tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteConnector.java CoyoteServerSocketFactory.java mbeans-descriptors.xml
Date Fri, 11 Jul 2003 01:04:43 GMT
luehe       2003/07/10 18:04:43

  Modified:    catalina/src/share/org/apache/coyote/tomcat5
                        CoyoteConnector.java CoyoteServerSocketFactory.java
                        mbeans-descriptors.xml
  Log:
  Added support for enabling subset of supported SSL cipher suites (based on earlier proposal)
  
  Revision  Changes    Path
  1.12      +34 -1     jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java
  
  Index: CoyoteConnector.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- CoyoteConnector.java	10 Jul 2003 23:30:49 -0000	1.11
  +++ CoyoteConnector.java	11 Jul 2003 01:04:43 -0000	1.12
  @@ -1294,6 +1294,8 @@
               IntrospectionUtils.setProperty(protocolHandler,
                                              "sSLImplementation",
                                              ssf.getSSLImplementation());
  +            IntrospectionUtils.setProperty(protocolHandler, "ciphers",
  +                                           ssf.getCiphers());
           } else {
               IntrospectionUtils.setProperty(protocolHandler, "secure",
                                              "" + false);
  @@ -1461,7 +1463,6 @@
           return null;
       }
   
  -
       /**
        * Set keystorePass
        */
  @@ -1472,6 +1473,38 @@
               ((CoyoteServerSocketFactory)factory).setKeystorePass(keystorePass);
           }
       }
  +
  +    /**
  +     * Gets the list of SSL cipher suites that are to be enabled
  +     *
  +     * @return Comma-separated list of SSL cipher suites, or null if all
  +     * cipher suites supported by the underlying SSL implementation are being
  +     * enabled
  +     */
  +    public String getCiphers() {
  +        ServerSocketFactory factory = getFactory();
  +        if (factory instanceof CoyoteServerSocketFactory) {
  +            return ((CoyoteServerSocketFactory)factory).getCiphers();
  +        }
  +        return null;
  +    }
  +
  +    /**
  +     * Sets the SSL cipher suites that are to be enabled.
  +     *
  +     * Only those SSL cipher suites that are actually supported by
  +     * the underlying SSL implementation will be enabled.
  +     *
  +     * @param ciphers Comma-separated list of SSL cipher suites
  +     */
  +    public void setCiphers(String ciphers) {
  +        setProperty("ciphers", ciphers);
  +        ServerSocketFactory factory = getFactory();
  +        if (factory instanceof CoyoteServerSocketFactory) {
  +            ((CoyoteServerSocketFactory)factory).setCiphers(ciphers);
  +        }
  +    }
  +
   
       // -------------------- JMX registration  --------------------
       protected String domain;
  
  
  
  1.2       +108 -36   jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java
  
  Index: CoyoteServerSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- CoyoteServerSocketFactory.java	19 Apr 2003 18:49:10 -0000	1.1
  +++ CoyoteServerSocketFactory.java	11 Jul 2003 01:04:43 -0000	1.2
  @@ -102,48 +102,73 @@
   public class CoyoteServerSocketFactory
       implements org.apache.catalina.net.ServerSocketFactory {
   
  +    private String algorithm = null;
  +    private boolean clientAuth = false;
  +    private String keystoreFile =
  +        System.getProperty("user.home") + File.separator + ".keystore";
  +    private String randomFile =
  +        System.getProperty("user.home") + File.separator + "random.pem";
  +    private String rootFile =
  +        System.getProperty("user.home") + File.separator + "root.pem";
  +    private String keystorePass = "changeit";
  +    private String keystoreType = "JKS";
  +    private String protocol = "TLS";
  +    private String sslImplementation = null;
  +    private String cipherSuites;
   
       // ------------------------------------------------------------- Properties
   
  -
       /**
  -     * Certificate encoding algorithm to be used.
  +     * Gets the certificate encoding algorithm to be used.
  +     *
  +     * @return Certificate encoding algorithm
        */
  -    private String algorithm = null;
  -
       public String getAlgorithm() {
           return (this.algorithm);
       }
   
  +    /**
  +     * Sets the certificate encoding algorithm to be used.
  +     *
  +     * @param algorithm Certificate encoding algorithm
  +     */
       public void setAlgorithm(String algorithm) {
           this.algorithm = algorithm;
       }
   
  -
       /**
  -     * Should we require client authentication?
  +     * Provides information about whether client authentication is enforced.
  +     *
  +     * @return true if client authentication is enforced, false otherwise
        */
  -    private boolean clientAuth = false;
  -
       public boolean getClientAuth() {
           return (this.clientAuth);
       }
   
  +    /**
  +     * Sets the requirement of client authentication.
  +     *
  +     * @param clientAuth true if client authentication is enforced, false
  +     * otherwise
  +     */
       public void setClientAuth(boolean clientAuth) {
           this.clientAuth = clientAuth;
       }
   
  -
       /**
  -     * Pathname to the key store file to be used.
  +     * Gets the pathname to the keystore file.
  +     *
  +     * @return Pathname to the keystore file
        */
  -    private String keystoreFile =
  -        System.getProperty("user.home") + File.separator + ".keystore";
  -
       public String getKeystoreFile() {
           return (this.keystoreFile);
       }
   
  +    /**
  +     * Sets the pathname to the keystore file.
  +     *
  +     * @param keystoreFile Pathname to the keystore file
  +     */
       public void setKeystoreFile(String keystoreFile) {
         
           File file = new File(keystoreFile);
  @@ -154,15 +179,19 @@
       }
   
       /**
  -     * Pathname to the random file to be used.
  +     * Gets the pathname to the random file.
  +     *
  +     * @return Pathname to the random file
        */
  -    private String randomFile =
  -        System.getProperty("user.home") + File.separator + "random.pem";
  -
       public String getRandomFile() {
           return (this.randomFile);
       }
   
  +    /**
  +     * Sets the pathname to the random file.
  +     *
  +     * @param randomFile Pathname to the random file
  +     */
       public void setRandomFile(String randomFile) {
         
           File file = new File(randomFile);
  @@ -173,15 +202,19 @@
       }
   
       /**
  -     * Pathname to the root list to be used.
  +     * Gets the pathname to the root list.
  +     *
  +     * @return Pathname to the root list
        */
  -    private String rootFile =
  -        System.getProperty("user.home") + File.separator + "root.pem";
  -
       public String getRootFile() {
           return (this.rootFile);
       }
   
  +    /**
  +     * Sets the pathname to the root list.
  +     *
  +     * @param rootFile Pathname to the root list
  +     */
       public void setRootFile(String rootFile) {
         
           File file = new File(rootFile);
  @@ -192,60 +225,99 @@
       }
        
       /**
  -     * Password for accessing the key store file.
  +     * Gets the keystore password.
  +     *
  +     * @return Keystore password
        */
  -    private String keystorePass = "changeit";
  -
       public String getKeystorePass() {
           return (this.keystorePass);
       }
   
  +    /**
  +     * Sets the keystore password.
  +     *
  +     * @param keystorePass Keystore password
  +     */
       public void setKeystorePass(String keystorePass) {
           this.keystorePass = keystorePass;
       }
   
  -
       /**
  -     * Storeage type of the key store file to be used.
  +     * Gets the keystore type.
  +     *
  +     * @return Keystore type
        */
  -    private String keystoreType = "JKS";
  -
       public String getKeystoreType() {
           return (this.keystoreType);
       }
   
  +    /**
  +     * Sets the keystore type.
  +     *
  +     * @param keystoreType Keystore type
  +     */
       public void setKeystoreType(String keystoreType) {
           this.keystoreType = keystoreType;
       }
   
  -
       /**
  -     * SSL protocol variant to use.
  +     * Gets the SSL protocol variant to be used.
  +     *
  +     * @return SSL protocol variant
        */
  -    private String protocol = "TLS";
  -
       public String getProtocol() {
           return (this.protocol);
       }
   
  +    /**
  +     * Sets the SSL protocol variant to be used.
  +     *
  +     * @param protocol SSL protocol variant
  +     */
       public void setProtocol(String protocol) {
           this.protocol = protocol;
       }
   
  -
       /**
  -     * SSL implementation to use.
  +     * Gets the name of the SSL implementation to be used.
  +     *
  +     * @return SSL implementation name
        */
  -    private String sslImplementation = null;
  -
       public String getSSLImplementation() {
           return (this.sslImplementation);
       }
   
  +    /**
  +     * Sets the name of the SSL implementation to be used.
  +     *
  +     * @param sslImplementation SSL implementation name
  +     */
       public void setSSLImplementation(String sslImplementation) {
           this.sslImplementation = sslImplementation;
       }
   
  +    /**
  +     * Gets the list of SSL cipher suites that are to be enabled
  +     *
  +     * @return Comma-separated list of SSL cipher suites, or null if all
  +     * cipher suites supported by the underlying SSL implementation are being
  +     * enabled
  +     */
  +    public String getCiphers() {
  +	return this.cipherSuites;
  +    }
  +
  +    /**
  +     * Sets the SSL cipher suites that are to be enabled.
  +     *
  +     * Only those SSL cipher suites that are actually supported by
  +     * the underlying SSL implementation will be enabled.
  +     *
  +     * @param ciphers Comma-separated list of SSL cipher suites
  +     */
  +    public void setCiphers(String ciphers) {
  +	this.cipherSuites = ciphers;
  +    }
   
   
       // --------------------------------------------------------- Public Methods
  
  
  
  1.2       +4 -0      jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml
  
  Index: mbeans-descriptors.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- mbeans-descriptors.xml	19 Apr 2003 18:49:10 -0000	1.1
  +++ mbeans-descriptors.xml	11 Jul 2003 01:04:43 -0000	1.2
  @@ -28,6 +28,10 @@
             description="Should we require client authentication?"
                    type="boolean"/>
   
  +    <attribute   name="ciphers"
  +          description="Comma-separated list of SSL cipher suites to be enabled"
  +                 type="java.lang.String"/>
  +
       <attribute   name="connectionTimeout"
             description="Timeout value on the incoming connection"
                    type="int"/>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message