[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][upstream] 7 commits: Remove warning with tomcatjss and tomcat-native
Timo Aaltonen
gitlab at salsa.debian.org
Sat Oct 31 17:33:41 GMT 2020
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / tomcatjss
Commits:
7ac6223e by Alexander Scheel at 2020-07-31T11:01:10+10:00
Remove warning with tomcatjss and tomcat-native
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
5dc91a33 by Alexander Scheel at 2020-08-18T16:08:01-04:00
Migrate GitHub workflows
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f1d8c010 by Alexander Scheel at 2020-08-18T16:23:42-04:00
Switch to JDK8 source/target compatibility
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
30fd7d48 by Alexander Scheel at 2020-09-02T12:50:53-04:00
Support only modern Tomcat versions
Tomcat 7 and Tomcat 8 < 8.5 aren't supported anywhere in RHEL or Fedora;
anyone wishing to use newer versions of TomcatJSS should upgrade to
Tomcat 9.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
5dbab49f by Alexander Scheel at 2020-09-02T12:50:53-04:00
Remove legacy TLS configuration
This configuration affects all NSS TLS sockets, rather than applying to
a specific instance. Additionally, with the removal of the legacy Tomcat
configuration, this code isn't used any more within TomcatJSS; its
effects unfortunately spread into Dogtag PKI. This will allow us to
conform more closely with crypto-policies.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
18249585 by Alexander Scheel at 2020-09-17T14:03:45-04:00
Port TomcatJSS to apache-commons-lang-3
Credits: Fabio "decathorpe" Valentini
Resolves: https://pagure.io/tomcatjss/issue/13
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d7f75a2e by Endi S. Dewata at 2020-10-20T15:38:11-05:00
Update version number to 7.6.0
- - - - -
18 changed files:
- .classpath
- .github/workflows/required.yml
- build.xml
- src/org/apache/tomcat/util/net/jss/TomcatJSS.java
- src/org/dogtagpki/tomcat/Http11NioProtocol.java
- − tomcat-7.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
- − tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java
- − tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
- − tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
- − tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSupport.java
- − tomcat-7.0/src/org/dogtagpki/tomcat/Http11Protocol.java
- − tomcat-8.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
- − tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java
- − tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
- − tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
- − tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSSupport.java
- − tomcat-8.0/src/org/dogtagpki/tomcat/Http11Protocol.java
- tomcatjss.spec
Changes:
=====================================
.classpath
=====================================
@@ -3,7 +3,7 @@
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="tomcat-8.5/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/apache-commons-lang3.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
<classpathentry kind="lib" path="/usr/lib/java/jss4.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
=====================================
.github/workflows/required.yml
=====================================
@@ -8,7 +8,7 @@ jobs:
container: ${{ matrix.image }}
strategy:
matrix:
- image: ['fedora:30', 'fedora:31']
+ image: ['fedora:31', 'fedora:latest']
steps:
- run: dnf install -y dnf-plugins-core gcc make rpm-build git
- name: Clone the repository
=====================================
build.xml
=====================================
@@ -20,7 +20,7 @@
<project name="tomcatjss" default="main" basedir=".">
<!--
Give user a chance to override without editing this file
- (and without typing -D each time it compiles it)
+ (and without typing -D each time it compiles it)
-->
<property file=".ant.properties"/>
@@ -111,7 +111,7 @@
<!-- This property is set to '/dirsec' when built on rhel4 -->
<property name="dirsec" value="" />
<property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
- <property name="commons-lang.jar" value="${jar.home}/commons-lang.jar" />
+ <property name="commons-lang3.jar" value="${jar.home}/commons-lang3.jar" />
<!--
Classpath
@@ -123,7 +123,7 @@
<pathelement location="${tomcat-coyote.jar}"/>
<pathelement location="${tomcat-juli.jar}"/>
<pathelement location="${commons-logging.jar}"/>
- <pathelement location="${commons-lang.jar}"/>
+ <pathelement location="${commons-lang3.jar}"/>
<pathelement location="${slf4j-api.jar}"/>
</path>
@@ -217,7 +217,7 @@
description="compile the source " >
<!-- Compile the java code from ${src} into ${build} -->
<mkdir dir="${build.classes}"/>
- <javac debug="on" destdir="${build.classes}">
+ <javac debug="on" destdir="${build.classes}" source="1.8" target="1.8">
<src path="src"/>
<src path="${src.dir}"/>
<classpath refid="classpath"/>
=====================================
src/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
@@ -37,21 +37,18 @@ import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.InitializationValues;
import org.mozilla.jss.NoSuchTokenException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.ssl.SSLAlertEvent;
-import org.mozilla.jss.ssl.SSLCipher;
import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
import org.mozilla.jss.ssl.SSLProtocolVariant;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
import org.mozilla.jss.ssl.SSLSocketListener;
-import org.mozilla.jss.ssl.SSLVersion;
-import org.mozilla.jss.ssl.SSLVersionRange;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
@@ -94,8 +91,6 @@ public class TomcatJSS implements SSLSocketListener {
String strictCiphers;
boolean boolStrictCiphers;
- String sslVersionRangeStream;
- String sslVersionRangeDatagram;
String sslRangeCiphers;
String sslOptions;
@@ -237,70 +232,6 @@ public class TomcatJSS implements SSLSocketListener {
this.ocspTimeout = ocspTimeout;
}
- public String getStrictCiphers() {
- return strictCiphers;
- }
-
- public void setStrictCiphers(String strictCiphers) {
- this.strictCiphers = strictCiphers;
- }
-
- public String getSslVersionRangeStream() {
- return sslVersionRangeStream;
- }
-
- public void setSslVersionRangeStream(String sslVersionRangeStream) {
- this.sslVersionRangeStream = sslVersionRangeStream;
- }
-
- public String getSslVersionRangeDatagram() {
- return sslVersionRangeDatagram;
- }
-
- public void setSslVersionRangeDatagram(String sslVersionRangeDatagram) {
- this.sslVersionRangeDatagram = sslVersionRangeDatagram;
- }
-
- public String getSslRangeCiphers() {
- return sslRangeCiphers;
- }
-
- public void setSslRangeCiphers(String sslRangeCiphers) {
- this.sslRangeCiphers = sslRangeCiphers;
- }
-
- public String getSslOptions() {
- return sslOptions;
- }
-
- public void setSslOptions(String sslOptions) {
- this.sslOptions = sslOptions;
- }
-
- public String getSsl2Ciphers() {
- return ssl2Ciphers;
- }
-
- public void setSsl2Ciphers(String ssl2Ciphers) {
- this.ssl2Ciphers = ssl2Ciphers;
- }
-
- public String getSsl3Ciphers() {
- return ssl3Ciphers;
- }
-
- public void setSsl3Ciphers(String ssl3Ciphers) {
- this.ssl3Ciphers = ssl3Ciphers;
- }
-
- public String getTlsCiphers() {
- return tlsCiphers;
- }
-
- public void setTlsCiphers(String tlsCiphers) {
- this.tlsCiphers = tlsCiphers;
- }
-
public void loadJSSConfig(String jssConf) throws Exception {
File configFile = new File(jssConf);
loadJSSConfig(configFile);
@@ -355,38 +286,6 @@ public class TomcatJSS implements SSLSocketListener {
String ocspTimeout = config.getProperty("ocspTimeout");
if (StringUtils.isNotEmpty(ocspTimeout))
setOcspTimeout(Integer.parseInt(ocspTimeout));
-
- String strictCiphers = config.getProperty("strictCiphers");
- if (strictCiphers != null)
- setStrictCiphers(strictCiphers);
-
- String sslVersionRangeStream = config.getProperty("sslVersionRangeStream");
- if (sslVersionRangeStream != null)
- setSslVersionRangeStream(sslVersionRangeStream);
-
- String sslVersionRangeDatagram = config.getProperty("sslVersionRangeDatagram");
- if (sslVersionRangeDatagram != null)
- setSslVersionRangeDatagram(sslVersionRangeDatagram);
-
- String sslRangeCiphers = config.getProperty("sslRangeCiphers");
- if (sslRangeCiphers != null)
- setSslRangeCiphers(sslRangeCiphers);
-
- String sslOptions = config.getProperty("sslOptions");
- if (sslOptions != null)
- setSslOptions(sslOptions);
-
- String ssl2Ciphers = config.getProperty("ssl2Ciphers");
- if (ssl2Ciphers != null)
- setSsl2Ciphers(ssl2Ciphers);
-
- String ssl3Ciphers = config.getProperty("ssl3Ciphers");
- if (ssl3Ciphers != null)
- setSsl3Ciphers(ssl3Ciphers);
-
- String tlsCiphers = config.getProperty("tlsCiphers");
- if (tlsCiphers != null)
- setTlsCiphers(tlsCiphers);
}
public void loadTomcatConfig(String serverXml) throws Exception {
@@ -455,38 +354,6 @@ public class TomcatJSS implements SSLSocketListener {
String ocspTimeout = connector.getAttribute("ocspTimeout");
if (StringUtils.isNotEmpty(ocspTimeout))
setOcspTimeout(Integer.parseInt(ocspTimeout));
-
- String strictCiphers = connector.getAttribute("strictCiphers");
- if (strictCiphers != null)
- setStrictCiphers(strictCiphers);
-
- String sslVersionRangeStream = connector.getAttribute("sslVersionRangeStream");
- if (sslVersionRangeStream != null)
- setSslVersionRangeStream(sslVersionRangeStream);
-
- String sslVersionRangeDatagram = connector.getAttribute("sslVersionRangeDatagram");
- if (sslVersionRangeDatagram != null)
- setSslVersionRangeDatagram(sslVersionRangeDatagram);
-
- String sslRangeCiphers = connector.getAttribute("sslRangeCiphers");
- if (sslRangeCiphers != null)
- setSslRangeCiphers(sslRangeCiphers);
-
- String sslOptions = connector.getAttribute("sslOptions");
- if (sslOptions != null)
- setSslOptions(sslOptions);
-
- String ssl2Ciphers = connector.getAttribute("ssl2Ciphers");
- if (ssl2Ciphers != null)
- setSsl2Ciphers(ssl2Ciphers);
-
- String ssl3Ciphers = connector.getAttribute("ssl3Ciphers");
- if (ssl3Ciphers != null)
- setSsl3Ciphers(ssl3Ciphers);
-
- String tlsCiphers = connector.getAttribute("tlsCiphers");
- if (tlsCiphers != null)
- setTlsCiphers(tlsCiphers);
}
public void init() throws Exception {
@@ -566,54 +433,6 @@ public class TomcatJSS implements SSLSocketListener {
// 12 hours = 43200 seconds
SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
- logger.debug("strictCiphers: " + strictCiphers);
- if ("true".equalsIgnoreCase(strictCiphers)) {
- boolStrictCiphers = true;
-
- } else if ("yes".equalsIgnoreCase(strictCiphers)) {
- boolStrictCiphers = true;
- logger.warn("The \"yes\" value for strictCiphers has been deprecated. Use \"true\" instead.");
- }
-
- if (boolStrictCiphers) {
- // what ciphers do we have to start with? turn them all off
- unsetSSLCiphers();
- }
-
- logger.debug("sslVersionRangeStream: " + sslVersionRangeStream);
- if (StringUtils.isNotEmpty(sslVersionRangeStream)) {
- setSSLVersionRangeDefault(
- "STREAM",
- SSLProtocolVariant.STREAM,
- sslVersionRangeStream);
- }
-
- logger.debug("sslVersionRangeDatagram: " + sslVersionRangeDatagram);
- if (StringUtils.isNotEmpty(sslVersionRangeDatagram)) {
- setSSLVersionRangeDefault(
- "DATA_GRAM",
- SSLProtocolVariant.DATA_GRAM,
- sslVersionRangeDatagram);
- }
-
- /*
- * According to NSS: the SSL_OptionSet-based API for controlling the
- * enabled protocol versions are obsolete and replaced by the
- * setSSLVersionRange calls. Therefore, if the "range" parameters
- * are present in the attributes then the sslOptions parameter is
- * ignored. Using the new version range API in conjunction with the
- * older SSL_OptionSet-based API for controlling the enabled
- * protocol versions may cause unexpected results
- */
- if (StringUtils.isNotEmpty(sslVersionRangeStream)
- || StringUtils.isNotEmpty(sslVersionRangeDatagram)) {
- /* deliberately lose the ssl2 here */
- setSSLCiphers("sslRangeCiphers", sslRangeCiphers);
-
- } else {
- setSSLOptions();
- }
-
logger.info("TomcatJSS: initialization complete");
initialized = true;
@@ -744,195 +563,6 @@ public class TomcatJSS implements SSLSocketListener {
manager.setOCSPTimeout(ocspTimeout);
}
- /**
- * Disables all SSL ciphers to start with a clean slate.
- */
- public void unsetSSLCiphers() throws SocketException {
-
- logger.debug("Disabling SSL ciphers:");
-
- int[] cipherIDs = SSLSocket.getImplementedCipherSuites();
- if (cipherIDs == null) return;
-
- for (int cipherID : cipherIDs) {
-
- StringBuilder sb = new StringBuilder();
- sb.append("* 0x");
- sb.append(Integer.toHexString(cipherID));
-
- SSLCipher cipher = SSLCipher.valueOf(cipherID);
- if (cipher != null) {
- sb.append(": ");
- sb.append(cipher.name());
- }
-
- logger.debug(sb.toString());
-
- SSLSocket.setCipherPreferenceDefault(cipherID, false);
- }
- }
-
- /**
- * setSSLVersionRangeDefault sets the range of allowed SSL versions. This
- * replaces the obsolete SSL_Option* API.
- *
- * @param protoVariant indicates whether this setting is for type "stream"
- * or "datagram".
- *
- * @param sslVersionRange_s takes on the form of "min:max" where min/max
- * values can be "ssl3, tls1_0, tls1_1, tls1_2, tls1_3". ssl2 is not
- * supported for tomcatjss via this interface. The format is
- * "sslVersionRange=min:max".
- */
- public void setSSLVersionRangeDefault(
- String type,
- SSLProtocolVariant protoVariant,
- String sslVersionRange_s) throws SocketException,
- IllegalArgumentException, IOException {
-
- String[] sslVersionRange = sslVersionRange_s.split(":");
- if (sslVersionRange.length != 2) {
- throw new SocketException("SSL version range format error: " + sslVersionRange_s);
- }
-
- String min_s = sslVersionRange[0];
- String max_s = sslVersionRange[1];
-
- logger.debug("Setting SSL version range for " + type + ":");
- logger.debug("* min: " + min_s);
- logger.debug("* max: " + max_s);
-
- SSLVersion minVersion = SSLVersion.findByAlias(min_s);
- SSLVersion maxVersion = SSLVersion.findByAlias(max_s);
-
- SSLVersionRange range = new SSLVersionRange(minVersion, maxVersion);
- range = SSLSocket.boundSSLVersionRange(SSLProtocolVariant.STREAM, range);
-
- logger.debug("Actual SSL version range for " + type + " after system policy correction:");
- logger.debug("* min: " + range.getMinVersion());
- logger.debug("* max: " + range.getMaxVersion());
- SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
- }
-
- public void setSSLCiphers(String attr, String ciphers) throws SocketException, IOException {
-
- if (StringUtils.isEmpty(ciphers)) {
- logger.debug("Missing " + attr);
- return;
- }
-
- logger.debug("Processing " + attr + ":");
- StringTokenizer st = new StringTokenizer(ciphers, ", ");
- while (st.hasMoreTokens()) {
- String cipherStr = st.nextToken();
-
- String name;
- boolean enabled;
-
- if (cipherStr.startsWith("+")) {
- enabled = true;
- name = cipherStr.substring(1);
- } else if (cipherStr.startsWith("-")) {
- enabled = false;
- name = cipherStr.substring(1);
- } else {
- enabled = true; // no enable/disable flag, assume enable
- name = cipherStr;
- }
-
- logger.debug("* " + name);
- logger.debug(" enabled: " + enabled);
-
- int cipherID;
-
- if (name.startsWith("0x") || name.startsWith("0X")) {
- // this allows us to specify new ciphers
- try {
- cipherID = Integer.parseInt(name.substring(2), 16);
- } catch (Exception e) {
- logger.error("Invalid SSL cipher: " + name);
- continue;
- }
- } else {
- try {
- SSLCipher cipher = SSLCipher.valueOf(name);
- cipherID = cipher.getID();
- } catch (IllegalArgumentException e) {
- logger.error("Unknown SSL cipher: " + name);
- continue;
- }
- }
-
- logger.debug(" ID: 0x" + Integer.toHexString(cipherID));
-
- try {
- SSLSocket.setCipherPreferenceDefault(cipherID, enabled);
-
- } catch (Exception e) {
- logger.warn("Unable to set SSL cipher preference: " + e);
- SSLCipher cipher = SSLCipher.valueOf(cipherID);
- if (cipher != null && cipher.isECC()) {
- logger.warn("SSL ECC cipher \""
- + name
- + "\" unsupported by NSS. "
- + "This is probably O.K. unless ECC support has been installed.");
- } else {
- logger.error("SSL cipher \"" + name
- + "\" unsupported by NSS");
- }
- }
- }
- }
-
- /**
- * note: the SSL_OptionSet-based API for controlling the enabled protocol
- * versions are obsolete and replaced by the setSSLVersionRange calls. If
- * the "range" parameters are present in the attributes then the sslOptions
- * parameter is ignored.
- */
- public void setSSLOptions() throws SocketException, IOException {
-
- if (StringUtils.isEmpty(sslOptions)) {
- logger.debug("JSSSocketFactory: no sslOptions specified");
- return;
- }
-
- logger.debug("JSSSocketFactory: Processing sslOptions:");
- StringTokenizer st = new StringTokenizer(sslOptions, ", ");
- while (st.hasMoreTokens()) {
- String option = st.nextToken();
- logger.debug("JSSSocketFactory: - " + option);
-
- StringTokenizer st1 = new StringTokenizer(option, "=");
- String name = st1.nextToken();
- String value = st1.nextToken();
- if (name.equals("ssl2")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL2Default(true);
- setSSLCiphers("ssl2Ciphers", ssl2Ciphers);
- } else {
- SSLSocket.enableSSL2Default(false);
- }
- }
- if (name.equals("ssl3")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL3Default(true);
- setSSLCiphers("ssl3Ciphers", ssl3Ciphers);
- } else {
- SSLSocket.enableSSL3Default(false);
- }
- }
- if (name.equals("tls")) {
- if (value.equals("true")) {
- SSLSocket.enableTLSDefault(true);
- setSSLCiphers("tlsCiphers", tlsCiphers);
- } else {
- SSLSocket.enableTLSDefault(false);
- }
- }
- }
- }
-
@Override
public void alertReceived(SSLAlertEvent event) {
for (SSLSocketListener listener : socketListeners) {
=====================================
src/org/dogtagpki/tomcat/Http11NioProtocol.java
=====================================
@@ -103,70 +103,6 @@ public class Http11NioProtocol extends org.apache.coyote.http11.Http11NioProtoco
tomcatjss.setOcspTimeout(ocspTimeout);
}
- public String getStrictCiphers() {
- return tomcatjss.getStrictCiphers();
- }
-
- public void setStrictCiphers(String strictCiphers) {
- tomcatjss.setStrictCiphers(strictCiphers);
- }
-
- public String getSslVersionRangeStream() {
- return tomcatjss.getSslVersionRangeStream();
- }
-
- public void setSslVersionRangeStream(String sslVersionRangeStream) {
- tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
- }
-
- public String getSslVersionRangeDatagram() {
- return tomcatjss.getSslVersionRangeDatagram();
- }
-
- public void setSslVersionRangeDatagram(String sslVersionRangeDatagram) {
- tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);;
- }
-
- public String getSslRangeCiphers() {
- return tomcatjss.getSslRangeCiphers();
- }
-
- public void setSslRangeCiphers(String sslRangeCiphers) {
- tomcatjss.setSslRangeCiphers(sslRangeCiphers);
- }
-
- public String getSslOptions() {
- return tomcatjss.getSslOptions();
- }
-
- public void setSslOptions(String sslOptions) {
- tomcatjss.setSslOptions(sslOptions);
- }
-
- public String getSsl2Ciphers() {
- return tomcatjss.getSsl2Ciphers();
- }
-
- public void setSsl2Ciphers(String ssl2Ciphers) {
- tomcatjss.setSsl2Ciphers(ssl2Ciphers);
- }
-
- public String getSsl3Ciphers() {
- return tomcatjss.getSsl3Ciphers();
- }
-
- public void setSsl3Ciphers(String ssl3Ciphers) {
- tomcatjss.setSsl3Ciphers(ssl3Ciphers);
- }
-
- public String getTlsCiphers() {
- return tomcatjss.getTlsCiphers();
- }
-
- public void setTlsCiphers(String tlsCiphers) {
- tomcatjss.setTlsCiphers(tlsCiphers);
- }
-
public void setKeystorePassFile(String keystorePassFile) {
try {
Path path = Paths.get(keystorePassFile);
=====================================
tomcat-7.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java deleted
=====================================
@@ -1,33 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-
-interface IJSSFactory {
- public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config);
-
- public SSLSupport getSSLSupport(Socket socket);
-}
=====================================
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java deleted
=====================================
@@ -1,41 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-import org.mozilla.jss.ssl.SSLSocket;
-
-class JSSFactory implements IJSSFactory {
- JSSFactory() {
- }
-
- public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
- return new JSSSocketFactory(endpoint, config);
- }
-
- public SSLSupport getSSLSupport(Socket socket) {
- return new JSSSupport((SSLSocket) socket);
- }
-}
=====================================
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java deleted
=====================================
@@ -1,113 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.SSLUtil;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class JSSImplementation extends SSLImplementation {
-
- public static Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
-
- static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
- static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
-
- private JSSFactory factory = null;
-
- public JSSImplementation() throws ClassNotFoundException {
- Class.forName(SSLSocketClass);
-
- try {
- Class<?> factcl = Class.forName(JSSFactory);
- factory = (JSSFactory) factcl.newInstance();
- } catch (Exception e) {
- logger.error("Error getting factory: " + JSSFactory, e);
- }
- }
-
- public String getImplementationName() {
- return "JSS";
- }
-
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
-
- Properties config = new Properties();
-
- try {
- String configFile = System.getProperty("catalina.base") + "/conf/tomcatjss.conf";
- config.load(new FileReader(configFile));
- } catch (FileNotFoundException e) {
- // ignore
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
-
- return factory.getSocketFactory(endpoint, config);
- }
-
- public SSLSupport getSSLSupport(Socket s) {
- SSLSupport ssls = null;
- ssls = factory.getSSLSupport(s);
- return ssls;
- }
-
- public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
- /*
- * The Tomcat 6.0.26 docs says: This method has been deprecated since it
- * adds a JSSE dependency to this interface. It will be removed in
- * versions after 6.0.x.
- *
- * But we have to provide a implementation of this method because it's
- * declared as abstract.
- *
- * Unfortunately there does not appear to be any way to get SSLSupport
- * information from a session with JSS. JSS looks up the information
- * based on a socket, not a session. This done in SSLSocket.c
- * Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
- *
- * So while it would be nice to provide a working implmentation there
- * doesn't seem to be an easy way to do this. Given that this method is
- * already deprecated and there hasn't been any evidence of it being
- * called it therefore seems reasonable to just return null to satify
- * the compiler's demand for an implementation.
- *
- * Once this abstract method is removed from SSLImplementation in a
- * future release we can remove this stub.
- *
- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
- */
- return null;
- }
-
- public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint) {
- return null;
- }
-}
=====================================
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java deleted
=====================================
@@ -1,272 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
-import java.util.Properties;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-
-// Imports required to "implement" Tomcat 7 Interface
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.mozilla.jss.ssl.SSLServerSocket;
-import org.mozilla.jss.ssl.SSLSocket;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class JSSSocketFactory implements
- org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
-
- public static Logger logger = LoggerFactory.getLogger(JSSSocketFactory.class);
-
- TomcatJSS tomcatjss = TomcatJSS.getInstance();
-
- private AbstractEndpoint<?> endpoint;
- private Properties config;
-
- public JSSSocketFactory(AbstractEndpoint<?> endpoint) {
- this(endpoint, null);
- }
-
- public JSSSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
- this.endpoint = endpoint;
- this.config = config;
-
- try {
- init();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- String getProperty(String tag) {
-
- // check <catalina.base>/conf/server.xml
- String value = (String)endpoint.getAttribute(tag);
-
- // if not available, check <catalina.base>/conf/tomcatjss.conf
- if (value == null) {
- value = config.getProperty(tag);
- }
-
- return value;
- }
-
- String getProperty(String tag, String defaultValue) {
- String value = getProperty(tag);
- if (value == null) {
- return defaultValue;
- }
- return value;
- }
-
- void init() throws IOException {
- try {
- String certdbDir = getProperty("certdbDir");
- tomcatjss.setCertdbDir(certdbDir);
-
- String passwordClass = getProperty("passwordClass");
- tomcatjss.setPasswordClass(passwordClass);
-
- String passwordFile = getProperty("passwordFile");
- tomcatjss.setPasswordFile(passwordFile);
-
- String serverCertNickFile = getProperty("serverCertNickFile");
- tomcatjss.setServerCertNickFile(serverCertNickFile);
-
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
- String clientAuth = getProperty("clientauth");
- if (clientAuth != null) {
- tomcatjss.setClientAuth(clientAuth);
- }
-
- String strEnableOCSP = getProperty("enableOCSP");
- boolean enableOCSP = Boolean.parseBoolean(strEnableOCSP);
- tomcatjss.setEnableOCSP(enableOCSP);
-
- String ocspResponderURL = getProperty("ocspResponderURL");
- tomcatjss.setOcspResponderURL(ocspResponderURL);
-
- String ocspResponderCertNickname = getProperty("ocspResponderCertNickname");
- tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
-
- String strOcspCacheSize = getProperty("ocspCacheSize");
- if (strOcspCacheSize != null) {
- int ocspCacheSize = Integer.parseInt(strOcspCacheSize);
- tomcatjss.setOcspCacheSize(ocspCacheSize);
- }
-
- String strOcspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
- if (strOcspMinCacheEntryDuration != null) {
- int ocspMinCacheEntryDuration = Integer.parseInt(strOcspMinCacheEntryDuration);
- tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
- }
-
- String strOcspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
- if (strOcspMaxCacheEntryDuration != null) {
- int ocspMaxCacheEntryDuration = Integer.parseInt(strOcspMaxCacheEntryDuration);
- tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
- }
-
- String strOcspTimeout = getProperty("ocspTimeout");
- if (strOcspTimeout != null) {
- int ocspTimeout = Integer.parseInt(strOcspTimeout);
- tomcatjss.setOcspTimeout(ocspTimeout);
- }
-
- String strictCiphers = getProperty("strictCiphers");
- tomcatjss.setStrictCiphers(strictCiphers);
-
- String sslVersionRangeStream = getProperty("sslVersionRangeStream");
- tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
-
- String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
- tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);
-
- String sslRangeCiphers = getProperty("sslRangeCiphers");
- tomcatjss.setSslRangeCiphers(sslRangeCiphers);
-
- String sslOptions = getProperty("sslOptions");
- tomcatjss.setSslOptions(sslOptions);
-
- String ssl2Ciphers = getProperty("ssl2Ciphers");
- tomcatjss.setSsl2Ciphers(ssl2Ciphers);
-
- String ssl3Ciphers = getProperty("ssl3Ciphers");
- tomcatjss.setSsl3Ciphers(ssl3Ciphers);
-
- String tlsCiphers = getProperty("tlsCiphers");
- tomcatjss.setTlsCiphers(tlsCiphers);
-
- tomcatjss.init();
-
- } catch (Exception ex) {
- logger.error("JSSSocketFactory: " + ex);
- // The idea is, if admin take the trouble to configure the
- // ocsp cache, and made a mistake, we want to make server
- // unavailable until they get it right
- if ((ex instanceof java.security.GeneralSecurityException)
- || (ex instanceof java.lang.NumberFormatException))
- throw new IOException(ex);
- }
- }
-
- public Socket acceptSocket(ServerSocket socket) throws IOException {
- SSLSocket asock = null;
- try {
- asock = (SSLSocket) socket.accept();
- asock.addSocketListener(tomcatjss);
-
- if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
- asock.requestClientAuth(true);
- if (tomcatjss.getRequireClientAuth()) {
- asock.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
- } else {
- asock.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
- }
- }
- } catch (Exception e) {
- throw new SocketException("SSL handshake error " + e.toString());
- }
-
- return asock;
- }
-
- public void handshake(Socket sock) throws IOException {
- // ((SSLSocket)sock).forceHandshake();
- }
-
- public ServerSocket createSocket(int port) throws IOException {
- return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
- }
-
- public ServerSocket createSocket(int port, int backlog) throws IOException {
- return createSocket(port, backlog, null);
- }
-
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress) throws IOException {
- return createSocket(port, backlog, ifAddress, true);
- }
-
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress, boolean reuseAddr) throws IOException {
-
- SSLServerSocket socket = null;
- socket = new SSLServerSocket(port, backlog, ifAddress, null, reuseAddr);
- initializeSocket(socket);
- return socket;
- }
-
- private void initializeSocket(SSLServerSocket s) {
- try {
- /*
- * Timeout's should not be enabled by default. Upper layers will
- * call setSoTimeout() as needed. Zero means disable.
- */
- s.setSoTimeout(0);
- if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
- s.requestClientAuth(true);
- if (tomcatjss.getRequireClientAuth()) {
- s.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
- } else {
- s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
- }
- }
- String serverCertNick = tomcatjss.getServerCertNick();
- s.setServerCertNickname(serverCertNick);
- } catch (Exception e) {
- }
- }
-
- // Methods required to "implement" Tomcat 7 Interface
- public SSLContext createSSLContext() throws Exception {
- return null;
- }
-
- public KeyManager[] getKeyManagers() throws Exception {
- return null;
- }
-
- public TrustManager[] getTrustManagers() throws Exception {
- return null;
- }
-
- public void configureSessionContext(
- javax.net.ssl.SSLSessionContext sslSessionContext) {
- return;
- }
-
- public String[] getEnableableCiphers(SSLContext context) {
- return null;
- }
-
- public String[] getEnableableProtocols(SSLContext context) {
- return null;
- }
-}
=====================================
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSupport.java deleted
=====================================
@@ -1,105 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import org.apache.tomcat.util.net.SSLSupport;
-import org.mozilla.jss.ssl.SSLSecurityStatus;
-import org.mozilla.jss.ssl.SSLSocket;
-
-class JSSSupport implements SSLSupport {
-
- private SSLSocket ssl = null;
- private SSLSecurityStatus status = null;
-
- JSSSupport(SSLSocket sock) {
- ssl = sock;
- try {
- status = ssl.getStatus();
- } catch (IOException e) {
- }
- }
-
- public X509Certificate[] getPeerCertificateChain(boolean force)
- throws IOException {
- // retrieve the status when we need it. status cache
- // the client certificate which may not be available
- // at the creation of JSSSupport
- status = ssl.getStatus();
- if (status != null) {
- org.mozilla.jss.crypto.X509Certificate peerCert = status
- .getPeerCertificate();
-
- if (peerCert == null) {
- ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
- try {
- ssl.redoHandshake();
- ssl.forceHandshake();
- } catch (Exception e) {
- }
- status = ssl.getStatus();
- peerCert = status.getPeerCertificate();
- }
-
- if (peerCert != null) {
- X509Certificate[] certs = new X509Certificate[1];
- try {
- byte[] b = peerCert.getEncoded();
- CertificateFactory cf = CertificateFactory
- .getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(b);
- certs[0] = (X509Certificate) cf.generateCertificate(stream);
- } catch (Exception e) {
- }
- return certs;
- }
- }
-
- return null;
- }
-
- public Object[] getPeerCertificateChain() throws IOException {
- return getPeerCertificateChain(false);
- }
-
- public String getCipherSuite() throws IOException {
- if (status != null)
- return status.getCipher();
- return null;
- }
-
- public Integer getKeySize() throws IOException {
- if (status != null)
- return (new Integer(status.getSessionKeySize()));
- return null;
- }
-
- public String getProtocol() throws IOException {
- return null;
- }
-
- public String getSessionId() throws IOException {
- return null;
- }
-}
=====================================
tomcat-7.0/src/org/dogtagpki/tomcat/Http11Protocol.java deleted
=====================================
@@ -1,190 +0,0 @@
-package org.dogtagpki.tomcat;
-
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.logging.Logger;
-
-import org.apache.tomcat.util.net.jss.TomcatJSS;
-
-public class Http11Protocol extends org.apache.coyote.http11.Http11Protocol {
-
- final static Logger logger = Logger.getLogger(Http11Protocol.class.getName());
-
- TomcatJSS tomcatjss = TomcatJSS.getInstance();
-
- public String getCertdbDir() {
- return tomcatjss.getCertdbDir();
- }
-
- public void setCertdbDir(String certdbDir) {
- tomcatjss.setCertdbDir(certdbDir);
- }
-
- public String getPasswordClass() {
- return tomcatjss.getPasswordClass();
- }
-
- public void setPasswordClass(String passwordClass) {
- tomcatjss.setPasswordClass(passwordClass);
- }
-
- public String getPasswordFile() {
- return tomcatjss.getPasswordFile();
- }
-
- public void setPasswordFile(String passwordFile) {
- tomcatjss.setPasswordFile(passwordFile);
- }
-
- public String getServerCertNickFile() {
- return tomcatjss.getServerCertNickFile();
- }
-
- public void setServerCertNickFile(String serverCertNickFile) {
- tomcatjss.setServerCertNickFile(serverCertNickFile);
- }
-
- public boolean getEnabledOCSP() {
- return tomcatjss.getEnableOCSP();
- }
-
- public void setEnableOCSP(boolean enableOCSP) {
- tomcatjss.setEnableOCSP(enableOCSP);
- }
-
- public String getOcspResponderURL() {
- return tomcatjss.getOcspResponderURL();
- }
-
- public void setOcspResponderURL(String ocspResponderURL) {
- tomcatjss.setOcspResponderURL(ocspResponderURL);
- }
-
- public String getOcspResponderCertNickname() {
- return tomcatjss.getOcspResponderCertNickname();
- }
-
- public void setOcspResponderCertNickname(String ocspResponderCertNickname) {
- tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
- }
-
- public int getOcspCacheSize() {
- return tomcatjss.getOcspCacheSize();
- }
-
- public void setOcspCacheSize(int ocspCacheSize) {
- tomcatjss.setOcspCacheSize(ocspCacheSize);
- }
-
- public int getOcspMinCacheEntryDuration() {
- return tomcatjss.getOcspMinCacheEntryDuration();
- }
-
- public void setOcspMinCacheEntryDuration(int ocspMinCacheEntryDuration) {
- tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
- }
-
- public int getOcspMaxCacheEntryDuration() {
- return tomcatjss.getOcspMaxCacheEntryDuration();
- }
-
- public void setOcspMaxCacheEntryDuration(int ocspMaxCacheEntryDuration) {
- tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
- }
-
- public int getOcspTimeout() {
- return tomcatjss.getOcspTimeout();
- }
-
- public void setOcspTimeout(int ocspTimeout) {
- tomcatjss.setOcspTimeout(ocspTimeout);
- }
-
- public String getStrictCiphers() {
- return tomcatjss.getStrictCiphers();
- }
-
- public void setStrictCiphers(String strictCiphers) {
- tomcatjss.setStrictCiphers(strictCiphers);
- }
-
- public String getSslVersionRangeStream() {
- return tomcatjss.getSslVersionRangeStream();
- }
-
- public void setSslVersionRangeStream(String sslVersionRangeStream) {
- tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
- }
-
- public String getSslVersionRangeDatagram() {
- return tomcatjss.getSslVersionRangeDatagram();
- }
-
- public void setSslVersionRangeDatagram(String sslVersionRangeDatagram) {
- tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);;
- }
-
- public String getSslRangeCiphers() {
- return tomcatjss.getSslRangeCiphers();
- }
-
- public void setSslRangeCiphers(String sslRangeCiphers) {
- tomcatjss.setSslRangeCiphers(sslRangeCiphers);
- }
-
- public String getSslOptions() {
- return tomcatjss.getSslOptions();
- }
-
- public void setSslOptions(String sslOptions) {
- tomcatjss.setSslOptions(sslOptions);
- }
-
- public String getSsl2Ciphers() {
- return tomcatjss.getSsl2Ciphers();
- }
-
- public void setSsl2Ciphers(String ssl2Ciphers) {
- tomcatjss.setSsl2Ciphers(ssl2Ciphers);
- }
-
- public String getSsl3Ciphers() {
- return tomcatjss.getSsl3Ciphers();
- }
-
- public void setSsl3Ciphers(String ssl3Ciphers) {
- tomcatjss.setSsl3Ciphers(ssl3Ciphers);
- }
-
- public String getTlsCiphers() {
- return tomcatjss.getTlsCiphers();
- }
-
- public void setTlsCiphers(String tlsCiphers) {
- tomcatjss.setTlsCiphers(tlsCiphers);
- }
-
- public void setKeystorePassFile(String keystorePassFile) {
- try {
- Path path = Paths.get(keystorePassFile);
- String password = new String(Files.readAllBytes(path)).trim();
- setKeystorePass(password);
-
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- public void setTruststorePassFile(String truststorePassFile) {
- try {
- Path path = Paths.get(truststorePassFile);
- String password = new String(Files.readAllBytes(path)).trim();
- setTruststorePass(password);
-
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-}
=====================================
tomcat-8.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java deleted
=====================================
@@ -1,33 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-
-interface IJSSFactory {
- public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config);
-
- public SSLSupport getSSLSupport(Socket socket);
-}
=====================================
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java deleted
=====================================
@@ -1,41 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-import org.mozilla.jss.ssl.SSLSocket;
-
-class JSSFactory implements IJSSFactory {
- JSSFactory() {
- }
-
- public ServerSocketFactory getSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
- return new JSSSocketFactory(endpoint, config);
- }
-
- public SSLSupport getSSLSupport(Socket socket) {
- return new JSSSupport((SSLSocket) socket);
- }
-}
=====================================
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java deleted
=====================================
@@ -1,113 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.net.Socket;
-import java.util.Properties;
-
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.SSLUtil;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class JSSImplementation extends SSLImplementation {
-
- public static Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
-
- static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
- static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
-
- private JSSFactory factory = null;
-
- public JSSImplementation() throws ClassNotFoundException {
- Class.forName(SSLSocketClass);
-
- try {
- Class<?> factcl = Class.forName(JSSFactory);
- factory = (JSSFactory) factcl.newInstance();
- } catch (Exception e) {
- logger.error("Error getting factory: " + JSSFactory, e);
- }
- }
-
- public String getImplementationName() {
- return "JSS";
- }
-
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
-
- Properties config = new Properties();
-
- try {
- String configFile = System.getProperty("catalina.base") + "/conf/tomcatjss.conf";
- config.load(new FileReader(configFile));
- } catch (FileNotFoundException e) {
- // ignore
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
-
- return factory.getSocketFactory(endpoint, config);
- }
-
- public SSLSupport getSSLSupport(Socket s) {
- SSLSupport ssls = null;
- ssls = factory.getSSLSupport(s);
- return ssls;
- }
-
- public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
- /*
- * The Tomcat 6.0.26 docs says: This method has been deprecated since it
- * adds a JSSE dependency to this interface. It will be removed in
- * versions after 6.0.x.
- *
- * But we have to provide a implementation of this method because it's
- * declared as abstract.
- *
- * Unfortunately there does not appear to be any way to get SSLSupport
- * information from a session with JSS. JSS looks up the information
- * based on a socket, not a session. This done in SSLSocket.c
- * Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
- *
- * So while it would be nice to provide a working implmentation there
- * doesn't seem to be an easy way to do this. Given that this method is
- * already deprecated and there hasn't been any evidence of it being
- * called it therefore seems reasonable to just return null to satify
- * the compiler's demand for an implementation.
- *
- * Once this abstract method is removed from SSLImplementation in a
- * future release we can remove this stub.
- *
- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
- */
- return null;
- }
-
- public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint) {
- return null;
- }
-}
=====================================
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java deleted
=====================================
@@ -1,272 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
-import java.util.Properties;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-
-// Imports required to "implement" Tomcat 7 Interface
-import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.mozilla.jss.ssl.SSLServerSocket;
-import org.mozilla.jss.ssl.SSLSocket;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class JSSSocketFactory implements
- org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
-
- public static Logger logger = LoggerFactory.getLogger(JSSSocketFactory.class);
-
- TomcatJSS tomcatjss = TomcatJSS.getInstance();
-
- private AbstractEndpoint<?> endpoint;
- private Properties config;
-
- public JSSSocketFactory(AbstractEndpoint<?> endpoint) {
- this(endpoint, null);
- }
-
- public JSSSocketFactory(AbstractEndpoint<?> endpoint, Properties config) {
- this.endpoint = endpoint;
- this.config = config;
-
- try {
- init();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- String getProperty(String tag) {
-
- // check <catalina.base>/conf/server.xml
- String value = (String)endpoint.getAttribute(tag);
-
- // if not available, check <catalina.base>/conf/tomcatjss.conf
- if (value == null) {
- value = config.getProperty(tag);
- }
-
- return value;
- }
-
- String getProperty(String tag, String defaultValue) {
- String value = getProperty(tag);
- if (value == null) {
- return defaultValue;
- }
- return value;
- }
-
- void init() throws IOException {
- try {
- String certdbDir = getProperty("certdbDir");
- tomcatjss.setCertdbDir(certdbDir);
-
- String passwordClass = getProperty("passwordClass");
- tomcatjss.setPasswordClass(passwordClass);
-
- String passwordFile = getProperty("passwordFile");
- tomcatjss.setPasswordFile(passwordFile);
-
- String serverCertNickFile = getProperty("serverCertNickFile");
- tomcatjss.setServerCertNickFile(serverCertNickFile);
-
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
- String clientAuth = getProperty("clientauth");
- if (clientAuth != null) {
- tomcatjss.setClientAuth(clientAuth);
- }
-
- String strEnableOCSP = getProperty("enableOCSP");
- boolean enableOCSP = Boolean.parseBoolean(strEnableOCSP);
- tomcatjss.setEnableOCSP(enableOCSP);
-
- String ocspResponderURL = getProperty("ocspResponderURL");
- tomcatjss.setOcspResponderURL(ocspResponderURL);
-
- String ocspResponderCertNickname = getProperty("ocspResponderCertNickname");
- tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
-
- String strOcspCacheSize = getProperty("ocspCacheSize");
- if (strOcspCacheSize != null) {
- int ocspCacheSize = Integer.parseInt(strOcspCacheSize);
- tomcatjss.setOcspCacheSize(ocspCacheSize);
- }
-
- String strOcspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
- if (strOcspMinCacheEntryDuration != null) {
- int ocspMinCacheEntryDuration = Integer.parseInt(strOcspMinCacheEntryDuration);
- tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
- }
-
- String strOcspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
- if (strOcspMaxCacheEntryDuration != null) {
- int ocspMaxCacheEntryDuration = Integer.parseInt(strOcspMaxCacheEntryDuration);
- tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
- }
-
- String strOcspTimeout = getProperty("ocspTimeout");
- if (strOcspTimeout != null) {
- int ocspTimeout = Integer.parseInt(strOcspTimeout);
- tomcatjss.setOcspTimeout(ocspTimeout);
- }
-
- String strictCiphers = getProperty("strictCiphers");
- tomcatjss.setStrictCiphers(strictCiphers);
-
- String sslVersionRangeStream = getProperty("sslVersionRangeStream");
- tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
-
- String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
- tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);
-
- String sslRangeCiphers = getProperty("sslRangeCiphers");
- tomcatjss.setSslRangeCiphers(sslRangeCiphers);
-
- String sslOptions = getProperty("sslOptions");
- tomcatjss.setSslOptions(sslOptions);
-
- String ssl2Ciphers = getProperty("ssl2Ciphers");
- tomcatjss.setSsl2Ciphers(ssl2Ciphers);
-
- String ssl3Ciphers = getProperty("ssl3Ciphers");
- tomcatjss.setSsl3Ciphers(ssl3Ciphers);
-
- String tlsCiphers = getProperty("tlsCiphers");
- tomcatjss.setTlsCiphers(tlsCiphers);
-
- tomcatjss.init();
-
- } catch (Exception ex) {
- logger.error("JSSSocketFactory: " + ex);
- // The idea is, if admin take the trouble to configure the
- // ocsp cache, and made a mistake, we want to make server
- // unavailable until they get it right
- if ((ex instanceof java.security.GeneralSecurityException)
- || (ex instanceof java.lang.NumberFormatException))
- throw new IOException(ex);
- }
- }
-
- public Socket acceptSocket(ServerSocket socket) throws IOException {
- SSLSocket asock = null;
- try {
- asock = (SSLSocket) socket.accept();
- asock.addSocketListener(tomcatjss);
-
- if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
- asock.requestClientAuth(true);
- if (tomcatjss.getRequireClientAuth()) {
- asock.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
- } else {
- asock.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
- }
- }
- } catch (Exception e) {
- throw new SocketException("SSL handshake error " + e.toString());
- }
-
- return asock;
- }
-
- public void handshake(Socket sock) throws IOException {
- // ((SSLSocket)sock).forceHandshake();
- }
-
- public ServerSocket createSocket(int port) throws IOException {
- return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
- }
-
- public ServerSocket createSocket(int port, int backlog) throws IOException {
- return createSocket(port, backlog, null);
- }
-
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress) throws IOException {
- return createSocket(port, backlog, ifAddress, true);
- }
-
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress, boolean reuseAddr) throws IOException {
-
- SSLServerSocket socket = null;
- socket = new SSLServerSocket(port, backlog, ifAddress, null, reuseAddr);
- initializeSocket(socket);
- return socket;
- }
-
- private void initializeSocket(SSLServerSocket s) {
- try {
- /*
- * Timeout's should not be enabled by default. Upper layers will
- * call setSoTimeout() as needed. Zero means disable.
- */
- s.setSoTimeout(0);
- if (tomcatjss.getRequireClientAuth() || tomcatjss.getWantClientAuth()) {
- s.requestClientAuth(true);
- if (tomcatjss.getRequireClientAuth()) {
- s.requireClientAuth(SSLSocket.SSL_REQUIRE_ALWAYS);
- } else {
- s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
- }
- }
- String serverCertNick = tomcatjss.getServerCertNick();
- s.setServerCertNickname(serverCertNick);
- } catch (Exception e) {
- }
- }
-
- // Methods required to "implement" Tomcat 7 Interface
- public SSLContext createSSLContext() throws Exception {
- return null;
- }
-
- public KeyManager[] getKeyManagers() throws Exception {
- return null;
- }
-
- public TrustManager[] getTrustManagers() throws Exception {
- return null;
- }
-
- public void configureSessionContext(
- javax.net.ssl.SSLSessionContext sslSessionContext) {
- return;
- }
-
- public String[] getEnableableCiphers(SSLContext context) {
- return null;
- }
-
- public String[] getEnableableProtocols(SSLContext context) {
- return null;
- }
-}
=====================================
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSSupport.java deleted
=====================================
@@ -1,105 +0,0 @@
-/* BEGIN COPYRIGHT BLOCK
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-
-package org.apache.tomcat.util.net.jss;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import org.apache.tomcat.util.net.SSLSupport;
-import org.mozilla.jss.ssl.SSLSecurityStatus;
-import org.mozilla.jss.ssl.SSLSocket;
-
-class JSSSupport implements SSLSupport {
-
- private SSLSocket ssl = null;
- private SSLSecurityStatus status = null;
-
- JSSSupport(SSLSocket sock) {
- ssl = sock;
- try {
- status = ssl.getStatus();
- } catch (IOException e) {
- }
- }
-
- public X509Certificate[] getPeerCertificateChain(boolean force)
- throws IOException {
- // retrieve the status when we need it. status cache
- // the client certificate which may not be available
- // at the creation of JSSSupport
- status = ssl.getStatus();
- if (status != null) {
- org.mozilla.jss.crypto.X509Certificate peerCert = status
- .getPeerCertificate();
-
- if (peerCert == null) {
- ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
- try {
- ssl.redoHandshake();
- ssl.forceHandshake();
- } catch (Exception e) {
- }
- status = ssl.getStatus();
- peerCert = status.getPeerCertificate();
- }
-
- if (peerCert != null) {
- X509Certificate[] certs = new X509Certificate[1];
- try {
- byte[] b = peerCert.getEncoded();
- CertificateFactory cf = CertificateFactory
- .getInstance("X.509");
- ByteArrayInputStream stream = new ByteArrayInputStream(b);
- certs[0] = (X509Certificate) cf.generateCertificate(stream);
- } catch (Exception e) {
- }
- return certs;
- }
- }
-
- return null;
- }
-
- public Object[] getPeerCertificateChain() throws IOException {
- return getPeerCertificateChain(false);
- }
-
- public String getCipherSuite() throws IOException {
- if (status != null)
- return status.getCipher();
- return null;
- }
-
- public Integer getKeySize() throws IOException {
- if (status != null)
- return (new Integer(status.getSessionKeySize()));
- return null;
- }
-
- public String getProtocol() throws IOException {
- return null;
- }
-
- public String getSessionId() throws IOException {
- return null;
- }
-}
=====================================
tomcat-8.0/src/org/dogtagpki/tomcat/Http11Protocol.java deleted
=====================================
@@ -1,191 +0,0 @@
-package org.dogtagpki.tomcat;
-
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-
-import org.apache.tomcat.util.net.jss.TomcatJSS;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class Http11Protocol extends org.apache.coyote.http11.Http11Protocol {
-
- public static Logger logger = LoggerFactory.getLogger(Http11Protocol.class);
-
- TomcatJSS tomcatjss = TomcatJSS.getInstance();
-
- public String getCertdbDir() {
- return tomcatjss.getCertdbDir();
- }
-
- public void setCertdbDir(String certdbDir) {
- tomcatjss.setCertdbDir(certdbDir);
- }
-
- public String getPasswordClass() {
- return tomcatjss.getPasswordClass();
- }
-
- public void setPasswordClass(String passwordClass) {
- tomcatjss.setPasswordClass(passwordClass);
- }
-
- public String getPasswordFile() {
- return tomcatjss.getPasswordFile();
- }
-
- public void setPasswordFile(String passwordFile) {
- tomcatjss.setPasswordFile(passwordFile);
- }
-
- public String getServerCertNickFile() {
- return tomcatjss.getServerCertNickFile();
- }
-
- public void setServerCertNickFile(String serverCertNickFile) {
- tomcatjss.setServerCertNickFile(serverCertNickFile);
- }
-
- public boolean getEnabledOCSP() {
- return tomcatjss.getEnableOCSP();
- }
-
- public void setEnableOCSP(boolean enableOCSP) {
- tomcatjss.setEnableOCSP(enableOCSP);
- }
-
- public String getOcspResponderURL() {
- return tomcatjss.getOcspResponderURL();
- }
-
- public void setOcspResponderURL(String ocspResponderURL) {
- tomcatjss.setOcspResponderURL(ocspResponderURL);
- }
-
- public String getOcspResponderCertNickname() {
- return tomcatjss.getOcspResponderCertNickname();
- }
-
- public void setOcspResponderCertNickname(String ocspResponderCertNickname) {
- tomcatjss.setOcspResponderCertNickname(ocspResponderCertNickname);
- }
-
- public int getOcspCacheSize() {
- return tomcatjss.getOcspCacheSize();
- }
-
- public void setOcspCacheSize(int ocspCacheSize) {
- tomcatjss.setOcspCacheSize(ocspCacheSize);
- }
-
- public int getOcspMinCacheEntryDuration() {
- return tomcatjss.getOcspMinCacheEntryDuration();
- }
-
- public void setOcspMinCacheEntryDuration(int ocspMinCacheEntryDuration) {
- tomcatjss.setOcspMinCacheEntryDuration(ocspMinCacheEntryDuration);
- }
-
- public int getOcspMaxCacheEntryDuration() {
- return tomcatjss.getOcspMaxCacheEntryDuration();
- }
-
- public void setOcspMaxCacheEntryDuration(int ocspMaxCacheEntryDuration) {
- tomcatjss.setOcspMaxCacheEntryDuration(ocspMaxCacheEntryDuration);
- }
-
- public int getOcspTimeout() {
- return tomcatjss.getOcspTimeout();
- }
-
- public void setOcspTimeout(int ocspTimeout) {
- tomcatjss.setOcspTimeout(ocspTimeout);
- }
-
- public String getStrictCiphers() {
- return tomcatjss.getStrictCiphers();
- }
-
- public void setStrictCiphers(String strictCiphers) {
- tomcatjss.setStrictCiphers(strictCiphers);
- }
-
- public String getSslVersionRangeStream() {
- return tomcatjss.getSslVersionRangeStream();
- }
-
- public void setSslVersionRangeStream(String sslVersionRangeStream) {
- tomcatjss.setSslVersionRangeStream(sslVersionRangeStream);
- }
-
- public String getSslVersionRangeDatagram() {
- return tomcatjss.getSslVersionRangeDatagram();
- }
-
- public void setSslVersionRangeDatagram(String sslVersionRangeDatagram) {
- tomcatjss.setSslVersionRangeDatagram(sslVersionRangeDatagram);;
- }
-
- public String getSslRangeCiphers() {
- return tomcatjss.getSslRangeCiphers();
- }
-
- public void setSslRangeCiphers(String sslRangeCiphers) {
- tomcatjss.setSslRangeCiphers(sslRangeCiphers);
- }
-
- public String getSslOptions() {
- return tomcatjss.getSslOptions();
- }
-
- public void setSslOptions(String sslOptions) {
- tomcatjss.setSslOptions(sslOptions);
- }
-
- public String getSsl2Ciphers() {
- return tomcatjss.getSsl2Ciphers();
- }
-
- public void setSsl2Ciphers(String ssl2Ciphers) {
- tomcatjss.setSsl2Ciphers(ssl2Ciphers);
- }
-
- public String getSsl3Ciphers() {
- return tomcatjss.getSsl3Ciphers();
- }
-
- public void setSsl3Ciphers(String ssl3Ciphers) {
- tomcatjss.setSsl3Ciphers(ssl3Ciphers);
- }
-
- public String getTlsCiphers() {
- return tomcatjss.getTlsCiphers();
- }
-
- public void setTlsCiphers(String tlsCiphers) {
- tomcatjss.setTlsCiphers(tlsCiphers);
- }
-
- public void setKeystorePassFile(String keystorePassFile) {
- try {
- Path path = Paths.get(keystorePassFile);
- String password = new String(Files.readAllBytes(path)).trim();
- setKeystorePass(password);
-
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- public void setTruststorePassFile(String truststorePassFile) {
- try {
- Path path = Paths.get(truststorePassFile);
- String password = new String(Files.readAllBytes(path)).trim();
- setTruststorePass(password);
-
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-}
=====================================
tomcatjss.spec
=====================================
@@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
License: LGPLv2+
BuildArch: noarch
-Version: 7.5.0
+Version: 7.6.0
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
#global _phase -a1
@@ -41,7 +41,7 @@ BuildRequires: git
# Java
BuildRequires: ant
-BuildRequires: apache-commons-lang
+BuildRequires: apache-commons-lang3
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
@@ -84,7 +84,7 @@ BuildRequires: tomcat >= 1:9.0.7
################################################################################
# Java
-Requires: apache-commons-lang
+Requires: apache-commons-lang3
%if 0%{?fedora} >= 21
Requires: java-headless
%else
@@ -141,10 +141,6 @@ is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
uses Java Security Services (JSS), a Java interface to Network Security
Services (NSS).
-NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
- because it uses an underlying NSS security model rather than the
- OpenSSL security model, so these two packages may not co-exist.
-
################################################################################
%prep
################################################################################
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/34a0993bb456f4450f1964941830fa1a85b4a107...d7f75a2e71673f63c321e803cd68df9faac344f2
--
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/34a0993bb456f4450f1964941830fa1a85b4a107...d7f75a2e71673f63c321e803cd68df9faac344f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201031/fc90da0e/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list