}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- kmf.init(ks, keystorePass.toCharArray());
+ String keyPass = endpoint.getKeyPass();
+ if (keyPass == null) {
+ keyPass = keystorePass;
+ }
+ kmf.init(ks, keyPass.toCharArray());
kms = kmf.getKeyManagers();
if (keyAlias != null) {
assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
}
+ public void testKeyPass() throws Exception {
+ TesterSupport.configureClientSsl();
+
+ Tomcat tomcat = getTomcatInstance();
+
+ File appDir = new File(getBuildDirectory(), "webapps/examples");
+ tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
+
+ TesterSupport.initSsl(tomcat, "localhost-copy1.jks", "changeit",
+ "tomcatpass");
+
+ tomcat.start();
+ ByteChunk res = getUrl("https://localhost:" + getPort() +
+ "/examples/servlets/servlet/HelloWorldExample");
+ assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
+ }
+
+
boolean handshakeDone = false;
public void testRenegotiateFail() throws Exception {
import org.apache.catalina.Context;
import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.connector.Connector;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityCollection;
import org.apache.catalina.deploy.SecurityConstraint;
}
protected static void initSsl(Tomcat tomcat) {
+ initSsl(tomcat, "localhost.jks", null, null);
+ }
+
+ protected static void initSsl(Tomcat tomcat, String keystore,
+ String keystorePass, String keyPass) {
+
String protocol = tomcat.getConnector().getProtocolHandlerClassName();
if (protocol.indexOf("Apr") == -1) {
- tomcat.getConnector().setProperty("sslProtocol", "tls");
- File keystoreFile = new File(
- "test/org/apache/tomcat/util/net/localhost.jks");
- tomcat.getConnector().setAttribute("keystoreFile",
+ Connector connector = tomcat.getConnector();
+ connector.setProperty("sslProtocol", "tls");
+ File keystoreFile =
+ new File("test/org/apache/tomcat/util/net/" + keystore);
+ connector.setAttribute("keystoreFile",
keystoreFile.getAbsolutePath());
File truststoreFile = new File(
"test/org/apache/tomcat/util/net/ca.jks");
- tomcat.getConnector().setAttribute("truststoreFile",
+ connector.setAttribute("truststoreFile",
truststoreFile.getAbsolutePath());
+ if (keystorePass != null) {
+ connector.setAttribute("keystorePass", keystorePass);
+ }
+ if (keyPass != null) {
+ connector.setAttribute("keyPass", keyPass);
+ }
} else {
File keystoreFile = new File(
"test/org/apache/tomcat/util/net/localhost-cert.pem");
--- /dev/null
+================================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+================================================================================
+
+ca.jks (changeit)
+ ca CN=ca-test.tomcat.apache.org
+
+localhost.jks (changeit)
+ tomcat CN=ca-test.tomcat.apache.org
+
+localhost-copy1.jks (changeit)
+ tomcat CN=ca-test.tomcat.apache.org (tomcatpass)
+
+user1.jks (changeit)
+ user1 CN=user1
processed. Requests where processing has started will continue to
completion. (markt)
</fix>
+ <fix>
+ <bug>50928</bug>: Don't ignore keyPass attribute for HTTP BIO and
+ NIO connectors. Based on a patch provided by sebb. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">
projects / tomcat7.0 / commitdiff