From 6c24e0269338d3211c5e2b21b15fabb480ccb204 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 30 Jan 2008 20:49:51 +0000
Subject: [PATCH] Remove the old TLS code from Tomcat 6.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@616894 13f79535-47bb-0310-9956-ffa450edef68
---
 build.xml                                          |   1 -
 .../apache/tomcat/util/net/SSLImplementation.java  |   3 -
 .../util/net/puretls/PureTLSImplementation.java    |  58 ------
 .../tomcat/util/net/puretls/PureTLSSocket.java     |  43 ----
 .../util/net/puretls/PureTLSSocketFactory.java     | 230 ---------------------
 .../tomcat/util/net/puretls/PureTLSSupport.java    | 144 -------------
 6 files changed, 479 deletions(-)
 delete mode 100644 java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
 delete mode 100644 java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
 delete mode 100644 java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
 delete mode 100644 java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java

diff --git a/build.xml b/build.xml
index 0c45aadbb..c34405f06 100644
--- a/build.xml
+++ b/build.xml
@@ -109,7 +109,6 @@
            excludes="**/CVS/**,**/.svn/**">
 <!-- Comment this in to show unchecked warnings:     <compilerarg value="-Xlint:unchecked"/> -->
       <classpath refid="tomcat.classpath" />
-      <exclude name="org/apache/tomcat/util/net/puretls/**" />
       <exclude name="org/apache/naming/factory/webservices/**" />
     </javac>
     <tstamp>
diff --git a/java/org/apache/tomcat/util/net/SSLImplementation.java b/java/org/apache/tomcat/util/net/SSLImplementation.java
index ffc6cefc9..0197ce937 100644
--- a/java/org/apache/tomcat/util/net/SSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/SSLImplementation.java
@@ -31,14 +31,11 @@ abstract public class SSLImplementation {
         org.apache.juli.logging.LogFactory.getLog(SSLImplementation.class);
 
     // The default implementations in our search path
-    private static final String PureTLSImplementationClass=
-	"org.apache.tomcat.util.net.puretls.PureTLSImplementation";
     private static final String JSSEImplementationClass=
 	"org.apache.tomcat.util.net.jsse.JSSEImplementation";
     
     private static final String[] implementations=
     {
-        PureTLSImplementationClass,
         JSSEImplementationClass
     };
 
diff --git a/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java b/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
deleted file mode 100644
index 6176afdce..000000000
--- a/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.net.Socket;
-
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-
-import COM.claymoresystems.ptls.SSLSocket;
-
-/* PureTLSImplementation:
-
-   Concrete implementation class for PureTLS
-
-   @author EKR
-*/
-
-public class PureTLSImplementation extends SSLImplementation
-{
-    public PureTLSImplementation() throws ClassNotFoundException {
-        // Check to see if PureTLS is floating around somewhere
-        Class.forName("COM.claymoresystems.ptls.SSLContext");
-    }
-
-    public String getImplementationName(){
-      return "PureTLS";
-    }
-      
-    public ServerSocketFactory getServerSocketFactory()
-    {
-        return new PureTLSSocketFactory();
-    } 
-
-    public SSLSupport getSSLSupport(Socket s)
-    {
-        return new PureTLSSupport((SSLSocket)s);
-    }
-
-
-
-}
diff --git a/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java b/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
deleted file mode 100644
index c566fe736..000000000
--- a/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.IOException;
-
-/*
- * PureTLSSocket.java
- *
- * Wraps COM.claymoresystems.ptls.SSLSocket
- *
- * This class translates PureTLS's interfaces into those
- * expected by Tomcat
- *
- * @author Eric Rescorla
- *
- */
-
-public class PureTLSSocket extends COM.claymoresystems.ptls.SSLSocket
-{
-    // The only constructor we need here is the no-arg
-    // constructor since this class is only used with
-    // implAccept
-    public PureTLSSocket() throws IOException {
-        super();
-    }
-}
- 
diff --git a/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java b/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
deleted file mode 100644
index 2fa41c6eb..000000000
--- a/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
-import java.util.Vector;
-
-import COM.claymoresystems.ptls.SSLContext;
-import COM.claymoresystems.ptls.SSLException;
-import COM.claymoresystems.ptls.SSLServerSocket;
-import COM.claymoresystems.ptls.SSLSocket;
-import COM.claymoresystems.sslg.SSLPolicyInt;
-
-/**
- * SSL server socket factory--wraps PureTLS
- *
- * @author Eric Rescorla
- *
- * some sections of this file cribbed from SSLSocketFactory
- * (the JSSE socket factory)
- *
- */
- 
-public class PureTLSSocketFactory
-    extends org.apache.tomcat.util.net.ServerSocketFactory
-{
-    static org.apache.commons.logging.Log logger =
-        org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
-    static String defaultProtocol = "TLS";
-    static boolean defaultClientAuth = false;
-    static String defaultKeyStoreFile = "server.pem";
-    static String defaultKeyPass = "password";    
-    static String defaultRootFile = "root.pem";
-    static String defaultRandomFile = "random.pem";
-    
-    private COM.claymoresystems.ptls.SSLContext context=null;
-    
-    public PureTLSSocketFactory() {
-    }
-
-    public ServerSocket createSocket(int port)
-        throws IOException
-    {
-        init();
-        return new SSLServerSocket(context,port);
-    }
-
-    public ServerSocket createSocket(int port, int backlog)
-        throws IOException
-    {
-        init();
-        ServerSocket tmp;
-        
-        try {
-            tmp=new SSLServerSocket(context,port,backlog);
-        }
-        catch (IOException e){
-            throw e;
-        }
-        return tmp;
-    }
-
-    public ServerSocket createSocket(int port, int backlog,
-                                     InetAddress ifAddress)
-        throws IOException
-    {
-        init();
-        return new SSLServerSocket(context,port,backlog,ifAddress);
-    }
-
-    private void init()
-        throws IOException
-    {
-        if(context!=null)
-            return;
-        
-        boolean clientAuth=defaultClientAuth;
-
-        try {
-            String keyStoreFile=(String)attributes.get("keystore");
-            if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
-            
-            String keyPass=(String)attributes.get("keypass");
-            if(keyPass==null) keyPass=defaultKeyPass;
-            
-            String rootFile=(String)attributes.get("rootfile");
-            if(rootFile==null) rootFile=defaultRootFile;
-
-            String randomFile=(String)attributes.get("randomfile");
-            if(randomFile==null) randomFile=defaultRandomFile;
-            
-            String protocol=(String)attributes.get("protocol");
-            if(protocol==null) protocol=defaultProtocol;
-
-            String clientAuthStr=(String)attributes.get("clientauth");
-            if(clientAuthStr != null){
-                if(clientAuthStr.equals("true")){
-                    clientAuth=true;
-                } else if(clientAuthStr.equals("false")) {
-                    clientAuth=false;
-                } else {
-                    throw new IOException("Invalid value '" +
-                                          clientAuthStr + 
-                                          "' for 'clientauth' parameter:");
-                }
-            }
-
-            SSLContext tmpContext=new SSLContext();
-            try {
-                tmpContext.loadRootCertificates(rootFile);
-            } catch(IOException iex) {
-                if(logger.isDebugEnabled())
-                    logger.debug("Error loading Client Root Store: " + 
-                                 rootFile,iex);
-            }
-            tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
-            tmpContext.useRandomnessFile(randomFile,keyPass);
-            
-            SSLPolicyInt policy=new SSLPolicyInt();
-            policy.requireClientAuth(clientAuth);
-            policy.handshakeOnConnect(false);
-            policy.waitOnClose(false);
-            short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites());
-            if( enabledCiphers != null ) {
-                policy.setCipherSuites(enabledCiphers);
-            }
-            tmpContext.setPolicy(policy);
-            context=tmpContext;
-        } catch (Exception e){
-            logger.info("Error initializing SocketFactory",e);
-            throw new IOException(e.getMessage());
-        }
-    }
-
-    /*
-     * Determines the SSL cipher suites to be enabled.
-     *
-     * @return Array of SSL cipher suites to be enabled, or null if the
-     * cipherSuites property was not specified (meaning that all supported
-     * cipher suites are to be enabled)
-     */
-    private short [] getEnabledCiphers(short [] supportedCiphers) {
-
-        short [] enabledCiphers = null;
-
-        String attrValue = (String)attributes.get("ciphers");
-        if (attrValue != null) {
-            Vector vec = null;
-            int fromIndex = 0;
-            int index = attrValue.indexOf(',', fromIndex);
-            while (index != -1) {
-                String cipher = attrValue.substring(fromIndex, index).trim();
-                int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher);                
-                /*
-                 * Check to see if the requested cipher is among the supported
-                 * ciphers, i.e., may be enabled
-                 */
-                if( cipherValue >= 0) {
-                    for (int i=0; supportedCiphers != null
-                             && i<supportedCiphers.length; i++) {
-
-                        if (cipherValue == supportedCiphers[i]) {
-                            if (vec == null) {
-                                vec = new Vector();
-                            }
-                            vec.addElement(new Integer(cipherValue));
-                            break;
-                        }
-                    }
-                }
-                fromIndex = index+1;
-                index = attrValue.indexOf(',', fromIndex);
-            }
-
-            if (vec != null) {
-                int nCipher = vec.size();
-                enabledCiphers = new short[nCipher];
-                for(int i=0; i < nCipher; i++) {
-                    Integer value = (Integer)vec.elementAt(i);
-                    enabledCiphers[i] = value.shortValue();
-                }
-            }
-        }
-
-        return enabledCiphers;
-
-    }
-
-    public Socket acceptSocket(ServerSocket socket)
-        throws IOException
-    {
-        try {
-            Socket sock=socket.accept();
-            return sock;
-        } catch (SSLException e){
-            logger.debug("SSL handshake error",e);
-            throw new SocketException("SSL handshake error" + e.toString());
-        }
-    }
-
-    public void handshake(Socket sock)
-         throws IOException
-    {
-        ((SSLSocket)sock).handshake();
-    }
-}
-
-    
-    
-
-
diff --git a/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java b/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
deleted file mode 100644
index e2e7c456d..000000000
--- a/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Vector;
-
-import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.net.SSLSupport;
-
-import COM.claymoresystems.cert.X509Cert;
-import COM.claymoresystems.ptls.SSLSocket;
-import COM.claymoresystems.sslg.SSLPolicyInt;
-
-
-/* PureTLSSupport
-
-   Concrete implementation class for PureTLS
-   Support classes.
-
-   This will only work with JDK 1.2 and up since it
-   depends on JDK 1.2's certificate support
-
-   @author EKR
-*/
-
-class PureTLSSupport implements SSLSupport {
-    static org.apache.commons.logging.Log logger =
-        org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
-
-    private COM.claymoresystems.ptls.SSLSocket ssl;
-
-    PureTLSSupport(SSLSocket sock){
-        ssl=sock;
-    }
-
-    public String getCipherSuite() throws IOException {
-        int cs=ssl.getCipherSuite();
-        return SSLPolicyInt.getCipherSuiteName(cs);
-    }
-
-    public Object[] getPeerCertificateChain()
-        throws IOException {
-        return getPeerCertificateChain(false);
-    }
-
-    public Object[] getPeerCertificateChain(boolean force)
-        throws IOException {
-        Vector v=ssl.getCertificateChain();
-
-        if(v == null && force) {
-            SSLPolicyInt policy=new SSLPolicyInt();
-            policy.requireClientAuth(true);
-            policy.handshakeOnConnect(false);
-            policy.waitOnClose(false);
-            ssl.renegotiate(policy);
-            v = ssl.getCertificateChain();
-        }
-
-        if(v==null)
-            return null;
-        
-        java.security.cert.X509Certificate[] chain=
-            new java.security.cert.X509Certificate[v.size()];
-
-        try {
-          for(int i=1;i<=v.size();i++){
-            // PureTLS provides cert chains with the peer
-            // cert last but the Servlet 2.3 spec (S 4.7) requires
-            // the opposite order so we reverse the chain as we go
-            byte buffer[]=((X509Cert)v.elementAt(
-                 v.size()-i)).getDER();
-            
-            CertificateFactory cf =
-              CertificateFactory.getInstance("X.509");
-            ByteArrayInputStream stream =
-              new ByteArrayInputStream(buffer);
-
-            X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
-            chain[i-1]= xCert;
-            if(logger.isTraceEnabled()) {
-                logger.trace("Cert # " + i + " = " + xCert);
-            }
-          }
-        } catch (java.security.cert.CertificateException e) {
-            logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
-            throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
-        }
-        return chain;
-    }
-
-    /**
-     * Lookup the symmetric key size.
-     */
-    public Integer getKeySize() 
-        throws IOException {
-
-        int cs=ssl.getCipherSuite();
-        String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
-        int size = 0;
-        for (int i = 0; i < ciphers.length; i++) {
-            if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
-                size = ciphers[i].keySize;
-                break;
-            }
-        }
-        Integer keySize = new Integer(size);
-        return keySize;
-    }
-
-    public String getSessionId()
-        throws IOException {
-        byte [] ssl_session = ssl.getSessionID();
-        if(ssl_session == null)
-            return null;
-        return HexUtils.convert(ssl_session);
-    }
-
-}
-
-
-
-
-
-
-
-- 
2.11.0