tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net JSSESupport.java PureTLSSupport.java SSLSupport.java
Date Sat, 13 Apr 2002 05:34:11 GMT
billbarker    02/04/12 22:34:11

  Modified:    util/java/org/apache/tomcat/util/net JSSESupport.java
                        PureTLSSupport.java SSLSupport.java
  Log:
  Extend Coyote SSL support to include the 2.3 spec.
  
  With JSSE, this is mostly a copy of CertificateValve, and everything works with the 3.3
Adapter (so it should work with the 4.x Adapter).
  
  With PureTLS everything works but KeySize, which I couldn't figure out.
  
  -- Eric: can you please review?
  
  Revision  Changes    Path
  1.2       +91 -3     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESupport.java
  
  Index: JSSESupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESupport.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JSSESupport.java	5 Apr 2002 17:43:33 -0000	1.1
  +++ JSSESupport.java	13 Apr 2002 05:34:11 -0000	1.2
  @@ -78,18 +78,39 @@
   
      @author EKR
   
  -   Parts cribbed from JSSECertCompat	   
  +   Parts cribbed from JSSECertCompat       
   */
   
   class JSSESupport implements SSLSupport {
  +    /**
  +     * A mapping table to determine the number of effective bits in the key
  +     * when using a cipher suite containing the specified cipher name.  The
  +     * underlying data came from the TLS Specification (RFC 2246), Appendix C.
  +     */
  +    protected static final CipherData ciphers[] = {
  +        new CipherData("_WITH_NULL_", 0),
  +        new CipherData("_WITH_IDEA_CBC_", 128),
  +        new CipherData("_WITH_RC2_CBC_40_", 40),
  +        new CipherData("_WITH_RC4_40_", 40),
  +        new CipherData("_WITH_RC4_128_", 128),
  +        new CipherData("_WITH_DES40_CBC_", 40),
  +        new CipherData("_WITH_DES_CBC_", 56),
  +        new CipherData("_WITH_3DES_EDE_CBC_", 168)
  +    };
  +
       private SSLSocket ssl;
   
  +
       JSSESupport(SSLSocket sock){
  -	ssl=sock;
  +        ssl=sock;
       }
   
       public String getCipherSuite() throws IOException {
  -	return "Unknown";
  +        // Look up the current SSLSession
  +        SSLSession session = ssl.getSession();
  +        if (session == null)
  +            return null;
  +        return session.getCipherSuite();
       }
   
       public Object[] getPeerCertificateChain()
  @@ -127,4 +148,71 @@
   
           return x509Certs;
       }
  +
  +    /**
  +     * Copied from <code>org.apache.catalina.valves.CertificateValve</code>
  +     */
  +    public Integer getKeySize() 
  +        throws IOException {
  +        // Look up the current SSLSession
  +        SSLSession session = ssl.getSession();
  +        if (session == null)
  +            return null;
  +        Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
  +        if (keySize == null) {
  +            int size = 0;
  +            String cipherSuite = session.getCipherSuite();
  +            for (int i = 0; i < ciphers.length; i++) {
  +                if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
  +                    size = ciphers[i].keySize;
  +                    break;
  +                }
  +            }
  +            keySize = new Integer(size);
  +            session.putValue(KEY_SIZE_KEY, keySize);
  +        }
  +        return keySize;
  +    }
  +
  +    public String getSessionId()
  +        throws IOException {
  +        // Look up the current SSLSession
  +        SSLSession session = ssl.getSession();
  +        if (session == null)
  +            return null;
  +        // Expose ssl_session (getId)
  +        byte [] ssl_session = session.getId();
  +        if ( ssl_session == null) 
  +            return null;
  +        StringBuffer buf=new StringBuffer("");
  +        for(int x=0; x<ssl_session.length; x++) {
  +            String digit=Integer.toHexString((int)ssl_session[x]);
  +            if (digit.length()<2) buf.append('0');
  +            if (digit.length()>2) digit=digit.substring(digit.length()-2);
  +            buf.append(digit);
  +        }
  +        return buf.toString();
  +    }
  +}
  +
  +// ------------------------------------------------------------ Private Classes
  +
  +
  +/**
  + * Simple data class that represents the cipher being used, along with the
  + * corresponding effective key size.  The specified phrase must appear in the
  + * name of the cipher suite to be recognized.
  + */
  +
  +final class CipherData {
  +
  +    String phrase = null;
  +
  +    int keySize = 0;
  +
  +    public CipherData(String phrase, int keySize) {
  +        this.phrase = phrase;
  +        this.keySize = keySize;
  +    }
  +
   }
  
  
  
  1.2       +23 -0     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/PureTLSSupport.java
  
  Index: PureTLSSupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/PureTLSSupport.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- PureTLSSupport.java	5 Apr 2002 17:43:33 -0000	1.1
  +++ PureTLSSupport.java	13 Apr 2002 05:34:11 -0000	1.2
  @@ -63,6 +63,7 @@
   import java.net.*;
   import java.util.Vector;
   import java.security.cert.CertificateFactory;
  +import org.apache.tomcat.util.buf.HexUtils;
   
   import COM.claymoresystems.sslg.*;
   import COM.claymoresystems.ptls.*;
  @@ -124,4 +125,26 @@
   	}
   	return chain;
       }
  +
  +    public Integer getKeySize()
  +	throws IOException {
  +	/*
  +	int cs = ssl.getCipherSuite();
  +	int  ks = SSLCipherSuite.findCipherSuite(cs).getCipherKeyLength();
  +	return new Integer(ks);
  +	*/
  +	return null;
  +    }
  +
  +    public String getSessionId()
  +	throws IOException {
  +	byte [] ssl_session = ssl.getSessionID();
  +	if(ssl_session == null)
  +	    return null;
  +	return HexUtils.convert(ssl_session);
  +    }
  +
   }
  +
  +
  +
  
  
  
  1.2       +37 -1     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java
  
  Index: SSLSupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- SSLSupport.java	5 Apr 2002 17:43:33 -0000	1.1
  +++ SSLSupport.java	13 Apr 2002 05:34:11 -0000	1.2
  @@ -70,9 +70,37 @@
   */
   
   public interface SSLSupport {
  +    /**
  +     * The Request attribute key for the cipher suite.
  +     */
  +    public static final String CIPHER_SUITE_KEY = "javax.servlet.request.cipher_suite";
  +
  +    /**
  +     * The Request attribute key for the key size.
  +     */
  +    public static final String KEY_SIZE_KEY = "javax.servlet.request.key_size";
  +
  +    /**
  +     * The Request attribute key for the client certificate chain.
  +     */
  +    public static final String CERTIFICATE_KEY = "javax.servlet.request.X509Certificate";
  +
  +    /**
  +     * The Request attribute key for the session id.
  +     * This one is a Tomcat extension to the Servlet spec.
  +     */
  +    public static final String SESSION_ID_KEY = "javax.servlet.request.ssl_session";
  +
  +    /**
  +     * The cipher suite being used on this connection.
  +     */
       public String getCipherSuite() throws IOException;
  +
  +    /**
  +     * The client certificate chain (if any).
  +     */
       public Object[] getPeerCertificateChain()
  -	throws IOException;
  +        throws IOException;
   
       /**
        * Get the keysize.
  @@ -88,4 +116,12 @@
        *
        * Unfortunately, all of these values are nonsensical.
        **/
  +    public Integer getKeySize()
  +        throws IOException;
  +
  +    /**
  +     * The current session Id.
  +     */
  +    public String getSessionId()
  +        throws IOException;
   }
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message