tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r658474 - in /tomcat/tc6.0.x/trunk: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml webapps/docs/config/http.xml
Date Tue, 20 May 2008 22:54:33 GMT
Author: markt
Date: Tue May 20 15:54:32 2008
New Revision: 658474

URL: http://svn.apache.org/viewvc?rev=658474&view=rev
Log:
Fix remainder of https://issues.apache.org/bugzilla/show_bug.cgi?id=43094
Provide options for selecting keystore providers

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue May
20 15:54:32 2008
@@ -249,38 +249,39 @@
     /*
      * Gets the SSL server's keystore.
      */
-    protected KeyStore getKeystore(String type, String pass)
+    protected KeyStore getKeystore(String type, String provider, String pass)
             throws IOException {
 
         String keystoreFile = (String)attributes.get("keystore");
         if (keystoreFile == null)
             keystoreFile = defaultKeystoreFile;
 
-        return getStore(type, keystoreFile, pass);
+        return getStore(type, provider, keystoreFile, pass);
     }
 
     /*
      * Gets the SSL server's truststore.
      */
-    protected KeyStore getTrustStore(String keystoreType) throws IOException {
+    protected KeyStore getTrustStore(String keystoreType,
+            String keystoreProvider) throws IOException {
         KeyStore trustStore = null;
 
-        String trustStoreFile = (String)attributes.get("truststoreFile");
-        if(trustStoreFile == null) {
-            trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
+        String truststoreFile = (String)attributes.get("truststoreFile");
+        if(truststoreFile == null) {
+            truststoreFile = System.getProperty("javax.net.ssl.trustStore");
         }
         if(log.isDebugEnabled()) {
-            log.debug("Truststore = " + trustStoreFile);
+            log.debug("Truststore = " + truststoreFile);
         }
-        String trustStorePassword = (String)attributes.get("truststorePass");
-        if( trustStorePassword == null) {
-            trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+        String truststorePassword = (String)attributes.get("truststorePass");
+        if( truststorePassword == null) {
+            truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
         }
-        if( trustStorePassword == null ) {
-            trustStorePassword = getKeystorePassword();
+        if( truststorePassword == null ) {
+            truststorePassword = getKeystorePassword();
         }
         if(log.isDebugEnabled()) {
-            log.debug("TrustPass = " + trustStorePassword);
+            log.debug("TrustPass = " + truststorePassword);
         }
         String truststoreType = (String)attributes.get("truststoreType");
         if( truststoreType == null) {
@@ -292,9 +293,22 @@
         if(log.isDebugEnabled()) {
             log.debug("trustType = " + truststoreType);
         }
-        if (trustStoreFile != null && trustStorePassword != null){
-            trustStore = getStore(truststoreType, trustStoreFile,
-                                  trustStorePassword);
+        String truststoreProvider =
+            (String)attributes.get("truststoreProvider");
+        if( truststoreProvider == null) {
+            truststoreProvider =
+                System.getProperty("javax.net.ssl.trustStoreProvider");
+        }
+        if (truststoreProvider == null) {
+            truststoreProvider = keystoreProvider;
+        }
+        if(log.isDebugEnabled()) {
+            log.debug("trustProvider = " + truststoreProvider);
+        }
+
+        if (truststoreFile != null && truststorePassword != null){
+            trustStore = getStore(truststoreType, truststoreProvider,
+                    truststoreFile, truststorePassword);
         }
 
         return trustStore;
@@ -303,13 +317,17 @@
     /*
      * Gets the key- or truststore with the specified type, path, and password.
      */
-    private KeyStore getStore(String type, String path, String pass)
-            throws IOException {
+    private KeyStore getStore(String type, String provider, String path,
+            String pass) throws IOException {
 
         KeyStore ks = null;
         InputStream istream = null;
         try {
-            ks = KeyStore.getInstance(type);
+            if (provider == null) {
+                ks = KeyStore.getInstance(type);
+            } else {
+                ks = KeyStore.getInstance(type, provider);
+            }
             if(!("PKCS11".equalsIgnoreCase(type) || "".equalsIgnoreCase(path))) {
                 File keyStoreFile = new File(path);
                 if (!keyStoreFile.isAbsolute()) {
@@ -377,15 +395,22 @@
                 keystoreType = defaultKeystoreType;
             }
 
-        String trustAlgorithm = (String)attributes.get("truststoreAlgorithm");
-        if( trustAlgorithm == null ) {
-            trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
-        }
+            String keystoreProvider =
+                (String) attributes.get("keystoreProvider");
+
+            String trustAlgorithm =
+                (String)attributes.get("truststoreAlgorithm");
+            if( trustAlgorithm == null ) {
+                trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+            }
+
             // Create and init SSLContext
             SSLContext context = SSLContext.getInstance(protocol); 
-            context.init(getKeyManagers(keystoreType, algorithm,
-                                        (String) attributes.get("keyAlias")),
-                         getTrustManagers(keystoreType, trustAlgorithm),
+            context.init(getKeyManagers(keystoreType, keystoreProvider,
+                                 algorithm,
+                                 (String) attributes.get("keyAlias")),
+                         getTrustManagers(keystoreType, keystoreProvider,
+                                 trustAlgorithm),
                          new SecureRandom());
 
             // create proxy
@@ -407,6 +432,7 @@
      * Gets the initialized key managers.
      */
     protected KeyManager[] getKeyManagers(String keystoreType,
+                                          String keystoreProvider,
                                           String algorithm,
                                           String keyAlias)
                 throws Exception {
@@ -415,7 +441,7 @@
 
         String keystorePass = getKeystorePassword();
 
-        KeyStore ks = getKeystore(keystoreType, keystorePass);
+        KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
         if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
             throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
         }
@@ -439,17 +465,14 @@
     /**
      * Gets the intialized trust managers.
      */
-    protected TrustManager[] getTrustManagers(String keystoreType, String algorithm)
+    protected TrustManager[] getTrustManagers(String keystoreType,
+            String keystoreProvider, String algorithm)
         throws Exception {
         String crlf = (String) attributes.get("crlFile");
         
         TrustManager[] tms = null;
         
-        String truststoreType = (String) attributes.get("truststoreType");
-        if (truststoreType == null) {
-            truststoreType = keystoreType;
-        }
-        KeyStore trustStore = getTrustStore(truststoreType);
+        KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
         if (trustStore != null) {
             if (crlf == null) {
                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue May 20 15:54:32 2008
@@ -187,9 +187,13 @@
         Caldarale. (markt/jim)
       </fix>
       <update>
-        Add support for keystore types that do not need a file. Based on a patch by
-        Bruno Harbulot. (markt)
-      </update>  
+        Add support for keystore types that do not need a file. Based on a patch
+        by Bruno Harbulot. (markt)
+      </update>
+      <update>
+        <bug>43094</bug>: Allow specification of keystore providers. Based on
a
+        patch by Bruno Harbulot. (markt)
+      </update>
       <fix>
         <bug>43191</bug>: Make it possible to override the defaults with the
         compressableMimeType attribute. Based on a patch by Len Popp. (markt)

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=658474&r1=658473&r2=658474&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Tue May 20 15:54:32 2008
@@ -671,6 +671,14 @@
       If not specified, the default value is "<code>JKS</code>".</p>
     </attribute>
 
+    <attribute name="keystoreProvider" required="false">
+      <p>The name of the keystore provider to be used for the server
+      certificate. If not specified, the list of registered providers is
+      traversed in preference order and the first provider that supports the
+      <code>keystoreType</code> is used.
+      </p>
+    </attribute>
+
     <attribute name="sslProtocol" required="false">
       <p>The version of the SSL protocol to use.  If not specified,
       the default is "<code>TLS</code>".</p>
@@ -700,6 +708,14 @@
       TrustStore then you are using for the KeyStore.</p>
      </attribute>
 
+    <attribute name="truststoreProvider" required="false">
+      <p>The name of the truststore provider to be used for the server
+      certificate. If not specified, the list of registered providers is
+      traversed in preference order and the first provider that supports the
+      <code>truststoreType</code> is used.
+      </p>
+    </attribute>
+
   </attributes>
 
   <p>For more information, see the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message