billbarker 02/04/12 22:34:11
Modified: util/java/org/apache/tomcat/util/net JSSESupport.java
PureTLSSupport.java SSLSupport.java
Log:
Extend Coyote SSL support to include the 2.3 spec.
With JSSE, this is mostly a copy of CertificateValve, and everything works with the
3.3 Adapter (so it should work with the 4.x Adapter).
With PureTLS everything works but KeySize, which I couldn't figure out.
-- Eric: can you please review?
Revision Changes Path
1.2 +91 -3
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESupport.java
Index: JSSESupport.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESupport.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JSSESupport.java 5 Apr 2002 17:43:33 -0000 1.1
+++ JSSESupport.java 13 Apr 2002 05:34:11 -0000 1.2
@@ -78,18 +78,39 @@
@author EKR
- Parts cribbed from JSSECertCompat
+ Parts cribbed from JSSECertCompat
*/
class JSSESupport implements SSLSupport {
+ /**
+ * A mapping table to determine the number of effective bits in the key
+ * when using a cipher suite containing the specified cipher name. The
+ * underlying data came from the TLS Specification (RFC 2246), Appendix C.
+ */
+ protected static final CipherData ciphers[] = {
+ new CipherData("_WITH_NULL_", 0),
+ new CipherData("_WITH_IDEA_CBC_", 128),
+ new CipherData("_WITH_RC2_CBC_40_", 40),
+ new CipherData("_WITH_RC4_40_", 40),
+ new CipherData("_WITH_RC4_128_", 128),
+ new CipherData("_WITH_DES40_CBC_", 40),
+ new CipherData("_WITH_DES_CBC_", 56),
+ new CipherData("_WITH_3DES_EDE_CBC_", 168)
+ };
+
private SSLSocket ssl;
+
JSSESupport(SSLSocket sock){
- ssl=sock;
+ ssl=sock;
}
public String getCipherSuite() throws IOException {
- return "Unknown";
+ // Look up the current SSLSession
+ SSLSession session = ssl.getSession();
+ if (session == null)
+ return null;
+ return session.getCipherSuite();
}
public Object[] getPeerCertificateChain()
@@ -127,4 +148,71 @@
return x509Certs;
}
+
+ /**
+ * Copied from <code>org.apache.catalina.valves.CertificateValve</code>
+ */
+ public Integer getKeySize()
+ throws IOException {
+ // Look up the current SSLSession
+ SSLSession session = ssl.getSession();
+ if (session == null)
+ return null;
+ Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
+ if (keySize == null) {
+ int size = 0;
+ String cipherSuite = session.getCipherSuite();
+ for (int i = 0; i < ciphers.length; i++) {
+ if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
+ size = ciphers[i].keySize;
+ break;
+ }
+ }
+ keySize = new Integer(size);
+ session.putValue(KEY_SIZE_KEY, keySize);
+ }
+ return keySize;
+ }
+
+ public String getSessionId()
+ throws IOException {
+ // Look up the current SSLSession
+ SSLSession session = ssl.getSession();
+ if (session == null)
+ return null;
+ // Expose ssl_session (getId)
+ byte [] ssl_session = session.getId();
+ if ( ssl_session == null)
+ return null;
+ StringBuffer buf=new StringBuffer("");
+ for(int x=0; x<ssl_session.length; x++) {
+ String digit=Integer.toHexString((int)ssl_session[x]);
+ if (digit.length()<2) buf.append('0');
+ if (digit.length()>2) digit=digit.substring(digit.length()-2);
+ buf.append(digit);
+ }
+ return buf.toString();
+ }
+}
+
+// ------------------------------------------------------------ Private Classes
+
+
+/**
+ * Simple data class that represents the cipher being used, along with the
+ * corresponding effective key size. The specified phrase must appear in the
+ * name of the cipher suite to be recognized.
+ */
+
+final class CipherData {
+
+ String phrase = null;
+
+ int keySize = 0;
+
+ public CipherData(String phrase, int keySize) {
+ this.phrase = phrase;
+ this.keySize = keySize;
+ }
+
}
1.2 +23 -0
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/PureTLSSupport.java
Index: PureTLSSupport.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/PureTLSSupport.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PureTLSSupport.java 5 Apr 2002 17:43:33 -0000 1.1
+++ PureTLSSupport.java 13 Apr 2002 05:34:11 -0000 1.2
@@ -63,6 +63,7 @@
import java.net.*;
import java.util.Vector;
import java.security.cert.CertificateFactory;
+import org.apache.tomcat.util.buf.HexUtils;
import COM.claymoresystems.sslg.*;
import COM.claymoresystems.ptls.*;
@@ -124,4 +125,26 @@
}
return chain;
}
+
+ public Integer getKeySize()
+ throws IOException {
+ /*
+ int cs = ssl.getCipherSuite();
+ int ks = SSLCipherSuite.findCipherSuite(cs).getCipherKeyLength();
+ return new Integer(ks);
+ */
+ return null;
+ }
+
+ public String getSessionId()
+ throws IOException {
+ byte [] ssl_session = ssl.getSessionID();
+ if(ssl_session == null)
+ return null;
+ return HexUtils.convert(ssl_session);
+ }
+
}
+
+
+
1.2 +37 -1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java
Index: SSLSupport.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SSLSupport.java 5 Apr 2002 17:43:33 -0000 1.1
+++ SSLSupport.java 13 Apr 2002 05:34:11 -0000 1.2
@@ -70,9 +70,37 @@
*/
public interface SSLSupport {
+ /**
+ * The Request attribute key for the cipher suite.
+ */
+ public static final String CIPHER_SUITE_KEY =
"javax.servlet.request.cipher_suite";
+
+ /**
+ * The Request attribute key for the key size.
+ */
+ public static final String KEY_SIZE_KEY = "javax.servlet.request.key_size";
+
+ /**
+ * The Request attribute key for the client certificate chain.
+ */
+ public static final String CERTIFICATE_KEY =
"javax.servlet.request.X509Certificate";
+
+ /**
+ * The Request attribute key for the session id.
+ * This one is a Tomcat extension to the Servlet spec.
+ */
+ public static final String SESSION_ID_KEY = "javax.servlet.request.ssl_session";
+
+ /**
+ * The cipher suite being used on this connection.
+ */
public String getCipherSuite() throws IOException;
+
+ /**
+ * The client certificate chain (if any).
+ */
public Object[] getPeerCertificateChain()
- throws IOException;
+ throws IOException;
/**
* Get the keysize.
@@ -88,4 +116,12 @@
*
* Unfortunately, all of these values are nonsensical.
**/
+ public Integer getKeySize()
+ throws IOException;
+
+ /**
+ * The current session Id.
+ */
+ public String getSessionId()
+ throws IOException;
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
