-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
To simplify package maintenance, the code from Tomcat JSS master branch has been imported into tomcat and tomcat-9.0 modules which will be distributed as jss-tomcat RPM package. Later PKI will need to be updated to depend on jss-tomcat instead of tomcatjss, then tomcatjss can be deprecated.
- Loading branch information
Showing
14 changed files
with
1,481 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
= Packaging Changes = | ||
|
||
== New jss-tomcat RPM package == | ||
|
||
A new `jss-tomcat` RPM package has been added to provide a JSS Connector for Tomcat. | ||
This package will replace Tomcat JSS with the following changes: | ||
|
||
* All classes are moved into `org.dogtagpki.jss.tomcat` package. | ||
* Generic Tomcat classes are packaged into `jss-tomcat.jar`. | ||
* Tomcat 9.0 classes are packaged into `jss-tomcat-9.0.jar`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
|
||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<parent> | ||
<groupId>org.dogtagpki.jss</groupId> | ||
<artifactId>jss-parent</artifactId> | ||
<version>5.5.0-SNAPSHOT</version> | ||
</parent> | ||
|
||
<artifactId>jss-tomcat-9.0</artifactId> | ||
<packaging>jar</packaging> | ||
|
||
<dependencies> | ||
|
||
<dependency> | ||
<groupId>org.apache.tomcat</groupId> | ||
<artifactId>tomcat-juli</artifactId> | ||
<version>9.0.50</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>${project.groupId}</groupId> | ||
<artifactId>jss-base</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>${project.groupId}</groupId> | ||
<artifactId>jss-tomcat</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
|
||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.8.1</version> | ||
<configuration> | ||
<release>17</release> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
<finalName>jss-tomcat-9.0</finalName> | ||
</build> | ||
|
||
</project> |
123 changes: 123 additions & 0 deletions
123
tomcat-9.0/src/main/java/org/dogtagpki/jss/tomcat/JSSContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
package org.dogtagpki.jss.tomcat; | ||
|
||
import java.security.KeyManagementException; | ||
import java.security.SecureRandom; | ||
|
||
import javax.net.ssl.KeyManager; | ||
import javax.net.ssl.KeyManagerFactory; | ||
import javax.net.ssl.TrustManager; | ||
import javax.net.ssl.TrustManagerFactory; | ||
|
||
import org.mozilla.jss.JSSProvider; | ||
import org.mozilla.jss.provider.javax.crypto.JSSKeyManager; | ||
import org.mozilla.jss.provider.javax.crypto.JSSTrustManager; | ||
import org.mozilla.jss.ssl.javax.JSSEngine; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
public class JSSContext implements org.apache.tomcat.util.net.SSLContext { | ||
public static Logger logger = LoggerFactory.getLogger(JSSContext.class); | ||
|
||
private javax.net.ssl.SSLContext ctx; | ||
private String alias; | ||
|
||
private JSSKeyManager jkm; | ||
private JSSTrustManager jtm; | ||
|
||
public JSSContext(String alias) { | ||
logger.debug("JSSContext(" + alias + ")"); | ||
this.alias = alias; | ||
|
||
/* These KeyManagers and TrustManagers aren't used with the SSLEngine; | ||
* they're only used to implement certain function calls below. */ | ||
try { | ||
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); | ||
jkm = (JSSKeyManager) kmf.getKeyManagers()[0]; | ||
|
||
TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS"); | ||
jtm = (JSSTrustManager) tmf.getTrustManagers()[0]; | ||
} catch (Exception e) { | ||
throw new RuntimeException(e.getMessage(), e); | ||
} | ||
} | ||
|
||
@Override | ||
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException { | ||
logger.debug("JSSContext.init(...)"); | ||
|
||
try { | ||
String provider = "SunJSSE"; | ||
if (JSSProvider.ENABLE_JSSENGINE) { | ||
provider = "Mozilla-JSS"; | ||
} | ||
|
||
ctx = javax.net.ssl.SSLContext.getInstance("TLS", provider); | ||
ctx.init(kms, tms, sr); | ||
} catch (Exception e) { | ||
throw new KeyManagementException(e.getMessage(), e); | ||
} | ||
} | ||
|
||
@Override | ||
public javax.net.ssl.SSLEngine createSSLEngine() { | ||
logger.debug("JSSContext.createSSLEngine()"); | ||
javax.net.ssl.SSLEngine eng = ctx.createSSLEngine(); | ||
|
||
TomcatJSS instance = TomcatJSS.getInstance(); | ||
|
||
if (eng instanceof JSSEngine) { | ||
JSSEngine j_eng = (JSSEngine) eng; | ||
j_eng.setCertFromAlias(alias); | ||
if(instance != null) { | ||
j_eng.setListeners(instance.getSocketListeners()); | ||
} | ||
} | ||
|
||
return eng; | ||
} | ||
|
||
@Override | ||
public javax.net.ssl.SSLSessionContext getServerSessionContext() { | ||
logger.debug("JSSContext.getServerSessionContext()"); | ||
return ctx.getServerSessionContext(); | ||
} | ||
|
||
@Override | ||
public javax.net.ssl.SSLServerSocketFactory getServerSocketFactory() { | ||
logger.debug("JSSContext.getServerSocketFactory()"); | ||
return ctx.getServerSocketFactory(); | ||
} | ||
|
||
@Override | ||
public javax.net.ssl.SSLParameters getSupportedSSLParameters() { | ||
logger.debug("JSSContext.getSupportedSSLParameters()"); | ||
return ctx.getSupportedSSLParameters(); | ||
} | ||
|
||
@Override | ||
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias) { | ||
logger.debug("JSSContext.getCertificateChain(" + alias + ")"); | ||
|
||
try { | ||
return jkm.getCertificateChain(alias); | ||
} catch (Exception e) { | ||
throw new RuntimeException(e.getMessage(), e); | ||
} | ||
} | ||
|
||
@Override | ||
public java.security.cert.X509Certificate[] getAcceptedIssuers() { | ||
logger.debug("JSSContext.getAcceptedIssuers()"); | ||
|
||
try { | ||
return jtm.getAcceptedIssuers(); | ||
} catch (Exception e) { | ||
throw new RuntimeException(e.getMessage(), e); | ||
} | ||
} | ||
|
||
@Override | ||
public void destroy() { | ||
logger.debug("JSSContext.destroy()"); | ||
} | ||
} |
66 changes: 66 additions & 0 deletions
66
tomcat-9.0/src/main/java/org/dogtagpki/jss/tomcat/JSSImplementation.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
/* BEGIN COPYRIGHT BLOCK | ||
* This library is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public | ||
* License as published by the Free Software Foundation; either | ||
* version 2.1 of the License, or (at your option) any later version. | ||
* | ||
* This library is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public | ||
* License along with this library; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
* | ||
* Copyright (C) 2007 Red Hat, Inc. | ||
* All rights reserved. | ||
* END COPYRIGHT BLOCK */ | ||
|
||
package org.dogtagpki.jss.tomcat; | ||
|
||
import javax.net.ssl.SSLSession; | ||
|
||
import org.apache.tomcat.util.net.SSLHostConfig; | ||
import org.apache.tomcat.util.net.SSLHostConfigCertificate; | ||
import org.apache.tomcat.util.net.SSLImplementation; | ||
import org.apache.tomcat.util.net.SSLSupport; | ||
import org.apache.tomcat.util.net.SSLUtil; | ||
import org.apache.tomcat.util.net.jsse.JSSESupport; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
public class JSSImplementation extends SSLImplementation { | ||
|
||
public static final Logger logger = LoggerFactory.getLogger(JSSImplementation.class); | ||
|
||
public JSSImplementation() { | ||
logger.debug("JSSImplementation: instance created"); | ||
} | ||
|
||
@Override | ||
public SSLSupport getSSLSupport(SSLSession session) { | ||
logger.debug("JSSImplementation.getSSLSupport()"); | ||
return new JSSESupport(session, null); | ||
} | ||
|
||
@Override | ||
public SSLUtil getSSLUtil(SSLHostConfigCertificate cert) { | ||
logger.debug("JSSImplementation: getSSLUtil()"); | ||
logger.debug("JSSImplementation: key alias: {}", cert.getCertificateKeyAlias()); | ||
logger.debug("JSSImplementation: keystore provider: {}", cert.getCertificateKeystoreProvider()); | ||
|
||
SSLHostConfig hostConfig = cert.getSSLHostConfig(); | ||
logger.debug("JSSImplementation: key manager alg: {}", hostConfig.getKeyManagerAlgorithm()); | ||
logger.debug("JSSImplementation: truststore alg: {}", hostConfig.getTruststoreAlgorithm()); | ||
logger.debug("JSSImplementation: truststore provider: {}", hostConfig.getTruststoreProvider()); | ||
|
||
return new JSSUtil(cert); | ||
} | ||
|
||
@Override | ||
public boolean isAlpnSupported() { | ||
// NSS supports ALPN but JSS doesn't yet support ALPN. | ||
return false; | ||
} | ||
} |
Oops, something went wrong.