import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.WritableByteChannel;
-import java.security.KeyStore;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SecureNioChannel.ApplicationBufferHandler;
-import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
/**
*/
protected ServerSocketChannel serverSock = null;
- protected SSLUtil sslUtil = null;
-
/**
* use send file
*/
// Initialize SSL if needed
if (isSSLEnabled()) {
- if (sslUtil == null) {
- sslUtil = handler.getSslImplementation().getSSLUtil(this);
- }
- // Initialize SSL
- String keystorePass = getKeystorePass();
- if (keystorePass == null) {
- keystorePass = JSSESocketFactory.DEFAULT_KEY_PASS;
- }
- char[] passphrase = keystorePass.toCharArray();
+ SSLUtil sslUtil = handler.getSslImplementation().getSSLUtil(this);
- char[] tpassphrase = (getTruststorePass()!=null)?getTruststorePass().toCharArray():passphrase;
- String ttype = (getTruststoreType()!=null)?getTruststoreType():getKeystoreType();
-
- KeyStore ks = KeyStore.getInstance(getKeystoreType());
- FileInputStream fisKeyStore = null;
- try {
- fisKeyStore = new FileInputStream(getKeystoreFile());
- ks.load(fisKeyStore, passphrase);
- } finally {
- if (fisKeyStore != null) {
- try {
- fisKeyStore.close();
- } catch (IOException ioe) {/*Ignore*/}
- }
- }
- KeyStore ts = null;
- if (getTruststoreFile()==null) {
- //no op, same as for BIO connector
- }else {
- ts = KeyStore.getInstance(ttype);
- FileInputStream fisTrustStore = null;
- try {
- fisTrustStore = new FileInputStream(getTruststoreFile());
- ts.load(fisTrustStore, tpassphrase);
- } finally {
- if (fisTrustStore != null) {
- try {
- fisTrustStore.close();
- } catch (IOException ioe) {/*Ignore*/}
- }
- }
- }
+ sslContext = sslUtil.createSSLContext();
+ sslContext.init(wrap(sslUtil.getKeyManagers()),
+ sslUtil.getTrustManagers(), null);
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(getAlgorithm());
- kmf.init(ks, passphrase);
-
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(getAlgorithm());
- tmf.init(ts);
-
- sslContext = SSLContext.getInstance(getSslProtocol());
- sslContext.init(wrap(kmf.getKeyManagers()), tmf.getTrustManagers(), null);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext != null) {
- if (getSessionCacheSize() != null) {
- sessionContext.setSessionCacheSize(
- Integer.parseInt(getSessionCacheSize()));
- }
- if (getSessionTimeout() != null) {
- sessionContext.setSessionTimeout(
- Integer.parseInt(getSessionTimeout()));
- }
+ sslUtil.configureSessionContext(sessionContext);
}
}
wantClientAuth = true;
}
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
- String protocol = endpoint.getSslProtocol();
- if (protocol == null) {
- protocol = defaultProtocol;
- }
-
- // Certificate encoding algorithm (e.g., SunX509)
- String algorithm = endpoint.getAlgorithm();
- if (algorithm == null) {
- algorithm = KeyManagerFactory.getDefaultAlgorithm();
- }
-
- String keystoreType = endpoint.getKeystoreType();
- if (keystoreType == null) {
- keystoreType = defaultKeystoreType;
- }
-
- String keystoreProvider = endpoint.getKeystoreProvider();
-
- String trustAlgorithm = endpoint.getTruststoreAlgorithm();
- if( trustAlgorithm == null ) {
- trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- }
-
- // Create and init SSLContext
- SSLContext context = SSLContext.getInstance(protocol);
- context.init(getKeyManagers(keystoreType, keystoreProvider,
- algorithm,
- endpoint.getKeyAlias()),
- getTrustManagers(keystoreType, keystoreProvider,
- trustAlgorithm),
- new SecureRandom());
+ SSLContext context = createSSLContext();
+ context.init(getKeyManagers(), getTrustManagers(), null);
// Configure SSL session cache
- int sessionCacheSize;
- if (endpoint.getSessionCacheSize() != null) {
- sessionCacheSize = Integer.parseInt(
- endpoint.getSessionCacheSize());
- } else {
- sessionCacheSize = defaultSessionCacheSize;
- }
- int sessionTimeout;
- if (endpoint.getSessionTimeout() != null) {
- sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
- } else {
- sessionTimeout = defaultSessionTimeout;
- }
SSLSessionContext sessionContext =
context.getServerSessionContext();
if (sessionContext != null) {
- sessionContext.setSessionCacheSize(sessionCacheSize);
- sessionContext.setSessionTimeout(sessionTimeout);
+ configureSessionContext(sessionContext);
}
// create proxy
}
}
+ @Override
+ public SSLContext createSSLContext() throws Exception {
+
+ // SSL protocol variant (e.g., TLS, SSL v3, etc.)
+ String protocol = endpoint.getSslProtocol();
+ if (protocol == null) {
+ protocol = defaultProtocol;
+ }
+
+ SSLContext context = SSLContext.getInstance(protocol);
+
+ return context;
+ }
+
+ @Override
+ public KeyManager[] getKeyManagers() throws Exception {
+ String keystoreType = endpoint.getKeystoreType();
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+ }
+
+ String algorithm = endpoint.getAlgorithm();
+ if (algorithm == null) {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(),
+ algorithm, endpoint.getKeyAlias());
+ }
+
+ @Override
+ public TrustManager[] getTrustManagers() throws Exception {
+ String keystoreType = endpoint.getKeystoreType();
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+ }
+
+ String algorithm = endpoint.getAlgorithm();
+ if (algorithm == null) {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ return getTrustManagers(keystoreType, endpoint.getKeystoreProvider(),
+ algorithm);
+ }
+
+ @Override
+ public void configureSessionContext(SSLSessionContext sslSessionContext) {
+ int sessionCacheSize;
+ if (endpoint.getSessionCacheSize() != null) {
+ sessionCacheSize = Integer.parseInt(
+ endpoint.getSessionCacheSize());
+ } else {
+ sessionCacheSize = defaultSessionCacheSize;
+ }
+
+ int sessionTimeout;
+ if (endpoint.getSessionTimeout() != null) {
+ sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
+ } else {
+ sessionTimeout = defaultSessionTimeout;
+ }
+
+ sslSessionContext.setSessionCacheSize(sessionCacheSize);
+ sslSessionContext.setSessionTimeout(sessionTimeout);
+ }
+
/**
* Gets the initialized key managers.
*/
projects / tomcat7.0 / commitdiff