View | Details | Raw Unified | Return to bug 5143
Collapse All | Expand All

(-)coyote/src/java/org/apache/coyote/tomcat4/CoyoteConnector.java (-20 / +3 lines)
Lines 65-100 Link Here
65
package org.apache.coyote.tomcat4;
65
package org.apache.coyote.tomcat4;
66
66
67
67
68
import java.io.IOException;
69
import java.net.InetAddress;
70
import java.net.ServerSocket;
71
import java.net.Socket;
72
import java.net.UnknownHostException;
73
import java.security.AccessControlException;
74
import java.util.Stack;
75
import java.util.Vector;
68
import java.util.Vector;
76
import java.util.Enumeration;
77
import java.security.KeyStoreException;
78
import java.security.NoSuchAlgorithmException;
79
import java.security.cert.CertificateException;
80
import java.security.UnrecoverableKeyException;
81
import java.security.KeyManagementException;
82
69
83
import org.apache.tomcat.util.IntrospectionUtils;
70
import org.apache.tomcat.util.IntrospectionUtils;
84
71
85
import org.apache.coyote.ActionCode;
86
import org.apache.coyote.ActionHook;
87
import org.apache.coyote.Adapter;
72
import org.apache.coyote.Adapter;
88
import org.apache.coyote.InputBuffer;
89
import org.apache.coyote.OutputBuffer;
90
import org.apache.coyote.ProtocolHandler;
73
import org.apache.coyote.ProtocolHandler;
91
74
92
import org.apache.catalina.Connector;
75
import org.apache.catalina.Connector;
93
import org.apache.catalina.Container;
76
import org.apache.catalina.Container;
94
import org.apache.catalina.HttpRequest;
95
import org.apache.catalina.HttpResponse;
96
import org.apache.catalina.Lifecycle;
77
import org.apache.catalina.Lifecycle;
97
import org.apache.catalina.LifecycleEvent;
98
import org.apache.catalina.LifecycleException;
78
import org.apache.catalina.LifecycleException;
99
import org.apache.catalina.LifecycleListener;
79
import org.apache.catalina.LifecycleListener;
100
import org.apache.catalina.Logger;
80
import org.apache.catalina.Logger;
Lines 1108-1113 Link Here
1108
            IntrospectionUtils.setProperty(protocolHandler, 
1088
            IntrospectionUtils.setProperty(protocolHandler, 
1109
                                           "sSLImplementation", 
1089
                                           "sSLImplementation", 
1110
                                           ssf.getSSLImplementation());
1090
                                           ssf.getSSLImplementation());
1091
			IntrospectionUtils.setProperty(protocolHandler, "cipherSuites",
1092
                                           ssf.getCipherSuites());
1093
1111
        } else {
1094
        } else {
1112
            IntrospectionUtils.setProperty(protocolHandler, "secure", 
1095
            IntrospectionUtils.setProperty(protocolHandler, "secure", 
1113
                                           "" + false);
1096
                                           "" + false);
(-)coyote/src/java/org/apache/coyote/tomcat4/CoyoteServerSocketFactory.java (-9 / +12 lines)
Lines 59-75 Link Here
59
package org.apache.coyote.tomcat4;
59
package org.apache.coyote.tomcat4;
60
60
61
import java.io.File;
61
import java.io.File;
62
import java.io.FileInputStream;
63
import java.io.IOException;
64
import java.net.InetAddress;
62
import java.net.InetAddress;
65
import java.net.ServerSocket;
63
import java.net.ServerSocket;
66
import java.security.KeyStore;
67
import java.security.KeyStoreException;
68
import java.security.NoSuchAlgorithmException;
69
import java.security.UnrecoverableKeyException;
70
import java.security.KeyManagementException;
71
import java.security.Security;
72
import java.security.cert.CertificateException;
73
64
74
65
75
/**
66
/**
Lines 246-251 Link Here
246
        this.sslImplementation = sslImplementation;
237
        this.sslImplementation = sslImplementation;
247
    }
238
    }
248
239
240
    /**
241
    * Cipher suites to use.
242
    */
243
    private String cipherSuites = null;
244
245
    public String getCipherSuites() {
246
        return (this.cipherSuites);
247
    }
248
249
    public void setCipherSuites(String cipherSuites) {
250
        this.cipherSuites = cipherSuites;
251
    }
249
252
250
253
251
    // --------------------------------------------------------- Public Methods
254
    // --------------------------------------------------------- Public Methods
(-)http11/src/java/org/apache/coyote/http11/Http11Protocol.java (-6 / +6 lines)
Lines 63-77 Link Here
63
import java.io.OutputStream;
63
import java.io.OutputStream;
64
64
65
import org.apache.coyote.*;
65
import org.apache.coyote.*;
66
import java.io.*;
67
import java.net.*;
66
import java.net.*;
68
import java.util.*;
67
import java.util.*;
69
import java.text.*;
70
import org.apache.tomcat.util.res.StringManager;
68
import org.apache.tomcat.util.res.StringManager;
71
import org.apache.tomcat.util.IntrospectionUtils;
72
import org.apache.tomcat.util.buf.*;
73
import org.apache.tomcat.util.http.*;
74
import org.apache.tomcat.util.log.*;
75
import org.apache.tomcat.util.net.*;
69
import org.apache.tomcat.util.net.*;
76
70
77
71
Lines 180-185 Link Here
180
    protected Hashtable attributes = new Hashtable();
174
    protected Hashtable attributes = new Hashtable();
181
    protected String socketFactoryName=null;
175
    protected String socketFactoryName=null;
182
    protected String sslImplementationName=null;
176
    protected String sslImplementationName=null;
177
    protected String cipherSuites = null;
183
178
184
    private int maxKeepAliveRequests=100; // as in Apache HTTPD server
179
    private int maxKeepAliveRequests=100; // as in Apache HTTPD server
185
    private int	timeout = 300000;	// 5 minutes as in Apache HTTPD server
180
    private int	timeout = 300000;	// 5 minutes as in Apache HTTPD server
Lines 243-248 Link Here
243
        setAttribute("sslImplementation", valueS);
238
        setAttribute("sslImplementation", valueS);
244
    }
239
    }
245
 	
240
 	
241
    public void setCipherSuites(String valueS) {
242
        cipherSuites = valueS;
243
        setAttribute("cipherSuites", valueS);
244
    }
245
246
    public void setTcpNoDelay( boolean b ) {
246
    public void setTcpNoDelay( boolean b ) {
247
	ep.setTcpNoDelay( b );
247
	ep.setTcpNoDelay( b );
248
        setAttribute("tcpNoDelay", "" + b);
248
        setAttribute("tcpNoDelay", "" + b);
(-)util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (-16 / +41 lines)
Lines 62-76 Link Here
62
import java.net.*;
62
import java.net.*;
63
63
64
import java.security.KeyStore;
64
import java.security.KeyStore;
65
66
import java.security.Security;
65
import java.security.Security;
67
import javax.net.ServerSocketFactory;
66
67
import java.util.StringTokenizer;
68
68
import javax.net.ssl.SSLServerSocket;
69
import javax.net.ssl.SSLServerSocket;
69
import javax.net.ssl.SSLSocket;
70
import javax.net.ssl.SSLSocket;
70
import javax.net.ssl.SSLException;
71
import javax.net.ssl.SSLException;
71
import javax.net.ssl.SSLServerSocketFactory;
72
import javax.net.ssl.SSLServerSocketFactory;
72
import javax.net.ssl.HandshakeCompletedListener;
73
import javax.net.ssl.HandshakeCompletedEvent;
74
73
75
/*
74
/*
76
  1. Make the JSSE's jars available, either as an installed
75
  1. Make the JSSE's jars available, either as an installed
Lines 245-263 Link Here
245
	return asock;
244
	return asock;
246
    }
245
    }
247
     
246
     
248
    /** Set server socket properties ( accepted cipher suites, etc)
247
	/** Set server socket properties ( accepted cipher suites, etc)*/
249
     */
248
    void initServerSocket(ServerSocket ssocket) {
250
    private void initServerSocket(ServerSocket ssocket) {
249
        SSLServerSocket socket = (SSLServerSocket) ssocket;
251
	SSLServerSocket socket=(SSLServerSocket)ssocket;
250
251
        // We enable cipher suites when the socket is connected
252
        // Enabled cipher suites are set based on settings in the
253
        // following priority order.
254
        // 1. The cipherSuites attribute of the connection factory
255
        //    as per server.xml
256
        // 2. The JSSE https.cipherSuites system property
257
        // 3. If none of the above are set, all are enabled
258
        String cipherSuites[];
259
        String cipherSuitesString = (String) attributes.get("cipherSuites");
260
261
        if (cipherSuitesString == null) {
262
            cipherSuitesString =
263
                (String) System.getProperty("https.cipherSuites");
264
        }
265
266
        if (cipherSuitesString == null) {
267
            cipherSuites = socket.getSupportedCipherSuites();
268
        }
269
        else {
270
            StringTokenizer sT =
271
            new StringTokenizer(cipherSuitesString, ",", false);
272
            cipherSuites = new String[sT.countTokens()];
273
            int i = 0;
274
275
            while (sT.hasMoreElements()) {
276
                cipherSuites[i] = sT.nextToken();
277
                i++;
278
            }
279
        }
280
281
        socket.setEnabledCipherSuites(cipherSuites);
252
282
253
	// We enable all cipher suites when the socket is
283
        // we don't know if client auth is needed -
254
	// connected - XXX make this configurable 
284
        // after parsing the request we may re-handshake
255
	String cipherSuites[] = socket.getSupportedCipherSuites();
285
        socket.setNeedClientAuth(clientAuth);
256
	socket.setEnabledCipherSuites(cipherSuites);
257
258
	// we don't know if client auth is needed -
259
	// after parsing the request we may re-handshake
260
	socket.setNeedClientAuth(clientAuth);
261
    }
286
    }
262
287
263
    private KeyStore initKeyStore( String keystoreFile,
288
    private KeyStore initKeyStore( String keystoreFile,

Return to bug 5143