|
|
4cd948 |
diff -up ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu ./src/org/apache/tomcat/util/net/jss/JSSSupport.java
|
|
|
4cd948 |
--- ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu 2015-05-05 12:12:38.897296507 -0700
|
|
|
4cd948 |
+++ ./src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-05-05 12:13:22.064157121 -0700
|
|
|
4cd948 |
@@ -19,16 +19,18 @@
|
|
|
4cd948 |
|
|
|
4cd948 |
package org.apache.tomcat.util.net.jss;
|
|
|
4cd948 |
|
|
|
4cd948 |
-import org.apache.tomcat.util.net.*;
|
|
|
4cd948 |
-import java.io.*;
|
|
|
4cd948 |
-import java.net.*;
|
|
|
4cd948 |
+import java.io.ByteArrayInputStream;
|
|
|
4cd948 |
+import java.io.IOException;
|
|
|
4cd948 |
+import java.security.cert.CertificateFactory;
|
|
|
4cd948 |
import java.security.cert.X509Certificate;
|
|
|
4cd948 |
-import org.mozilla.jss.ssl.*;
|
|
|
4cd948 |
-import java.security.cert.*;
|
|
|
4cd948 |
|
|
|
4cd948 |
-class JSSSupport implements SSLSupport{
|
|
|
4cd948 |
- private static org.apache.commons.logging.Log log =
|
|
|
4cd948 |
- org.apache.commons.logging.LogFactory.getLog(JSSSupport.class);
|
|
|
4cd948 |
+import org.apache.tomcat.util.net.SSLSupport;
|
|
|
4cd948 |
+import org.mozilla.jss.ssl.SSLSecurityStatus;
|
|
|
4cd948 |
+import org.mozilla.jss.ssl.SSLSocket;
|
|
|
4cd948 |
+
|
|
|
4cd948 |
+class JSSSupport implements SSLSupport {
|
|
|
4cd948 |
+ private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
|
|
|
4cd948 |
+ .getLog(JSSSupport.class);
|
|
|
4cd948 |
|
|
|
4cd948 |
private SSLSocket ssl = null;
|
|
|
4cd948 |
private SSLSecurityStatus status = null;
|
|
|
4cd948 |
@@ -41,15 +43,16 @@ class JSSSupport implements SSLSupport{
|
|
|
4cd948 |
}
|
|
|
4cd948 |
}
|
|
|
4cd948 |
|
|
|
4cd948 |
- public X509Certificate[] getPeerCertificateChain(boolean force) throws
|
|
|
4cd948 |
- IOException {
|
|
|
4cd948 |
+ public X509Certificate[] getPeerCertificateChain(boolean force)
|
|
|
4cd948 |
+ throws IOException {
|
|
|
4cd948 |
// retrieve the status when we need it. status cache
|
|
|
4cd948 |
// the client certificate which may not be available
|
|
|
4cd948 |
// at the creation of JSSSupport
|
|
|
4cd948 |
status = ssl.getStatus();
|
|
|
4cd948 |
if (status != null) {
|
|
|
4cd948 |
- org.mozilla.jss.crypto.X509Certificate peerCert = status.getPeerCertificate();
|
|
|
4cd948 |
-
|
|
|
4cd948 |
+ org.mozilla.jss.crypto.X509Certificate peerCert = status
|
|
|
4cd948 |
+ .getPeerCertificate();
|
|
|
4cd948 |
+
|
|
|
4cd948 |
if (peerCert == null) {
|
|
|
4cd948 |
ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
|
|
|
4cd948 |
try {
|
|
|
4cd948 |
@@ -65,10 +68,10 @@ class JSSSupport implements SSLSupport{
|
|
|
4cd948 |
X509Certificate[] certs = new X509Certificate[1];
|
|
|
4cd948 |
try {
|
|
|
4cd948 |
byte[] b = peerCert.getEncoded();
|
|
|
4cd948 |
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
|
4cd948 |
- ByteArrayInputStream stream =
|
|
|
4cd948 |
- new ByteArrayInputStream(b);
|
|
|
4cd948 |
- certs[0] = (X509Certificate)cf.generateCertificate(stream);
|
|
|
4cd948 |
+ CertificateFactory cf = CertificateFactory
|
|
|
4cd948 |
+ .getInstance("X.509");
|
|
|
4cd948 |
+ ByteArrayInputStream stream = new ByteArrayInputStream(b);
|
|
|
4cd948 |
+ certs[0] = (X509Certificate) cf.generateCertificate(stream);
|
|
|
4cd948 |
} catch (Exception e) {
|
|
|
4cd948 |
}
|
|
|
4cd948 |
return certs;
|
|
|
4cd948 |
@@ -98,5 +101,3 @@ class JSSSupport implements SSLSupport{
|
|
|
4cd948 |
return null;
|
|
|
4cd948 |
}
|
|
|
4cd948 |
}
|
|
|
4cd948 |
-
|
|
|
4cd948 |
-
|