tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls PureTLSSocketFactory.java PureTLSSupport.java
Date Mon, 16 Jun 2003 02:45:57 GMT
billbarker    2003/06/15 19:45:56

  Modified:    util/java/org/apache/tomcat/util/net/puretls
                        PureTLSSocketFactory.java PureTLSSupport.java
  Log:
  Fixes for CLIENT-CERT auth when using PureTLS
  
  1) We need to set the rootFile always, since it is needed for CLIENT-CERT even when clientAuth="false".
  2) Fix off-by-one problem with generating the x509 certs.
  
  Revision  Changes    Path
  1.3       +9 -5      jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
  
  Index: PureTLSSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- PureTLSSocketFactory.java	12 Jun 2003 04:30:41 -0000	1.2
  +++ PureTLSSocketFactory.java	16 Jun 2003 02:45:56 -0000	1.3
  @@ -160,11 +160,15 @@
   		}
   	    }
   
  -	    SSLContext tmpContext=new SSLContext();
  -	    if(clientAuth){
  -		tmpContext.loadRootCertificates(rootFile);
  -	    }
  -	    tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
  +            SSLContext tmpContext=new SSLContext();
  +            try {
  +                tmpContext.loadRootCertificates(rootFile);
  +            } catch(IOException iex) {
  +                if(logger.isDebugEnabled())
  +                    logger.debug("Error loading Client Root Store: " + 
  +                                 rootFile,iex);
  +            }
  +            tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
   	    tmpContext.useRandomnessFile(randomFile,keyPass);
   	    
   	    SSLPolicyInt policy=new SSLPolicyInt();
  
  
  
  1.2       +16 -4     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
  
  Index: PureTLSSupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- PureTLSSupport.java	4 Oct 2002 20:03:10 -0000	1.1
  +++ PureTLSSupport.java	16 Jun 2003 02:45:56 -0000	1.2
  @@ -64,6 +64,7 @@
   import java.net.*;
   import java.util.Vector;
   import java.security.cert.CertificateFactory;
  +import java.security.cert.X509Certificate;
   import org.apache.tomcat.util.buf.HexUtils;
   
   import COM.claymoresystems.sslg.*;
  @@ -83,6 +84,9 @@
   */
   
   class PureTLSSupport implements SSLSupport {
  +    static org.apache.commons.logging.Log logger =
  +	org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
  +
       private COM.claymoresystems.ptls.SSLSocket ssl;
   
       PureTLSSupport(SSLSocket sock){
  @@ -130,12 +134,16 @@
                 CertificateFactory.getInstance("X.509");
               ByteArrayInputStream stream =
                 new ByteArrayInputStream(buffer);
  -            
  -            chain[i]=(java.security.cert.X509Certificate)
  -              cf.generateCertificate(stream);
  +
  +            X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
  +            chain[i-1]= xCert;
  +            if(logger.isTraceEnabled()) {
  +		logger.trace("Cert # " + i + " = " + xCert);
  +	    }
             }
           } catch (java.security.cert.CertificateException e) {
  -            throw new IOException("JDK's broken cert handling can't parse this certificate
(which PureTLS likes");
  +	    logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS
likes)",e);
  +            throw new IOException("JDK's broken cert handling can't parse this certificate
(which PureTLS likes)");
           }
           return chain;
       }
  @@ -168,6 +176,10 @@
       }
   
   }
  +
  +
  +
  +
   
   
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message