--- java/org/apache/tomcat/websocket/WsWebSocketContainer.java (revision 1545953)
+++ java/org/apache/tomcat/websocket/WsWebSocketContainer.java (working copy)
@@ -87,6 +87,13 @@
public static final String SSL_TRUSTSTORE_PWD_PROPERTY =
"org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD";
public static final String SSL_TRUSTSTORE_PWD_DEFAULT = "changeit";
+
+ /**
+ * Property name to set to configure used SSLContext.
+ * The value should be an instance of SSLContext.
+ */
+ public static final String SSL_CONTEXT_PROPERTY =
+ "org.apache.tomcat.websocket.SSL_CONTEXT";
/**
* Property name to set to configure the timeout (in milliseconds) when
@@ -671,42 +678,52 @@
throws DeploymentException {
try {
- // Create the SSL Context
- SSLContext sslContext = SSLContext.getInstance("TLS");
+ // SSL Context
+ SSLContext sslContextValue = (SSLContext) userProperties
+ .get(SSL_CONTEXT_PROPERTY);
+
+ SSLContext sslContext;
- // Trust store
- String sslTrustStoreValue =
- (String) userProperties.get(SSL_TRUSTSTORE_PROPERTY);
- if (sslTrustStoreValue != null) {
- String sslTrustStorePwdValue = (String) userProperties.get(
- SSL_TRUSTSTORE_PWD_PROPERTY);
- if (sslTrustStorePwdValue == null) {
- sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
- }
+ if (sslContextValue != null) {
+ sslContext = sslContextValue;
+ } else {
+ sslContext = SSLContext.getInstance("TLS");
- File keyStoreFile = new File(sslTrustStoreValue);
- KeyStore ks = KeyStore.getInstance("JKS");
- InputStream is = null;
- try {
- is = new FileInputStream(keyStoreFile);
- ks.load(is, sslTrustStorePwdValue.toCharArray());
- } finally {
- if (is != null) {
- try {
- is.close();
- } catch (IOException ioe) {
- // Ignore
+ // Trust store
+ String sslTrustStoreValue = (String) userProperties
+ .get(SSL_TRUSTSTORE_PROPERTY);
+ if (sslTrustStoreValue != null) {
+ String sslTrustStorePwdValue = (String) userProperties
+ .get(SSL_TRUSTSTORE_PWD_PROPERTY);
+ if (sslTrustStorePwdValue == null) {
+ sslTrustStorePwdValue = SSL_TRUSTSTORE_PWD_DEFAULT;
+ }
+
+ File keyStoreFile = new File(sslTrustStoreValue);
+ KeyStore ks = KeyStore.getInstance("JKS");
+ InputStream is = null;
+ try {
+ is = new FileInputStream(keyStoreFile);
+ ks.load(is, sslTrustStorePwdValue.toCharArray());
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
}
}
- }
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(ks);
+ TrustManagerFactory tmf = TrustManagerFactory
+ .getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ tmf.init(ks);
- sslContext.init(null, tmf.getTrustManagers(), null);
- } else {
- sslContext.init(null, null, null);
+ sslContext.init(null, tmf.getTrustManagers(), null);
+ } else {
+ sslContext.init(null, null, null);
+ }
}
SSLEngine engine = sslContext.createSSLEngine();
--- webapps/docs/web-socket-howto.xml (revision 1545953)
+++ webapps/docs/web-socket-howto.xml (working copy)
@@ -128,8 +128,13 @@
org.apache.tomcat.websocket.SSL_PROTOCOLS
org.apache.tomcat.websocket.SSL_TRUSTSTORE
org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD
+ org.apache.tomcat.websocket.SSL_CONTEXT
The default truststore password is changeit.
+
+Using SSL_CONTEXT property it is possible to provide custom
+ SSLContext for WebSocket client. If this property is set, SSL_TRUSTSTORE
+ will be ignored.