Added support for tomcatjss.conf.

The JSSSocketFactory has been modified to support an optional config file located at <catalina.base>/conf/tomcatjss.conf. If the code cannot find a config param in server.xml, it will fall back to tomcatjss.conf. https://pagure.io/tomcatjss/issue/5
dogtagpki · Mar 1, 2017 · 5750566 · 5750566
1 parent ebe9fe9
commit 5750566
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 18 deletions.
diff --git a/src/org/apache/tomcat/util/net/jss/IJSSFactory.java b/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
@@ -12,21 +12,22 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- * 
+ *
  * Copyright (C) 2007 Red Hat, Inc.
  * All rights reserved.
  * END COPYRIGHT BLOCK */
 
 package org.apache.tomcat.util.net.jss;
 
 import java.net.Socket;
+import java.util.Properties;
 
 import org.apache.tomcat.util.net.AbstractEndpoint;
 import org.apache.tomcat.util.net.SSLSupport;
 import org.apache.tomcat.util.net.ServerSocketFactory;
 
 interface IJSSFactory {
-    public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
+    public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint, Properties config);
 
     public SSLSupport getSSLSupport(Socket socket);
 }
diff --git a/src/org/apache/tomcat/util/net/jss/JSSFactory.java b/src/org/apache/tomcat/util/net/jss/JSSFactory.java
@@ -12,14 +12,15 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- * 
+ *
  * Copyright (C) 2007 Red Hat, Inc.
  * All rights reserved.
  * END COPYRIGHT BLOCK */
 
 package org.apache.tomcat.util.net.jss;
 
 import java.net.Socket;
+import java.util.Properties;
 
 import org.apache.tomcat.util.net.AbstractEndpoint;
 import org.apache.tomcat.util.net.SSLSupport;
@@ -30,8 +31,8 @@ class JSSFactory implements IJSSFactory {
     JSSFactory() {
     }
 
-    public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint) {
-        return new JSSSocketFactory(endpoint);
+    public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint, Properties config) {
+        return new JSSSocketFactory(endpoint, config);
     }
 
     public SSLSupport getSSLSupport(Socket socket) {

diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
@@ -19,7 +19,11 @@
 
 package org.apache.tomcat.util.net.jss;
 
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
 import java.net.Socket;
+import java.util.Properties;
 
 import org.apache.tomcat.util.net.AbstractEndpoint;
 import org.apache.tomcat.util.net.SSLImplementation;
@@ -52,9 +56,20 @@ public String getImplementationName() {
         return "JSS";
     }
 
-    public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
-        ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
-        return ssf;
+    public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
+
+        Properties config = new Properties();
+
+        try {
+            String configFile = System.getProperty("catalina.base") + "/conf/tomcatjss.conf";
+            config.load(new FileReader(configFile));
+        } catch (FileNotFoundException e) {
+            // ignore
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+
+        return factory.getSocketFactory(endpoint, config);
     }
 
     public SSLSupport getSSLSupport(Socket s) {
@@ -68,24 +83,24 @@ public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
          * The Tomcat 6.0.26 docs says: This method has been deprecated since it
          * adds a JSSE dependency to this interface. It will be removed in
          * versions after 6.0.x.
-         * 
+         *
          * But we have to provide a implementation of this method because it's
          * declared as abstract.
-         * 
+         *
          * Unfortunately there does not appear to be any way to get SSLSupport
          * information from a session with JSS. JSS looks up the information
          * based on a socket, not a session. This done in SSLSocket.c
          * Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
-         * 
+         *
          * So while it would be nice to provide a working implmentation there
          * doesn't seem to be an easy way to do this. Given that this method is
          * already deprecated and there hasn't been any evidence of it being
          * called it therefore seems reasonable to just return null to satify
          * the compiler's demand for an implementation.
-         * 
+         *
          * Once this abstract method is removed from SSLImplementation in a
          * future release we can remove this stub.
-         * 
+         *
          * NOTE: This method has NOT yet been deprecated in Tomcat 7!
          */
         return null;

diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -34,6 +34,7 @@
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.Properties;
 import java.util.StringTokenizer;
 
 import javax.net.ssl.KeyManager;
@@ -336,6 +337,7 @@ public class JSSSocketFactory implements
     }
 
     private AbstractEndpoint endpoint;
+    private Properties config;
 
     static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
             .getLog(JSSSocketFactory.class);
@@ -361,6 +363,11 @@ public JSSSocketFactory(AbstractEndpoint endpoint) {
         this.endpoint = endpoint;
     }
 
+    public JSSSocketFactory(AbstractEndpoint endpoint, Properties config) {
+        this.endpoint = endpoint;
+        this.config = config;
+    }
+
     private void debugWrite(String m) throws IOException {
         if (debug) {
             String timeStamp = timeStampFormat.format(new Date());
@@ -556,12 +563,16 @@ else if (rangeString.equals("tls1_2"))
     }
 
     String getEndpointAttribute(String tag) {
-        try {
-            return (String) endpoint.getAttribute(tag);
-        } catch (Exception e) {
-            // old tomcat throws an exception if the parameter does not exist
+
+        // check <catalina.base>/conf/server.xml
+        String value = (String)endpoint.getAttribute(tag);
+
+        // if not available, check <catalina.base>/conf/tomcatjss.conf
+        if (value == null) {
+            value = config.getProperty(tag);
         }
-        return null;
+
+        return value;
     }
 
     String getEndpointAttribute(String tag, String defaultValue) {