billbarker 2002/12/18 01:15:06
Modified: jk/java/org/apache/jk/common HandlerRequest.java
jk/java/org/apache/jk/core WorkerEnv.java
jk/java/org/apache/jk/server JkCoyoteHandler.java
Log:
Fixing the mess that was SSL-Cert evalulation for Jk2.
Fix for Bug #15456
Reported By: Alex Roytman [EMAIL PROTECTED]
Revision Changes Path
1.19 +7 -6
jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java
Index: HandlerRequest.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- HandlerRequest.java 23 Nov 2002 06:34:47 -0000 1.18
+++ HandlerRequest.java 18 Dec 2002 09:15:06 -0000 1.19
@@ -529,16 +529,17 @@
msg.getBytes(req.instanceId());
break;
- case SC_A_SSL_CERT :
- req.scheme().setString( "https" );
+ case SC_A_SSL_CERT :
+ req.scheme().setString( "https" );
// Transform the string into certificate.
+ tmpMB = new MessageBytes();
msg.getBytes(tmpMB);
String certString = tmpMB.toString();
- // SSL certificate extraction is costy, moved to
JkCoyoteHandler
- req.setAttribute(SSLSupport.CERTIFICATE_KEY, certString);
+ // SSL certificate extraction is costy, moved to JkCoyoteHandler
+ req.setNote(WorkerEnv.SSL_CERT_NOTE, tmpMB);
break;
-
- case SC_A_SSL_CIPHER :
+
+ case SC_A_SSL_CIPHER :
req.scheme().setString( "https" );
msg.getBytes(tmpMB);
req.setAttribute(SSLSupport.CIPHER_SUITE_KEY,
1.9 +1 -0
jakarta-tomcat-connectors/jk/java/org/apache/jk/core/WorkerEnv.java
Index: WorkerEnv.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/java/org/apache/jk/core/WorkerEnv.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- WorkerEnv.java 5 Jun 2002 21:23:32 -0000 1.8
+++ WorkerEnv.java 18 Dec 2002 09:15:06 -0000 1.9
@@ -82,6 +82,7 @@
public static final int ENDPOINT_NOTE=0;
public static final int REQUEST_NOTE=1;
+ public static final int SSL_CERT_NOTE=16;
int noteId[]=new int[4];
String noteName[][]=new String[4][];
private Object notes[]=new Object[32];
1.32 +21 -19
jakarta-tomcat-connectors/jk/java/org/apache/jk/server/JkCoyoteHandler.java
Index: JkCoyoteHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/java/org/apache/jk/server/JkCoyoteHandler.java,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- JkCoyoteHandler.java 23 Nov 2002 06:34:47 -0000 1.31
+++ JkCoyoteHandler.java 18 Dec 2002 09:15:06 -0000 1.32
@@ -381,27 +381,29 @@
} else if( actionCode==ActionCode.ACTION_REQ_SSL_ATTRIBUTE ) {
org.apache.coyote.Request req=(org.apache.coyote.Request)param;
- // Extract SSL certificate information (if requested)
- String certString =
(String)req.getAttribute(SSLSupport.CERTIFICATE_KEY);
- byte[] certData = certString.getBytes();
- ByteArrayInputStream bais = new ByteArrayInputStream(certData);
+ // Extract SSL certificate information (if requested)
+ MessageBytes certString =
(MessageBytes)req.getNote(WorkerEnv.SSL_CERT_NOTE);
+ if( certString != null ) {
+ byte[] certData = certString.getByteChunk().getBytes();
+ ByteArrayInputStream bais = new ByteArrayInputStream(certData);
- // Fill the first element.
- X509Certificate jsseCerts[] = null;
- try {
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)
- cf.generateCertificate(bais);
- jsseCerts = new X509Certificate[1];
- jsseCerts[0] = cert;
- } catch(java.security.cert.CertificateException e) {
- log.error("Certificate convertion failed" + e );
- e.printStackTrace();
- }
+ // Fill the first element.
+ X509Certificate jsseCerts[] = null;
+ try {
+ CertificateFactory cf =
+ CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)
+ cf.generateCertificate(bais);
+ jsseCerts = new X509Certificate[1];
+ jsseCerts[0] = cert;
+ } catch(java.security.cert.CertificateException e) {
+ log.error("Certificate convertion failed" , e );
+ return;
+ }
- req.setAttribute(SSLSupport.CERTIFICATE_KEY,
- jsseCerts);
+ req.setAttribute(SSLSupport.CERTIFICATE_KEY,
+ jsseCerts);
+ }
} else if( actionCode==ActionCode.ACTION_REQ_HOST_ATTRIBUTE ) {
org.apache.coyote.Request req=(org.apache.coyote.Request)param;
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
