tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: svn commit: r658474 - in /tomcat/tc6.0.x/trunk: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml webapps/docs/config/http.xml
Date Thu, 22 May 2008 14:45:56 GMT
removing (or changing signatures) for non-private methods, shouldn't 
they be @deprecated for a while?

Filip

markt@apache.org wrote:
> Author: markt
> Date: Tue May 20 15:54:32 2008
> New Revision: 658474
>
> URL: http://svn.apache.org/viewvc?rev=658474&view=rev
> Log:
> Fix remainder of https://issues.apache.org/bugzilla/show_bug.cgi?id=43094
> Provide options for selecting keystore providers
>
> Modified:
>     tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>     tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
>     tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
>
> Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=658474&r1=658473&r2=658474&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
> +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue May 20 15:54:32 2008
> @@ -249,38 +249,39 @@
>      /*
>       * Gets the SSL server's keystore.
>       */
> -    protected KeyStore getKeystore(String type, String pass)
> +    protected KeyStore getKeystore(String type, String provider, String pass)
>              throws IOException {
>  
>          String keystoreFile = (String)attributes.get("keystore");
>          if (keystoreFile == null)
>              keystoreFile = defaultKeystoreFile;
>  
> -        return getStore(type, keystoreFile, pass);
> +        return getStore(type, provider, keystoreFile, pass);
>      }
>  
>      /*
>       * Gets the SSL server's truststore.
>       */
> -    protected KeyStore getTrustStore(String keystoreType) throws IOException {
> +    protected KeyStore getTrustStore(String keystoreType,
> +            String keystoreProvider) throws IOException {
>          KeyStore trustStore = null;
>  
> -        String trustStoreFile = (String)attributes.get("truststoreFile");
> -        if(trustStoreFile == null) {
> -            trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
> +        String truststoreFile = (String)attributes.get("truststoreFile");
> +        if(truststoreFile == null) {
> +            truststoreFile = System.getProperty("javax.net.ssl.trustStore");
>          }
>          if(log.isDebugEnabled()) {
> -            log.debug("Truststore = " + trustStoreFile);
> +            log.debug("Truststore = " + truststoreFile);
>          }
> -        String trustStorePassword = (String)attributes.get("truststorePass");
> -        if( trustStorePassword == null) {
> -            trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
> +        String truststorePassword = (String)attributes.get("truststorePass");
> +        if( truststorePassword == null) {
> +            truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
>          }
> -        if( trustStorePassword == null ) {
> -            trustStorePassword = getKeystorePassword();
> +        if( truststorePassword == null ) {
> +            truststorePassword = getKeystorePassword();
>          }
>          if(log.isDebugEnabled()) {
> -            log.debug("TrustPass = " + trustStorePassword);
> +            log.debug("TrustPass = " + truststorePassword);
>          }
>          String truststoreType = (String)attributes.get("truststoreType");
>          if( truststoreType == null) {
> @@ -292,9 +293,22 @@
>          if(log.isDebugEnabled()) {
>              log.debug("trustType = " + truststoreType);
>          }
> -        if (trustStoreFile != null && trustStorePassword != null){
> -            trustStore = getStore(truststoreType, trustStoreFile,
> -                                  trustStorePassword);
> +        String truststoreProvider =
> +            (String)attributes.get("truststoreProvider");
> +        if( truststoreProvider == null) {
> +            truststoreProvider =
> +                System.getProperty("javax.net.ssl.trustStoreProvider");
> +        }
> +        if (truststoreProvider == null) {
> +            truststoreProvider = keystoreProvider;
> +        }
> +        if(log.isDebugEnabled()) {
> +            log.debug("trustProvider = " + truststoreProvider);
> +        }
> +
> +        if (truststoreFile != null && truststorePassword != null){
> +            trustStore = getStore(truststoreType, truststoreProvider,
> +                    truststoreFile, truststorePassword);
>          }
>  
>          return trustStore;
> @@ -303,13 +317,17 @@
>      /*
>       * Gets the key- or truststore with the specified type, path, and password.
>       */
> -    private KeyStore getStore(String type, String path, String pass)
> -            throws IOException {
> +    private KeyStore getStore(String type, String provider, String path,
> +            String pass) throws IOException {
>  
>          KeyStore ks = null;
>          InputStream istream = null;
>          try {
> -            ks = KeyStore.getInstance(type);
> +            if (provider == null) {
> +                ks = KeyStore.getInstance(type);
> +            } else {
> +                ks = KeyStore.getInstance(type, provider);
> +            }
>              if(!("PKCS11".equalsIgnoreCase(type) || "".equalsIgnoreCase(path))) {
>                  File keyStoreFile = new File(path);
>                  if (!keyStoreFile.isAbsolute()) {
> @@ -377,15 +395,22 @@
>                  keystoreType = defaultKeystoreType;
>              }
>  
> -        String trustAlgorithm = (String)attributes.get("truststoreAlgorithm");
> -        if( trustAlgorithm == null ) {
> -            trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
> -        }
> +            String keystoreProvider =
> +                (String) attributes.get("keystoreProvider");
> +
> +            String trustAlgorithm =
> +                (String)attributes.get("truststoreAlgorithm");
> +            if( trustAlgorithm == null ) {
> +                trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
> +            }
> +
>              // Create and init SSLContext
>              SSLContext context = SSLContext.getInstance(protocol); 
> -            context.init(getKeyManagers(keystoreType, algorithm,
> -                                        (String) attributes.get("keyAlias")),
> -                         getTrustManagers(keystoreType, trustAlgorithm),
> +            context.init(getKeyManagers(keystoreType, keystoreProvider,
> +                                 algorithm,
> +                                 (String) attributes.get("keyAlias")),
> +                         getTrustManagers(keystoreType, keystoreProvider,
> +                                 trustAlgorithm),
>                           new SecureRandom());
>  
>              // create proxy
> @@ -407,6 +432,7 @@
>       * Gets the initialized key managers.
>       */
>      protected KeyManager[] getKeyManagers(String keystoreType,
> +                                          String keystoreProvider,
>                                            String algorithm,
>                                            String keyAlias)
>                  throws Exception {
> @@ -415,7 +441,7 @@
>  
>          String keystorePass = getKeystorePassword();
>  
> -        KeyStore ks = getKeystore(keystoreType, keystorePass);
> +        KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
>          if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
>              throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
>          }
> @@ -439,17 +465,14 @@
>      /**
>       * Gets the intialized trust managers.
>       */
> -    protected TrustManager[] getTrustManagers(String keystoreType, String algorithm)
> +    protected TrustManager[] getTrustManagers(String keystoreType,
> +            String keystoreProvider, String algorithm)
>          throws Exception {
>          String crlf = (String) attributes.get("crlFile");
>          
>          TrustManager[] tms = null;
>          
> -        String truststoreType = (String) attributes.get("truststoreType");
> -        if (truststoreType == null) {
> -            truststoreType = keystoreType;
> -        }
> -        KeyStore trustStore = getTrustStore(truststoreType);
> +        KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
>          if (trustStore != null) {
>              if (crlf == null) {
>                  TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
>
> Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=658474&r1=658473&r2=658474&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue May 20 15:54:32 2008
> @@ -187,9 +187,13 @@
>          Caldarale. (markt/jim)
>        </fix>
>        <update>
> -        Add support for keystore types that do not need a file. Based on a patch by
> -        Bruno Harbulot. (markt)
> -      </update>  
> +        Add support for keystore types that do not need a file. Based on a patch
> +        by Bruno Harbulot. (markt)
> +      </update>
> +      <update>
> +        <bug>43094</bug>: Allow specification of keystore providers. Based
on a
> +        patch by Bruno Harbulot. (markt)
> +      </update>
>        <fix>
>          <bug>43191</bug>: Make it possible to override the defaults with
the
>          compressableMimeType attribute. Based on a patch by Len Popp. (markt)
>
> Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=658474&r1=658473&r2=658474&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
> +++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Tue May 20 15:54:32 2008
> @@ -671,6 +671,14 @@
>        If not specified, the default value is "<code>JKS</code>".</p>
>      </attribute>
>  
> +    <attribute name="keystoreProvider" required="false">
> +      <p>The name of the keystore provider to be used for the server
> +      certificate. If not specified, the list of registered providers is
> +      traversed in preference order and the first provider that supports the
> +      <code>keystoreType</code> is used.
> +      </p>
> +    </attribute>
> +
>      <attribute name="sslProtocol" required="false">
>        <p>The version of the SSL protocol to use.  If not specified,
>        the default is "<code>TLS</code>".</p>
> @@ -700,6 +708,14 @@
>        TrustStore then you are using for the KeyStore.</p>
>       </attribute>
>  
> +    <attribute name="truststoreProvider" required="false">
> +      <p>The name of the truststore provider to be used for the server
> +      certificate. If not specified, the list of registered providers is
> +      traversed in preference order and the first provider that supports the
> +      <code>truststoreType</code> is used.
> +      </p>
> +    </attribute>
> +
>    </attributes>
>  
>    <p>For more information, see the
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message