tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r657449 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/config/http.xml
Date Sat, 17 May 2008 19:55:56 GMT
Author: markt
Date: Sat May 17 12:55:55 2008
New Revision: 657449

URL: http://svn.apache.org/viewvc?rev=657449&view=rev
Log:
Additional patch from https://issues.apache.org/bugzilla/show_bug.cgi?id=43094
Make SSL providers configurable.
Based on a patch by Bruno Harbulot.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=657449&r1=657448&r2=657449&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Sat May 17 12:55:55
2008
@@ -250,20 +250,21 @@
     /*
      * Gets the SSL server's keystore.
      */
-    protected KeyStore getKeystore(String type, String pass)
+    protected KeyStore getKeystore(String type, String provider, String pass)
             throws IOException {
 
         String keystoreFile = (String)attributes.get("keystore");
         if (keystoreFile == null)
             keystoreFile = defaultKeystoreFile;
 
-        return getStore(type, keystoreFile, pass);
+        return getStore(type, provider, keystoreFile, pass);
     }
 
     /*
      * Gets the SSL server's truststore.
      */
-    protected KeyStore getTrustStore(String keystoreType) throws IOException {
+    protected KeyStore getTrustStore(String keystoreType,
+            String keystoreProvider) throws IOException {
         KeyStore trustStore = null;
 
         String truststoreFile = (String)attributes.get("truststoreFile");
@@ -297,9 +298,22 @@
             log.debug("trustType = " + truststoreType);
         }
 
+        String truststoreProvider =
+            (String)attributes.get("truststoreProvider");
+        if( truststoreProvider == null) {
+            truststoreProvider =
+                System.getProperty("javax.net.ssl.trustStoreProvider");
+        }
+        if (truststoreProvider == null) {
+            truststoreProvider = keystoreProvider;
+        }
+        if(log.isDebugEnabled()) {
+            log.debug("trustProvider = " + truststoreProvider);
+        }
+
         if (truststoreFile != null && truststorePassword != null){
-            trustStore = getStore(truststoreType, truststoreFile,
-                                  truststorePassword);
+            trustStore = getStore(truststoreType, truststoreProvider,
+                    truststoreFile, truststorePassword);
         }
 
         return trustStore;
@@ -308,13 +322,17 @@
     /*
      * Gets the key- or truststore with the specified type, path, and password.
      */
-    private KeyStore getStore(String type, String path, String pass)
-            throws IOException {
+    private KeyStore getStore(String type, String provider, String path,
+            String pass) throws IOException {
 
         KeyStore ks = null;
         InputStream istream = null;
         try {
-            ks = KeyStore.getInstance(type);
+            if (provider == null) {
+                ks = KeyStore.getInstance(type);
+            } else {
+                ks = KeyStore.getInstance(type, provider);
+            }
             if(!("PKCS11".equalsIgnoreCase(type) ||
                     "".equalsIgnoreCase(path))) {
                 File keyStoreFile = new File(path);
@@ -383,6 +401,9 @@
                 keystoreType = defaultKeystoreType;
             }
 
+            String keystoreProvider =
+                (String) attributes.get("keystoreProvider");
+
             String trustAlgorithm =
                 (String)attributes.get("truststoreAlgorithm");
             if( trustAlgorithm == null ) {
@@ -391,9 +412,11 @@
 
             // Create and init SSLContext
             SSLContext context = SSLContext.getInstance(protocol); 
-            context.init(getKeyManagers(keystoreType, algorithm,
-                                        (String) attributes.get("keyAlias")),
-                         getTrustManagers(keystoreType, trustAlgorithm),
+            context.init(getKeyManagers(keystoreType, keystoreProvider,
+                                 algorithm,
+                                 (String) attributes.get("keyAlias")),
+                         getTrustManagers(keystoreType, keystoreProvider,
+                                 trustAlgorithm),
                          new SecureRandom());
 
             // create proxy
@@ -416,6 +439,7 @@
      * Gets the initialized key managers.
      */
     protected KeyManager[] getKeyManagers(String keystoreType,
+                                          String keystoreProvider,
                                           String algorithm,
                                           String keyAlias)
                 throws Exception {
@@ -424,7 +448,7 @@
 
         String keystorePass = getKeystorePassword();
 
-        KeyStore ks = getKeystore(keystoreType, keystorePass);
+        KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
         if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
             throw new IOException(
                     sm.getString("jsse.alias_no_key_entry", keyAlias));
@@ -450,16 +474,13 @@
      * Gets the intialized trust managers.
      */
     protected TrustManager[] getTrustManagers(String keystoreType,
-            String algorithm) throws Exception {
+            String keystoreProvider, String algorithm)
+        throws Exception {
         String crlf = (String) attributes.get("crlFile");
         
         TrustManager[] tms = null;
         
-        String truststoreType = (String) attributes.get("truststoreType");
-        if (truststoreType == null) {
-            truststoreType = keystoreType;
-        }
-        KeyStore trustStore = getTrustStore(truststoreType);
+        KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
         if (trustStore != null) {
             if (crlf == null) {
                 TrustManagerFactory tmf =

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=657449&r1=657448&r2=657449&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Sat May 17 12:55:55 2008
@@ -671,6 +671,14 @@
       If not specified, the default value is "<code>JKS</code>".</p>
     </attribute>
 
+    <attribute name="keystoreProvider" required="false">
+      <p>The name of the keystore provider to be used for the server
+      certificate. If not specified, the list of registered providers is
+      traversed in preference order and the first provider that supports the
+      <code>keystoreType</code> is used.
+      </p>
+    </attribute>
+
     <attribute name="sslProtocol" required="false">
       <p>The version of the SSL protocol to use.  If not specified,
       the default is "<code>TLS</code>".</p>
@@ -700,6 +708,14 @@
       TrustStore then you are using for the KeyStore.</p>
      </attribute>
 
+    <attribute name="truststoreProvider" required="false">
+      <p>The name of the truststore provider to be used for the server
+      certificate. If not specified, the list of registered providers is
+      traversed in preference order and the first provider that supports the
+      <code>truststoreType</code> is used.
+      </p>
+    </attribute>
+
   </attributes>
 
   <p>For more information, see the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message