billbarker 2003/07/10 21:09:43
Modified: util/java/org/apache/tomcat/util/net/puretls
PureTLSSocketFactory.java
Log:
Adding support for specifying CipherSuites to PureTLS.
Thanks to Jan for doing the hard part ;-).
Revision Changes Path
1.4 +62 -3
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
Index: PureTLSSocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- PureTLSSocketFactory.java 16 Jun 2003 02:45:56 -0000 1.3
+++ PureTLSSocketFactory.java 11 Jul 2003 04:09:43 -0000 1.4
@@ -61,6 +61,7 @@
import java.io.*;
import java.net.*;
+import java.util.*;
import COM.claymoresystems.ptls.*;
import COM.claymoresystems.cert.*;
@@ -173,14 +174,72 @@
SSLPolicyInt policy=new SSLPolicyInt();
policy.requireClientAuth(clientAuth);
- policy.handshakeOnConnect(false);
- policy.waitOnClose(false);
- tmpContext.setPolicy(policy);
+ policy.handshakeOnConnect(false);
+ policy.waitOnClose(false);
+ short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites());
+ if( enabledCiphers != null ) {
+ policy.setCipherSuites(enabledCiphers);
+ }
+ tmpContext.setPolicy(policy);
context=tmpContext;
} catch (Exception e){
logger.info("Error initializing SocketFactory",e);
throw new IOException(e.getMessage());
}
+ }
+
+ /*
+ * Determines the SSL cipher suites to be enabled.
+ *
+ * @return Array of SSL cipher suites to be enabled, or null if the
+ * cipherSuites property was not specified (meaning that all supported
+ * cipher suites are to be enabled)
+ */
+ private short [] getEnabledCiphers(short [] supportedCiphers) {
+
+ short [] enabledCiphers = null;
+
+ String attrValue = (String)attributes.get("ciphers");
+ if (attrValue != null) {
+ Vector vec = null;
+ int fromIndex = 0;
+ int index = attrValue.indexOf(',', fromIndex);
+ while (index != -1) {
+ String cipher = attrValue.substring(fromIndex, index).trim();
+ int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher);
+ /*
+ * Check to see if the requested cipher is among the supported
+ * ciphers, i.e., may be enabled
+ */
+ if( cipherValue >= 0) {
+ for (int i=0; supportedCiphers != null
+ && i<supportedCiphers.length; i++) {
+
+ if (cipherValue == supportedCiphers[i]) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(new Integer(cipherValue));
+ break;
+ }
+ }
+ }
+ fromIndex = index+1;
+ index = attrValue.indexOf(',', fromIndex);
+ }
+
+ if (vec != null) {
+ int nCipher = vec.size();
+ enabledCiphers = new short[nCipher];
+ for(int i=0; i < nCipher; i++) {
+ Integer value = (Integer)vec.elementAt(i);
+ enabledCiphers[i] = value.shortValue();
+ }
+ }
+ }
+
+ return enabledCiphers;
+
}
public Socket acceptSocket(ServerSocket socket)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
