luehe 2003/08/11 14:44:16
Modified: catalina/src/share/org/apache/coyote/tomcat5
CoyoteConnector.java CoyoteServerSocketFactory.java
mbeans-descriptors.xml
Log:
- Added support for specifying comma-separated list of SSL protocol
variants to be enabled
This may be useful to disable the less secure SSLv2.
- Fixed bug in CoyoteConnector getter methods for SSL related attributes, which
would always return null if SSL properties were configured directly on the
<Connector> (instead of its nested and now deprecated <Factory> element)
Revision Changes Path
1.22 +107 -45
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java
Index: CoyoteConnector.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- CoyoteConnector.java 11 Aug 2003 18:06:11 -0000 1.21
+++ CoyoteConnector.java 11 Aug 2003 21:44:16 -0000 1.22
@@ -1302,6 +1302,8 @@
ssf.getKeystoreType());
IntrospectionUtils.setProperty(protocolHandler, "protocol",
ssf.getProtocol());
+ IntrospectionUtils.setProperty(protocolHandler, "protocols",
+ ssf.getProtocols());
IntrospectionUtils.setProperty(protocolHandler,
"sSLImplementation",
ssf.getSSLImplementation());
@@ -1336,23 +1338,27 @@
}
}
- /**
+ /*
* Translate the attribute name from the legacy Factory names to their
* internal protocol names.
*/
private String translateAttributeName(String name) {
- if("clientAuth".equals(name)) {
+ if ("clientAuth".equals(name)) {
return "clientauth";
- } else if("keystoreFile".equals(name)) {
+ } else if ("keystoreFile".equals(name)) {
return "keystore";
- } else if("randomFile".equals(name)) {
+ } else if ("randomFile".equals(name)) {
return "randomfile";
- } else if("rootFile".equals(name)) {
+ } else if ("rootFile".equals(name)) {
return "rootfile";
- } else if("keystorePass".equals(name)) {
+ } else if ("keystorePass".equals(name)) {
return "keypass";
- } else if("keystoreType".equals(name)) {
+ } else if ("keystoreType".equals(name)) {
return "keytype";
+ } else if ("sslProtocol".equals(name)) {
+ return "protocol";
+ } else if ("sslProtocols".equals(name)) {
+ return "protocols";
}
return name;
}
@@ -1454,50 +1460,63 @@
// -------------------- Management methods --------------------
public boolean getClientAuth() {
- ServerSocketFactory factory= this.getFactory();
- if( ! (factory instanceof CoyoteServerSocketFactory) )
- return false;
- CoyoteServerSocketFactory coyoteFactory=(CoyoteServerSocketFactory)factory;
- return coyoteFactory.getClientAuth();
+ boolean ret = false;
+
+ String prop = (String) getProperty("clientauth");
+ if (prop != null) {
+ ret = Boolean.valueOf(prop).booleanValue();
+ } else {
+ ServerSocketFactory factory = this.getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getClientAuth();
+ }
+ }
+
+ return ret;
}
public void setClientAuth(boolean clientAuth) {
setProperty("clientauth", String.valueOf(clientAuth));
- ServerSocketFactory factory= this.getFactory();
- if( ! (factory instanceof CoyoteServerSocketFactory) )
- return;
- CoyoteServerSocketFactory coyoteFactory=(CoyoteServerSocketFactory)factory;
- coyoteFactory.setClientAuth(clientAuth);
+ ServerSocketFactory factory = this.getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ((CoyoteServerSocketFactory)factory).setClientAuth(clientAuth);
+ }
}
public String getKeystoreFile() {
- ServerSocketFactory factory= this.getFactory();
- if( ! (factory instanceof CoyoteServerSocketFactory) )
- return null;
- CoyoteServerSocketFactory coyoteFactory=(CoyoteServerSocketFactory)factory;
- return coyoteFactory.getKeystoreFile();
+ String ret = (String) getProperty("keystore");
+ if (ret == null) {
+ ServerSocketFactory factory = this.getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getKeystoreFile();
+ }
+ }
+
+ return ret;
}
public void setKeystoreFile(String keystoreFile) {
setProperty("keystore", keystoreFile);
- ServerSocketFactory factory= this.getFactory();
- if( ! (factory instanceof CoyoteServerSocketFactory) )
- return;
- CoyoteServerSocketFactory coyoteFactory=(CoyoteServerSocketFactory)factory;
- coyoteFactory.setKeystoreFile(keystoreFile);
-
+ ServerSocketFactory factory = this.getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ((CoyoteServerSocketFactory)factory).setKeystoreFile(keystoreFile);
+ }
}
/**
* Return keystorePass
*/
public String getKeystorePass() {
- ServerSocketFactory factory = getFactory();
- if( factory instanceof CoyoteServerSocketFactory ) {
- return ((CoyoteServerSocketFactory)factory).getKeystorePass();
+ String ret = (String) getProperty("keypass");
+ if (ret == null) {
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory ) {
+ return ((CoyoteServerSocketFactory)factory).getKeystorePass();
+ }
}
- return null;
+
+ return ret;
}
/**
@@ -1519,11 +1538,15 @@
* enabled
*/
public String getCiphers() {
- ServerSocketFactory factory = getFactory();
- if (factory instanceof CoyoteServerSocketFactory) {
- return ((CoyoteServerSocketFactory)factory).getCiphers();
+ String ret = (String) getProperty("ciphers");
+ if (ret == null) {
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getCiphers();
+ }
}
- return null;
+
+ return ret;
}
/**
@@ -1549,11 +1572,15 @@
* @return The alias name of the keypair and supporting certificate chain
*/
public String getKeyAlias() {
- ServerSocketFactory factory = getFactory();
- if (factory instanceof CoyoteServerSocketFactory) {
- return ((CoyoteServerSocketFactory)factory).getKeyAlias();
+ String ret = (String) getProperty("keyAlias");
+ if (ret == null) {
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getKeyAlias();
+ }
}
- return null;
+
+ return ret;
}
/**
@@ -1577,11 +1604,15 @@
* @return SSL protocol variant
*/
public String getSslProtocol() {
- ServerSocketFactory factory = getFactory();
- if (factory instanceof CoyoteServerSocketFactory) {
- return ((CoyoteServerSocketFactory)factory).getProtocol();
+ String ret = (String) getProperty("sslProtocol");
+ if (ret == null) {
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getProtocol();
+ }
}
- return null;
+
+ return ret;
}
/**
@@ -1590,9 +1621,40 @@
* @param sslProtocol SSL protocol variant
*/
public void setSslProtocol(String sslProtocol) {
+ setProperty("sslProtocol", sslProtocol);
ServerSocketFactory factory = getFactory();
if (factory instanceof CoyoteServerSocketFactory) {
((CoyoteServerSocketFactory)factory).setProtocol(sslProtocol);
+ }
+ }
+
+ /**
+ * Gets the SSL protocol variants to be enabled.
+ *
+ * @return Comma-separated list of SSL protocol variants
+ */
+ public String getSslProtocols() {
+ String ret = (String) getProperty("sslProtocols");
+ if (ret == null) {
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ret = ((CoyoteServerSocketFactory)factory).getProtocols();
+ }
+ }
+
+ return ret;
+ }
+
+ /**
+ * Sets the SSL protocol variants to be enabled.
+ *
+ * @param sslProtocols Comma-separated list of SSL protocol variants
+ */
+ public void setSslProtocols(String sslProtocols) {
+ setProperty("sslProtocols", sslProtocols);
+ ServerSocketFactory factory = getFactory();
+ if (factory instanceof CoyoteServerSocketFactory) {
+ ((CoyoteServerSocketFactory)factory).setProtocols(sslProtocols);
}
}
1.4 +19 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java
Index: CoyoteServerSocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CoyoteServerSocketFactory.java 11 Aug 2003 18:06:11 -0000 1.3
+++ CoyoteServerSocketFactory.java 11 Aug 2003 21:44:16 -0000 1.4
@@ -113,6 +113,7 @@
private String keystorePass = "changeit";
private String keystoreType = "JKS";
private String protocol = "TLS";
+ private String protocols;
private String sslImplementation = null;
private String cipherSuites;
private String keyAlias;
@@ -277,6 +278,24 @@
*/
public void setProtocol(String protocol) {
this.protocol = protocol;
+ }
+
+ /**
+ * Gets the SSL protocol variants to be enabled.
+ *
+ * @return Comma-separated list of SSL protocol variants
+ */
+ public String getProtocols() {
+ return this.protocols;
+ }
+
+ /**
+ * Sets the SSL protocol variants to be enabled.
+ *
+ * @param protocols Comma-separated list of SSL protocol variants
+ */
+ public void setProtocols(String protocols) {
+ this.protocols = protocols;
}
/**
1.5 +4 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml
Index: mbeans-descriptors.xml
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- mbeans-descriptors.xml 11 Aug 2003 18:06:11 -0000 1.4
+++ mbeans-descriptors.xml 11 Aug 2003 21:44:16 -0000 1.5
@@ -40,6 +40,10 @@
description="SSL protocol variant to be used"
type="java.lang.String"/>
+ <attribute name="sslProtocols"
+ description="Comma-separated list of SSL protocol variants to be enabled"
+ type="java.lang.String"/>
+
<attribute name="connectionTimeout"
description="Timeout value on the incoming connection"
type="int"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
