ASF Bugzilla – Attachment 26268 Details for
Bug 48545
truststorePass used in JSSESocketFactory should be optional (nillable)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2010-11-08_tc6_bug48545.patch - Updated version of the patch
2010-11-08_tc6_bug48545.patch (text/plain), 5.18 KB, created by
Konstantin Kolinko
on 2010-11-08 03:25:58 UTC
(
hide
)
Description:
2010-11-08_tc6_bug48545.patch - Updated version of the patch
Filename:
MIME Type:
Creator:
Konstantin Kolinko
Created:
2010-11-08 03:25:58 UTC
Size:
5.18 KB
patch
obsolete
>Index: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >=================================================================== >--- java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (revision 1032477) >+++ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (working copy) >@@ -266,7 +266,15 @@ > if (keystoreFile == null) > keystoreFile = defaultKeystoreFile; > >- return getStore(type, provider, keystoreFile, pass); >+ try { >+ return getStore(type, provider, keystoreFile, pass); >+ } catch (FileNotFoundException fnfe) { >+ throw fnfe; >+ } catch (IOException ioe) { >+ log.error(sm.getString("jsse.keystore_load_failed", type, >+ keystoreFile, ioe.getMessage()), ioe); >+ throw ioe; >+ } > } > > /* >@@ -316,9 +324,33 @@ > log.debug("trustProvider = " + truststoreProvider); > } > >- if (truststoreFile != null && truststorePassword != null){ >- trustStore = getStore(truststoreType, truststoreProvider, >- truststoreFile, truststorePassword); >+ if (truststoreFile != null) { >+ try { >+ trustStore = getStore(truststoreType, truststoreProvider, >+ truststoreFile, truststorePassword); >+ } catch (FileNotFoundException fnfe) { >+ throw fnfe; >+ } catch (IOException ioe) { >+ // Log a warning that we had a password issue >+ // and re-try, unless the password is null already >+ if (truststorePassword != null) { >+ log.warn(sm.getString("jsse.invalid_truststore_password"), >+ ioe); >+ try { >+ trustStore = getStore(truststoreType, >+ truststoreProvider, truststoreFile, null); >+ ioe = null; >+ } catch (IOException ioe2) { >+ ioe = ioe2; >+ } >+ } >+ if (ioe != null) { >+ log.error(sm.getString("jsse.keystore_load_failed", >+ truststoreType, truststoreFile, ioe.getMessage()), >+ ioe); >+ throw ioe; >+ } >+ } > } > > return trustStore; >@@ -347,15 +379,19 @@ > istream = new FileInputStream(keyStoreFile); > } > >- ks.load(istream, pass.toCharArray()); >+ char[] storePass = null; >+ if (pass != null && !"".equals(pass)) { >+ storePass = pass.toCharArray(); >+ } >+ ks.load(istream, storePass); > } catch (FileNotFoundException fnfe) { > log.error(sm.getString("jsse.keystore_load_failed", type, path, > fnfe.getMessage()), fnfe); > throw fnfe; > } catch (IOException ioe) { >- log.error(sm.getString("jsse.keystore_load_failed", type, path, >- ioe.getMessage()), ioe); >- throw ioe; >+ // May be expected when working with a trust store >+ // Re-throw. Caller will catch and log as required >+ throw ioe; > } catch(Exception ex) { > String msg = sm.getString("jsse.keystore_load_failed", type, path, > ex.getMessage()); >Index: java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties >=================================================================== >--- java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (revision 1032477) >+++ java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (working copy) >@@ -15,3 +15,4 @@ > > jsse.alias_no_key_entry=Alias name {0} does not identify a key entry > jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2} >+jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. >Index: webapps/docs/config/http.xml >=================================================================== >--- webapps/docs/config/http.xml (revision 1032477) >+++ webapps/docs/config/http.xml (working copy) >@@ -738,8 +738,12 @@ > <p>The password to access the trust store. The default is the value of the > <code>javax.net.ssl.trustStorePassword</code> system property. If that > property is null, the value of <code>keystorePass</code> is used as the >- default. If neither this attribute, the default system property nor >- <code>keystorePass</code>is set, no trust store will be configured.</p> >+ default. If an invalid trust store password is specified, a warning will >+ be logged and an attempt will be made to access the trust store without a >+ password which will skip validation of the trust store contents. If the >+ trust store password is defined as <code>""</code> then no >+ password will be used to access the store which will also skip validation >+ of the trust store contents.</p> > </attribute> > > <attribute name="truststoreType" required="false">
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 48545
:
24845
|
25848
| 26268