Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/TcpConnectionHandler.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/TcpConnectionHandler.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/TcpConnectionHandler.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/TcpConnectionHandler.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net;
+
+
+/**
+ * This interface will be implemented by any object that
+ * uses TcpConnections. It is supported by the pool tcp
+ * connection manager and should be supported by future
+ * managers.
+ * The goal is to decouple the connection handler from
+ * the thread, socket and pooling complexity.
+ */
+public interface TcpConnectionHandler {
+
+ /** Add informations about the a "controler" object
+ * specific to the server. In tomcat it will be a
+ * ContextManager.
+ * @deprecated This has nothing to do with TcpHandling,
+ * was used as a workaround
+ */
+ public void setServer(Object manager);
+
+
+ /** Used to pass config informations to the handler.
+ *
+ * @deprecated This has nothing to do with Tcp,
+ * was used as a workaround.
+ */
+ public void setAttribute(String name, Object value );
+
+ /** Called before the call to processConnection.
+ * If the thread is reused, init() should be called once per thread.
+ *
+ * It may look strange, but it's a _very_ good way to avoid synchronized
+ * methods and keep per thread data.
+ *
+ * Assert: the object returned from init() will be passed to
+ * all processConnection() methods happening in the same thread.
+ *
+ */
+ public Object[] init( );
+
+ /**
+ * Assert: connection!=null
+ * Assert: connection.getSocket() != null
+ * Assert: thData != null and is the result of calling init()
+ * Assert: thData is preserved per Thread.
+ */
+ public void processConnection(TcpConnection connection, Object thData[]);
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/URL.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/URL.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/URL.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/URL.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,732 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net;
+
+
+import java.io.Serializable;
+import java.net.MalformedURLException;
+
+
+/**
+ * <p><strong>URL</strong> is designed to provide public APIs for parsing
+ * and synthesizing Uniform Resource Locators as similar as possible to the
+ * APIs of <code>java.net.URL</code>, but without the ability to open a
+ * stream or connection. One of the consequences of this is that you can
+ * construct URLs for protocols for which a URLStreamHandler is not
+ * available (such as an "https" URL when JSSE is not installed).</p>
+ *
+ * <p><strong>WARNING</strong> - This class assumes that the string
+ * representation of a URL conforms to the <code>spec</code> argument
+ * as described in RFC 2396 "Uniform Resource Identifiers: Generic Syntax":
+ * <pre>
+ * <scheme>//<authority><path>?<query>#<fragment>
+ * </pre></p>
+ *
+ * <p><strong>FIXME</strong> - This class really ought to end up in a Commons
+ * package someplace.</p>
+ *
+ * @author Craig R. McClanahan
+ * @version $Id: URL.java 939351 2010-04-29 15:41:54Z kkolinko $
+ */
+
+public final class URL implements Serializable {
+
+
+ // ----------------------------------------------------------- Constructors
+
+
+ /**
+ * Create a URL object from the specified String representation.
+ *
+ * @param spec String representation of the URL
+ *
+ * @exception MalformedURLException if the string representation
+ * cannot be parsed successfully
+ */
+ public URL(String spec) throws MalformedURLException {
+
+ this(null, spec);
+
+ }
+
+
+ /**
+ * Create a URL object by parsing a string representation relative
+ * to a specified context. Based on logic from JDK 1.3.1's
+ * <code>java.net.URL</code>.
+ *
+ * @param context URL against which the relative representation
+ * is resolved
+ * @param spec String representation of the URL (usually relative)
+ *
+ * @exception MalformedURLException if the string representation
+ * cannot be parsed successfully
+ */
+ public URL(URL context, String spec) throws MalformedURLException {
+
+ String original = spec;
+ int i, limit, c;
+ int start = 0;
+ String newProtocol = null;
+ boolean aRef = false;
+
+ try {
+
+ // Eliminate leading and trailing whitespace
+ limit = spec.length();
+ while ((limit > 0) && (spec.charAt(limit - 1) <= ' ')) {
+ limit--;
+ }
+ while ((start < limit) && (spec.charAt(start) <= ' ')) {
+ start++;
+ }
+
+ // If the string representation starts with "url:", skip it
+ if (spec.regionMatches(true, start, "url:", 0, 4)) {
+ start += 4;
+ }
+
+ // Is this a ref relative to the context URL?
+ if ((start < spec.length()) && (spec.charAt(start) == '#')) {
+ aRef = true;
+ }
+
+ // Parse out the new protocol
+ for (i = start; !aRef && (i < limit) ; i++) {
+ c = spec.charAt(i);
+ if (c == ':') {
+ String s = spec.substring(start, i).toLowerCase();
+ // Assume all protocols are valid
+ newProtocol = s;
+ start = i + 1;
+ break;
+ } else if( c == '#' ) {
+ aRef = true;
+ } else if( !isSchemeChar((char)c) ) {
+ break;
+ }
+ }
+
+ // Only use our context if the protocols match
+ protocol = newProtocol;
+ if ((context != null) && ((newProtocol == null) ||
+ newProtocol.equalsIgnoreCase(context.getProtocol()))) {
+ // If the context is a hierarchical URL scheme and the spec
+ // contains a matching scheme then maintain backwards
+ // compatibility and treat it as if the spec didn't contain
+ // the scheme; see 5.2.3 of RFC2396
+ if ((context.getPath() != null) &&
+ (context.getPath().startsWith("/")))
+ newProtocol = null;
+ if (newProtocol == null) {
+ protocol = context.getProtocol();
+ authority = context.getAuthority();
+ userInfo = context.getUserInfo();
+ host = context.getHost();
+ port = context.getPort();
+ file = context.getFile();
+ int question = file.lastIndexOf("?");
+ if (question < 0)
+ path = file;
+ else
+ path = file.substring(0, question);
+ }
+ }
+
+ if (protocol == null)
+ throw new MalformedURLException("no protocol: " + original);
+
+ // Parse out any ref portion of the spec
+ i = spec.indexOf('#', start);
+ if (i >= 0) {
+ ref = spec.substring(i + 1, limit);
+ limit = i;
+ }
+
+ // Parse the remainder of the spec in a protocol-specific fashion
+ parse(spec, start, limit);
+ if (context != null)
+ normalize();
+
+
+ } catch (MalformedURLException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new MalformedURLException(e.toString());
+ }
+
+ }
+
+
+
+
+
+ /**
+ * Create a URL object from the specified components. The default port
+ * number for the specified protocol will be used.
+ *
+ * @param protocol Name of the protocol to use
+ * @param host Name of the host addressed by this protocol
+ * @param file Filename on the specified host
+ *
+ * @exception MalformedURLException is never thrown, but present for
+ * compatible APIs
+ */
+ public URL(String protocol, String host, String file)
+ throws MalformedURLException {
+
+ this(protocol, host, -1, file);
+
+ }
+
+
+ /**
+ * Create a URL object from the specified components. Specifying a port
+ * number of -1 indicates that the URL should use the default port for
+ * that protocol. Based on logic from JDK 1.3.1's
+ * <code>java.net.URL</code>.
+ *
+ * @param protocol Name of the protocol to use
+ * @param host Name of the host addressed by this protocol
+ * @param port Port number, or -1 for the default port for this protocol
+ * @param file Filename on the specified host
+ *
+ * @exception MalformedURLException is never thrown, but present for
+ * compatible APIs
+ */
+ public URL(String protocol, String host, int port, String file)
+ throws MalformedURLException {
+
+ this.protocol = protocol;
+ this.host = host;
+ this.port = port;
+
+ int hash = file.indexOf('#');
+ this.file = hash < 0 ? file : file.substring(0, hash);
+ this.ref = hash < 0 ? null : file.substring(hash + 1);
+ int question = file.lastIndexOf('?');
+ if (question >= 0) {
+ query = file.substring(question + 1);
+ path = file.substring(0, question);
+ } else
+ path = file;
+
+ if ((host != null) && (host.length() > 0))
+ authority = (port == -1) ? host : host + ":" + port;
+
+ }
+
+
+ // ----------------------------------------------------- Instance Variables
+
+
+ /**
+ * The authority part of the URL.
+ */
+ private String authority = null;
+
+
+ /**
+ * The filename part of the URL.
+ */
+ private String file = null;
+
+
+ /**
+ * The host name part of the URL.
+ */
+ private String host = null;
+
+
+ /**
+ * The path part of the URL.
+ */
+ private String path = null;
+
+
+ /**
+ * The port number part of the URL.
+ */
+ private int port = -1;
+
+
+ /**
+ * The protocol name part of the URL.
+ */
+ private String protocol = null;
+
+
+ /**
+ * The query part of the URL.
+ */
+ private String query = null;
+
+
+ /**
+ * The reference part of the URL.
+ */
+ private String ref = null;
+
+
+ /**
+ * The user info part of the URL.
+ */
+ private String userInfo = null;
+
+
+ // --------------------------------------------------------- Public Methods
+
+
+ /**
+ * Compare two URLs for equality. The result is <code>true</code> if and
+ * only if the argument is not null, and is a <code>URL</code> object
+ * that represents the same <code>URL</code> as this object. Two
+ * <code>URLs</code> are equal if they have the same protocol and
+ * reference the same host, the same port number on the host,
+ * and the same file and anchor on the host.
+ *
+ * @param obj The URL to compare against
+ */
+ public boolean equals(Object obj) {
+
+ if (obj == null)
+ return (false);
+ if (!(obj instanceof URL))
+ return (false);
+ URL other = (URL) obj;
+ if (!sameFile(other))
+ return (false);
+ return (compare(ref, other.getRef()));
+
+ }
+
+
+ /**
+ * Return the authority part of the URL.
+ */
+ public String getAuthority() {
+
+ return (this.authority);
+
+ }
+
+
+ /**
+ * Return the filename part of the URL. <strong>NOTE</strong> - For
+ * compatibility with <code>java.net.URL</code>, this value includes
+ * the query string if there was one. For just the path portion,
+ * call <code>getPath()</code> instead.
+ */
+ public String getFile() {
+
+ if (file == null)
+ return ("");
+ return (this.file);
+
+ }
+
+
+ /**
+ * Return the host name part of the URL.
+ */
+ public String getHost() {
+
+ return (this.host);
+
+ }
+
+
+ /**
+ * Return the path part of the URL.
+ */
+ public String getPath() {
+
+ if (this.path == null)
+ return ("");
+ return (this.path);
+
+ }
+
+
+ /**
+ * Return the port number part of the URL.
+ */
+ public int getPort() {
+
+ return (this.port);
+
+ }
+
+
+ /**
+ * Return the protocol name part of the URL.
+ */
+ public String getProtocol() {
+
+ return (this.protocol);
+
+ }
+
+
+ /**
+ * Return the query part of the URL.
+ */
+ public String getQuery() {
+
+ return (this.query);
+
+ }
+
+
+ /**
+ * Return the reference part of the URL.
+ */
+ public String getRef() {
+
+ return (this.ref);
+
+ }
+
+
+ /**
+ * Return the user info part of the URL.
+ */
+ public String getUserInfo() {
+
+ return (this.userInfo);
+
+ }
+
+
+ /**
+ * Normalize the <code>path</code> (and therefore <code>file</code>)
+ * portions of this URL.
+ * <p>
+ * <strong>NOTE</strong> - This method is not part of the public API
+ * of <code>java.net.URL</code>, but is provided as a value added
+ * service of this implementation.
+ *
+ * @exception MalformedURLException if a normalization error occurs,
+ * such as trying to move about the hierarchical root
+ */
+ public void normalize() throws MalformedURLException {
+
+ // Special case for null path
+ if (path == null) {
+ if (query != null)
+ file = "?" + query;
+ else
+ file = "";
+ return;
+ }
+
+ // Create a place for the normalized path
+ String normalized = path;
+ if (normalized.equals("/.")) {
+ path = "/";
+ if (query != null)
+ file = path + "?" + query;
+ else
+ file = path;
+ return;
+ }
+
+ // Normalize the slashes and add leading slash if necessary
+ if (normalized.indexOf('\\') >= 0)
+ normalized = normalized.replace('\\', '/');
+ if (!normalized.startsWith("/"))
+ normalized = "/" + normalized;
+
+ // Resolve occurrences of "//" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("//");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 1);
+ }
+
+ // Resolve occurrences of "/./" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/./");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 2);
+ }
+
+ // Resolve occurrences of "/../" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/../");
+ if (index < 0)
+ break;
+ if (index == 0)
+ throw new MalformedURLException
+ ("Invalid relative URL reference");
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ normalized = normalized.substring(0, index2) +
+ normalized.substring(index + 3);
+ }
+
+ // Resolve occurrences of "/." at the end of the normalized path
+ if (normalized.endsWith("/."))
+ normalized = normalized.substring(0, normalized.length() - 1);
+
+ // Resolve occurrences of "/.." at the end of the normalized path
+ if (normalized.endsWith("/..")) {
+ int index = normalized.length() - 3;
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ if (index2 < 0)
+ throw new MalformedURLException
+ ("Invalid relative URL reference");
+ normalized = normalized.substring(0, index2 + 1);
+ }
+
+ // Return the normalized path that we have completed
+ path = normalized;
+ if (query != null)
+ file = path + "?" + query;
+ else
+ file = path;
+
+ }
+
+
+ /**
+ * Compare two URLs, excluding the "ref" fields. Returns <code>true</code>
+ * if this <code>URL</code> and the <code>other</code> argument both refer
+ * to the same resource. The two <code>URLs</code> might not both contain
+ * the same anchor.
+ */
+ public boolean sameFile(URL other) {
+
+ if (!compare(protocol, other.getProtocol()))
+ return (false);
+ if (!compare(host, other.getHost()))
+ return (false);
+ if (port != other.getPort())
+ return (false);
+ if (!compare(file, other.getFile()))
+ return (false);
+ return (true);
+
+ }
+
+
+ /**
+ * Return a string representation of this URL. This follow the rules in
+ * RFC 2396, Section 5.2, Step 7.
+ */
+ public String toExternalForm() {
+
+ StringBuffer sb = new StringBuffer();
+ if (protocol != null) {
+ sb.append(protocol);
+ sb.append(":");
+ }
+ if (authority != null) {
+ sb.append("//");
+ sb.append(authority);
+ }
+ if (path != null)
+ sb.append(path);
+ if (query != null) {
+ sb.append('?');
+ sb.append(query);
+ }
+ if (ref != null) {
+ sb.append('#');
+ sb.append(ref);
+ }
+ return (sb.toString());
+
+ }
+
+
+ /**
+ * Return a string representation of this object.
+ */
+ public String toString() {
+
+ StringBuffer sb = new StringBuffer("URL[");
+ sb.append("authority=");
+ sb.append(authority);
+ sb.append(", file=");
+ sb.append(file);
+ sb.append(", host=");
+ sb.append(host);
+ sb.append(", port=");
+ sb.append(port);
+ sb.append(", protocol=");
+ sb.append(protocol);
+ sb.append(", query=");
+ sb.append(query);
+ sb.append(", ref=");
+ sb.append(ref);
+ sb.append(", userInfo=");
+ sb.append(userInfo);
+ sb.append("]");
+ return (sb.toString());
+
+ // return (toExternalForm());
+
+ }
+
+
+ // -------------------------------------------------------- Private Methods
+
+
+ /**
+ * Compare to String values for equality, taking appropriate care if one
+ * or both of the values are <code>null</code>.
+ *
+ * @param first First string
+ * @param second Second string
+ */
+ private boolean compare(String first, String second) {
+
+ if (first == null) {
+ if (second == null)
+ return (true);
+ else
+ return (false);
+ } else {
+ if (second == null)
+ return (false);
+ else
+ return (first.equals(second));
+ }
+
+ }
+
+
+ /**
+ * Parse the specified portion of the string representation of a URL,
+ * assuming that it has a format similar to that for <code>http</code>.
+ *
+ * <p><strong>FIXME</strong> - This algorithm can undoubtedly be optimized
+ * for performance. However, that needs to wait until after sufficient
+ * unit tests are implemented to guarantee correct behavior with no
+ * regressions.</p>
+ *
+ * @param spec String representation being parsed
+ * @param start Starting offset, which will be just after the ':' (if
+ * there is one) that determined the protocol name
+ * @param limit Ending position, which will be the position of the '#'
+ * (if there is one) that delimited the anchor
+ *
+ * @exception MalformedURLException if a parsing error occurs
+ */
+ private void parse(String spec, int start, int limit)
+ throws MalformedURLException {
+
+ // Trim the query string (if any) off the tail end
+ int question = spec.lastIndexOf('?', limit - 1);
+ if ((question >= 0) && (question < limit)) {
+ query = spec.substring(question + 1, limit);
+ limit = question;
+ } else {
+ query = null;
+ }
+
+ // Parse the authority section
+ if (spec.indexOf("//", start) == start) {
+ int pathStart = spec.indexOf("/", start + 2);
+ if ((pathStart >= 0) && (pathStart < limit)) {
+ authority = spec.substring(start + 2, pathStart);
+ start = pathStart;
+ } else {
+ authority = spec.substring(start + 2, limit);
+ start = limit;
+ }
+ if (authority.length() > 0) {
+ int at = authority.indexOf('@');
+ if( at >= 0 ) {
+ userInfo = authority.substring(0,at);
+ }
+ int ipv6 = authority.indexOf('[',at+1);
+ int hStart = at+1;
+ if( ipv6 >= 0 ) {
+ hStart = ipv6;
+ ipv6 = authority.indexOf(']', ipv6);
+ if( ipv6 < 0 ) {
+ throw new MalformedURLException(
+ "Closing ']' not found in IPV6 address: " + authority);
+ } else {
+ at = ipv6-1;
+ }
+ }
+
+ int colon = authority.indexOf(':', at+1);
+ if (colon >= 0) {
+ try {
+ port =
+ Integer.parseInt(authority.substring(colon + 1));
+ } catch (NumberFormatException e) {
+ throw new MalformedURLException(e.toString());
+ }
+ host = authority.substring(hStart, colon);
+ } else {
+ host = authority.substring(hStart);
+ port = -1;
+ }
+ }
+ }
+
+ // Parse the path section
+ if (spec.indexOf("/", start) == start) { // Absolute path
+ path = spec.substring(start, limit);
+ if (query != null)
+ file = path + "?" + query;
+ else
+ file = path;
+ return;
+ }
+
+ // Resolve relative path against our context's file
+ if (path == null) {
+ if (query != null)
+ file = "?" + query;
+ else
+ file = null;
+ return;
+ }
+ if (!path.startsWith("/"))
+ throw new MalformedURLException
+ ("Base path does not start with '/'");
+ if (!path.endsWith("/"))
+ path += "/../";
+ path += spec.substring(start, limit);
+ if (query != null)
+ file = path + "?" + query;
+ else
+ file = path;
+ return;
+
+ }
+
+ /**
+ * Determine if the character is allowed in the scheme of a URI.
+ * See RFC 2396, Section 3.1
+ */
+ public static boolean isSchemeChar(char c) {
+ return Character.isLetterOrDigit(c) ||
+ c == '+' || c == '-' || c == '.';
+ }
+
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEFactory.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEFactory.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEFactory.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEFactory.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+
+import javax.net.ssl.SSLSocket;
+
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import javax.net.ssl.SSLSession;
+
+/**
+ * Factory interface to construct components based on the JSSE version
+ * in use.
+ *
+ * @author Bill Barker
+ * @author Filip Hanik
+ */
+
+public class JSSEFactory {
+
+ /**
+ * Returns the ServerSocketFactory to use.
+ */
+ public ServerSocketFactory getSocketFactory() {
+ return new JSSESocketFactory();
+ }
+
+ /**
+ * returns the SSLSupport attached to this socket.
+ */
+ public SSLSupport getSSLSupport(Socket socket) {
+ return new JSSESupport((SSLSocket)socket);
+ }
+
+ public SSLSupport getSSLSupport(SSLSession session) {
+ return new JSSESupport(session);
+ }
+
+};
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+
+import org.apache.tomcat.util.net.SSLImplementation;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import javax.net.ssl.SSLSession;
+
+/* JSSEImplementation:
+
+ Concrete implementation class for JSSE
+
+ @author EKR
+*/
+
+public class JSSEImplementation extends SSLImplementation
+{
+ static final String SSLSocketClass = "javax.net.ssl.SSLSocket";
+
+ static org.apache.juli.logging.Log logger =
+ org.apache.juli.logging.LogFactory.getLog(JSSEImplementation.class);
+
+ private JSSEFactory factory = null;
+
+ public JSSEImplementation() throws ClassNotFoundException {
+ // Check to see if JSSE is floating around somewhere
+ Class.forName(SSLSocketClass);
+ factory = new JSSEFactory();
+ }
+
+
+ public String getImplementationName(){
+ return "JSSE";
+ }
+
+ public ServerSocketFactory getServerSocketFactory() {
+ ServerSocketFactory ssf = factory.getSocketFactory();
+ return ssf;
+ }
+
+ public SSLSupport getSSLSupport(Socket s) {
+ SSLSupport ssls = factory.getSSLSupport(s);
+ return ssls;
+ }
+
+ public SSLSupport getSSLSupport(SSLSession session) {
+ SSLSupport ssls = factory.getSSLSupport(session);
+ return ssls;
+ }
+
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,144 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509KeyManager;
+
+/**
+ * X509KeyManager which allows selection of a specific keypair and certificate
+ * chain (identified by their keystore alias name) to be used by the server to
+ * authenticate itself to SSL clients.
+ *
+ * @author Jan Luehe
+ */
+public final class JSSEKeyManager implements X509KeyManager {
+
+ private X509KeyManager delegate;
+ private String serverKeyAlias;
+
+ /**
+ * Constructor.
+ *
+ * @param mgr The X509KeyManager used as a delegate
+ * @param serverKeyAlias The alias name of the server's keypair and
+ * supporting certificate chain
+ */
+ public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) {
+ this.delegate = mgr;
+ this.serverKeyAlias = serverKeyAlias;
+ }
+
+ /**
+ * Choose an alias to authenticate the client side of a secure socket,
+ * given the public key type and the list of certificate issuer authorities
+ * recognized by the peer (if any).
+ *
+ * @param keyType The key algorithm type name(s), ordered with the
+ * most-preferred key type first
+ * @param issuers The list of acceptable CA issuer subject names, or null
+ * if it does not matter which issuers are used
+ * @param socket The socket to be used for this connection. This parameter
+ * can be null, in which case this method will return the most generic
+ * alias to use
+ *
+ * @return The alias name for the desired key, or null if there are no
+ * matches
+ */
+ public String chooseClientAlias(String[] keyType, Principal[] issuers,
+ Socket socket) {
+ return delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ /**
+ * Returns this key manager's server key alias that was provided in the
+ * constructor.
+ *
+ * @param keyType The key algorithm type name (ignored)
+ * @param issuers The list of acceptable CA issuer subject names, or null
+ * if it does not matter which issuers are used (ignored)
+ * @param socket The socket to be used for this connection. This parameter
+ * can be null, in which case this method will return the most generic
+ * alias to use (ignored)
+ *
+ * @return Alias name for the desired key
+ */
+ public String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket) {
+ return serverKeyAlias;
+ }
+
+ /**
+ * Returns the certificate chain associated with the given alias.
+ *
+ * @param alias The alias name
+ *
+ * @return Certificate chain (ordered with the user's certificate first
+ * and the root certificate authority last), or null if the alias can't be
+ * found
+ */
+ public X509Certificate[] getCertificateChain(String alias) {
+ return delegate.getCertificateChain(alias);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the client side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType The key algorithm type name
+ * @param issuers The list of acceptable CA issuer subject names, or null
+ * if it does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the server side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType The key algorithm type name
+ * @param issuers The list of acceptable CA issuer subject names, or null
+ * if it does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+ /**
+ * Returns the key associated with the given alias.
+ *
+ * @param alias The alias name
+ *
+ * @return The requested key, or null if the alias can't be found
+ */
+ public PrivateKey getPrivateKey(String alias) {
+ return delegate.getPrivateKey(alias);
+ }
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,869 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CRL;
+import java.security.cert.CRLException;
+import java.security.cert.CertPathParameters;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreParameters;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509CertSelector;
+import java.util.Collection;
+import java.util.Vector;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
+
+import org.apache.tomcat.util.res.StringManager;
+
+/*
+ 1. Make the JSSE's jars available, either as an installed
+ extension (copy them into jre/lib/ext) or by adding
+ them to the Tomcat classpath.
+ 2. keytool -genkey -alias tomcat -keyalg RSA
+ Use "changeit" as password ( this is the default we use )
+ */
+
+/**
+ * SSL server socket factory. It _requires_ a valid RSA key and
+ * JSSE.
+ *
+ * @author Harish Prabandham
+ * @author Costin Manolache
+ * @author Stefan Freyr Stefansson
+ * @author EKR -- renamed to JSSESocketFactory
+ * @author Jan Luehe
+ * @author Bill Barker
+ */
+public class JSSESocketFactory
+ extends org.apache.tomcat.util.net.ServerSocketFactory {
+
+ private static StringManager sm =
+ StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
+
+ private static final boolean RFC_5746_SUPPORTED;
+
+ // defaults
+ static String defaultProtocol = "TLS";
+ static boolean defaultClientAuth = false;
+ static String defaultKeystoreType = "JKS";
+ private static final String defaultKeystoreFile
+ = System.getProperty("user.home") + "/.keystore";
+ private static final String defaultKeyPass = "changeit";
+ private static final int defaultSessionCacheSize = 0;
+ private static final int defaultSessionTimeout = 86400;
+
+ static org.apache.juli.logging.Log log =
+ org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
+
+ static {
+ boolean result = false;
+ SSLContext context;
+ try {
+ context = SSLContext.getInstance("TLS");
+ context.init(null, null, new SecureRandom());
+ SSLServerSocketFactory ssf = context.getServerSocketFactory();
+ String ciphers[] = ssf.getSupportedCipherSuites();
+ for (String cipher : ciphers) {
+ if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
+ result = true;
+ break;
+ }
+ }
+ } catch (NoSuchAlgorithmException e) {
+ // Assume no RFC 5746 support
+ } catch (KeyManagementException e) {
+ // Assume no RFC 5746 support
+ }
+ RFC_5746_SUPPORTED = result;
+ }
+
+ protected boolean initialized;
+ protected String clientAuth = "false";
+ protected SSLServerSocketFactory sslProxy = null;
+ protected String[] enabledCiphers;
+ protected boolean allowUnsafeLegacyRenegotiation = false;
+
+ /**
+ * Flag to state that we require client authentication.
+ */
+ protected boolean requireClientAuth = false;
+
+ /**
+ * Flag to state that we would like client authentication.
+ */
+ protected boolean wantClientAuth = false;
+
+
+ public JSSESocketFactory () {
+ }
+
+ public ServerSocket createSocket (int port)
+ throws IOException
+ {
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port);
+ initServerSocket(socket);
+ return socket;
+ }
+
+ public ServerSocket createSocket (int port, int backlog)
+ throws IOException
+ {
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port, backlog);
+ initServerSocket(socket);
+ return socket;
+ }
+
+ public ServerSocket createSocket (int port, int backlog,
+ InetAddress ifAddress)
+ throws IOException
+ {
+ if (!initialized) init();
+ ServerSocket socket = sslProxy.createServerSocket(port, backlog,
+ ifAddress);
+ initServerSocket(socket);
+ return socket;
+ }
+
+ public Socket acceptSocket(ServerSocket socket)
+ throws IOException
+ {
+ SSLSocket asock = null;
+ try {
+ asock = (SSLSocket)socket.accept();
+ configureClientAuth(asock);
+ } catch (SSLException e){
+ throw new SocketException("SSL handshake error" + e.toString());
+ }
+ return asock;
+ }
+
+ public void handshake(Socket sock) throws IOException {
+ ((SSLSocket)sock).startHandshake();
+
+ if (!allowUnsafeLegacyRenegotiation && !RFC_5746_SUPPORTED) {
+ // Prevent further handshakes by removing all cipher suites
+ ((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
+ }
+ }
+
+ /*
+ * Determines the SSL cipher suites to be enabled.
+ *
+ * @param requestedCiphers Comma-separated list of requested ciphers
+ * @param supportedCiphers Array of supported ciphers
+ *
+ * @return Array of SSL cipher suites to be enabled, or null if none of the
+ * requested ciphers are supported
+ */
+ protected String[] getEnabledCiphers(String requestedCiphers,
+ String[] supportedCiphers) {
+
+ String[] enabledCiphers = null;
+
+ if (requestedCiphers != null) {
+ Vector vec = null;
+ String cipher = requestedCiphers;
+ int index = requestedCiphers.indexOf(',');
+ if (index != -1) {
+ int fromIndex = 0;
+ while (index != -1) {
+ cipher = requestedCiphers.substring(fromIndex, index).trim();
+ if (cipher.length() > 0) {
+ /*
+ * Check to see if the requested cipher is among the
+ * supported ciphers, i.e., may be enabled
+ */
+ for (int i=0; supportedCiphers != null
+ && i<supportedCiphers.length; i++) {
+ if (supportedCiphers[i].equals(cipher)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(cipher);
+ break;
+ }
+ }
+ }
+ fromIndex = index+1;
+ index = requestedCiphers.indexOf(',', fromIndex);
+ } // while
+ cipher = requestedCiphers.substring(fromIndex);
+ }
+
+ if (cipher != null) {
+ cipher = cipher.trim();
+ if (cipher.length() > 0) {
+ /*
+ * Check to see if the requested cipher is among the
+ * supported ciphers, i.e., may be enabled
+ */
+ for (int i=0; supportedCiphers != null
+ && i<supportedCiphers.length; i++) {
+ if (supportedCiphers[i].equals(cipher)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(cipher);
+ break;
+ }
+ }
+ }
+ }
+
+ if (vec != null) {
+ enabledCiphers = new String[vec.size()];
+ vec.copyInto(enabledCiphers);
+ }
+ } else {
+ enabledCiphers = sslProxy.getDefaultCipherSuites();
+ }
+
+ return enabledCiphers;
+ }
+
+ /*
+ * Gets the SSL server's keystore password.
+ */
+ protected String getKeystorePassword() {
+ String keyPass = (String)attributes.get("keypass");
+ if (keyPass == null) {
+ keyPass = defaultKeyPass;
+ }
+ String keystorePass = (String)attributes.get("keystorePass");
+ if (keystorePass == null) {
+ keystorePass = keyPass;
+ }
+ return keystorePass;
+ }
+
+ /*
+ * Gets the SSL server's keystore.
+ */
+ protected KeyStore getKeystore(String type, String provider, String pass)
+ throws IOException {
+
+ String keystoreFile = (String)attributes.get("keystore");
+ if (keystoreFile == null)
+ keystoreFile = defaultKeystoreFile;
+
+ try {
+ return getStore(type, provider, keystoreFile, pass);
+ } catch (FileNotFoundException fnfe) {
+ throw fnfe;
+ } catch (IOException ioe) {
+ log.error(sm.getString("jsse.keystore_load_failed", type,
+ keystoreFile, ioe.getMessage()), ioe);
+ throw ioe;
+ }
+ }
+
+ /*
+ * Gets the SSL server's truststore.
+ */
+ protected KeyStore getTrustStore(String keystoreType,
+ String keystoreProvider) throws IOException {
+ KeyStore trustStore = null;
+
+ String truststoreFile = (String)attributes.get("truststoreFile");
+ if(truststoreFile == null) {
+ truststoreFile = System.getProperty("javax.net.ssl.trustStore");
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("Truststore = " + truststoreFile);
+ }
+ String truststorePassword = (String)attributes.get("truststorePass");
+ if( truststorePassword == null) {
+ truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+ }
+ if( truststorePassword == null ) {
+ truststorePassword = getKeystorePassword();
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("TrustPass = " + truststorePassword);
+ }
+ String truststoreType = (String)attributes.get("truststoreType");
+ if( truststoreType == null) {
+ truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
+ }
+ if(truststoreType == null) {
+ truststoreType = keystoreType;
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("trustType = " + truststoreType);
+ }
+ String truststoreProvider =
+ (String)attributes.get("truststoreProvider");
+ if( truststoreProvider == null) {
+ truststoreProvider =
+ System.getProperty("javax.net.ssl.trustStoreProvider");
+ }
+ if (truststoreProvider == null) {
+ truststoreProvider = keystoreProvider;
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("trustProvider = " + truststoreProvider);
+ }
+
+ if (truststoreFile != null) {
+ try {
+ trustStore = getStore(truststoreType, truststoreProvider,
+ truststoreFile, truststorePassword);
+ } catch (FileNotFoundException fnfe) {
+ throw fnfe;
+ } catch (IOException ioe) {
+ // Log a warning that we had a password issue
+ // and re-try, unless the password is null already
+ if (truststorePassword != null) {
+ log.warn(sm.getString("jsse.invalid_truststore_password"),
+ ioe);
+ try {
+ trustStore = getStore(truststoreType,
+ truststoreProvider, truststoreFile, null);
+ ioe = null;
+ } catch (IOException ioe2) {
+ ioe = ioe2;
+ }
+ }
+ if (ioe != null) {
+ log.error(sm.getString("jsse.keystore_load_failed",
+ truststoreType, truststoreFile, ioe.getMessage()),
+ ioe);
+ throw ioe;
+ }
+ }
+ }
+
+ return trustStore;
+ }
+
+ /*
+ * Gets the key- or truststore with the specified type, path, and password.
+ */
+ private KeyStore getStore(String type, String provider, String path,
+ String pass) throws IOException {
+
+ KeyStore ks = null;
+ InputStream istream = null;
+ try {
+ if (provider == null) {
+ ks = KeyStore.getInstance(type);
+ } else {
+ ks = KeyStore.getInstance(type, provider);
+ }
+ if(!("PKCS11".equalsIgnoreCase(type) || "".equalsIgnoreCase(path))) {
+ File keyStoreFile = new File(path);
+ if (!keyStoreFile.isAbsolute()) {
+ keyStoreFile = new File(System.getProperty("catalina.base"),
+ path);
+ }
+ istream = new FileInputStream(keyStoreFile);
+ }
+
+ char[] storePass = null;
+ if (pass != null && !"".equals(pass)) {
+ storePass = pass.toCharArray();
+ }
+ ks.load(istream, storePass);
+ } catch (FileNotFoundException fnfe) {
+ log.error(sm.getString("jsse.keystore_load_failed", type, path,
+ fnfe.getMessage()), fnfe);
+ throw fnfe;
+ } catch (IOException ioe) {
+ // May be expected when working with a trust store
+ // Re-throw. Caller will catch and log as required
+ throw ioe;
+ } catch(Exception ex) {
+ String msg = sm.getString("jsse.keystore_load_failed", type, path,
+ ex.getMessage());
+ log.error(msg, ex);
+ throw new IOException(msg);
+ } finally {
+ if (istream != null) {
+ try {
+ istream.close();
+ } catch (IOException ioe) {
+ // Do nothing
+ }
+ }
+ }
+
+ return ks;
+ }
+
+ /**
+ * Reads the keystore and initializes the SSL socket factory.
+ */
+ void init() throws IOException {
+ try {
+
+ String clientAuthStr = (String) attributes.get("clientauth");
+ if("true".equalsIgnoreCase(clientAuthStr) ||
+ "yes".equalsIgnoreCase(clientAuthStr)) {
+ requireClientAuth = true;
+ } else if("want".equalsIgnoreCase(clientAuthStr)) {
+ wantClientAuth = true;
+ }
+
+ // SSL protocol variant (e.g., TLS, SSL v3, etc.)
+ String protocol = (String) attributes.get("protocol");
+ if (protocol == null) {
+ protocol = defaultProtocol;
+ }
+
+ // Certificate encoding algorithm (e.g., SunX509)
+ String algorithm = (String) attributes.get("algorithm");
+ if (algorithm == null) {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();;
+ }
+
+ String keystoreType = (String) attributes.get("keystoreType");
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+ }
+
+ String keystoreProvider =
+ (String) attributes.get("keystoreProvider");
+
+ String trustAlgorithm =
+ (String)attributes.get("truststoreAlgorithm");
+ if( trustAlgorithm == null ) {
+ trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+
+ // Create and init SSLContext
+ SSLContext context = SSLContext.getInstance(protocol);
+ context.init(getKeyManagers(keystoreType, keystoreProvider,
+ algorithm,
+ (String) attributes.get("keyAlias")),
+ getTrustManagers(keystoreType, keystoreProvider,
+ trustAlgorithm),
+ new SecureRandom());
+
+ // Configure SSL session cache
+ int sessionCacheSize;
+ if (attributes.get("sessionCacheSize") != null) {
+ sessionCacheSize = Integer.parseInt(
+ (String)attributes.get("sessionCacheSize"));
+ } else {
+ sessionCacheSize = defaultSessionCacheSize;
+ }
+ int sessionTimeout;
+ if (attributes.get("sessionTimeout") != null) {
+ sessionTimeout = Integer.parseInt(
+ (String)attributes.get("sessionTimeout"));
+ } else {
+ sessionTimeout = defaultSessionTimeout;
+ }
+ SSLSessionContext sessionContext =
+ context.getServerSessionContext();
+ if (sessionContext != null) {
+ sessionContext.setSessionCacheSize(sessionCacheSize);
+ sessionContext.setSessionTimeout(sessionTimeout);
+ }
+
+ // create proxy
+ sslProxy = context.getServerSocketFactory();
+
+ // Determine which cipher suites to enable
+ String requestedCiphers = (String)attributes.get("ciphers");
+ enabledCiphers = getEnabledCiphers(requestedCiphers,
+ sslProxy.getSupportedCipherSuites());
+
+ allowUnsafeLegacyRenegotiation =
+ "true".equals(attributes.get("allowUnsafeLegacyRenegotiation"));
+
+ // Check the SSL config is OK
+ checkConfig();
+
+ } catch(Exception e) {
+ if( e instanceof IOException )
+ throw (IOException)e;
+ throw new IOException(e.getMessage());
+ }
+ }
+
+ /**
+ * Gets the initialized key managers.
+ */
+ protected KeyManager[] getKeyManagers(String keystoreType,
+ String keystoreProvider,
+ String algorithm,
+ String keyAlias)
+ throws Exception {
+
+ KeyManager[] kms = null;
+
+ String keystorePass = getKeystorePassword();
+
+ KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
+ if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
+ throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
+ }
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
+ kmf.init(ks, keystorePass.toCharArray());
+
+ kms = kmf.getKeyManagers();
+ if (keyAlias != null) {
+ if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
+ keyAlias = keyAlias.toLowerCase();
+ }
+ for(int i=0; i<kms.length; i++) {
+ kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], keyAlias);
+ }
+ }
+
+ return kms;
+ }
+
+ /**
+ * Gets the intialized trust managers.
+ */
+ protected TrustManager[] getTrustManagers(String keystoreType,
+ String keystoreProvider, String algorithm)
+ throws Exception {
+ String crlf = (String) attributes.get("crlFile");
+
+ TrustManager[] tms = null;
+
+ KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
+ if (trustStore != null) {
+ if (crlf == null) {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+ tmf.init(trustStore);
+ tms = getTrustManagers(tmf);
+ } else {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+ CertPathParameters params = getParameters(algorithm, crlf, trustStore);
+ ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
+ tmf.init(mfp);
+ tms = getTrustManagers(tmf);
+ }
+ }
+
+ return tms;
+ }
+
+ /**
+ * Gets the TrustManagers either from Connector's
+ * <code>trustManagerClassName</code> attribute (if set) else from the
+ * {@link TrustManagerFactory}.
+ * @return The TrustManagers to use for this connector.
+ * @throws NoSuchAlgorithmException
+ * @throws ClassNotFoundException
+ * @throws IllegalAccessException
+ * @throws InstantiationException
+ */
+ protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
+ throws NoSuchAlgorithmException, ClassNotFoundException,
+ InstantiationException, IllegalAccessException {
+
+ String className = (String) attributes.get("trustManagerClassName");
+ if(className != null && className.length() > 0) {
+ ClassLoader classLoader = getClass().getClassLoader();
+ Class<?> clazz = classLoader.loadClass(className);
+ if(!(TrustManager.class.isAssignableFrom(clazz))){
+ throw new InstantiationException(sm.getString(
+ "jsse.invalidTrustManagerClassName", className));
+ }
+ Object trustManagerObject = clazz.newInstance();
+ TrustManager trustManager = (TrustManager) trustManagerObject;
+ return new TrustManager[]{ trustManager };
+ }
+ return tmf.getTrustManagers();
+ }
+
+ /**
+ * Return the initialization parameters for the TrustManager.
+ * Currently, only the default <code>PKIX</code> is supported.
+ *
+ * @param algorithm The algorithm to get parameters for.
+ * @param crlf The path to the CRL file.
+ * @param trustStore The configured TrustStore.
+ * @return The parameters including the CRLs and TrustStore.
+ */
+ protected CertPathParameters getParameters(String algorithm,
+ String crlf,
+ KeyStore trustStore)
+ throws Exception {
+ CertPathParameters params = null;
+ if("PKIX".equalsIgnoreCase(algorithm)) {
+ PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
+ new X509CertSelector());
+ Collection crls = getCRLs(crlf);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ xparams.addCertStore(store);
+ xparams.setRevocationEnabled(true);
+ String trustLength = (String)attributes.get("trustMaxCertLength");
+ if(trustLength != null) {
+ try {
+ xparams.setMaxPathLength(Integer.parseInt(trustLength));
+ } catch(Exception ex) {
+ log.warn("Bad maxCertLength: "+trustLength);
+ }
+ }
+
+ params = xparams;
+ } else {
+ throw new CRLException("CRLs not supported for type: "+algorithm);
+ }
+ return params;
+ }
+
+
+ /**
+ * Load the collection of CRLs.
+ *
+ */
+ protected Collection<? extends CRL> getCRLs(String crlf)
+ throws IOException, CRLException, CertificateException {
+
+ File crlFile = new File(crlf);
+ if( !crlFile.isAbsolute() ) {
+ crlFile = new File(System.getProperty("catalina.base"), crlf);
+ }
+ Collection<? extends CRL> crls = null;
+ InputStream is = null;
+ try {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ is = new FileInputStream(crlFile);
+ crls = cf.generateCRLs(is);
+ } catch(IOException iex) {
+ throw iex;
+ } catch(CRLException crle) {
+ throw crle;
+ } catch(CertificateException ce) {
+ throw ce;
+ } finally {
+ if(is != null) {
+ try{
+ is.close();
+ } catch(Exception ex) {
+ }
+ }
+ }
+ return crls;
+ }
+
+ /**
+ * Set the SSL protocol variants to be enabled.
+ * @param socket the SSLServerSocket.
+ * @param protocols the protocols to use.
+ */
+ protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){
+ if (protocols != null) {
+ socket.setEnabledProtocols(protocols);
+ }
+ }
+
+ /**
+ * Determines the SSL protocol variants to be enabled.
+ *
+ * @param socket The socket to get supported list from.
+ * @param requestedProtocols Comma-separated list of requested SSL
+ * protocol variants
+ *
+ * @return Array of SSL protocol variants to be enabled, or null if none of
+ * the requested protocol variants are supported
+ */
+ protected String[] getEnabledProtocols(SSLServerSocket socket,
+ String requestedProtocols){
+ String[] supportedProtocols = socket.getSupportedProtocols();
+
+ String[] enabledProtocols = null;
+
+ if (requestedProtocols != null) {
+ Vector vec = null;
+ String protocol = requestedProtocols;
+ int index = requestedProtocols.indexOf(',');
+ if (index != -1) {
+ int fromIndex = 0;
+ while (index != -1) {
+ protocol = requestedProtocols.substring(fromIndex, index).trim();
+ if (protocol.length() > 0) {
+ /*
+ * Check to see if the requested protocol is among the
+ * supported protocols, i.e., may be enabled
+ */
+ for (int i=0; supportedProtocols != null
+ && i<supportedProtocols.length; i++) {
+ if (supportedProtocols[i].equals(protocol)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(protocol);
+ break;
+ }
+ }
+ }
+ fromIndex = index+1;
+ index = requestedProtocols.indexOf(',', fromIndex);
+ } // while
+ protocol = requestedProtocols.substring(fromIndex);
+ }
+
+ if (protocol != null) {
+ protocol = protocol.trim();
+ if (protocol.length() > 0) {
+ /*
+ * Check to see if the requested protocol is among the
+ * supported protocols, i.e., may be enabled
+ */
+ for (int i=0; supportedProtocols != null
+ && i<supportedProtocols.length; i++) {
+ if (supportedProtocols[i].equals(protocol)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(protocol);
+ break;
+ }
+ }
+ }
+ }
+
+ if (vec != null) {
+ enabledProtocols = new String[vec.size()];
+ vec.copyInto(enabledProtocols);
+ }
+ }
+
+ return enabledProtocols;
+ }
+
+ /**
+ * Configure Client authentication for this version of JSSE. The
+ * JSSE included in Java 1.4 supports the 'want' value. Prior
+ * versions of JSSE will treat 'want' as 'false'.
+ * @param socket the SSLServerSocket
+ */
+ protected void configureClientAuth(SSLServerSocket socket){
+ if (wantClientAuth){
+ socket.setWantClientAuth(wantClientAuth);
+ } else {
+ socket.setNeedClientAuth(requireClientAuth);
+ }
+ }
+
+ /**
+ * Configure Client authentication for this version of JSSE. The
+ * JSSE included in Java 1.4 supports the 'want' value. Prior
+ * versions of JSSE will treat 'want' as 'false'.
+ * @param socket the SSLSocket
+ */
+ protected void configureClientAuth(SSLSocket socket){
+ // Per JavaDocs: SSLSockets returned from
+ // SSLServerSocket.accept() inherit this setting.
+ }
+
+ /**
+ * Configures the given SSL server socket with the requested cipher suites,
+ * protocol versions, and need for client authentication
+ */
+ private void initServerSocket(ServerSocket ssocket) {
+
+ SSLServerSocket socket = (SSLServerSocket) ssocket;
+
+ if (enabledCiphers != null) {
+ socket.setEnabledCipherSuites(enabledCiphers);
+ }
+
+ String requestedProtocols = (String) attributes.get("protocols");
+ setEnabledProtocols(socket, getEnabledProtocols(socket,
+ requestedProtocols));
+
+ // we don't know if client auth is needed -
+ // after parsing the request we may re-handshake
+ configureClientAuth(socket);
+ }
+
+ /**
+ * Checks that the certificate is compatible with the enabled cipher suites.
+ * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
+ * See bug 45528.
+ */
+ private void checkConfig() throws IOException {
+ // Create an unbound server socket
+ ServerSocket socket = sslProxy.createServerSocket();
+ initServerSocket(socket);
+
+ try {
+ // Set the timeout to 1ms as all we care about is if it throws an
+ // SSLException on accept.
+ socket.setSoTimeout(1);
+
+ socket.accept();
+ // Will never get here - no client can connect to an unbound port
+ } catch (SSLException ssle) {
+ // SSL configuration is invalid. Possibly cert doesn't match ciphers
+ IOException ioe = new IOException(sm.getString(
+ "jsse.invalid_ssl_conf", ssle.getMessage()));
+ ioe.initCause(ssle);
+ throw ioe;
+ } catch (Exception e) {
+ /*
+ * Possible ways of getting here
+ * socket.accept() throws a SecurityException
+ * socket.setSoTimeout() throws a SocketException
+ * socket.accept() throws some other exception (after a JDK change)
+ * In these cases the test won't work so carry on - essentially
+ * the behaviour before this patch
+ * socket.accept() throws a SocketTimeoutException
+ * In this case all is well so carry on
+ */
+ } finally {
+ // Should be open here but just in case
+ if (!socket.isClosed()) {
+ socket.close();
+ }
+ }
+
+ }
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,269 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.SocketException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.Map;
+import java.util.WeakHashMap;
+
+import javax.net.ssl.HandshakeCompletedEvent;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.security.cert.X509Certificate;
+
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.res.StringManager;
+
+/** JSSESupport
+
+ Concrete implementation class for JSSE
+ Support classes.
+
+ This will only work with JDK 1.2 and up since it
+ depends on JDK 1.2's certificate support
+
+ @author EKR
+ @author Craig R. McClanahan
+ @author Filip Hanik
+ Parts cribbed from JSSECertCompat
+ Parts cribbed from CertificatesValve
+*/
+
+class JSSESupport implements SSLSupport {
+
+ private static org.apache.juli.logging.Log log =
+ org.apache.juli.logging.LogFactory.getLog(JSSESupport.class);
+
+ private static final StringManager sm =
+ StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
+
+ private static final Map<SSLSession,Integer> keySizeCache =
+ new WeakHashMap<SSLSession, Integer>();
+
+ protected SSLSocket ssl;
+ protected SSLSession session;
+
+ Listener listener = new Listener();
+
+ JSSESupport(SSLSocket sock){
+ ssl=sock;
+ session = sock.getSession();
+ sock.addHandshakeCompletedListener(listener);
+ }
+
+ JSSESupport(SSLSession session) {
+ this.session = session;
+ }
+
+ public String getCipherSuite() throws IOException {
+ // Look up the current SSLSession
+ if (session == null)
+ return null;
+ return session.getCipherSuite();
+ }
+
+ public Object[] getPeerCertificateChain()
+ throws IOException {
+ return getPeerCertificateChain(false);
+ }
+
+ protected java.security.cert.X509Certificate [] getX509Certificates(SSLSession session)
+ throws IOException {
+ Certificate [] certs=null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch( Throwable t ) {
+ log.debug(sm.getString("jsseSupport.clientCertError"), t);
+ return null;
+ }
+ if( certs==null ) return null;
+
+ java.security.cert.X509Certificate [] x509Certs =
+ new java.security.cert.X509Certificate[certs.length];
+ for(int i=0; i < certs.length; i++) {
+ if (certs[i] instanceof java.security.cert.X509Certificate ) {
+ // always currently true with the JSSE 1.1.x
+ x509Certs[i] = (java.security.cert.X509Certificate) certs[i];
+ } else {
+ try {
+ byte [] buffer = certs[i].getEncoded();
+ CertificateFactory cf =
+ CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream stream =
+ new ByteArrayInputStream(buffer);
+ x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream);
+ } catch(Exception ex) {
+ log.info(sm.getString(
+ "jseeSupport.certTranslationError", certs[i]), ex);
+ return null;
+ }
+ }
+ if(log.isTraceEnabled())
+ log.trace("Cert #" + i + " = " + x509Certs[i]);
+ }
+ if(x509Certs.length < 1)
+ return null;
+ return x509Certs;
+ }
+
+ public Object[] getPeerCertificateChain(boolean force)
+ throws IOException {
+ // Look up the current SSLSession
+ if (session == null)
+ return null;
+
+ // Convert JSSE's certificate format to the ones we need
+ X509Certificate [] jsseCerts = null;
+ try {
+ jsseCerts = session.getPeerCertificateChain();
+ } catch(Exception bex) {
+ // ignore.
+ }
+ if (jsseCerts == null)
+ jsseCerts = new X509Certificate[0];
+ if(jsseCerts.length <= 0 && force) {
+ session.invalidate();
+ handShake();
+ session = ssl.getSession();
+ }
+ return getX509Certificates(session);
+ }
+
+ protected void handShake() throws IOException {
+ if( ssl.getWantClientAuth() ) {
+ log.debug(sm.getString("jsseSupport.noCertWant"));
+ } else {
+ ssl.setNeedClientAuth(true);
+ }
+
+ if (ssl.getEnabledCipherSuites().length == 0) {
+ // Handshake is never going to be successful.
+ // Assume this is because handshakes are disabled
+ log.warn(sm.getString("jsseSupport.serverRenegDisabled"));
+ session.invalidate();
+ ssl.close();
+ return;
+ }
+
+ InputStream in = ssl.getInputStream();
+ int oldTimeout = ssl.getSoTimeout();
+ ssl.setSoTimeout(1000);
+ byte[] b = new byte[1];
+ listener.reset();
+ ssl.startHandshake();
+ int maxTries = 60; // 60 * 1000 = example 1 minute time out
+ for (int i = 0; i < maxTries; i++) {
+ if(log.isTraceEnabled())
+ log.trace("Reading for try #" +i);
+ try {
+ int read = in.read(b);
+ if (read > 0) {
+ // Shouldn't happen as all input should have been swallowed
+ // before trying to do the handshake. If it does, something
+ // went wrong so lets bomb out now.
+ throw new SSLException(
+ sm.getString("jsseSupport.unexpectedData"));
+ }
+ } catch(SSLException sslex) {
+ log.info(sm.getString("jsseSupport.clientCertError"), sslex);
+ throw sslex;
+ } catch (IOException e) {
+ // ignore - presumably the timeout
+ }
+ if (listener.completed) {
+ break;
+ }
+ }
+ ssl.setSoTimeout(oldTimeout);
+ if (listener.completed == false) {
+ throw new SocketException("SSL Cert handshake timeout");
+ }
+
+ }
+
+ /**
+ * Copied from <code>org.apache.catalina.valves.CertificateValve</code>
+ */
+ public Integer getKeySize()
+ throws IOException {
+ // Look up the current SSLSession
+ SSLSupport.CipherData c_aux[]=ciphers;
+ if (session == null)
+ return null;
+
+ Integer keySize = null;
+ synchronized(keySizeCache) {
+ keySize = keySizeCache.get(session);
+ }
+
+ if (keySize == null) {
+ int size = 0;
+ String cipherSuite = session.getCipherSuite();
+ for (int i = 0; i < c_aux.length; i++) {
+ if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) {
+ size = c_aux[i].keySize;
+ break;
+ }
+ }
+ keySize = new Integer(size);
+ synchronized(keySizeCache) {
+ keySizeCache.put(session, keySize);
+ }
+ }
+ return keySize;
+ }
+
+ public String getSessionId()
+ throws IOException {
+ // Look up the current SSLSession
+ if (session == null)
+ return null;
+ // Expose ssl_session (getId)
+ byte [] ssl_session = session.getId();
+ if ( ssl_session == null)
+ return null;
+ StringBuffer buf=new StringBuffer("");
+ for(int x=0; x<ssl_session.length; x++) {
+ String digit=Integer.toHexString((int)ssl_session[x]);
+ if (digit.length()<2) buf.append('0');
+ if (digit.length()>2) digit=digit.substring(digit.length()-2);
+ buf.append(digit);
+ }
+ return buf.toString();
+ }
+
+
+ private static class Listener implements HandshakeCompletedListener {
+ volatile boolean completed = false;
+ public void handshakeCompleted(HandshakeCompletedEvent event) {
+ completed = true;
+ }
+ void reset() {
+ completed = false;
+ }
+ }
+
+}
+
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java Thu Dec 15 13:55:25 2011
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509KeyManager;
+
+public class NioX509KeyManager extends X509ExtendedKeyManager {
+
+ private X509KeyManager delegate;
+ private String serverKeyAlias;
+
+ /**
+ * Constructor.
+ *
+ * @param mgr The X509KeyManager used as a delegate
+ * @param serverKeyAlias The alias name of the server's keypair and
+ * supporting certificate chain
+ */
+ public NioX509KeyManager(X509KeyManager mgr, String serverKeyAlias) {
+ this.delegate = mgr;
+ this.serverKeyAlias = serverKeyAlias;
+ }
+
+ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+ return delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+ if (serverKeyAlias!=null) {
+ return serverKeyAlias;
+ } else {
+ return delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+ }
+
+ public X509Certificate[] getCertificateChain(String alias) {
+ return delegate.getCertificateChain(alias);
+ }
+
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ return delegate.getPrivateKey(alias);
+ }
+
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+ @Override
+ public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
+ if (serverKeyAlias!=null) {
+ return serverKeyAlias;
+ } else {
+ return super.chooseEngineServerAlias(keyType, issuers, engine);
+ }
+ }
+
+
+
+
+}
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Thu Dec 15 13:55:25 2011
@@ -0,0 +1,24 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
+jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
+jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
+jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
+jsseSupport.clientCertError=Error trying to obtain a certificate from the client
+jseeSupport.certTranslationError=Error translating certificate [{0}]
+jsseSupport.noCertWant=No client certificate sent for want
+jsseSupport.serverRenegDisabled=SSL server initiated renegotiation is disabled, closing connection
+jsseSupport.unexpectedData=Unexpected data read from input stream
Added: geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings_es.properties
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings_es.properties?rev=1214761&view=auto
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings_es.properties (added)
+++ geronimo/external/trunk/tomcat-parent-6.0.35/catalina/src/main/resources/org/apache/tomcat/util/net/jsse/res/LocalStrings_es.properties Thu Dec 15 13:55:25 2011
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+jsse.alias_no_key_entry = El nombre de Alias {0} no identifica una entrada de clave
+jsse.keystore_load_failed = No pude cargar almac\u00E9n de claves de tipo {0} con ruta {1} debido a {2}
|