View | Details | Raw Unified | Return to bug 55801
Collapse All | Expand All

(-)java/org/apache/tomcat/websocket/WsWebSocketContainer.java (-30 / +47 lines)
Lines 87-92 Link Here
87
    public static final String SSL_TRUSTSTORE_PWD_PROPERTY =
87
    public static final String SSL_TRUSTSTORE_PWD_PROPERTY =
88
            "org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD";
88
            "org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD";
89
    public static final String SSL_TRUSTSTORE_PWD_DEFAULT = "changeit";
89
    public static final String SSL_TRUSTSTORE_PWD_DEFAULT = "changeit";
90
    
91
    /**
92
     * Property name to set to configure used SSLContext.
93
     * The value should be an instance of SSLContext.
94
     */
95
    public static final String SSL_CONTEXT_PROPERTY =
96
            "org.apache.tomcat.websocket.SSL_CONTEXT";
90
97
91
    /**
98
    /**
92
     * Property name to set to configure the timeout (in milliseconds) when
99
     * Property name to set to configure the timeout (in milliseconds) when
Lines 671-712 Link Here
671
            throws DeploymentException {
678
            throws DeploymentException {
672
679
673
        try {
680
        try {
674
            // Create the SSL Context
681
            // SSL Context
675
            SSLContext sslContext = SSLContext.getInstance("TLS");
682
            SSLContext sslContextValue = (SSLContext) userProperties
683
                    .get(SSL_CONTEXT_PROPERTY);
684
            
685
            SSLContext sslContext;
676
686
677
            // Trust store
687
            if (sslContextValue != null) {
678
            String sslTrustStoreValue =
688
                sslContext = sslContextValue;
679
                    (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
689
            } else {
680
            if (sslTrustStoreValue != null) {
690
                sslContext = SSLContext.getInstance("TLS");
681
                String sslTrustStorePwdValue = (String) userProperties.get(
682
                        SSL_TRUSTSTORE_PWD_PROPERTY);
683
                if (sslTrustStorePwdValue == null) {
684
                    sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
685
                }
686
691
687
                File keyStoreFile = new File(sslTrustStoreValue);
692
                // Trust store
688
                KeyStore ks = KeyStore.getInstance("JKS");
693
                String sslTrustStoreValue = (String) userProperties
689
                InputStream is = null;
694
                        .get(SSL_TRUSTSTORE_PROPERTY);
690
                try {
695
                if (sslTrustStoreValue != null) {
691
                    is = new FileInputStream(keyStoreFile);
696
                    String sslTrustStorePwdValue = (String) userProperties
692
                    ks.load(is, sslTrustStorePwdValue.toCharArray());
697
                            .get(SSL_TRUSTSTORE_PWD_PROPERTY);
693
                } finally {
698
                    if (sslTrustStorePwdValue == null) {
694
                    if (is != null) {
699
                        sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
695
                        try {
700
                    }
696
                            is.close();
701
697
                        } catch (IOException ioe) {
702
                    File keyStoreFile = new File(sslTrustStoreValue);
698
                           // Ignore
703
                    KeyStore ks = KeyStore.getInstance("JKS");
704
                    InputStream is = null;
705
                    try {
706
                        is = new FileInputStream(keyStoreFile);
707
                        ks.load(is, sslTrustStorePwdValue.toCharArray());
708
                    } finally {
709
                        if (is != null) {
710
                            try {
711
                                is.close();
712
                            } catch (IOException ioe) {
713
                                // Ignore
714
                            }
699
                        }
715
                        }
700
                    }
716
                    }
701
                }
702
717
703
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(
718
                    TrustManagerFactory tmf = TrustManagerFactory
704
                        TrustManagerFactory.getDefaultAlgorithm());
719
                            .getInstance(TrustManagerFactory
705
                tmf.init(ks);
720
                                    .getDefaultAlgorithm());
721
                    tmf.init(ks);
706
722
707
                sslContext.init(null, tmf.getTrustManagers(), null);
723
                    sslContext.init(null, tmf.getTrustManagers(), null);
708
            } else {
724
                } else {
709
                sslContext.init(null, null, null);
725
                    sslContext.init(null, null, null);
726
                }
710
            }
727
            }
711
728
712
            SSLEngine engine = sslContext.createSSLEngine();
729
            SSLEngine engine = sslContext.createSSLEngine();
(-)webapps/docs/web-socket-howto.xml (+5 lines)
Lines 128-135 Link Here
128
     <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
128
     <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
129
     <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
129
     <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
130
     <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
130
     <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
131
     <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li>
131
   </ul>
132
   </ul>
132
   <p>The default truststore password is <code>changeit</code>.</p>
133
   <p>The default truststore password is <code>changeit</code>.</p>
134
   
135
<p>Using <code>SSL_CONTEXT</code> property it is possible to provide custom 
136
   SSLContext for WebSocket client. If this property is set, <code>SSL_TRUSTSTORE
137
   </code> will be ignored.</p>
133
</section>
138
</section>
134
139
135
<section name="Deprecated proprietary API">
140
<section name="Deprecated proprietary API">

Return to bug 55801