ASF Bugzilla – Attachment 25848 Details for
Bug 48545
truststorePass used in JSSESocketFactory should be optional (nillable)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Patch that provides better backwards compatibility
bug48545-tc6-patch.txt (text/plain), 4.25 KB, created by
Mark Thomas
on 2010-08-05 12:49:56 UTC
(
hide
)
Description:
Patch that provides better backwards compatibility
Filename:
MIME Type:
Creator:
Mark Thomas
Created:
2010-08-05 12:49:56 UTC
Size:
4.25 KB
patch
obsolete
>Index: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >=================================================================== >--- java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (revision 982575) >+++ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (working copy) >@@ -28,6 +28,7 @@ > import java.net.SocketException; > import java.security.KeyStore; > import java.security.SecureRandom; >+import java.security.UnrecoverableKeyException; > import java.security.cert.CRL; > import java.security.cert.CRLException; > import java.security.cert.CertPathParameters; >@@ -316,9 +317,17 @@ > log.debug("trustProvider = " + truststoreProvider); > } > >- if (truststoreFile != null && truststorePassword != null){ >- trustStore = getStore(truststoreType, truststoreProvider, >- truststoreFile, truststorePassword); >+ if (truststoreFile != null){ >+ try { >+ trustStore = getStore(truststoreType, truststoreProvider, >+ truststoreFile, truststorePassword); >+ } catch (IOException ioe) { >+ // Log a warning we had a password issue >+ log.warn(sm.getString("jsse.invalid_truststore_password"), ioe); >+ // Re-try >+ trustStore = getStore(truststoreType, truststoreProvider, >+ truststoreFile, null); >+ } > } > > return trustStore; >@@ -347,15 +356,19 @@ > istream = new FileInputStream(keyStoreFile); > } > >- ks.load(istream, pass.toCharArray()); >+ char[] storePass = null; >+ if (pass != null && !"".equals(pass)) { >+ storePass = pass.toCharArray(); >+ } >+ ks.load(istream, storePass); > } catch (FileNotFoundException fnfe) { > log.error(sm.getString("jsse.keystore_load_failed", type, path, > fnfe.getMessage()), fnfe); > throw fnfe; > } catch (IOException ioe) { >- log.error(sm.getString("jsse.keystore_load_failed", type, path, >- ioe.getMessage()), ioe); >- throw ioe; >+ // May be expected when working with a trust store >+ // Re-throw. Caller will catch and log as required >+ throw ioe; > } catch(Exception ex) { > String msg = sm.getString("jsse.keystore_load_failed", type, path, > ex.getMessage()); >Index: java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties >=================================================================== >--- java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (revision 982575) >+++ java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (working copy) >@@ -15,3 +15,4 @@ > > jsse.alias_no_key_entry=Alias name {0} does not identify a key entry > jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2} >+jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. >Index: webapps/docs/config/http.xml >=================================================================== >--- webapps/docs/config/http.xml (revision 982575) >+++ webapps/docs/config/http.xml (working copy) >@@ -738,8 +738,12 @@ > <p>The password to access the trust store. The default is the value of the > <code>javax.net.ssl.trustStorePassword</code> system property. If that > property is null, the value of <code>keystorePass</code> is used as the >- default. If neither this attribute, the default system property nor >- <code>keystorePass</code>is set, no trust store will be configured.</p> >+ default. If an invalid trust store password is specified, a warning will >+ be logged and an attempt will be made to access the trust store without a >+ password which will skip validation of the trust store contents. If the >+ trust store password is defined as <code>""</code> then no >+ password will be used to access the store which will aslo skip validation >+ of the trust store contents.</p> > </attribute> > > <attribute name="truststoreType" required="false">
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 48545
:
24845
| 25848 |
26268