tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
Date Sat, 24 Jan 2004 04:56:32 GMT
billbarker    2004/01/23 20:56:32

  Modified:    util/java/org/apache/tomcat/util/net/jsse
                        JSSE13SocketFactory.java JSSE14SocketFactory.java
                        JSSESocketFactory.java
  Log:
  Allow the option to only "want" client authentication.
  
  Submitted By:  Michael Becker Michael.Becker@archongroup.com (with some cosmetic changes).
  
  Revision  Changes    Path
  1.7       +21 -2     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
  
  Index: JSSE13SocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- JSSE13SocketFactory.java	11 Oct 2003 04:24:30 -0000	1.6
  +++ JSSE13SocketFactory.java	24 Jan 2004 04:56:32 -0000	1.7
  @@ -64,6 +64,7 @@
   import java.security.Security;
   
   import javax.net.ssl.SSLServerSocket;
  +import javax.net.ssl.SSLSocket;
   
   /*
     1. Make the JSSE's jars available, either as an installed
  @@ -85,6 +86,11 @@
    */
   public class JSSE13SocketFactory extends JSSESocketFactory
   {
  +    /**
  +     * Flag for client authentication
  +     */
  +    protected boolean clientAuth = false;
  +
       public JSSE13SocketFactory () {
           super();
       }
  @@ -106,8 +112,10 @@
               Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
   
               String clientAuthStr = (String)attributes.get("clientauth");
  -            if (clientAuthStr != null){
  -                clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
  +            if("true".equalsIgnoreCase(clientAuthStr) || 
  +               "yes".equalsIgnoreCase(clientAuthStr)  ||
  +               "want".equalsIgnoreCase(clientAuthStr)) {
  +                clientAuth = true;
               }
               
               // SSL protocol variant (e.g., TLS, SSL v3, etc.)
  @@ -171,6 +179,17 @@
       }
       protected void setEnabledProtocols(SSLServerSocket socket, 
                                                String [] protocols){
  +    }
  +
  +    protected void configureClientAuth(SSLServerSocket socket){
  +        socket.setNeedClientAuth(clientAuth);
  +    }
  +
  +    protected void configureClientAuth(SSLSocket socket){
  +        // In JSSE 1.0.2 docs it does not explicitly
  +        // state whether SSLSockets returned from 
  +        // SSLServerSocket.accept() inherit this setting.
  +        socket.setNeedClientAuth(clientAuth);
       }
   
   }
  
  
  
  1.21      +30 -2     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
  
  Index: JSSE14SocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- JSSE14SocketFactory.java	19 Nov 2003 18:02:53 -0000	1.20
  +++ JSSE14SocketFactory.java	24 Jan 2004 04:56:32 -0000	1.21
  @@ -68,6 +68,7 @@
   import javax.net.ssl.KeyManagerFactory;
   import javax.net.ssl.SSLContext;
   import javax.net.ssl.SSLServerSocket;
  +import javax.net.ssl.SSLSocket;
   import javax.net.ssl.TrustManager;
   import javax.net.ssl.TrustManagerFactory;
   import javax.net.ssl.X509KeyManager;
  @@ -97,6 +98,16 @@
       private static StringManager sm =
           StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
   
  +    /**
  +     * Flag to state that we require client authentication.
  +     */
  +    protected boolean requireClientAuth = false;
  +
  +    /**
  +     * Flag to state that we would like client authentication.
  +     */
  +    protected boolean wantClientAuth    = false;
  +
       public JSSE14SocketFactory () {
           super();
       }
  @@ -108,8 +119,11 @@
           try {
   
               String clientAuthStr = (String) attributes.get("clientauth");
  -            if (clientAuthStr != null){
  -                clientAuth = Boolean.valueOf(clientAuthStr).booleanValue();
  +            if("true".equalsIgnoreCase(clientAuthStr) ||
  +               "yes".equalsIgnoreCase(clientAuthStr)) {
  +                requireClientAuth = true;
  +            } else if("want".equalsIgnoreCase(clientAuthStr)) {
  +                wantClientAuth = true;
               }
   
               // SSL protocol variant (e.g., TLS, SSL v3, etc.)
  @@ -281,4 +295,18 @@
   
           return enabledProtocols;
       }
  +
  +    protected void configureClientAuth(SSLServerSocket socket){
  +        if (wantClientAuth){
  +            socket.setWantClientAuth(wantClientAuth);
  +        } else {
  +            socket.setNeedClientAuth(requireClientAuth);
  +        }
  +    }
  +
  +    protected void configureClientAuth(SSLSocket socket){
  +        // Per JavaDocs: SSLSockets returned from 
  +        // SSLServerSocket.accept() inherit this setting.
  +    }
  +    
   }
  
  
  
  1.13      +19 -3     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
  
  Index: JSSESocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- JSSESocketFactory.java	18 Dec 2003 05:19:47 -0000	1.12
  +++ JSSESocketFactory.java	24 Jan 2004 04:56:32 -0000	1.13
  @@ -106,7 +106,7 @@
           org.apache.commons.logging.LogFactory.getLog(JSSESocketFactory.class);
   
       protected boolean initialized;
  -    protected boolean clientAuth = false;
  +    protected String clientAuth = "false";
       protected SSLServerSocketFactory sslProxy = null;
       protected String[] enabledCiphers;
      
  @@ -149,7 +149,7 @@
           SSLSocket asock = null;
           try {
                asock = (SSLSocket)socket.accept();
  -             asock.setNeedClientAuth(clientAuth);
  +             configureClientAuth(asock);
           } catch (SSLException e){
             throw new SocketException("SSL handshake error" + e.toString());
           }
  @@ -363,6 +363,22 @@
                                               String [] protocols);
   
       /**
  +     * Configure Client authentication for this version of JSSE.  The
  +     * JSSE included in Java 1.4 supports the 'want' value.  Prior
  +     * versions of JSSE will treat 'want' as 'false'.
  +     * @param socket the SSLServerSocket
  +     */
  +    abstract protected void configureClientAuth(SSLServerSocket socket);
  +
  +    /**
  +     * Configure Client authentication for this version of JSSE.  The
  +     * JSSE included in Java 1.4 supports the 'want' value.  Prior
  +     * versions of JSSE will treat 'want' as 'false'.
  +     * @param ssocket the SSLSocket
  +     */
  +    abstract protected void configureClientAuth(SSLSocket socket);
  +    
  +    /**
        * Configures the given SSL server socket with the requested cipher suites,
        * protocol versions, and need for client authentication
        */
  @@ -380,7 +396,7 @@
   
           // we don't know if client auth is needed -
           // after parsing the request we may re-handshake
  -        socket.setNeedClientAuth(clientAuth);
  +        configureClientAuth(socket);
       }
   
   }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message