[Pkg-freeipa-devel] tomcatjss: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Jul 23 21:35:29 UTC 2015
build.xml | 6
debian/changelog | 10
debian/control | 3
debian/patches/add-dummy-getprotocol.diff | 31
debian/patches/fix-build.diff | 17
debian/patches/series | 2
src/org/apache/tomcat/util/net/jss/IJSSFactory.java | 9
src/org/apache/tomcat/util/net/jss/IPasswordStore.java | 18
src/org/apache/tomcat/util/net/jss/JSSFactory.java | 11
src/org/apache/tomcat/util/net/jss/JSSImplementation.java | 37
src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 1235 ++++++++------
src/org/apache/tomcat/util/net/jss/JSSSupport.java | 41
src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java | 40
tomcatjss.spec | 20
14 files changed, 884 insertions(+), 596 deletions(-)
New commits:
commit 8228594a17be533c12b12d5b890099f00bc0f03b
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Jul 24 00:31:18 2015 +0300
releasing package tomcatjss version 7.1.2-1
diff --git a/debian/changelog b/debian/changelog
index e19ed94..67513a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-tomcatjss (7.1.2-1) UNRELEASED; urgency=medium
+tomcatjss (7.1.2-1) unstable; urgency=medium
* New upstream release
- support tomcat8
@@ -6,7 +6,7 @@ tomcatjss (7.1.2-1) UNRELEASED; urgency=medium
build-depends.
* fix-build.diff, add-dummy-getprotocol: Fix build. (Closes: #789109)
- -- Timo Aaltonen <tjaalton at debian.org> Thu, 07 May 2015 08:28:11 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Fri, 24 Jul 2015 00:30:09 +0300
tomcatjss (7.1.1-2) unstable; urgency=medium
commit 0544f2ed8d9eee29b6d2a41f27574170e1024adc
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Jul 24 00:29:47 2015 +0300
fix-build.diff, add-dummy-getprotocol: Fix build. (Closes: #789109)
diff --git a/debian/changelog b/debian/changelog
index 62e77ef..e19ed94 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ tomcatjss (7.1.2-1) UNRELEASED; urgency=medium
- support tomcat8
* control: Build using libtomcat8-java, add libcommons-lang-java to
build-depends.
+ * fix-build.diff, add-dummy-getprotocol: Fix build. (Closes: #789109)
-- Timo Aaltonen <tjaalton at debian.org> Thu, 07 May 2015 08:28:11 +0300
diff --git a/debian/patches/add-dummy-getprotocol.diff b/debian/patches/add-dummy-getprotocol.diff
new file mode 100644
index 0000000..a7c9620
--- /dev/null
+++ b/debian/patches/add-dummy-getprotocol.diff
@@ -0,0 +1,31 @@
+From 4bd20b44e0fa191c059f6b311663e7f8b396a5cb Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata at redhat.com>
+Date: Wed, 22 Jul 2015 15:17:04 +0200
+Subject: [PATCH] Added JSSSupport.getProtocol().
+
+A dummy getProtocol() has been added to JSSSupport in order
+to build with newer Tomcat.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1245786
+---
+ src/org/apache/tomcat/util/net/jss/JSSSupport.java | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSupport.java b/src/org/apache/tomcat/util/net/jss/JSSSupport.java
+index e243ca134852cefe7e8353d9b92eb5915004b0e8..4c04034d25396c3f6f3641b2844adb70d6c89100 100755
+--- a/src/org/apache/tomcat/util/net/jss/JSSSupport.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSupport.java
+@@ -97,6 +97,10 @@ class JSSSupport implements SSLSupport {
+ return null;
+ }
+
++ public String getProtocol() throws IOException {
++ return null;
++ }
++
+ public String getSessionId() throws IOException {
+ return null;
+ }
+--
+2.4.6
+
diff --git a/debian/patches/fix-build.diff b/debian/patches/fix-build.diff
new file mode 100644
index 0000000..75f6e98
--- /dev/null
+++ b/debian/patches/fix-build.diff
@@ -0,0 +1,17 @@
+diff --git a/build.xml b/build.xml
+index eaa3bda..a985416 100755
+--- a/build.xml
++++ b/build.xml
+@@ -98,9 +98,9 @@
+ -->
+ <property name="jar.home" value="/usr/share/java" />
+ <property name="commons-logging.jar" value="${jar.home}/commons-logging-api.jar" />
+- <property name="tomcat.lib" value="${jar.home}/tomcat" />
+- <property name="tomcat-coyote.jar" value="${tomcat.lib}/tomcat-coyote.jar" />
+- <property name="jss.home" value="${jnidir}" />
++ <property name="tomcat.lib" value="${jar.home}/" />
++ <property name="tomcat-coyote.jar" value="${tomcat.lib}/tomcat8-coyote.jar" />
++ <property name="jss.home" value="${jar.home}" />
+ <!-- This property is set to '/dirsec' when built on rhel4 -->
+ <property name="dirsec" value="" />
+ <property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..8104d92
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+fix-build.diff
+add-dummy-getprotocol.diff
commit 03b365e2889a2a2a328b5defb528cd73e8f86edc
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Jul 21 17:45:59 2015 +0300
control: Build using libtomcat8-java, add libcommons-lang-java to build-depends.
diff --git a/debian/changelog b/debian/changelog
index a935fa4..62e77ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ tomcatjss (7.1.2-1) UNRELEASED; urgency=medium
* New upstream release
- support tomcat8
+ * control: Build using libtomcat8-java, add libcommons-lang-java to
+ build-depends.
-- Timo Aaltonen <tjaalton at debian.org> Thu, 07 May 2015 08:28:11 +0300
diff --git a/debian/control b/debian/control
index ed296d4..fa993f7 100644
--- a/debian/control
+++ b/debian/control
@@ -8,9 +8,10 @@ Build-Depends:
debhelper (>= 9),
default-jdk,
javahelper,
+ libcommons-lang-java,
libcommons-logging-java,
libjss-java (>= 4.3.1-5),
- libtomcat7-java,
+ libtomcat8-java,
Standards-Version: 3.9.6
Homepage: http://pki.fedoraproject.org
Vcs-Git: git://anonscm.debian.org/pkg-freeipa/tomcatjss.git
commit afa59a72b94af281b7c03f82264d86513e40dfdd
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu May 7 08:29:08 2015 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 7bdc5ac..a935fa4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+tomcatjss (7.1.2-1) UNRELEASED; urgency=medium
+
+ * New upstream release
+ - support tomcat8
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 07 May 2015 08:28:11 +0300
+
tomcatjss (7.1.1-2) unstable; urgency=medium
* control: Add versioned depends on libjss-java with TLS support to the
commit f88189fa69bece09da22fbb218636529f9d531d8
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu May 7 08:27:13 2015 +0300
Imported Upstream version 7.1.2
diff --git a/build.xml b/build.xml
index 1b60236..eaa3bda 100755
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.1.1"/>
- <property name="manifest-version" value="7.1.1"/>
+ <property name="version" value="7.1.2"/>
+ <property name="manifest-version" value="7.1.2"/>
<!--
Set the properties that control various build options
@@ -104,6 +104,7 @@
<!-- This property is set to '/dirsec' when built on rhel4 -->
<property name="dirsec" value="" />
<property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
+ <property name="commons-lang.jar" value="${jar.home}/commons-lang.jar" />
<!--
Classpath
@@ -112,6 +113,7 @@
<pathelement location="${jss.jar}"/>
<pathelement location="${tomcat-coyote.jar}"/>
<pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${commons-lang.jar}"/>
</path>
<!--
diff --git a/src/org/apache/tomcat/util/net/jss/IJSSFactory.java b/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
index 1051767..49c9695 100755
--- a/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
@@ -19,11 +19,14 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
interface IJSSFactory {
public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
+
public SSLSupport getSSLSupport(Socket socket);
}
diff --git a/src/org/apache/tomcat/util/net/jss/IPasswordStore.java b/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
index 0e82134..b0f1d43 100755
--- a/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
+++ b/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
@@ -12,21 +12,27 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
+ *
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
-import java.util.*;
-import java.io.*;
+import java.io.IOException;
+import java.util.Enumeration;
public interface IPasswordStore {
public void init(String pwdPath) throws IOException;
+
+ public String getPassword(String tag, int iteration);
+
public String getPassword(String tag);
- public Enumeration getTags();
+
+ public Enumeration<String> getTags();
+
public Object putPassword(String tag, String password);
- public void commit()
- throws IOException, ClassCastException, NullPointerException;
+
+ public void commit() throws IOException, ClassCastException,
+ NullPointerException;
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSFactory.java b/src/org/apache/tomcat/util/net/jss/JSSFactory.java
index 7e09cba..601ddfe 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSFactory.java
@@ -19,9 +19,12 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import org.mozilla.jss.ssl.SSLSocket;
class JSSFactory implements IJSSFactory {
JSSFactory() {
@@ -32,6 +35,6 @@ class JSSFactory implements IJSSFactory {
}
public SSLSupport getSSLSupport(Socket socket) {
- return new JSSSupport((SSLSocket)socket);
+ return new JSSSupport((SSLSocket) socket);
}
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
index 312bae1..5646c4d 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
@@ -20,21 +20,19 @@
package org.apache.tomcat.util.net.jss;
import java.net.Socket;
-import java.io.*;
+
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
-public class JSSImplementation extends SSLImplementation
-{
- static final String JSSFactory =
- "org.apache.tomcat.util.net.jss.JSSFactory";
+public class JSSImplementation extends SSLImplementation {
+ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
- static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(JSSImplementation.class);
+ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
+ .getLog(JSSImplementation.class);
private JSSFactory factory = null;
@@ -43,9 +41,9 @@ public class JSSImplementation extends SSLImplementation
try {
Class factcl = Class.forName(JSSFactory);
- factory = (JSSFactory)factcl.newInstance();
+ factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
- if(logger.isDebugEnabled())
+ if (logger.isDebugEnabled())
logger.debug("Error getting factory: " + JSSFactory, e);
}
}
@@ -54,8 +52,7 @@ public class JSSImplementation extends SSLImplementation
return "JSS";
}
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint)
- {
+ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
return ssf;
}
@@ -68,28 +65,28 @@ public class JSSImplementation extends SSLImplementation
public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
/*
- * The Tomcat 6.0.26 docs says:
- * This method has been deprecated since it adds a JSSE dependency
- * to this interface. It will be removed in versions after 6.0.x.
- *
+ * The Tomcat 6.0.26 docs says: This method has been deprecated since it
+ * adds a JSSE dependency to this interface. It will be removed in
+ * versions after 6.0.x.
+ *
* But we have to provide a implementation of this method because it's
* declared as abstract.
- *
+ *
* Unfortunately there does not appear to be any way to get SSLSupport
* information from a session with JSS. JSS looks up the information
* based on a socket, not a session. This done in SSLSocket.c
* Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
- *
+ *
* So while it would be nice to provide a working implmentation there
* doesn't seem to be an easy way to do this. Given that this method is
* already deprecated and there hasn't been any evidence of it being
* called it therefore seems reasonable to just return null to satify
* the compiler's demand for an implementation.
- *
+ *
* Once this abstract method is removed from SSLImplementation in a
* future release we can remove this stub.
- *
- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
+ *
+ * NOTE: This method has NOT yet been deprecated in Tomcat 7!
*/
return null;
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index 1ea3ad4..7576618 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -12,371 +12,509 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
+ *
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
-import java.util.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.security.GeneralSecurityException;
import java.text.SimpleDateFormat;
-import java.lang.Thread;
-import java.lang.NumberFormatException;
-import org.mozilla.jss.ssl.*;
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.util.*;
-import org.mozilla.jss.pkcs11.*;
-import java.net.*;
-import java.io.*;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.StringTokenizer;
-// Imports required to "implement" Tomcat 7 Interface
-import org.apache.tomcat.util.net.AbstractEndpoint;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
-public class JSSSocketFactory
- implements org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
-
- private static HashMap cipherMap = new HashMap();
+import org.apache.commons.lang.StringUtils;
+// Imports required to "implement" Tomcat 7 Interface
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.mozilla.jss.CertDatabaseException;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.CryptoManager.NotInitializedException;
+import org.mozilla.jss.KeyDatabaseException;
+import org.mozilla.jss.NoSuchTokenException;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.TokenException;
+import org.mozilla.jss.ssl.SSLServerSocket;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.util.IncorrectPasswordException;
+import org.mozilla.jss.util.Password;
+
+public class JSSSocketFactory implements
+ org.apache.tomcat.util.net.ServerSocketFactory,
+ org.apache.tomcat.util.net.SSLUtil {
+
+ private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
static {
// SSLv2
- cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
- cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5", SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_64_CBC_WITH_MD5", SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5", SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_64_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
// SSLv3
- cipherMap.put("SSL3_RSA_WITH_NULL_MD5", SSLSocket.SSL3_RSA_WITH_NULL_MD5);
- cipherMap.put("SSL3_RSA_WITH_NULL_SHA", SSLSocket.SSL3_RSA_WITH_NULL_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5", SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA", SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA", SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5", SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
-
- cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
-
+ cipherMap.put("SSL3_RSA_WITH_NULL_MD5",
+ SSLSocket.SSL3_RSA_WITH_NULL_MD5);
+ cipherMap.put("SSL3_RSA_WITH_NULL_SHA",
+ SSLSocket.SSL3_RSA_WITH_NULL_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
+
+ cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
+
// TLS
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
-
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA", SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
// ECC
- cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA", SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
-
- //TLSv1_2
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
- cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
+
+ // TLSv1_2
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_NULL_SHA256",
+ SSLSocket.TLS_RSA_WITH_NULL_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
+ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
}
- private static HashMap eccCipherMap = new HashMap();
+ private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
static {
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA,
+ "TLS_ECDHE_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA,
+ "TLS_ECDH_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
}
private AbstractEndpoint endpoint;
- static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(JSSSocketFactory.class);
+ static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
+ .getLog(JSSSocketFactory.class);
protected static boolean ocspConfigured = false;
protected boolean requireClientAuth = false;
protected boolean wantClientAuth = false;
- private Vector enabledCiphers = new Vector();
private boolean initialized = false;
private String serverCertNick = "";
- private String mServerCertNickPath ="";
- private String mPwdPath ="";
- private String mPwdClass ="";
+ private String mServerCertNickPath = "";
+ private String mPwdPath = "";
+ private String mPwdClass = "";
private static final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
- private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(DATE_PATTERN);
+ private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(
+ DATE_PATTERN);
FileWriter debugFile = null;
boolean debug = false;
private IPasswordStore mPasswordStore = null;
private boolean mStrictCiphers = false;
+ private static final int MAX_PW_ATTEMPTS = 3;
- public JSSSocketFactory (AbstractEndpoint endpoint) {
+ public JSSSocketFactory(AbstractEndpoint endpoint) {
this.endpoint = endpoint;
}
private void debugWrite(String m) throws IOException {
- if (debug) {
+ if (debug) {
String timeStamp = timeStampFormat.format(new Date());
String threadName = Thread.currentThread().getName();
- debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
+ debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
}
}
- public void setSSLCiphers(String attr) throws SocketException, IOException
- {
- String ciphers = (String)endpoint.getAttribute(attr);
- if (ciphers == null || ciphers.equals("")) {
- debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
- return;
- }
- StringTokenizer st = new StringTokenizer(ciphers, ",");
- while (st.hasMoreTokens()) {
- String cipherstr = st.nextToken();
- int cipherid = 0;
- String text;
- boolean state;
-
- if (cipherstr.startsWith("+")) {
- state = true;
- text = cipherstr.substring(1);
- } else if (cipherstr.startsWith("-")) {
- state = false;
- text = cipherstr.substring(1);
- } else {
- state = true; // no enable/disable flag, assume enable
- text = cipherstr;
+ public void setSSLCiphers(String attr) throws SocketException, IOException {
+ String ciphers = getEndpointAttribute(attr);
+ if (StringUtils.isEmpty(ciphers)) {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
}
-
- if (text.startsWith("0x") || text.startsWith("0X")) {
- // this allows us to specify new ciphers
- try {
- cipherid = Integer.parseInt(text.substring(2), 16);
- }
- catch (Exception e) {
- System.err.println("Error: SSL cipher \"\""+text+"\" cannot be read as an integer");
- continue;
+ StringTokenizer st = new StringTokenizer(ciphers, ",");
+ while (st.hasMoreTokens()) {
+ String cipherstr = st.nextToken();
+ int cipherid = 0;
+ String text;
+ boolean state;
+
+ if (cipherstr.startsWith("+")) {
+ state = true;
+ text = cipherstr.substring(1);
+ } else if (cipherstr.startsWith("-")) {
+ state = false;
+ text = cipherstr.substring(1);
+ } else {
+ state = true; // no enable/disable flag, assume enable
+ text = cipherstr;
}
- } else {
- Object mapValue;
- mapValue = cipherMap.get(text);
- if (mapValue == null) {
- cipherid = 0;
+ if (text.startsWith("0x") || text.startsWith("0X")) {
+ // this allows us to specify new ciphers
+ try {
+ cipherid = Integer.parseInt(text.substring(2), 16);
+ } catch (Exception e) {
+ System.err.println("Error: SSL cipher \"\"" + text
+ + "\" cannot be read as an integer");
+ continue;
+ }
} else {
- cipherid = (Integer)mapValue;
- }
- }
- if (cipherid != 0) {
- try {
- debugWrite("JSSSocketFactory setSSLCiphers: "+
- cipherstr+": 0x"+Integer.toHexString(cipherid) +"\n");
- SSLSocket.setCipherPreferenceDefault(cipherid, state);
- }
- catch (Exception e) {
- if (eccCipherMap.containsKey(cipherid)) {
- System.err.println("Warning: SSL ECC cipher \""+text+"\" unsupported by NSS. "+
- "This is probably O.K. unless ECC support has been installed.");
+ Object mapValue;
+
+ mapValue = cipherMap.get(text);
+ if (mapValue == null) {
+ cipherid = 0;
} else {
- System.err.println("Error: SSL cipher \""+text+"\" unsupported by NSS");
+ cipherid = (Integer) mapValue;
}
}
- } else {
- System.err.println("Error: SSL cipher \""+text+"\" not recognized by tomcatjss");
+ if (cipherid != 0) {
+ try {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
+ SSLSocket.setCipherPreferenceDefault(cipherid, state);
+ } catch (Exception e) {
More information about the Pkg-freeipa-devel
mailing list