tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fha...@apache.org
Subject svn commit: r575798 - in /tomcat/tc6.0.x/trunk/java/org/apache: coyote/http11/Http11NioProtocol.java tomcat/util/net/NioEndpoint.java
Date Fri, 14 Sep 2007 21:30:29 GMT
Author: fhanik
Date: Fri Sep 14 14:30:29 2007
New Revision: 575798

URL: http://svn.apache.org/viewvc?rev=575798&view=rev
Log:
Backport from earlier fix
http://issues.apache.org/bugzilla/show_bug.cgi?id=43356

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=575798&r1=575797&r2=575798&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Fri Sep 14 14:30:29
2007
@@ -547,17 +547,25 @@
     public String getAlgorithm() { return ep.getAlgorithm();}
     public void setAlgorithm(String s ) { ep.setAlgorithm(s);}
     
-    public boolean getClientAuth() { return ep.getClientAuth();}
-    public void setClientAuth(boolean b ) { ep.setClientAuth(b);}
+    public void setClientauth(String s) {setClientAuth(s);}
+    public String getClientauth(){ return getClientAuth();}
+    public String getClientAuth() { return ep.getClientAuth();}
+    public void setClientAuth(String s ) { ep.setClientAuth(s);}
     
     public String getKeystorePass() { return ep.getKeystorePass();}
     public void setKeystorePass(String s ) { ep.setKeystorePass(s);}
     public void setKeypass(String s) { setKeystorePass(s);}
     public String getKeypass() { return getKeystorePass();}
-    
-    
     public String getKeystoreType() { return ep.getKeystoreType();}
     public void setKeystoreType(String s ) { ep.setKeystoreType(s);}
+    
+    public void setTruststoreFile(String f){ep.setTruststoreFile(f);}
+    public String getTruststoreFile(){return ep.getTruststoreFile();}
+    public void setTruststorePass(String p){ep.setTruststorePass(p);}
+    public String getTruststorePass(){return ep.getTruststorePass();}
+    public void setTruststoreType(String t){ep.setTruststoreType(t);}
+    public String getTruststoreType(){ return ep.getTruststoreType();}
+    
     
     public String getSslProtocol() { return ep.getSslProtocol();}
     public void setSslProtocol(String s) { ep.setSslProtocol(s);}

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=575798&r1=575797&r2=575798&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri Sep 14 14:30:29
2007
@@ -527,20 +527,50 @@
     }
 
 
+    public String adjustRelativePath(String path, String relativeTo) {
+        File f = new File(path);
+        if ( !f.isAbsolute()) {
+            path = relativeTo + File.separator + path;
+            f = new File(path);
+        }
+        if (!f.exists()) {
+            log.warn("configured file:["+path+"] does not exist.");
+        }
+        return path;
+    }
+    
+    public String defaultIfNull(String val, String defaultValue) {
+        if (val==null) return defaultValue;
+        else return val;
+    }
     // --------------------  SSL related properties --------------------
+    protected String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
+    public void setTruststoreFile(String s) {
+        s = adjustRelativePath(s,System.getProperty("catalina.base"));
+        this.truststoreFile = s;
+    }
+    public String getTruststoreFile() {return truststoreFile;}
+    protected String truststorePass = System.getProperty("javax.net.ssl.trustStorePassword");
+    public void setTruststorePass(String truststorePass) {this.truststorePass = truststorePass;}
+    public String getTruststorePass() {return truststorePass;}
+    protected String truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
+    public void setTruststoreType(String truststoreType) {this.truststoreType = truststoreType;}
+    public String getTruststoreType() {return truststoreType;}
+    
     protected String keystoreFile = System.getProperty("user.home")+"/.keystore";
     public String getKeystoreFile() { return keystoreFile;}
-    public void setKeystoreFile(String s ) { this.keystoreFile = s; }
-    public void setKeystore(String s ) { setKeystoreFile(s);}
-    public String getKeystore() { return getKeystoreFile();}
+    public void setKeystoreFile(String s ) { 
+        s = adjustRelativePath(s,System.getProperty("catalina.base"));
+        this.keystoreFile = s; 
+    }
     
     protected String algorithm = "SunX509";
     public String getAlgorithm() { return algorithm;}
     public void setAlgorithm(String s ) { this.algorithm = s;}
 
-    protected boolean clientAuth = false;
-    public boolean getClientAuth() { return clientAuth;}
-    public void setClientAuth(boolean b ) { this.clientAuth = b;}
+    protected String clientAuth = "false";
+    public String getClientAuth() { return clientAuth;}
+    public void setClientAuth(String s ) { this.clientAuth = s;}
     
     protected String keystorePass = "changeit";
     public String getKeystorePass() { return keystorePass;}
@@ -738,12 +768,22 @@
 
             KeyStore ks = KeyStore.getInstance(getKeystoreType());
             ks.load(new FileInputStream(getKeystoreFile()), passphrase);
-            KeyStore ts = KeyStore.getInstance(getKeystoreType());
-            ts.load(new FileInputStream(getKeystoreFile()), passphrase);
 
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(getAlgorithm());
             kmf.init(ks, passphrase);
 
+            char[] tpassphrase = (getTruststorePass()!=null)?getTruststorePass().toCharArray():passphrase;
+            String ttype = (getTruststoreType()!=null)?getTruststoreType():getKeystoreType();
+
+            KeyStore ts = null;
+            if (getTruststoreFile()==null) {
+                ts = KeyStore.getInstance(getKeystoreType());
+                ts.load(new FileInputStream(getKeystoreFile()), passphrase);
+            }else {
+                ts = KeyStore.getInstance(ttype);
+                ts.load(new FileInputStream(getTruststoreFile()), tpassphrase);
+            }
+
             TrustManagerFactory tmf = TrustManagerFactory.getInstance(getAlgorithm());
             tmf.init(ts);
 
@@ -995,7 +1035,14 @@
 
     protected SSLEngine createSSLEngine() {
         SSLEngine engine = sslContext.createSSLEngine();
-        engine.setNeedClientAuth(getClientAuth());
+        if ("false".equals(getClientAuth())) {
+            engine.setNeedClientAuth(false);
+            engine.setWantClientAuth(false);
+        } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
+            engine.setNeedClientAuth(true);
+        } else if ("want".equals(getClientAuth())) {
+            engine.setWantClientAuth(true);
+        }        
         engine.setUseClientMode(false);
         if ( ciphersarr.length > 0 ) engine.setEnabledCipherSuites(ciphersarr);
         if ( sslEnabledProtocolsarr.length > 0 ) engine.setEnabledProtocols(sslEnabledProtocolsarr);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message