From 09df96f3cc74eb424727f5d48c645964c993e06c Mon Sep 17 00:00:00 2001 From: markt Date: Sat, 17 May 2008 19:55:55 +0000 Subject: [PATCH] Additional patch from https://issues.apache.org/bugzilla/show_bug.cgi?id=43094 Make SSL providers configurable. Based on a patch by Bruno Harbulot. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@657449 13f79535-47bb-0310-9956-ffa450edef68 --- .../tomcat/util/net/jsse/JSSESocketFactory.java | 57 +++++++++++++++------- webapps/docs/config/http.xml | 16 ++++++ 2 files changed, 55 insertions(+), 18 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java index 793ffc686..5edf4f809 100644 --- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java +++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java @@ -250,20 +250,21 @@ public class JSSESocketFactory /* * Gets the SSL server's keystore. */ - protected KeyStore getKeystore(String type, String pass) + protected KeyStore getKeystore(String type, String provider, String pass) throws IOException { String keystoreFile = (String)attributes.get("keystore"); if (keystoreFile == null) keystoreFile = defaultKeystoreFile; - return getStore(type, keystoreFile, pass); + return getStore(type, provider, keystoreFile, pass); } /* * Gets the SSL server's truststore. */ - protected KeyStore getTrustStore(String keystoreType) throws IOException { + protected KeyStore getTrustStore(String keystoreType, + String keystoreProvider) throws IOException { KeyStore trustStore = null; String truststoreFile = (String)attributes.get("truststoreFile"); @@ -297,9 +298,22 @@ public class JSSESocketFactory log.debug("trustType = " + truststoreType); } + String truststoreProvider = + (String)attributes.get("truststoreProvider"); + if( truststoreProvider == null) { + truststoreProvider = + System.getProperty("javax.net.ssl.trustStoreProvider"); + } + if (truststoreProvider == null) { + truststoreProvider = keystoreProvider; + } + if(log.isDebugEnabled()) { + log.debug("trustProvider = " + truststoreProvider); + } + if (truststoreFile != null && truststorePassword != null){ - trustStore = getStore(truststoreType, truststoreFile, - truststorePassword); + trustStore = getStore(truststoreType, truststoreProvider, + truststoreFile, truststorePassword); } return trustStore; @@ -308,13 +322,17 @@ public class JSSESocketFactory /* * Gets the key- or truststore with the specified type, path, and password. */ - private KeyStore getStore(String type, String path, String pass) - throws IOException { + private KeyStore getStore(String type, String provider, String path, + String pass) throws IOException { KeyStore ks = null; InputStream istream = null; try { - ks = KeyStore.getInstance(type); + if (provider == null) { + ks = KeyStore.getInstance(type); + } else { + ks = KeyStore.getInstance(type, provider); + } if(!("PKCS11".equalsIgnoreCase(type) || "".equalsIgnoreCase(path))) { File keyStoreFile = new File(path); @@ -383,6 +401,9 @@ public class JSSESocketFactory keystoreType = defaultKeystoreType; } + String keystoreProvider = + (String) attributes.get("keystoreProvider"); + String trustAlgorithm = (String)attributes.get("truststoreAlgorithm"); if( trustAlgorithm == null ) { @@ -391,9 +412,11 @@ public class JSSESocketFactory // Create and init SSLContext SSLContext context = SSLContext.getInstance(protocol); - context.init(getKeyManagers(keystoreType, algorithm, - (String) attributes.get("keyAlias")), - getTrustManagers(keystoreType, trustAlgorithm), + context.init(getKeyManagers(keystoreType, keystoreProvider, + algorithm, + (String) attributes.get("keyAlias")), + getTrustManagers(keystoreType, keystoreProvider, + trustAlgorithm), new SecureRandom()); // create proxy @@ -416,6 +439,7 @@ public class JSSESocketFactory * Gets the initialized key managers. */ protected KeyManager[] getKeyManagers(String keystoreType, + String keystoreProvider, String algorithm, String keyAlias) throws Exception { @@ -424,7 +448,7 @@ public class JSSESocketFactory String keystorePass = getKeystorePassword(); - KeyStore ks = getKeystore(keystoreType, keystorePass); + KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass); if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { throw new IOException( sm.getString("jsse.alias_no_key_entry", keyAlias)); @@ -450,16 +474,13 @@ public class JSSESocketFactory * Gets the intialized trust managers. */ protected TrustManager[] getTrustManagers(String keystoreType, - String algorithm) throws Exception { + String keystoreProvider, String algorithm) + throws Exception { String crlf = (String) attributes.get("crlFile"); TrustManager[] tms = null; - String truststoreType = (String) attributes.get("truststoreType"); - if (truststoreType == null) { - truststoreType = keystoreType; - } - KeyStore trustStore = getTrustStore(truststoreType); + KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider); if (trustStore != null) { if (crlf == null) { TrustManagerFactory tmf = diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 5445967fb..4a488b05d 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -671,6 +671,14 @@ If not specified, the default value is "JKS".

+ +

The name of the keystore provider to be used for the server + certificate. If not specified, the list of registered providers is + traversed in preference order and the first provider that supports the + keystoreType is used. +

+ +

The version of the SSL protocol to use. If not specified, the default is "TLS".

@@ -700,6 +708,14 @@ TrustStore then you are using for the KeyStore.

 + +

The name of the truststore provider to be used for the server + certificate. If not specified, the list of registered providers is + traversed in preference order and the first provider that supports the + truststoreType is used. +

+ +

For more information, see the -- 2.11.0