tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11AprProcessor.java
Date Tue, 12 Jul 2005 17:01:42 GMT
remm        2005/07/12 10:01:42

  Modified:    jni/java/org/apache/tomcat/jni SSLSocket.java
               http11/src/java/org/apache/coyote/http11
                        Http11AprProcessor.java
  Log:
  - Translate old SSL code to APR (untested right now).
  
  Revision  Changes    Path
  1.18      +1 -4      jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java
  
  Index: SSLSocket.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- SSLSocket.java	12 Jul 2005 14:56:09 -0000	1.17
  +++ SSLSocket.java	12 Jul 2005 17:01:42 -0000	1.18
  @@ -16,9 +16,6 @@
   
   package org.apache.tomcat.jni;
   
  -/* Import needed classes */
  -import java.nio.ByteBuffer;
  -
   /** SSL Socket
    *
    * @author Mladen Turk
  
  
  
  1.23      +52 -31    jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
  
  Index: Http11AprProcessor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- Http11AprProcessor.java	7 Jul 2005 22:54:13 -0000	1.22
  +++ Http11AprProcessor.java	12 Jul 2005 17:01:42 -0000	1.23
  @@ -16,6 +16,7 @@
   
   package org.apache.coyote.http11;
   
  +import java.io.ByteArrayInputStream;
   import java.io.IOException;
   import java.io.InterruptedIOException;
   import java.net.InetAddress;
  @@ -24,6 +25,8 @@
   import java.util.regex.PatternSyntaxException;
   import java.security.AccessController;
   import java.security.PrivilegedAction;
  +import java.security.cert.CertificateFactory;
  +import java.security.cert.X509Certificate;
   
   import org.apache.coyote.ActionCode;
   import org.apache.coyote.ActionHook;
  @@ -41,6 +44,8 @@
   import org.apache.coyote.http11.filters.VoidOutputFilter;
   import org.apache.coyote.http11.filters.BufferedInputFilter;
   import org.apache.tomcat.jni.Address;
  +import org.apache.tomcat.jni.SSL;
  +import org.apache.tomcat.jni.SSLSocket;
   import org.apache.tomcat.jni.Sockaddr;
   import org.apache.tomcat.jni.Socket;
   import org.apache.tomcat.util.buf.Ascii;
  @@ -50,7 +55,6 @@
   import org.apache.tomcat.util.http.FastHttpDateFormat;
   import org.apache.tomcat.util.http.MimeHeaders;
   import org.apache.tomcat.util.net.AprEndpoint;
  -import org.apache.tomcat.util.net.SSLSupport;
   import org.apache.tomcat.util.threads.ThreadWithAttributes;
   
   
  @@ -90,6 +94,8 @@
           outputBuffer = new InternalAprOutputBuffer(response, headerBufferSize);
           response.setOutputBuffer(outputBuffer);
           request.setResponse(response);
  +        
  +        ssl = !"off".equalsIgnoreCase(endpoint.getSSLEngine());
   
           initializeFilters();
   
  @@ -194,10 +200,10 @@
   
   
       /**
  -     * SSL information.
  +     * SSL enabled ?
        */
  -    protected SSLSupport sslSupport;
  -
  +    protected boolean ssl = false;
  +    
   
       /**
        * Socket associated with the current connection.
  @@ -645,14 +651,6 @@
   
   
       /**
  -     * Set the SSL information for this HTTP connection.
  -     */
  -    public void setSSLSupport(SSLSupport sslSupport) {
  -        this.sslSupport = sslSupport;
  -    }
  -
  -
  -    /**
        * Set the flag to control upload time-outs.
        */
       public void setDisableUploadTimeout(boolean isDisabled) {
  @@ -898,9 +896,6 @@
           inputBuffer.recycle();
           outputBuffer.recycle();
   
  -        // Recycle ssl info
  -        sslSupport = null;
  -        
           return openSocket;
           
       }
  @@ -1084,23 +1079,36 @@
           } else if (actionCode == ActionCode.ACTION_REQ_SSL_ATTRIBUTE ) {
   
               try {
  -                if (sslSupport != null) {
  -                    Object sslO = sslSupport.getCipherSuite();
  +                if (ssl) {
  +                    Object sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_CIPHER);
                       if (sslO != null)
                           request.setAttribute
  -                            (SSLSupport.CIPHER_SUITE_KEY, sslO);
  -                    sslO = sslSupport.getPeerCertificateChain(false);
  +                            ("javax.servlet.request.cipher_suite", sslO);
  +                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
  +                    X509Certificate[] certs = new X509Certificate[certLength];
  +                    for (int i = 0; i < certLength; i++) {
  +                        byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN
+ i);
  +                        CertificateFactory cf =
  +                            CertificateFactory.getInstance("X.509");
  +                        ByteArrayInputStream stream = new ByteArrayInputStream(data);
  +                        certs[i] = (X509Certificate) cf.generateCertificate(stream);
  +                    }
  +                    if (certLength > 0) {
  +                        sslO = certs;
  +                    } else {
  +                        sslO = null;
  +                    }
                       if (sslO != null)
                           request.setAttribute
  -                            (SSLSupport.CERTIFICATE_KEY, sslO);
  -                    sslO = sslSupport.getKeySize();
  +                            ("javax.servlet.request.X509Certificate", sslO);
  +                    sslO = new Integer(SSLSocket.getInfoI(socket, SSL.SSL_INFO_CIPHER_USEKEYSIZE));
                       if (sslO != null)
                           request.setAttribute
  -                            (SSLSupport.KEY_SIZE_KEY, sslO);
  -                    sslO = sslSupport.getSessionId();
  +                            ("javax.servlet.request.key_size", sslO);
  +                    sslO = SSLSocket.getInfoS(socket, SSL.SSL_INFO_SESSION_ID);
                       if (sslO != null)
                           request.setAttribute
  -                            (SSLSupport.SESSION_ID_KEY, sslO);
  +                            ("javax.servlet.request.ssl_session", sslO);
                   }
               } catch (Exception e) {
                   log.warn("Exception getting SSL attributes " ,e);
  @@ -1108,7 +1116,7 @@
   
           } else if (actionCode == ActionCode.ACTION_REQ_SSL_CERTIFICATE) {
   
  -            if( sslSupport != null) {
  +            if (ssl) {
                   /*
                    * Consume and buffer the request body, so that it does not
                    * interfere with the client's handshake messages
  @@ -1119,11 +1127,24 @@
                   inputBuffer.addActiveFilter
                       (inputFilters[Constants.BUFFERED_FILTER]);
                   try {
  -                    Object sslO = sslSupport.getPeerCertificateChain(true);
  -                    if( sslO != null) {
  -                        request.setAttribute
  -                            (SSLSupport.CERTIFICATE_KEY, sslO);
  +                    // FIXME: Verify this is the right thing to do
  +                    SSLSocket.renegotiate(socket);
  +                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
  +                    X509Certificate[] certs = new X509Certificate[certLength];
  +                    for (int i = 0; i < certLength; i++) {
  +                        byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN
+ i);
  +                        CertificateFactory cf =
  +                            CertificateFactory.getInstance("X.509");
  +                        ByteArrayInputStream stream = new ByteArrayInputStream(data);
  +                        certs[i] = (X509Certificate) cf.generateCertificate(stream);
                       }
  +                    Object sslO = null;
  +                    if (certLength > 0) {
  +                        sslO = certs;
  +                    }
  +                    if (sslO != null)
  +                        request.setAttribute
  +                            ("javax.servlet.request.X509Certificate", sslO);
                   } catch (Exception e) {
                       log.warn("Exception getting SSL Cert", e);
                   }
  @@ -1179,7 +1200,7 @@
           contentDelimitation = false;
           expectation = false;
           sendfileData = null;
  -        if (sslSupport != null) {
  +        if (ssl) {
               request.scheme().setString("https");
           }
           MessageBytes protocolMB = request.protocol();
  @@ -1396,7 +1417,7 @@
           }
   
           if (colonPos < 0) {
  -            if (sslSupport == null) {
  +            if (ssl) {
                   // 80 - Default HTTTP port
                   request.setServerPort(80);
               } else {
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message