Return-Path: 
 <tomcat-dev-return-30713-qmlist-jakarta-archive-tomcat-dev=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 19455 invoked from network); 16 Jun 2003 02:46:05 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 16 Jun 2003 02:46:05 -0000
Received: (qmail 21891 invoked by uid 97); 16 Jun 2003 02:48:31 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org
Received: (qmail 21884 invoked from network); 16 Jun 2003 02:48:31 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 16 Jun 2003 02:48:31 -0000
Received: (qmail 18632 invoked by uid 500); 16 Jun 2003 02:45:58 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 18619 invoked by uid 500); 16 Jun 2003 02:45:58 -0000
Received: (qmail 18616 invoked from network); 16 Jun 2003 02:45:58 -0000
Received: from icarus.apache.org (208.185.179.13)
  by daedalus.apache.org with SMTP; 16 Jun 2003 02:45:58 -0000
Received: (qmail 80865 invoked by uid 1385); 16 Jun 2003 02:45:57 -0000
Date: 16 Jun 2003 02:45:57 -0000
Message-ID: <20030616024557.80864.qmail@icarus.apache.org>
From: billbarker@apache.org
To: jakarta-tomcat-connectors-cvs@apache.org
Subject: cvs commit:
 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls
 PureTLSSocketFactory.java PureTLSSupport.java
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

billbarker    2003/06/15 19:45:56

  Modified:    util/java/org/apache/tomcat/util/net/puretls
                        PureTLSSocketFactory.java PureTLSSupport.java
  Log:
  Fixes for CLIENT-CERT auth when using PureTLS
  
  1) We need to set the rootFile always, since it is needed for CLIENT-CERT even when clientAuth="false".
  2) Fix off-by-one problem with generating the x509 certs.
  
  Revision  Changes    Path
  1.3       +9 -5      jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
  
  Index: PureTLSSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- PureTLSSocketFactory.java	12 Jun 2003 04:30:41 -0000	1.2
  +++ PureTLSSocketFactory.java	16 Jun 2003 02:45:56 -0000	1.3
  @@ -160,11 +160,15 @@
   		}
   	    }
   
  -	    SSLContext tmpContext=new SSLContext();
  -	    if(clientAuth){
  -		tmpContext.loadRootCertificates(rootFile);
  -	    }
  -	    tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
  +            SSLContext tmpContext=new SSLContext();
  +            try {
  +                tmpContext.loadRootCertificates(rootFile);
  +            } catch(IOException iex) {
  +                if(logger.isDebugEnabled())
  +                    logger.debug("Error loading Client Root Store: " + 
  +                                 rootFile,iex);
  +            }
  +            tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
   	    tmpContext.useRandomnessFile(randomFile,keyPass);
   	    
   	    SSLPolicyInt policy=new SSLPolicyInt();
  
  
  
  1.2       +16 -4     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
  
  Index: PureTLSSupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- PureTLSSupport.java	4 Oct 2002 20:03:10 -0000	1.1
  +++ PureTLSSupport.java	16 Jun 2003 02:45:56 -0000	1.2
  @@ -64,6 +64,7 @@
   import java.net.*;
   import java.util.Vector;
   import java.security.cert.CertificateFactory;
  +import java.security.cert.X509Certificate;
   import org.apache.tomcat.util.buf.HexUtils;
   
   import COM.claymoresystems.sslg.*;
  @@ -83,6 +84,9 @@
   */
   
   class PureTLSSupport implements SSLSupport {
  +    static org.apache.commons.logging.Log logger =
  +	org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
  +
       private COM.claymoresystems.ptls.SSLSocket ssl;
   
       PureTLSSupport(SSLSocket sock){
  @@ -130,12 +134,16 @@
                 CertificateFactory.getInstance("X.509");
               ByteArrayInputStream stream =
                 new ByteArrayInputStream(buffer);
  -            
  -            chain[i]=(java.security.cert.X509Certificate)
  -              cf.generateCertificate(stream);
  +
  +            X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
  +            chain[i-1]= xCert;
  +            if(logger.isTraceEnabled()) {
  +		logger.trace("Cert # " + i + " = " + xCert);
  +	    }
             }
           } catch (java.security.cert.CertificateException e) {
  -            throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes");
  +	    logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
  +            throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
           }
           return chain;
       }
  @@ -168,6 +176,10 @@
       }
   
   }
  +
  +
  +
  +
   
   
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org