Skip to content
Commits on Source (145)
45 additional commits have been omitted to prevent performance issues.
Expand all Show whitespace changes
Inline Side-by-side
.classpath 0 → 100644
View file @ a2febd0f
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="tomcat-8.0/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
<classpathentry kind="lib" path="/usr/lib/java/jss4.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-juli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-util.jar"/>
<classpathentry kind="lib" path="/usr/share/java/slf4j/slf4j-api.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
.gitignore 0 → 100644
View file @ a2febd0f
bin
build
dist
.project 0 → 100644
View file @ a2febd0f
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>tomcatjss</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>
.settings/org.eclipse.jdt.core.prefs 0 → 100644
View file @ a2febd0f
This diff is collapsed.
.settings/org.eclipse.jdt.ui.prefs 0 → 100644
View file @ a2febd0f
eclipse.preferences.version=1
editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
formatter_profile=_PKI Project Profile
formatter_settings_version=12
sp_cleanup.add_default_serial_version_id=true
sp_cleanup.add_generated_serial_version_id=false
sp_cleanup.add_missing_annotations=false
sp_cleanup.add_missing_deprecated_annotations=true
sp_cleanup.add_missing_methods=false
sp_cleanup.add_missing_nls_tags=false
sp_cleanup.add_missing_override_annotations=true
sp_cleanup.add_missing_override_annotations_interface_methods=true
sp_cleanup.add_serial_version_id=false
sp_cleanup.always_use_blocks=true
sp_cleanup.always_use_parentheses_in_expressions=false
sp_cleanup.always_use_this_for_non_static_field_access=false
sp_cleanup.always_use_this_for_non_static_method_access=false
sp_cleanup.convert_to_enhanced_for_loop=false
sp_cleanup.correct_indentation=false
sp_cleanup.format_source_code=false
sp_cleanup.format_source_code_changes_only=false
sp_cleanup.make_local_variable_final=false
sp_cleanup.make_parameters_final=false
sp_cleanup.make_private_fields_final=true
sp_cleanup.make_type_abstract_if_missing_method=false
sp_cleanup.make_variable_declarations_final=false
sp_cleanup.never_use_blocks=false
sp_cleanup.never_use_parentheses_in_expressions=true
sp_cleanup.on_save_use_additional_actions=true
sp_cleanup.organize_imports=true
sp_cleanup.qualify_static_field_accesses_with_declaring_class=false
sp_cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
sp_cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
sp_cleanup.qualify_static_member_accesses_with_declaring_class=false
sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
sp_cleanup.remove_private_constructors=true
sp_cleanup.remove_trailing_whitespaces=true
sp_cleanup.remove_trailing_whitespaces_all=true
sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
sp_cleanup.remove_unnecessary_casts=true
sp_cleanup.remove_unnecessary_nls_tags=false
sp_cleanup.remove_unused_imports=true
sp_cleanup.remove_unused_local_variables=false
sp_cleanup.remove_unused_private_fields=true
sp_cleanup.remove_unused_private_members=false
sp_cleanup.remove_unused_private_methods=true
sp_cleanup.remove_unused_private_types=true
sp_cleanup.sort_members=false
sp_cleanup.sort_members_all=false
sp_cleanup.use_blocks=false
sp_cleanup.use_blocks_only_for_return_and_throw=false
sp_cleanup.use_parentheses_in_expressions=false
sp_cleanup.use_this_for_non_static_field_access=false
sp_cleanup.use_this_for_non_static_field_access_only_if_necessary=true
sp_cleanup.use_this_for_non_static_method_access=false
sp_cleanup.use_this_for_non_static_method_access_only_if_necessary=true
.travis.yml 0 → 100644
View file @ a2febd0f
# BEGIN COPYRIGHT BLOCK
# (C) 2018 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
services:
- docker
env:
- FEDORA=27
- FEDORA=28
install:
- docker pull registry.fedoraproject.org/fedora:$FEDORA
- docker run
--name=container
--detach
-i
-v $(pwd):/root/tomcatjss
registry.fedoraproject.org/fedora:$FEDORA
- docker exec container dnf install -y dnf-plugins-core gcc make rpm-build
- docker exec container dnf copr -y enable @pki/10.6
- docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec.in
- docker exec container dnf remove -y tomcat-native
- docker exec container /root/tomcatjss/build.sh --with-timestamp --with-commit-id rpm
script:
- docker exec container rpm -Uvh /root/build/tomcatjss/RPMS/*
LICENSE 0 → 100644
View file @ a2febd0f
This diff is collapsed.
README 0 → 100644
View file @ a2febd0f
JSS Connector for Apache Tomcat, installed via the tomcatjss package,
is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
uses Java Security Services (JSS), a Java interface to Network Security
Services (NSS).
JSS Connector for Apache Tomcat defines a number of attributes for a Connector
including:
clientauth: specify if client authentication is required in the connector (or
port), it can be true or false. If true then client authentication is required.
sslOptions: specify a comma-delimited list of ssl options to pass into the ssl
implementation. Each option takes the form of: option=[true|false].
JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls.
ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for
Apache Tomcat should accept or reject from the client. You can use + to
denote "accept", - means "reject"
ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for
Apache Tomcat should accept or reject from the client. You can use + to
denote "accept", - means "reject".
tlsCiphers: specifies a list of TLS ciphers that JSS Connector for
Apache Tomcat should accept or reject from the client. You can use + to
denote "accept", - means "reject".
serverCertNickFile: a file in which specify the nickname of the
server certificate. The file should contain a single line that contains
the nickname.
passwordFile: specify a file in which a password that is required to access
NSS's security database. Each entry in the file needs to appear on its own
line and has the form: token_name=password
certdbDir: specify the directory the NSS security database resides in.
passwordClass: specify the class that will be used to read the password.
sslProtocol: needs to be SSL
sslImplementationName: MUST be org.apache.tomcat.util.net.jss.JSSImplementation
in order to use the plugin
Here is an example of a secure connector:
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
sslProtocol="SSL"
scheme="https"
secure="true"
keyStoreType="PKCS11"
maxHttpHeaderSize="8192"
acceptCount="100"
maxThreads="150"
minSpareThreads="25"
enableLookups="false"
disableUploadTimeout="true"
sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation"
enableOCSP="false"
ocspResponderURL="http://pkilinux.sjc.redhat.com:9080/ca/ocsp"
ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
ocspCacheSize="1000"
ocspMinCacheEntryDuration="60"
ocspMaxCacheEntryDuration="120"
ocspTimeout="10"
strictCiphers="false"
clientAuth="agent"
clientauth="agent"
sslOptions="ssl2=true,ssl3=true,tls=true"
ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"
ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
tlsCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
serverCertNickFile="/var/lib/pki/redhat.com-foobar/conf/serverCertNick.conf"
passwordFile="/var/lib/pki/redhat.com-foobar/conf/password.conf"
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
certdbDir="/var/lib/pki/redhat.com-foobar/alias"
/>
build.sh 0 → 100755
View file @ a2febd0f
#!/bin/bash -e
# BEGIN COPYRIGHT BLOCK
# (C) 2018 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
NAME=tomcatjss
SCRIPT_PATH=`readlink -f "$0"`
SCRIPT_NAME=`basename "$SCRIPT_PATH"`
SRC_DIR=`dirname "$SCRIPT_PATH"`
WORK_DIR="$HOME/build/$NAME"
SOURCE_TAG=
WITH_TIMESTAMP=
WITH_COMMIT_ID=
DIST=
VERBOSE=
DEBUG=
usage() {
echo "Usage: $SCRIPT_NAME [OPTIONS] <target>"
echo
echo "Options:"
echo " --work-dir=<path> Working directory (default: $WORK_DIR)."
echo " --source-tag=<tag> Generate RPM sources from a source tag."
echo " --with-timestamp Append timestamp to release number."
echo " --with-commit-id Append commit ID to release number."
echo " --dist=<name> Distribution name (e.g. fc28)."
echo " -v,--verbose Run in verbose mode."
echo " --debug Run in debug mode."
echo " --help Show help message."
echo
echo "Target:"
echo " src Generate RPM sources."
echo " spec Generate RPM spec."
echo " srpm Build SRPM package."
echo " rpm Build RPM packages (default)."
}
generate_rpm_sources() {
TARBALL="$NAME-$VERSION${_PHASE}.tar.gz"
if [ "$SOURCE_TAG" != "" ] ; then
if [ "$VERBOSE" = true ] ; then
echo "Generating $TARBALL from $SOURCE_TAG tag"
fi
git -C "$SRC_DIR" \
archive \
--format=tar.gz \
--prefix $NAME-$VERSION${_PHASE}/ \
-o "$WORK_DIR/SOURCES/$TARBALL" \
$SOURCE_TAG
if [ "$SOURCE_TAG" != "HEAD" ] ; then
TAG_ID=`git -C "$SRC_DIR" rev-parse $SOURCE_TAG`
HEAD_ID=`git -C "$SRC_DIR" rev-parse HEAD`
if [ "$TAG_ID" != "$HEAD_ID" ] ; then
generate_patch
fi
fi
return
fi
if [ "$VERBOSE" = true ] ; then
echo "Generating $TARBALL"
fi
tar czf "$WORK_DIR/SOURCES/$TARBALL" \
--transform "s,^./,$NAME-$VERSION${_PHASE}/," \
--exclude .git \
--exclude bin \
-C "$SRC_DIR" \
.
}
generate_patch() {
PATCH="$NAME-$VERSION-$RELEASE.patch"
if [ "$VERBOSE" = true ] ; then
echo "Generating $PATCH for all changes since $SOURCE_TAG tag"
fi
git -C "$SRC_DIR" \
format-patch \
--stdout \
$SOURCE_TAG \
> "$WORK_DIR/SOURCES/$PATCH"
}
generate_rpm_spec() {
RPM_SPEC="$NAME.spec"
if [ "$VERBOSE" = true ] ; then
echo "Generating $RPM_SPEC"
fi
# hard-code timestamp
commands="s/%{?_timestamp}/${_TIMESTAMP}/g"
# hard-code commit ID
commands="${commands}; s/%{?_commit_id}/${_COMMIT_ID}/g"
# hard-code phase
commands="${commands}; s/%{?_phase}/${_PHASE}/g"
# hard-code patch
if [ "$PATCH" != "" ] ; then
commands="${commands}; s/# Patch: tomcatjss-VERSION-RELEASE.patch/Patch: $PATCH/g"
fi
sed "$commands" "$SPEC_TEMPLATE" > "$WORK_DIR/SPECS/$RPM_SPEC"
# rpmlint "$WORK_DIR/SPECS/$RPM_SPEC"
}
while getopts v-: arg ; do
case $arg in
v)
VERBOSE=true
;;
-)
LONG_OPTARG="${OPTARG#*=}"
case $OPTARG in
work-dir=?*)
WORK_DIR=`readlink -f "$LONG_OPTARG"`
;;
source-tag=?*)
SOURCE_TAG="$LONG_OPTARG"
;;
with-timestamp)
WITH_TIMESTAMP=true
;;
with-commit-id)
WITH_COMMIT_ID=true
;;
dist=?*)
DIST="$LONG_OPTARG"
;;
verbose)
VERBOSE=true
;;
debug)
VERBOSE=true
DEBUG=true
;;
help)
usage
exit
;;
'')
break # "--" terminates argument processing
;;
work-dir* | source-tag* | dist*)
echo "ERROR: Missing argument for --$OPTARG option" >&2
exit 1
;;
*)
echo "ERROR: Illegal option --$OPTARG" >&2
exit 1
;;
esac
;;
\?)
exit 1 # getopts already reported the illegal option
;;
esac
done
# remove parsed options and args from $@ list
shift $((OPTIND-1))
if [ "$#" -lt 1 ] ; then
BUILD_TARGET=rpm
else
BUILD_TARGET=$1
fi
if [ "$DEBUG" = true ] ; then
echo "WORK_DIR: $WORK_DIR"
echo "BUILD_TARGET: $BUILD_TARGET"
fi
if [ "$BUILD_TARGET" != "src" ] &&
[ "$BUILD_TARGET" != "spec" ] &&
[ "$BUILD_TARGET" != "srpm" ] &&
[ "$BUILD_TARGET" != "rpm" ] ; then
echo "ERROR: Invalid build target: $BUILD_TARGET" >&2
exit 1
fi
SPEC_TEMPLATE="$SRC_DIR/$NAME.spec.in"
VERSION="`rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}'`"
if [ "$DEBUG" = true ] ; then
echo "VERSION: $VERSION"
fi
RELEASE="`rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}'`"
if [ "$DEBUG" = true ] ; then
echo "RELEASE: $RELEASE"
fi
spec=$(<"$SPEC_TEMPLATE")
regex=$'%global *_phase *([^\n]+)'
if [[ $spec =~ $regex ]] ; then
_PHASE="${BASH_REMATCH[1]}"
fi
if [ "$DEBUG" = true ] ; then
echo "PHASE: ${_PHASE}"
fi
if [ "$WITH_TIMESTAMP" = true ] ; then
TIMESTAMP="`date +"%Y%m%d%H%M%S"`"
_TIMESTAMP=".$TIMESTAMP"
fi
if [ "$DEBUG" = true ] ; then
echo "TIMESTAMP: $TIMESTAMP"
fi
if [ "$WITH_COMMIT_ID" = true ]; then
COMMIT_ID="`git -C "$SRC_DIR" rev-parse --short=8 HEAD`"
_COMMIT_ID=".$COMMIT_ID"
fi
if [ "$DEBUG" = true ] ; then
echo "COMMIT_ID: $COMMIT_ID"
fi
echo "Building $NAME-$VERSION-$RELEASE${_TIMESTAMP}${_COMMIT_ID}"
################################################################################
# Initialize working directory
################################################################################
if [ "$VERBOSE" = true ] ; then
echo "Initializing $WORK_DIR"
fi
mkdir -p $WORK_DIR
cd $WORK_DIR
rm -rf BUILD
rm -rf RPMS
rm -rf SOURCES
rm -rf SPECS
rm -rf SRPMS
mkdir BUILD
mkdir RPMS
mkdir SOURCES
mkdir SPECS
mkdir SRPMS
################################################################################
# Generate RPM sources
################################################################################
generate_rpm_sources
echo "RPM sources:"
find "$WORK_DIR/SOURCES" -type f -printf " %p\n"
if [ "$BUILD_TARGET" = "src" ] ; then
exit
fi
################################################################################
# Generate RPM spec
################################################################################
generate_rpm_spec
echo "RPM spec:"
find "$WORK_DIR/SPECS" -type f -printf " %p\n"
if [ "$BUILD_TARGET" = "spec" ] ; then
exit
fi
################################################################################
# Build source package
################################################################################
OPTIONS=()
OPTIONS+=(--quiet)
OPTIONS+=(--define "_topdir ${WORK_DIR}")
if [ "$WITH_TIMESTAMP" = true ] ; then
OPTIONS+=(--define "_timestamp ${_TIMESTAMP}")
fi
if [ "$WITH_COMMIT_ID" = true ] ; then
OPTIONS+=(--define "_commit_id ${_COMMIT_ID}")
fi
if [ "$DIST" != "" ] ; then
OPTIONS+=(--define "dist .$DIST")
fi
if [ "$DEBUG" = true ] ; then
echo "rpmbuild -bs ${OPTIONS[@]} $WORK_DIR/SPECS/$RPM_SPEC"
fi
# build SRPM with user-provided options
rpmbuild -bs "${OPTIONS[@]}" "$WORK_DIR/SPECS/$RPM_SPEC"
rc=$?
if [ $rc != 0 ]; then
echo "ERROR: Unable to build SRPM package"
exit 1
fi
SRPM=`find "$WORK_DIR/SRPMS" -type f`
echo "SRPM package:"
echo " $SRPM"
if [ "$BUILD_TARGET" = "srpm" ] ; then
exit
fi
################################################################################
# Build binary packages
################################################################################
OPTIONS=()
if [ "$VERBOSE" = true ] ; then
OPTIONS+=(--define "_verbose 1")
fi
OPTIONS+=(--define "_topdir ${WORK_DIR}")
if [ "$DEBUG" = true ] ; then
echo "rpmbuild --rebuild ${OPTIONS[@]} $SRPM"
fi
# rebuild RPM with hard-coded options in SRPM
rpmbuild --rebuild "${OPTIONS[@]}" "$SRPM"
rc=$?
if [ $rc != 0 ]; then
echo "ERROR: Unable to build RPM packages"
exit 1
fi
# install SRPM to restore sources and spec file removed during rebuild
rpm -i --define "_topdir $WORK_DIR" "$SRPM"
# flatten folder
find "$WORK_DIR/RPMS" -mindepth 2 -type f -exec mv -i '{}' "$WORK_DIR/RPMS" ';'
# remove empty subfolders
find "$WORK_DIR/RPMS" -mindepth 1 -type d -delete
echo "RPM packages:"
find "$WORK_DIR/RPMS" -type f -printf " %p\n"
build.xml 0 → 100644
View file @ a2febd0f
<!--
BEGIN COPYRIGHT BLOCK
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Copyright (C) 2007 Red Hat, Inc.
All rights reserved.
END COPYRIGHT BLOCK -->
<project name="tomcatjss" default="main" basedir=".">
<!--
Give user a chance to override without editing this file
(and without typing -D each time it compiles it)
-->
<property file=".ant.properties"/>
<property file="${user.home}/.ant.properties"/>
<property environment="env"/>
<exec executable="uname" failonerror="true" outputproperty="arch">
<arg line="-i"/>
</exec>
<!--
Set the properties that control names and versions
-->
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
<property name="version" value="7.3.0"/>
<property name="manifest-version" value="${version}"/>
<!--
Set the properties that control various build options
-->
<property name="debug" value="true"/>
<property name="chmod.fail" value="true"/>
<property name="chmod.maxparallel" value="250"/>
<property name="deprecation" value="false"/>
<property name="optimize" value="true"/>
<property name="specfile" value="tomcatjss.spec"/>
<property name="rhel" value="0"/>
<property name="jnidir" value="/usr/lib/java" />
<property name="install.doc.dir" value="/usr/share/doc/tomcatjss" />
<property name="install.jar.dir" value="/usr/share/java" />
<!--
Set the properties related to the source tree
-->
<exec executable="pwd" failonerror="true" outputproperty="cwd"/>
<property name="src.dir" value="tomcat-8.5"/>
<property name="lib.dir" value="lib"/>
<property name="docs.dir" value="docs"/>
<!--
Set the properties for the build area
-->
<property name="build.dir" value="build"/>
<property name="bootstrap.dir" value="bootstrap"/>
<property name="build.jars" value="${build.dir}/jars"/>
<property name="build.classes" value="${build.dir}/classes"/>
<property name="build.lib" value="${build.dir}/lib"/>
<property name="build.javadocs" value="${build.dir}/javadocs"/>
<property name="build.tests" value="${build.dir}/testcases"/>
<property name="build.tests.javadocs" value="${build.dir}/javadocs.test/"/>
<property name="manifest.tmp" value="${build.dir}/optional.manifest"/>
<!--
Set up properties for the distribution area
-->
<property name="dist.name" value="${name}-${version}"/>
<property name="dist.base" value="dist"/>
<property name="dist.base.source" value="${dist.base}/source"/>
<property name="dist.base.binaries" value="${dist.base}/binary"/>
<property name="dist.dir" value="dist"/>
<property name="dist.bin" value="${dist.dir}/bin"/>
<property name="dist.lib" value="${dist.dir}/lib"/>
<property name="dist.docs" value="${dist.dir}/docs"/>
<property name="dist.etc" value="${dist.dir}/etc"/>
<property name="src.dist.name" value="${name}-${version}"/>
<property name="src.dist.dir" value="dist-src"/>
<property name="src.dist.docs" value="${src.dist.dir}/docs"/>
<property name="src.dist.lib" value="${src.dist.dir}/lib"/>
<property name="rpm.dist.dir" value="${cwd}/${dist.base}/rpmpkg"/>
<!--
JARs
-->
<property name="jar.home" value="/usr/share/java" />
<property name="commons-logging.jar" value="${jar.home}/commons-logging-api.jar" />
<property name="slf4j-api.jar" value="${jar.home}/slf4j/slf4j-api.jar" />
<property name="tomcat.home" value="/usr/share/tomcat" />
<property name="tomcat-coyote.jar" value="${tomcat.home}/lib/tomcat-coyote.jar" />
<property name="tomcat-juli.jar" value="${tomcat.home}/bin/tomcat-juli.jar" />
<property name="jss.home" value="${jnidir}" />
<!-- This property is set to '/dirsec' when built on rhel4 -->
<property name="dirsec" value="" />
<property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
<property name="commons-lang.jar" value="${jar.home}/commons-lang.jar" />
<!--
Classpath
-->
<path id="classpath">
<pathelement location="${jss.jar}"/>
<pathelement location="${tomcat-coyote.jar}"/>
<pathelement location="${tomcat-juli.jar}"/>
<pathelement location="${commons-logging.jar}"/>
<pathelement location="${commons-lang.jar}"/>
<pathelement location="${slf4j-api.jar}"/>
</path>
<!--
Create binary distributions
-->
<target name="main_distribution" description="--> creates the zip and tar distributions">
<delete dir="${dist.name}"/>
<mkdir dir="${dist.base}"/>
<mkdir dir="${dist.base.source}"/>
<mkdir dir="${dist.base.binaries}"/>
<zip destfile="${dist.base.binaries}/${dist.name}.zip">
<zipfileset dir="./build/jars" filemode="755" prefix="usr/share/java">
<include name="**"/>
</zipfileset>
</zip>
<tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar">
<tarfileset dir="./build/jars" mode="755" prefix="${dist.name}/usr/share/java">
<include name="**"/>
</tarfileset>
</tar>
<gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz" src="${dist.base.binaries}/${dist.name}.tar"/>
<delete file="${dist.base.binaries}/${dist.name}.tar"/>
<delete dir="${dist.name}"/>
<checksum fileext=".md5">
<fileset dir="${dist.base.binaries}/">
<include name="**/*"/>
<exclude name="**/*.asc"/>
<exclude name="**/*.md5"/>
</fileset>
</checksum>
<checksum fileext=".sha1" algorithm="SHA">
<fileset dir="${dist.base.binaries}/">
<include name="**/*"/>
<exclude name="**/*.asc"/>
<exclude name="**/*.md5"/>
</fileset>
</checksum>
<!--
Create source distributions
-->
<zip destfile="${dist.base.source}/${src.dist.name}.zip">
<zipfileset dir="." filemode="755" prefix="${src.dist.name}">
<include name="README"/>
<include name="LICENSE"/>
<include name="build.xml"/>
<include name="src/**"/>
<include name="${src.dir}/**"/>
</zipfileset>
</zip>
<tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar">
<tarfileset dir="." mode="755" prefix="${src.dist.name}">
<include name="README"/>
<include name="LICENSE"/>
<include name="build.xml"/>
<include name="src/**"/>
<include name="${src.dir}/**"/>
</tarfileset>
</tar>
<gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz" src="${dist.base.source}/${src.dist.name}.tar"/>
<delete file="${dist.base.source}/${src.dist.name}.tar"/>
<delete dir="${dist.name}"/>
<checksum fileext=".md5">
<fileset dir="${dist.base.source}/">
<include name="**/*"/>
<exclude name="**/*.asc"/>
<exclude name="**/*.md5"/>
</fileset>
</checksum>
<checksum fileext=".sha1" algorithm="SHA">
<fileset dir="${dist.base.source}/">
<include name="**/*"/>
<exclude name="**/*.asc"/>
<exclude name="**/*.md5"/>
</fileset>
</checksum>
</target>
<target name="download"
description="Builds and download dependent components">
</target>
<target name="compile" depends=""
description="compile the source " >
<!-- Compile the java code from ${src} into ${build} -->
<mkdir dir="${build.classes}"/>
<javac debug="on" destdir="${build.classes}">
<src path="src"/>
<src path="${src.dir}"/>
<classpath refid="classpath"/>
</javac>
</target>
<target name="package" >
<mkdir dir="${build.jars}"/>
<jar jarfile="${build.jars}/tomcatjss.jar">
<fileset dir="${build.classes}">
<include name="org/**" />
</fileset>
</jar>
</target>
<target name="dist" depends="compile,package,main_distribution" description="--> creates the full Apache Ant distribution">
</target>
<target name="install" depends="compile,package">
<copy file="LICENSE" todir="${install.doc.dir}"/>
<copy file="README" todir="${install.doc.dir}"/>
<delete file="${install.jar.dir}/tomcatjss-${version}.jar"/>
<delete file="${install.jar.dir}/tomcatjss.jar"/>
<copy file="${build.jars}/tomcatjss.jar" tofile="${install.jar.dir}/tomcatjss-${version}.jar"/>
<symlink link="${install.jar.dir}/tomcatjss.jar" resource="tomcatjss-${version}.jar"/>
</target>
<target name="main" depends="compile,package">
</target>
<target name="clean">
<delete dir="${dist.base}"/>
<delete dir="${build.dir}"/>
</target>
<target name="rpms" depends="dist">
<mkdir dir="${rpm.dist.dir}"/>
<mkdir dir="${rpm.dist.dir}/SOURCES"/>
<copy file="${dist.base.source}/${src.dist.name}.tar.gz" tofile="${rpm.dist.dir}/SOURCES/${src.dist.name}.tar.gz"/>
<mkdir dir="${rpm.dist.dir}/RPMS"/>
<mkdir dir="${rpm.dist.dir}/SRPMS"/>
<mkdir dir="${rpm.dist.dir}/SPECS"/>
<copy file="${specfile}.in" tofile="${rpm.dist.dir}/SPECS/${specfile}"/>
<mkdir dir="${rpm.dist.dir}/BUILD"/>
<!--
NOTE: To only build an SRPM (e. g. - to use with "\-\-scratch"), change:
<arg value="-ba"/>
to:
<arg value="-bs"/>
-->
<exec executable="rpmbuild">
<arg value="--define"/>
<arg value="_topdir ${rpm.dist.dir}"/>
<arg value="--define"/>
<arg value="rhel ${rhel}"/>
<arg value="-ba"/>
<arg value="${rpm.dist.dir}/SPECS/${specfile}"/>
</exec>
</target>
</project>
build_tomcatjss 0 → 100755
View file @ a2febd0f
#! /bin/bash
# This script may ONLY be run on Linux!
OS=`uname`
if [ ${OS} != "Linux" ]; then
printf "The '$0' script is ONLY executable on a 'Linux' machine!\n"
exit 255
fi
# If Fedora, retrieve the release
if [ -f /etc/fedora-release ]; then
FEDORA_RELEASE=`cat /etc/fedora-release | awk {'print $3'}`
fi
ARCH=`uname -p`
if [ "${ARCH}" = "x86_64" ]; then
if [ -f /etc/fedora-release ] &&
[ ${FEDORA_RELEASE} -ge 19 ]; then
JNIDIR=/usr/lib/java
elif [ -f /etc/fedora-release ] &&
[ ${FEDORA_RELEASE} -ge 16 ]; then
JNIDIR=/usr/lib64/java
else
JNIDIR=/usr/lib/java
fi
elif [ ${ARCH} != "i686" ] ||
[ ${ARCH} != "i586" ] ||
[ ${ARCH} != "i486" ] ||
[ ${ARCH} != "i386" ]; then
JNIDIR=/usr/lib/java
else
printf "The '$0' script is NOT executable on the '${ARCH}' architecture!\n"
exit 255
fi
if [ -f /etc/fedora-release ]; then
# Script is being run on Fedora
ant -f build.xml -Drhel=0 -Djnidir=${JNIDIR} -Dspecfile=tomcatjss.spec rpms
elif [ -f /etc/redhat-release ]; then
# Script is being run on RHEL
ant -f build.xml -Drhel=1 -Djnidir=${JNIDIR} -Dspecfile=tomcatjss.spec rpms
fi
src/org/apache/tomcat/util/net/jss/IPasswordStore.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.io.IOException;
import java.util.Enumeration;
public interface IPasswordStore {
public void init(String pwdPath) throws IOException;
public String getPassword(String tag, int iteration);
public String getPassword(String tag);
public Enumeration<String> getTags();
public Object putPassword(String tag, String password);
public void commit() throws IOException, ClassCastException,
NullPointerException;
}
src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Properties;
public class PlainPasswordFile implements IPasswordStore {
private String mPwdPath = "";
private Properties mPwdStore;
private static final String PASSWORD_WRITER_HEADER = "";
public PlainPasswordFile() {
}
public void init(String pwdPath) throws IOException {
mPwdStore = new Properties();
// initialize mPwdStore
mPwdPath = pwdPath;
FileInputStream file = new FileInputStream(mPwdPath);
mPwdStore.load(file);
}
public String getPassword(String tag) {
return getPassword(tag, 0);
}
public String getPassword(String tag, int iteration) {
return mPwdStore.getProperty(tag);
}
// return an array of String-based tag
@SuppressWarnings("unchecked")
public Enumeration<String> getTags() {
return (Enumeration<String>) mPwdStore.propertyNames();
}
public Object putPassword(String tag, String password) {
return mPwdStore.setProperty(tag, password);
}
public void commit() throws IOException, ClassCastException,
NullPointerException {
FileOutputStream file = new FileOutputStream(mPwdPath);
mPwdStore.store(file, PASSWORD_WRITER_HEADER);
}
}
src/org/apache/tomcat/util/net/jss/TomcatJSS.java 0 → 100644
View file @ a2febd0f
This diff is collapsed.
src/org/dogtagpki/tomcat/Http11NioProtocol.java 0 → 100644
View file @ a2febd0f
package org.dogtagpki.tomcat;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.apache.tomcat.util.net.jss.TomcatJSS;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Http11NioProtocol extends org.apache.coyote.http11.Http11NioProtocol {
public static Logger logger = LoggerFactory.getLogger(Http11NioProtocol.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
public String getCertdbDir() {
return tomcatjss.getCertdbDir();
}
public void setCertdbDir(String certdbDir) {
tomcatjss.setCertdbDir(certdbDir);
}
public String getPasswordClass() {
return tomcatjss.getPasswordClass();
}
public void setPasswordClass(String passwordClass) {
tomcatjss.setPasswordClass(passwordClass);
}
public String getPasswordFile() {
return tomcatjss.getPasswordFile();
}
public void setPasswordFile(String passwordFile) {
tomcatjss.setPasswordFile(passwordFile);
}
public String getServerCertNickFile() {
return tomcatjss.getServerCertNickFile();
}
public void setServerCertNickFile(String serverCertNickFile) {
tomcatjss.setServerCertNickFile(serverCertNickFile);
}
public boolean getEnabledOCSP() {
return tomcatjss.getEnableOCSP();
}
public void setEnableOCSP(boolean enableOCSP) {
tomcatjss.setEnableOCSP(enableOCSP);
}
public String getOcspResponderURL() {
return tomcatjss.getOcspResponderURL();
}
public void setOcspResponderURL(String ocspResponderURL) {
tomcatjss.setOcspResponderURL(ocspResponderURL);
}
public String getOcspResponderCertNickname() {
return tomcatjss.getOcspResponderCertNickname();
}
public void setOcspResponderCertNickname(String ocspResponderCertNickname) {
tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
}
public int getOcspCacheSize() {
return tomcatjss.getOcspCacheSize();
}
public void setOcspCacheSize(int ocspCacheSize) {
tomcatjss.setOcspCacheSize(ocspCacheSize);
}
public int getOcspMinCacheEntryDuration() {
return tomcatjss.getOcspMinCacheEntryDuration();
}
public void setOcspMinCacheEntryDuration(int ocspMinCacheEntryDuration) {
tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
}
public int getOcspMaxCacheEntryDuration() {
return tomcatjss.getOcspMaxCacheEntryDuration();
}
public void setOcspMaxCacheEntryDuration(int ocspMaxCacheEntryDuration) {
tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
}
public int getOcspTimeout() {
return tomcatjss.getOcspTimeout();
}
public void setOcspTimeout(int ocspTimeout) {
tomcatjss.setOcspTimeout(ocspTimeout);
}
public String getStrictCiphers() {
return tomcatjss.getStrictCiphers();
}
public void setStrictCiphers(String strictCiphers) {
tomcatjss.setStrictCiphers(strictCiphers);
}
public String getSslVersionRangeStream() {
return tomcatjss.getSslVersionRangeStream();
}
public void setSslVersionRangeStream(String sslVersionRangeStream) {
tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
}
public String getSslVersionRangeDatagram() {
return tomcatjss.getSslVersionRangeDatagram();
}
public void setSslVersionRangeDatagram(String sslVersionRangeDatagram) {
tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);;
}
public String getSslRangeCiphers() {
return tomcatjss.getSslRangeCiphers();
}
public void setSslRangeCiphers(String sslRangeCiphers) {
tomcatjss.setSslRangeCiphers(sslRangeCiphers);
}
public String getSslOptions() {
return tomcatjss.getSslOptions();
}
public void setSslOptions(String sslOptions) {
tomcatjss.setSslOptions(sslOptions);
}
public String getSsl2Ciphers() {
return tomcatjss.getSsl2Ciphers();
}
public void setSsl2Ciphers(String ssl2Ciphers) {
tomcatjss.setSsl2Ciphers(ssl2Ciphers);
}
public String getSsl3Ciphers() {
return tomcatjss.getSsl3Ciphers();
}
public void setSsl3Ciphers(String ssl3Ciphers) {
tomcatjss.setSsl3Ciphers(ssl3Ciphers);
}
public String getTlsCiphers() {
return tomcatjss.getTlsCiphers();
}
public void setTlsCiphers(String tlsCiphers) {
tomcatjss.setTlsCiphers(tlsCiphers);
}
public void setKeystorePassFile(String keystorePassFile) {
try {
Path path = Paths.get(keystorePassFile);
String password = new String(Files.readAllBytes(path)).trim();
setKeystorePass(password);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public void setTruststorePassFile(String truststorePassFile) {
try {
Path path = Paths.get(truststorePassFile);
String password = new String(Files.readAllBytes(path)).trim();
setTruststorePass(password);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
tomcat-7.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.net.Socket;
import java.util.Properties;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.ServerSocketFactory;
interface IJSSFactory {
public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config);
public SSLSupport getSSLSupport(Socket socket);
}
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.net.Socket;
import java.util.Properties;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.mozilla.jss.ssl.SSLSocket;
class JSSFactory implements IJSSFactory {
JSSFactory() {
}
public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
return new JSSSocketFactory(endpoint, config);
}
public SSLSupport getSSLSupport(Socket socket) {
return new JSSSupport((SSLSocket) socket);
}
}
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.Socket;
import java.util.Properties;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSImplementation extends SSLImplementation {
public static Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
private JSSFactory factory = null;
public JSSImplementation() throws ClassNotFoundException {
Class.forName(SSLSocketClass);
try {
Class<?> factcl = Class.forName(JSSFactory);
factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
logger.error("Error getting factory: " + JSSFactory, e);
}
}
public String getImplementationName() {
return "JSS";
}
public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
Properties config = new Properties();
try {
String configFile = System.getProperty("catalina.base") + "/conf/tomcatjss.conf";
config.load(new FileReader(configFile));
} catch (FileNotFoundException e) {
// ignore
} catch (IOException e) {
throw new RuntimeException(e);
}
return factory.getSocketFactory(endpoint, config);
}
public SSLSupport getSSLSupport(Socket s) {
SSLSupport ssls = null;
ssls = factory.getSSLSupport(s);
return ssls;
}
public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
/*
* The Tomcat 6.0.26 docs says: This method has been deprecated since it
* adds a JSSE dependency to this interface. It will be removed in
* versions after 6.0.x.
*
* But we have to provide a implementation of this method because it's
* declared as abstract.
*
* Unfortunately there does not appear to be any way to get SSLSupport
* information from a session with JSS. JSS looks up the information
* based on a socket, not a session. This done in SSLSocket.c
* Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
*
* So while it would be nice to provide a working implmentation there
* doesn't seem to be an easy way to do this. Given that this method is
* already deprecated and there hasn't been any evidence of it being
* called it therefore seems reasonable to just return null to satify
* the compiler's demand for an implementation.
*
* Once this abstract method is removed from SSLImplementation in a
* future release we can remove this stub.
*
* NOTE: This method has NOT yet been deprecated in Tomcat 7!
*/
return null;
}
public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint) {
return null;
}
}
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java 0 → 100644
View file @ a2febd0f
/* BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
// Imports required to "implement" Tomcat 7 Interface
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSSocketFactory implements
org.apache.tomcat.util.net.ServerSocketFactory,
org.apache.tomcat.util.net.SSLUtil {
public static Logger logger = LoggerFactory.getLogger(JSSSocketFactory.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
private AbstractEndpoint<?> endpoint;
private Properties config;
public JSSSocketFactory(AbstractEndpoint<?> endpoint) {
this(endpoint, null);
}
public JSSSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
this.endpoint = endpoint;
this.config = config;
try {
init();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
String getProperty(String tag) {
// check <catalina.base>/conf/server.xml
String value = (String)endpoint.getAttribute(tag);
// if not available, check <catalina.base>/conf/tomcatjss.conf
if (value == null) {
value = config.getProperty(tag);
}
return value;
}
String getProperty(String tag, String defaultValue) {
String value = getProperty(tag);
if (value == null) {
return defaultValue;
}
return value;
}
void init() throws IOException {
try {
String certdbDir = getProperty("certdbDir");
tomcatjss.setCertdbDir(certdbDir);
String passwordClass = getProperty("passwordClass");
tomcatjss.setPasswordClass(passwordClass);
String passwordFile = getProperty("passwordFile");
tomcatjss.setPasswordFile(passwordFile);
String serverCertNickFile = getProperty("serverCertNickFile");
tomcatjss.setServerCertNickFile(serverCertNickFile);
// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
String clientAuth = getProperty("clientauth");
if (clientAuth != null) {
tomcatjss.setClientAuth(clientAuth);
}
String strEnableOCSP = getProperty("enableOCSP");
boolean enableOCSP = Boolean.parseBoolean(strEnableOCSP);
tomcatjss.setEnableOCSP(enableOCSP);
String ocspResponderURL = getProperty("ocspResponderURL");
tomcatjss.setOcspResponderURL(ocspResponderURL);
String ocspResponderCertNickname = getProperty("ocspResponderCertNickname");
tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
String strOcspCacheSize = getProperty("ocspCacheSize");
if (strOcspCacheSize != null) {
int ocspCacheSize = Integer.parseInt(strOcspCacheSize);
tomcatjss.setOcspCacheSize(ocspCacheSize);
}
String strOcspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
if (strOcspMinCacheEntryDuration != null) {
int ocspMinCacheEntryDuration = Integer.parseInt(strOcspMinCacheEntryDuration);
tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
}
String strOcspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
if (strOcspMaxCacheEntryDuration != null) {
int ocspMaxCacheEntryDuration = Integer.parseInt(strOcspMaxCacheEntryDuration);
tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
}
String strOcspTimeout = getProperty("ocspTimeout");
if (strOcspTimeout != null) {
int ocspTimeout = Integer.parseInt(strOcspTimeout);
tomcatjss.setOcspTimeout(ocspTimeout);
}
String strictCiphers = getProperty("strictCiphers");
tomcatjss.setStrictCiphers(strictCiphers);
String sslVersionRangeStream = getProperty("sslVersionRangeStream");
tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);
String sslRangeCiphers = getProperty("sslRangeCiphers");
tomcatjss.setSslRangeCiphers(sslRangeCiphers);
String sslOptions = getProperty("sslOptions");
tomcatjss.setSslOptions(sslOptions);
String ssl2Ciphers = getProperty("ssl2Ciphers");
tomcatjss.setSsl2Ciphers(ssl2Ciphers);
String ssl3Ciphers = getProperty("ssl3Ciphers");
tomcatjss.setSsl3Ciphers(ssl3Ciphers);
String tlsCiphers = getProperty("tlsCiphers");
tomcatjss.setTlsCiphers(tlsCiphers);
tomcatjss.init();
} catch (Exception ex) {
logger.error("JSSSocketFactory: " + ex);
// The idea is, if admin take the trouble to configure the
// ocsp cache, and made a mistake, we want to make server
// unavailable until they get it right
if ((ex instanceof java.security.GeneralSecurityException)
|| (ex instanceof java.lang.NumberFormatException))
throw new IOException(ex);
}
}
public Socket acceptSocket(ServerSocket socket) throws IOException {
SSLSocket asock = null;
try {
asock = (SSLSocket) socket.accept();
asock.addSocketListener(tomcatjss);
if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
asock.requestClientAuth(true);
if (tomcatjss.getRequireClientAuth()) {
asock.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
} else {
asock.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
}
}
} catch (Exception e) {
throw new SocketException("SSL handshake error " + e.toString());
}
return asock;
}
public void handshake(Socket sock) throws IOException {
// ((SSLSocket)sock).forceHandshake();
}
public ServerSocket createSocket(int port) throws IOException {
return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
}
public ServerSocket createSocket(int port, int backlog) throws IOException {
return createSocket(port, backlog, null);
}
public ServerSocket createSocket(int port, int backlog,
InetAddress ifAddress) throws IOException {
return createSocket(port, backlog, ifAddress, true);
}
public ServerSocket createSocket(int port, int backlog,
InetAddress ifAddress, boolean reuseAddr) throws IOException {
SSLServerSocket socket = null;
socket = new SSLServerSocket(port, backlog, ifAddress, null, reuseAddr);
initializeSocket(socket);
return socket;
}
private void initializeSocket(SSLServerSocket s) {
try {
/*
* Timeout's should not be enabled by default. Upper layers will
* call setSoTimeout() as needed. Zero means disable.
*/
s.setSoTimeout(0);
if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
s.requestClientAuth(true);
if (tomcatjss.getRequireClientAuth()) {
s.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
} else {
s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
}
}
String serverCertNick = tomcatjss.getServerCertNick();
s.setServerCertNickname(serverCertNick);
} catch (Exception e) {
}
}
// Methods required to "implement" Tomcat 7 Interface
public SSLContext createSSLContext() throws Exception {
return null;
}
public KeyManager[] getKeyManagers() throws Exception {
return null;
}
public TrustManager[] getTrustManagers() throws Exception {
return null;
}
public void configureSessionContext(
javax.net.ssl.SSLSessionContext sslSessionContext) {
return;
}
public String[] getEnableableCiphers(SSLContext context) {
return null;
}
public String[] getEnableableProtocols(SSLContext context) {
return null;
}
}