billbarker 2003/08/12 22:29:08
Modified: util/java/org/apache/tomcat/util/net/jsse
JSSE13SocketFactory.java JSSE14SocketFactory.java
JSSESocketFactory.java
Log:
Moving the new protocols logic to the 14 Factory.
This feature isn't supported (at least in the public interface) in JSSE 1.0.x. Now
you can still use SSL with a 1.3.x JVM. I didn't attempt to dig into the com.sun.**
to see if there is a hidden implementation there.
Revision Changes Path
1.3 +8 -0
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
Index: JSSE13SocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- JSSE13SocketFactory.java 12 Aug 2003 12:01:27 -0000 1.2
+++ JSSE13SocketFactory.java 13 Aug 2003 05:29:08 -0000 1.3
@@ -168,4 +168,12 @@
throw new IOException(e.getMessage());
}
}
+ protected String[] getEnabledProtocols(SSLServerSocket socket,
+ String requestedProtocols){
+ return null;
+ }
+ protected void setEnabledProtocols(SSLServerSocket socket,
+ String [] protocols){
+ }
+
}
1.10 +47 -0
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
Index: JSSE14SocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JSSE14SocketFactory.java 11 Aug 2003 21:46:41 -0000 1.9
+++ JSSE14SocketFactory.java 13 Aug 2003 05:29:08 -0000 1.10
@@ -61,8 +61,10 @@
import java.io.*;
import java.net.*;
+import java.util.Vector;
import java.security.KeyStore;
import java.security.SecureRandom;
+import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLContext;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509KeyManager;
@@ -188,5 +190,50 @@
}
return tms;
+ }
+ protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){
+ if (protocols != null) {
+ socket.setEnabledProtocols(protocols);
+ }
+ }
+
+ protected String[] getEnabledProtocols(SSLServerSocket socket,
+ String requestedProtocols){
+ String[] supportedProtocols = socket.getSupportedProtocols();
+
+ String[] enabledProtocols = null;
+
+ if (requestedProtocols != null) {
+ Vector vec = null;
+ int fromIndex = 0;
+ int index = requestedProtocols.indexOf(',', fromIndex);
+ while (index != -1) {
+ String protocol
+ = requestedProtocols.substring(fromIndex, index).trim();
+ /*
+ * Check to see if the requested protocol is among the
+ * supported protocols, i.e., may be enabled
+ */
+ for (int i=0; supportedProtocols != null
+ && i<supportedProtocols.length; i++) {
+ if (supportedProtocols[i].equals(protocol)) {
+ if (vec == null) {
+ vec = new Vector();
+ }
+ vec.addElement(protocol);
+ break;
+ }
+ }
+ fromIndex = index+1;
+ index = requestedProtocols.indexOf(',', fromIndex);
+ }
+
+ if (vec != null) {
+ enabledProtocols = new String[vec.size()];
+ vec.copyInto(enabledProtocols);
+ }
+ }
+
+ return enabledProtocols;
}
}
1.6 +12 -43
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Index: JSSESocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- JSSESocketFactory.java 11 Aug 2003 21:46:41 -0000 1.5
+++ JSSESocketFactory.java 13 Aug 2003 05:29:08 -0000 1.6
@@ -294,51 +294,23 @@
/*
* Determines the SSL protocol variants to be enabled.
*
+ * @param socket The socket to get supported list from.
* @param requestedProtocols Comma-separated list of requested SSL
* protocol variants
- * @param supportedProtocols Array of supported SSL protocol variants
*
* @return Array of SSL protocol variants to be enabled, or null if none of
* the requested protocol variants are supported
*/
- private String[] getEnabledProtocols(String requestedProtocols,
- String[] supportedProtocols) {
+ abstract protected String[] getEnabledProtocols(SSLServerSocket socket,
+ String requestedProtocols);
- String[] enabledProtocols = null;
-
- if (requestedProtocols != null) {
- Vector vec = null;
- int fromIndex = 0;
- int index = requestedProtocols.indexOf(',', fromIndex);
- while (index != -1) {
- String protocol
- = requestedProtocols.substring(fromIndex, index).trim();
- /*
- * Check to see if the requested protocol is among the
- * supported protocols, i.e., may be enabled
- */
- for (int i=0; supportedProtocols != null
- && i<supportedProtocols.length; i++) {
- if (supportedProtocols[i].equals(protocol)) {
- if (vec == null) {
- vec = new Vector();
- }
- vec.addElement(protocol);
- break;
- }
- }
- fromIndex = index+1;
- index = requestedProtocols.indexOf(',', fromIndex);
- }
-
- if (vec != null) {
- enabledProtocols = new String[vec.size()];
- vec.copyInto(enabledProtocols);
- }
- }
-
- return enabledProtocols;
- }
+ /**
+ * Set the SSL protocol variants to be enabled.
+ * @param socket the SSLServerSocket.
+ * @param protocols the protocols to use.
+ */
+ abstract protected void setEnabledProtocols(SSLServerSocket socket,
+ String [] protocols);
/**
* Configures the given SSL server socket with the requested cipher suites,
@@ -353,11 +325,8 @@
}
String requestedProtocols = (String) attributes.get("protocols");
- if (requestedProtocols != null) {
- socket.setEnabledProtocols(getEnabledProtocols(
- requestedProtocols,
- socket.getSupportedProtocols()));
- }
+ setEnabledProtocols(socket, getEnabledProtocols(socket,
+ requestedProtocols));
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
