author Harish Prabandham
   * @author Costin Manolache
   * @author Stefan Freyr Stefansson
   * @author EKR -- renamed to JSSESocketFactory
   */
  public class JSSESocketFactory
      extends org.apache.tomcat.util.net.ServerSocketFactory
  {
      private String keystoreType;
  
      static String defaultKeystoreType = "JKS";
      static String defaultProtocol = "TLS";
      static String defaultAlgorithm = "SunX509";
      static boolean defaultClientAuth = false;
  
      private boolean clientAuth = false;
      private SSLServerSocketFactory sslProxy = null;
      
      // defaults
      static String defaultKeystoreFile=System.getProperty("user.home") +
  	"/.keystore";
      static String defaultKeyPass="changeit";
  
      
      public JSSESocketFactory () {
      }
  
      public ServerSocket createSocket (int port)
  	throws IOException
      {
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port);
  	initServerSocket(socket);
  	return socket;
      }
      
      public ServerSocket createSocket (int port, int backlog)
  	throws IOException
      {
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port, backlog);
  	initServerSocket(socket);
  	return socket;
      }
      
      public ServerSocket createSocket (int port, int backlog,
  				      InetAddress ifAddress)
  	throws IOException
      {	
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port, backlog, ifAddress);
  	initServerSocket(socket);
  	return socket;
      }
      
      
      // -------------------- Internal methods
      /** Read the keystore, init the SSL socket factory
       */
      private void initProxy() throws IOException {
  	try {
  	    Security.addProvider (new sun.security.provider.Sun());
  	    Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
  
  	    // Please don't change the name of the attribute - other
  	    // software may depend on it ( j2ee for sure )
  	    String keystoreFile=(String)attributes.get("keystore");
  	    if( keystoreFile==null) keystoreFile=defaultKeystoreFile;
  
  	    keystoreType=(String)attributes.get("keystoreType");
  	    if( keystoreType==null) keystoreType=defaultKeystoreType;
  
  	    //determine whether we want client authentication
  	    // the presence of the attribute enables client auth
  	    clientAuth = null != (String)attributes.get("clientauth");
  
  	    String keyPass=(String)attributes.get("keypass");
  	    if( keyPass==null) keyPass=defaultKeyPass;
  
  	    //protocol for the SSL ie - TLS, SSL v3 etc.
  	    String protocol = (String)attributes.get("protocol");
  	    if(protocol == null) protocol = defaultProtocol;
  	    
  	    //Algorithm used to encode the certificate ie - SunX509
  	    String algorithm = (String)attributes.get("algorithm");
  	    if(algorithm == null) algorithm = defaultAlgorithm;
  	    
  	    // You can't use ssl without a server certificate.
  	    // Create a KeyStore ( to get server certs )
  	    KeyStore kstore = initKeyStore( keystoreFile, keyPass );
  	    
  	    // Create a SSLContext ( to create the ssl factory )
  	    // This is the only way to use server sockets with JSSE 1.0.1
  	    com.sun.net.ssl.SSLContext context = 
  		com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL
  
  	    // Key manager will extract the server key
  	    com.sun.net.ssl.KeyManagerFactory kmf = 
  		com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
  	    kmf.init( kstore, keyPass.toCharArray());
  
  	    // If client authentication is needed, set up TrustManager
  	    com.sun.net.ssl.TrustManager[] tm = null;
  	    if( clientAuth) {
  		com.sun.net.ssl.TrustManagerFactory tmf =
                      com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
  		tmf.init(kstore);
  		tm = tmf.getTrustManagers();
  	    }
  
  	    // init context with the key managers
  	    context.init(kmf.getKeyManagers(), tm, 
  			 new java.security.SecureRandom());
  
  	    // create proxy
  	    sslProxy = context.getServerSocketFactory();
  
  	    return;
  	} catch(Exception e) {
  	    if( e instanceof IOException )
  		throw (IOException)e;
  	    throw new IOException(e.getMessage());
  	}
      }
  
      public Socket acceptSocket(ServerSocket socket)
  	throws IOException
      {
  	try {
  	    return socket.accept();
  	} catch (SSLException e){
  	  throw new SocketException("SSL handshake error" + e.toString());
  	}
      }
       
      /** Set server socket properties ( accepted cipher suites, etc)
       */
      private void initServerSocket(ServerSocket ssocket) {
  	SSLServerSocket socket=(SSLServerSocket)ssocket;
  
  	// We enable all cipher suites when the socket is
  	// connected - XXX make this configurable 
  	String cipherSuites[] = socket.getSupportedCipherSuites();
  	socket.setEnabledCipherSuites(cipherSuites);
  
  	// we don't know if client auth is needed -
  	// after parsing the request we may re-handshake
  	socket.setNeedClientAuth(clientAuth);
      }
  
      private KeyStore initKeyStore( String keystoreFile,
  				   String keyPass)
  	throws IOException
      {
  	InputStream istream = null;
  	try {
  	    KeyStore kstore=KeyStore.getInstance( keystoreType );
  	    istream = new FileInputStream(keystoreFile);
  	    kstore.load(istream, keyPass.toCharArray());
  	    return kstore;
  	}
  	catch (FileNotFoundException fnfe) {
  	    throw fnfe;
  	}
  	catch (IOException ioe) {
  	    throw ioe;	    
  	}
  	catch(Exception ex) {
  	    ex.printStackTrace();
  	    throw new IOException( "Exception trying to load keystore " +
  				   keystoreFile + ": " + ex.getMessage() );
  	}
      }
  
      public void handshake(Socket sock)
  	 throws IOException
      {
  	((SSLSocket)sock).startHandshake();
      }
  }
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/JSSESupport.java
  
  Index: JSSESupport.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  import java.util.Vector;
  import java.security.cert.CertificateFactory;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.SSLSocket;
  import java.security.cert.CertificateFactory;
  import javax.security.cert.X509Certificate;
  
  /* JSSESupport
  
     Concrete implementation class for JSSE
     Support classes.
  
     This will only work with JDK 1.2 and up since it
     depends on JDK 1.2's certificate support
  
     @author EKR
  
     Parts cribbed from JSSECertCompat	   
  */
  
  class JSSESupport implements SSLSupport {
      private SSLSocket ssl;
  
      JSSESupport(SSLSocket sock){
  	ssl=sock;
      }
  
      public String getCipherSuite() throws IOException {
  	return "Unknown";
      }
  
      public java.security.cert.Certificate[] getPeerCertificateChain()
      throws IOException
      {
          // Look up the current SSLSession
          SSLSession session = ssl.getSession();
          if (session == null)
              return null;
  
          // Convert JSSE's certificate format to the ones we need
          X509Certificate jsseCerts[] = null;
          java.security.cert.X509Certificate x509Certs[] = null;
          try {
              jsseCerts = session.getPeerCertificateChain();
              if (jsseCerts == null)
                  jsseCerts = new X509Certificate[0];
              x509Certs =
                new java.security.cert.X509Certificate[jsseCerts.length];
              for (int i = 0; i < x509Certs.length; i++) {
                  byte buffer[] = jsseCerts[i].getEncoded();
                  CertificateFactory cf =
                    CertificateFactory.getInstance("X.509");
                  ByteArrayInputStream stream =
                    new ByteArrayInputStream(buffer);
                  x509Certs[i] = (java.security.cert.X509Certificate)
                    cf.generateCertificate(stream);
              }
          } catch (Throwable t) {
              return null;
          }
  
          if ((x509Certs == null) || (x509Certs.length < 1))
              return null;
  
          return x509Certs;
      }
  }
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/PureTLSImplementation.java
  
  Index: PureTLSImplementation.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.sslg.*;
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  
  /* PureTLSImplementation:
  
     Concrete implementation class for PureTLS
  
     @author EKR
  */
  
  class PureTLSImplementation extends SSLImplementation
  {
      PureTLSImplementation() throws ClassNotFoundException {
  	// Check to see if PureTLS is floating around somewhere
  	Class.forName("COM.claymoresystems.ptls.SSLContext");
      }
  
      public String getImplementationName(){
        return "PureTLS";
      }
        
      public ServerSocketFactory getServerSocketFactory()
      {
  	return new PureTLSSocketFactory();
      } 
  
      public SSLSupport getSSLSupport(Socket s)
      {
  	return new PureTLSSupport((SSLSocket)s);
      }
  
  
  
  }
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/PureTLSSocket.java
  
  Index: PureTLSSocket.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  import COM.claymoresystems.sslg.*;
  
  /*
   * PureTLSSocket.java
   *
   * Wraps COM.claymoresystems.ptls.SSLSocket
   *
   * This class translates PureTLS's interfaces into those
   * expected by Tomcat
   *
   * @author Eric Rescorla
   *
   */
  
  public class PureTLSSocket extends COM.claymoresystems.ptls.SSLSocket
  {
      // The only constructor we need here is the no-arg
      // constructor since this class is only used with
      // implAccept
      public PureTLSSocket() throws IOException {
  	super();
      }
  }
   
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/PureTLSSocketFactory.java
  
  Index: PureTLSSocketFactory.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  import COM.claymoresystems.sslg.*;
  
  /**
   * SSL server socket factory--wraps PureTLS
   *
   * @author Eric Rescorla
   *
   * some sections of this file cribbed from SSLSocketFactory
   * (the JSSE socket factory)
   *
   */
   
  public class PureTLSSocketFactory
      extends org.apache.tomcat.util.net.ServerSocketFactory
  {
      static String defaultProtocol = "TLS";
      static boolean defaultClientAuth = false;
      static String defaultKeyStoreFile = "server.pem";
      static String defaultKeyPass = "password";    
      static String defaultRootFile = "root.pem";
      static String defaultRandomFile = "random.pem";
      
      private SSLContext context=null;
      
      public PureTLSSocketFactory() {
      }
  
      public ServerSocket createSocket(int port)
  	throws IOException
      {
  	init();
  	return new SSLServerSocket(context,port);
      }
  
      public ServerSocket createSocket(int port, int backlog)
  	throws IOException
      {
  	init();
  	ServerSocket tmp;
  	
  	try {
  	    tmp=new SSLServerSocket(context,port,backlog);
  	}
  	catch (IOException e){
  	    throw e;
  	}
  	return tmp;
      }
  
      public ServerSocket createSocket(int port, int backlog,
  				     InetAddress ifAddress)
  	throws IOException
      {
  	init();
  	return new SSLServerSocket(context,port,backlog,ifAddress);
      }
  
      private void init()
  	throws IOException
      {
  	if(context!=null)
  	    return;
  	
  	boolean clientAuth=defaultClientAuth;
  
  	try {
  	    String keyStoreFile=(String)attributes.get("keystore");
  	    if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
  	    
  	    String keyPass=(String)attributes.get("keypass");
  	    if(keyPass==null) keyPass=defaultKeyPass;
  	    
  	    String rootFile=(String)attributes.get("randomfile");
  	    if(rootFile==null) rootFile=defaultRootFile;
  
  	    String randomFile=(String)attributes.get("randomfile");
  	    if(randomFile==null) randomFile=defaultRandomFile;
  	    
  	    String protocol=(String)attributes.get("protocol");
  	    if(protocol==null) protocol=defaultProtocol;
  
  	    String clientAuthStr=(String)attributes.get("clientauth");
  	    if(clientAuthStr != null){
  		if(clientAuthStr.equals("true")){
  		    clientAuth=true;
  		} else if(clientAuthStr.equals("false")) {
  		    clientAuth=false;
  		} else {
  		    throw new IOException("Invalid value '" +
  					  clientAuthStr + 
  					  "' for 'clientauth' parameter:");
  		}
  	    }
  
  	    SSLContext tmpContext=new SSLContext();
  	    if(clientAuth){
  		tmpContext.loadRootCertificates(rootFile);
  	    }
  	    tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
  	    tmpContext.useRandomnessFile(randomFile,keyPass);
  	    
  	    SSLPolicyInt policy=new SSLPolicyInt();
  	    policy.requireClientAuth(clientAuth);
  	    policy.handshakeOnConnect(false);
  	    policy.waitOnClose(false);
  	    tmpContext.setPolicy(policy);
  	    context=tmpContext;
  	} catch (Exception e){
  	    throw new IOException(e.getMessage());
  	}
      }
  
      public Socket acceptSocket(ServerSocket socket)
  	throws IOException
      {
  	try {
  	    Socket sock=socket.accept();
  	    return sock;
  	} catch (SSLException e){
              throw new SocketException("SSL handshake error" + e.toString());
  	}
      }
  
      public void handshake(Socket sock)
  	 throws IOException
      {
  	((SSLSocket)sock).handshake();
      }
  }
  
      
      
  
  
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/PureTLSSupport.java
  
  Index: PureTLSSupport.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  import java.util.Vector;
  import java.security.cert.CertificateFactory;
  
  import COM.claymoresystems.sslg.*;
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  
  
  /* PureTLSSupport
  
     Concrete implementation class for PureTLS
     Support classes.
  
     This will only work with JDK 1.2 and up since it
     depends on JDK 1.2's certificate support
  
     @author EKR
  */
  
  class PureTLSSupport implements SSLSupport {
      private SSLSocket ssl;
  
      PureTLSSupport(SSLSocket sock){
  	ssl=sock;
      }
  
      public String getCipherSuite() throws IOException {
  	int cs=ssl.getCipherSuite();
  	return SSLPolicyInt.getCipherSuiteName(cs);
      }
  
      public java.security.cert.Certificate[] getPeerCertificateChain()
  	throws IOException
      {
  	Vector v=ssl.getCertificateChain();
  
  	if(v==null)
  	    return null;
  	
  	java.security.cert.X509Certificate[] chain=
              new java.security.cert.X509Certificate[v.size()];
  
  	try {
  	  for(int i=1;i<=v.size();i++){
  	    // PureTLS provides cert chains with the peer
  	    // cert last but the Servlet 2.3 spec (S 4.7) requires
  	    // the opposite order so we reverse the chain as we go
  	    byte buffer[]=((X509Cert)v.elementAt(
  		 v.size()-i)).getDER();
  	    
  	    CertificateFactory cf =
  	      CertificateFactory.getInstance("X.509");
  	    ByteArrayInputStream stream =
  	      new ByteArrayInputStream(buffer);
  	    
  	    chain[i]=(java.security.cert.X509Certificate)
  	      cf.generateCertificate(stream);
  	  }
  	} catch (java.security.cert.CertificateException e) {
  	    throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes");
  	}
  	return chain;
      }
  }
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/SSLImplementation.java
  
  Index: SSLImplementation.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  /* SSLImplementation:
  
     Abstract factory and base class for all SSL implementations.
  
     @author EKR
  */
  abstract public class SSLImplementation {
      // The default implementations in our search path
      private static final String PureTLSImplementationClass=
  	"org.apache.tomcat.util.net.PureTLSImplementation";
      private static final String JSSEImplementationClass=
  	"org.apache.tomcat.util.net.JSSEImplementation";
      
      private static final String[] implementations=
      {
  	PureTLSImplementationClass,
  	JSSEImplementationClass
      };
  
      public static SSLImplementation getInstance() throws ClassNotFoundException
      {
  	for(int i=0;i<implementations.length;i++){
  	    try {
  		SSLImplementation impl=
  		    getInstance(implementations[i]);
  		return impl;
  	    } catch (Exception e) {
  		// Ignore 
  	    }
  	}
  
  	// If we can't instantiate any of these
  	throw new ClassNotFoundException("Can't find any SSL implementation");
      }
  
      public static SSLImplementation getInstance(String className)
  	throws ClassNotFoundException
      {
  	if(className==null) return getInstance();
  
  	try {
  	    Class clazz=Class.forName(className);
  	    return (SSLImplementation)clazz.newInstance();
  	} catch (Exception e){
  	    throw new ClassNotFoundException("Error loading SSL Implementation "
  				      +className+ " :" +e.toString());
  	}
      }
  
      abstract public String getImplementationName();
      abstract public ServerSocketFactory getServerSocketFactory();
      abstract public SSLSupport getSSLSupport(Socket sock);
  }    
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/util/net/SSLSupport.java
  
  Index: SSLSupport.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net;
  
  import java.io.*;
  import java.net.*;
  
  /* SSLSupport
  
     Interface for SSL-specific functions
  
     @author EKR
  */
  
  public interface SSLSupport {
      public String getCipherSuite() throws IOException;
      public java.security.cert.Certificate[] getPeerCertificateChain()
  	throws IOException;
  
      /**
       * Get the keysize.
       *
       * What we're supposed to put here is ill-defined by the
       * Servlet spec (S 4.7 again). There are at least 4 potential
       * values that might go here:
       *
       * (a) The size of the encryption key
       * (b) The size of the MAC key
       * (c) The size of the key-exchange key
       * (d) The size of the signature key used by the server
       *
       * Unfortunately, all of these values are nonsensical.
       **/
  }
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message