Index: .classpath
===================================================================
--- .classpath (revision 0)
+++ .classpath (revision 294)
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
+ <classpathentry kind="lib" path="/usr/lib/java/jss4.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
Property changes on: .classpath
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: .project
===================================================================
--- .project (revision 0)
+++ .project (revision 294)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>tomcatjss</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
Property changes on: .project
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: src/org/apache/tomcat/util/net/jss/IJSSFactory.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 294)
@@ -19,11 +19,14 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+
interface IJSSFactory {
public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
+
public SSLSupport getSSLSupport(Socket socket);
}
Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 294)
@@ -19,364 +19,489 @@
package org.apache.tomcat.util.net.jss;
-import java.util.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
import java.text.SimpleDateFormat;
-import java.lang.Thread;
-import java.lang.NumberFormatException;
-import org.mozilla.jss.ssl.*;
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.util.*;
-import org.mozilla.jss.pkcs11.*;
-import java.net.*;
-import java.io.*;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.StringTokenizer;
-// Imports required to "implement" Tomcat 7 Interface
-import org.apache.tomcat.util.net.AbstractEndpoint;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
-public class JSSSocketFactory
- implements org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
+// Imports required to "implement" Tomcat 7 Interface
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.ssl.SSLServerSocket;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.util.Password;
- private static HashMap cipherMap = new HashMap();
+public class JSSSocketFactory implements
+ org.apache.tomcat.util.net.ServerSocketFactory,
+ org.apache.tomcat.util.net.SSLUtil {
+
+ private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
static {
// SSLv2
- cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
- cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5", SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_64_CBC_WITH_MD5", SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5", SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_64_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
// SSLv3
- cipherMap.put("SSL3_RSA_WITH_NULL_MD5", SSLSocket.SSL3_RSA_WITH_NULL_MD5);
- cipherMap.put("SSL3_RSA_WITH_NULL_SHA", SSLSocket.SSL3_RSA_WITH_NULL_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5", SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA", SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA", SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5", SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
-
- cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
-
+ cipherMap.put("SSL3_RSA_WITH_NULL_MD5",
+ SSLSocket.SSL3_RSA_WITH_NULL_MD5);
+ cipherMap.put("SSL3_RSA_WITH_NULL_SHA",
+ SSLSocket.SSL3_RSA_WITH_NULL_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
+
+ cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
+
// TLS
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
-
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA", SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
+
// ECC
- cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA", SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
- //TLSv1_2
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
- cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
+
+ // TLSv1_2
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_NULL_SHA256",
+ SSLSocket.TLS_RSA_WITH_NULL_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
+ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+
}
- private static HashMap eccCipherMap = new HashMap();
+ private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
static {
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA,
+ "TLS_ECDHE_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA,
+ "TLS_ECDH_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
}
private AbstractEndpoint endpoint;
- static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(JSSSocketFactory.class);
+ static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
+ .getLog(JSSSocketFactory.class);
protected static boolean ocspConfigured = false;
protected boolean requireClientAuth = false;
protected boolean wantClientAuth = false;
- private Vector enabledCiphers = new Vector();
private boolean initialized = false;
private String serverCertNick = "";
- private String mServerCertNickPath ="";
- private String mPwdPath ="";
- private String mPwdClass ="";
+ private String mServerCertNickPath = "";
+ private String mPwdPath = "";
+ private String mPwdClass = "";
private static final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
- private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(DATE_PATTERN);
+ private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(
+ DATE_PATTERN);
FileWriter debugFile = null;
boolean debug = false;
private IPasswordStore mPasswordStore = null;
private boolean mStrictCiphers = false;
- public JSSSocketFactory (AbstractEndpoint endpoint) {
+ public JSSSocketFactory(AbstractEndpoint endpoint) {
this.endpoint = endpoint;
}
private void debugWrite(String m) throws IOException {
- if (debug) {
+ if (debug) {
String timeStamp = timeStampFormat.format(new Date());
String threadName = Thread.currentThread().getName();
- debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
+ debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
}
}
- public void setSSLCiphers(String attr) throws SocketException, IOException
- {
- String ciphers = (String)endpoint.getAttribute(attr);
- if (ciphers == null || ciphers.equals("")) {
- debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
- return;
- }
- StringTokenizer st = new StringTokenizer(ciphers, ",");
- while (st.hasMoreTokens()) {
- String cipherstr = st.nextToken();
- int cipherid = 0;
- String text;
- boolean state;
-
- if (cipherstr.startsWith("+")) {
- state = true;
- text = cipherstr.substring(1);
- } else if (cipherstr.startsWith("-")) {
- state = false;
- text = cipherstr.substring(1);
- } else {
- state = true; // no enable/disable flag, assume enable
- text = cipherstr;
+ public void setSSLCiphers(String attr) throws SocketException, IOException {
+ String ciphers = (String) endpoint.getAttribute(attr);
+ if (ciphers == null || ciphers.equals("")) {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
}
+ StringTokenizer st = new StringTokenizer(ciphers, ",");
+ while (st.hasMoreTokens()) {
+ String cipherstr = st.nextToken();
+ int cipherid = 0;
+ String text;
+ boolean state;
- if (text.startsWith("0x") || text.startsWith("0X")) {
- // this allows us to specify new ciphers
- try {
- cipherid = Integer.parseInt(text.substring(2), 16);
+ if (cipherstr.startsWith("+")) {
+ state = true;
+ text = cipherstr.substring(1);
+ } else if (cipherstr.startsWith("-")) {
+ state = false;
+ text = cipherstr.substring(1);
+ } else {
+ state = true; // no enable/disable flag, assume enable
+ text = cipherstr;
}
- catch (Exception e) {
- System.err.println("Error: SSL cipher \"\""+text+"\" cannot be read as an integer");
- continue;
- }
- } else {
- Object mapValue;
- mapValue = cipherMap.get(text);
- if (mapValue == null) {
- cipherid = 0;
+ if (text.startsWith("0x") || text.startsWith("0X")) {
+ // this allows us to specify new ciphers
+ try {
+ cipherid = Integer.parseInt(text.substring(2), 16);
+ } catch (Exception e) {
+ System.err.println("Error: SSL cipher \"\"" + text
+ + "\" cannot be read as an integer");
+ continue;
+ }
} else {
- cipherid = (Integer)mapValue;
- }
- }
- if (cipherid != 0) {
- try {
- debugWrite("JSSSocketFactory setSSLCiphers: "+
- cipherstr+": 0x"+Integer.toHexString(cipherid) +"\n");
- SSLSocket.setCipherPreferenceDefault(cipherid, state);
- }
- catch (Exception e) {
- if (eccCipherMap.containsKey(cipherid)) {
- System.err.println("Warning: SSL ECC cipher \""+text+"\" unsupported by NSS. "+
- "This is probably O.K. unless ECC support has been installed.");
+ Object mapValue;
+
+ mapValue = cipherMap.get(text);
+ if (mapValue == null) {
+ cipherid = 0;
} else {
- System.err.println("Error: SSL cipher \""+text+"\" unsupported by NSS");
+ cipherid = (Integer) mapValue;
}
}
- } else {
- System.err.println("Error: SSL cipher \""+text+"\" not recognized by tomcatjss");
+ if (cipherid != 0) {
+ try {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
+ SSLSocket.setCipherPreferenceDefault(cipherid, state);
+ } catch (Exception e) {
+ if (eccCipherMap.containsKey(cipherid)) {
+ System.err
+ .println("Warning: SSL ECC cipher \""
+ + text
+ + "\" unsupported by NSS. "
+ + "This is probably O.K. unless ECC support has been installed.");
+ } else {
+ System.err.println("Error: SSL cipher \"" + text
+ + "\" unsupported by NSS");
+ }
+ }
+ } else {
+ System.err.println("Error: SSL cipher \"" + text
+ + "\" not recognized by tomcatjss");
+ }
}
- }
}
/*
- * note: the SSL_OptionSet-based API for controlling the enabled
- * protocol versions are obsolete and replaced by the
- * setSSLVersionRange calls. If the "range" parameters are
- * present in the attributes then the sslOptions parameter is
- * ignored.
+ * note: the SSL_OptionSet-based API for controlling the enabled protocol
+ * versions are obsolete and replaced by the setSSLVersionRange calls. If
+ * the "range" parameters are present in the attributes then the sslOptions
+ * parameter is ignored.
*/
- public void setSSLOptions() throws SocketException, IOException
- {
- String options = (String)endpoint.getAttribute("sslOptions");
- StringTokenizer st = new StringTokenizer(options, ",");
- while (st.hasMoreTokens()) {
- String option = st.nextToken();
- StringTokenizer st1 = new StringTokenizer(option, "=");
- String name = st1.nextToken();
- String value = st1.nextToken();
- if (name.equals("ssl2")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL2Default(true);
- setSSLCiphers("ssl2Ciphers");
- } else {
- SSLSocket.enableSSL2Default(false);
- }
+ public void setSSLOptions() throws SocketException, IOException {
+ String options = (String) endpoint.getAttribute("sslOptions");
+ StringTokenizer st = new StringTokenizer(options, ",");
+ while (st.hasMoreTokens()) {
+ String option = st.nextToken();
+ StringTokenizer st1 = new StringTokenizer(option, "=");
+ String name = st1.nextToken();
+ String value = st1.nextToken();
+ if (name.equals("ssl2")) {
+ if (value.equals("true")) {
+ SSLSocket.enableSSL2Default(true);
+ setSSLCiphers("ssl2Ciphers");
+ } else {
+ SSLSocket.enableSSL2Default(false);
+ }
+ }
+ if (name.equals("ssl3")) {
+ if (value.equals("true")) {
+ SSLSocket.enableSSL3Default(true);
+ setSSLCiphers("ssl3Ciphers");
+ } else {
+ SSLSocket.enableSSL3Default(false);
+ }
+ }
+ if (name.equals("tls")) {
+ if (value.equals("true")) {
+ SSLSocket.enableTLSDefault(true);
+ setSSLCiphers("tlsCiphers");
+ } else {
+ SSLSocket.enableTLSDefault(false);
+ }
+ }
}
- if (name.equals("ssl3")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL3Default(true);
- setSSLCiphers("ssl3Ciphers");
- } else {
- SSLSocket.enableSSL3Default(false);
- }
- }
- if (name.equals("tls")) {
- if (value.equals("true")) {
- SSLSocket.enableTLSDefault(true);
- setSSLCiphers("tlsCiphers");
- } else {
- SSLSocket.enableTLSDefault(false);
- }
- }
- }
}
// remove all to start with a clean slate
- public void unsetSSLCiphers() throws SocketException
- {
+ public void unsetSSLCiphers() throws SocketException {
int ciphers[] = SSLSocket.getImplementedCipherSuites();
try {
- for (int i = 0; ciphers != null && i < ciphers.length; i++) {
+ for (int i = 0; ciphers != null && i < ciphers.length; i++) {
- debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"+
- Integer.toHexString(ciphers[i]) + "'\n");
- SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
- }
+ debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"
+ + Integer.toHexString(ciphers[i]) + "'\n");
+ SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
+ }
} catch (Exception e) {
}
}
-
/*
- * setSSLVersionRangeDefault sets the range of allowed ssl versions.
- * This replaces the obsolete SSL_Option* API
- *
- * @param protoVariant indicates whether this setting is for
- type "stream" or "datagram"
- * @param sslVersionRange_s takes on the form of "min:max" where
- * min/max values can be "ssl3, tls1_0, tls1_1, or tls1_2"
- * ssl2 is not supported for tomcatjss via this interface
- * The format is "sslVersionRange=min:max"
+ * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
+ * replaces the obsolete SSL_Option* API
+ *
+ * @param protoVariant indicates whether this setting is for type "stream"
+ * or "datagram"
+ *
+ * @param sslVersionRange_s takes on the form of "min:max" where min/max
+ * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
+ * tomcatjss via this interface The format is "sslVersionRange=min:max"
*/
public void setSSLVersionRangeDefault(
org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant protoVariant,
- String sslVersionRange_s)
- throws SocketException, IllegalArgumentException, IOException {
+ String sslVersionRange_s) throws SocketException,
+ IllegalArgumentException, IOException {
// process sslVersionRange_s
- String[] sslVersionRange = sslVersionRange_s.split(":");
+ String[] sslVersionRange = sslVersionRange_s.split(":");
if (sslVersionRange.length != 2) {
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
+ + sslVersionRange_s + "\n");
+ throw new SocketException(
+ "tomcatjss: setSSLversionRangeDefault format error");
}
String min_s = sslVersionRange[0];
String max_s = sslVersionRange[1];
int min = getSSLVersionRangeEnum(min_s);
int max = getSSLVersionRangeEnum(max_s);
- if ((min == -1) || (max== -1)) {
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
+ if ((min == -1) || (max == -1)) {
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
+ + sslVersionRange_s + "\n");
+ throw new SocketException(
+ "tomcatjss: setSSLversionRangeDefault format error");
}
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min=" + min + " max = " + max +"\n");
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(min, max);
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min="
+ + min + " max = " + max + "\n");
+ org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range = new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
+ min, max);
SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
debugWrite("JSSSocketFactory setSSLversionRangeDefault- variant set\n");
}
- int getSSLVersionRangeEnum (String rangeString) {
+ int getSSLVersionRangeEnum(String rangeString) {
if (rangeString == null)
return -1;
if (rangeString.equals("ssl3"))
@@ -393,39 +518,40 @@
void init() throws IOException {
try {
- String deb = (String)endpoint.getAttribute("debug");
+ String deb = (String) endpoint.getAttribute("debug");
if (deb.equals("true")) {
- debug = true;
- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
- debugWrite("JSSSocketFactory init - debug is on\n");
+ debug = true;
+ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
+ debugWrite("JSSSocketFactory init - debug is on\n");
}
} catch (Exception e) {
- // System.out.println("no tomcatjss debugging");
+ // System.out.println("no tomcatjss debugging");
}
try {
try {
- mPwdPath = (String)endpoint.getAttribute("passwordFile");
- mPwdClass = (String)endpoint.getAttribute("passwordClass");
- if (mPwdClass != null) {
- mPasswordStore = (IPasswordStore)Class.forName(mPwdClass).newInstance();
+ mPwdPath = (String) endpoint.getAttribute("passwordFile");
+ mPwdClass = (String) endpoint.getAttribute("passwordClass");
+ if (mPwdClass != null) {
+ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass)
+ .newInstance();
mPasswordStore.init(mPwdPath);
debugWrite("JSSSocketFactory init - password reader initialized\n");
- }
- } catch (Exception e) {
+ }
+ } catch (Exception e) {
debugWrite("JSSSocketFactory init - Exception caught: "
- +e.toString() + "\n");
+ + e.toString() + "\n");
if (debugFile != null)
debugFile.close();
- throw new IOException("JSSSocketFactory: no passwordFilePath defined");
+ throw new IOException(
+ "JSSSocketFactory: no passwordFilePath defined");
}
- String certDir = (String)endpoint.getAttribute("certdbDir");
-
- CryptoManager.InitializationValues vals =
- new CryptoManager.InitializationValues(certDir,
- "", "", "secmod.db");
+ String certDir = (String) endpoint.getAttribute("certdbDir");
+ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
+ certDir, "", "", "secmod.db");
+
vals.removeSunProvider = false;
vals.installJSSProvider = true;
try {
@@ -435,22 +561,22 @@
}
CryptoManager manager = CryptoManager.getInstance();
- //JSSSocketFactory init - handle crypto tokens
+ // JSSSocketFactory init - handle crypto tokens
debugWrite("JSSSocketFactory init - about to handle crypto unit logins\n");
if (mPasswordStore != null) {
- Enumeration en = mPasswordStore.getTags();
- while (en.hasMoreElements()){
+ Enumeration<?> en = mPasswordStore.getTags();
+ while (en.hasMoreElements()) {
String pwd = "";
Password pw = null;
String tokenName = "";
String st = (String) en.nextElement();
- debugWrite("JSSSocketFactory init - tag name="+st+"\n");
+ debugWrite("JSSSocketFactory init - tag name=" + st + "\n");
pwd = mPasswordStore.getPassword(st);
if (pwd != null) {
debugWrite("JSSSocketFactory init - got password\n");
- pw = new Password(pwd.toCharArray());
+ pw = new Password(pwd.toCharArray());
} else {
debugWrite("JSSSocketFactory init - no pwd found in password.conf\n");
continue;
@@ -464,12 +590,13 @@
debugWrite("JSSSocketFactory init - got hardware\n");
tokenName = st.substring(9);
- debugWrite("JSSSocketFactory init - tokenName="+tokenName+"\n");
+ debugWrite("JSSSocketFactory init - tokenName="
+ + tokenName + "\n");
// find the hsm and log in
token = manager.getTokenByName(tokenName);
} else {
- //non-token entries
+ // non-token entries
}
if (token != null) {
if (!token.isLoggedIn()) {
@@ -479,15 +606,15 @@
debugWrite("JSSSocketFactory init - already logged in\n");
}
}
- } //while
+ } // while
debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
} else {
debugWrite("JSSSocketFactory init - no login done\n");
- } //mPasswordStore not null
+ } // mPasswordStore not null
// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
- String clientAuthStr = (String)endpoint.getAttribute("clientauth");
+ String clientAuthStr = (String) endpoint.getAttribute("clientauth");
if (clientAuthStr == null) {
debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
clientAuthStr = "want";
@@ -494,178 +621,208 @@
}
File file = null;
try {
- mServerCertNickPath = (String)endpoint.getAttribute("serverCertNickFile");
- debugWrite("JSSSocketFactory init - got serverCertNickFile"+
- mServerCertNickPath+"\n");
+ mServerCertNickPath = (String) endpoint
+ .getAttribute("serverCertNickFile");
+ debugWrite("JSSSocketFactory init - got serverCertNickFile"
+ + mServerCertNickPath + "\n");
file = new File(mServerCertNickPath);
- Long l = new Long(file.length());
FileInputStream in = new FileInputStream(mServerCertNickPath);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(new InputStreamReader(in));
do {
- serverCertNick = d.readLine();
- debugWrite("JSSSocketFactory init - got line "+
- serverCertNick +"\n");
- if (serverCertNick == null) {
- in.close();
- d.close();
- throw new IOException("JSSSocketFactory: error loading serverCertNickFile");
- }
- // handle comments or blank lines
- if (serverCertNick.trim().startsWith("#") ||
- serverCertNick.trim().equals("")) {
- serverCertNick = null;
- }
+ serverCertNick = d.readLine();
+ debugWrite("JSSSocketFactory init - got line "
+ + serverCertNick + "\n");
+ if (serverCertNick == null) {
+ in.close();
+ d.close();
+ throw new IOException(
+ "JSSSocketFactory: error loading serverCertNickFile");
+ }
+ // handle comments or blank lines
+ if (serverCertNick.trim().startsWith("#")
+ || serverCertNick.trim().equals("")) {
+ serverCertNick = null;
+ }
} while (serverCertNick == null);
- debugWrite("JSSSocketFactory init - found nickname=" + serverCertNick + "\n");
+ debugWrite("JSSSocketFactory init - found nickname="
+ + serverCertNick + "\n");
in.close();
d.close();
} catch (Exception e) {
debugWrite("JSSSocketFactory init - Exception caught: "
- +e.toString() + "\n");
+ + e.toString() + "\n");
if (debugFile != null)
debugFile.close();
- throw new IOException("JSSSocketFactory: no serverCertNickFile defined");
+ throw new IOException(
+ "JSSSocketFactory: no serverCertNickFile defined");
}
- //serverCertNick = (String)endpoint.getAttribute("serverCert");
- if (clientAuthStr.equalsIgnoreCase("true") ||
- clientAuthStr.equalsIgnoreCase("yes")) {
+ // serverCertNick = (String)endpoint.getAttribute("serverCert");
+ if (clientAuthStr.equalsIgnoreCase("true")
+ || clientAuthStr.equalsIgnoreCase("yes")) {
requireClientAuth = true;
} else if (clientAuthStr.equalsIgnoreCase("want")) {
wantClientAuth = true;
}
- debugWrite("JSSSocketFActory init - requireClientAuth " + requireClientAuth +
- " wantClientAuth " + wantClientAuth + " ocspConfigured "
- + ocspConfigured);
- if (requireClientAuth == true || wantClientAuth == true
- && ocspConfigured == false ) {
- debugWrite("JSSSocketFactory init - checking for OCSP settings. \n" );
- boolean enableOCSP = false;
+ debugWrite("JSSSocketFActory init - requireClientAuth "
+ + requireClientAuth + " wantClientAuth " + wantClientAuth
+ + " ocspConfigured " + ocspConfigured);
+ if (requireClientAuth == true || wantClientAuth == true
+ && ocspConfigured == false) {
+ debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
+ boolean enableOCSP = false;
String doOCSP = (String) endpoint.getAttribute("enableOCSP");
- debugWrite("JSSSocketFactory init - doOCSP flag:"+
- doOCSP+ " \n");
+ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP
+ + " \n");
- if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
- enableOCSP = true;
- }
-
- debugWrite("JSSSocketFactory init - enableOCSP "+
- enableOCSP+ "\n");
-
- if( enableOCSP == true ) {
- String ocspResponderURL = (String) endpoint.getAttribute("ocspResponderURL");
- debugWrite("JSSSocketFactory init - ocspResponderURL "+
- ocspResponderURL+ "\n");
- String ocspResponderCertNickname = (String) endpoint.getAttribute("ocspResponderCertNickname");
- debugWrite("JSSSocketFactory init - ocspResponderCertNickname" + ocspResponderCertNickname + "\n");
- if( (ocspResponderURL != null && ocspResponderURL.length() > 0) &&
- (ocspResponderCertNickname != null &&
- ocspResponderCertNickname.length() > 0 )) {
+ if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
+ enableOCSP = true;
+ }
- ocspConfigured = true;
- try {
- manager.configureOCSP(true,ocspResponderURL,ocspResponderCertNickname);
- int ocspCacheSize_i = 1000;
- int ocspMinCacheEntryDuration_i = 3600;
- int ocspMaxCacheEntryDuration_i = 86400;
+ debugWrite("JSSSocketFactory init - enableOCSP " + enableOCSP
+ + "\n");
- String ocspCacheSize = (String) endpoint.getAttribute("ocspCacheSize");
- String ocspMinCacheEntryDuration = (String) endpoint.getAttribute("ocspMinCacheEntryDuration");
- String ocspMaxCacheEntryDuration = (String) endpoint.getAttribute("ocspMaxCacheEntryDuration");
+ if (enableOCSP == true) {
+ String ocspResponderURL = (String) endpoint
+ .getAttribute("ocspResponderURL");
+ debugWrite("JSSSocketFactory init - ocspResponderURL "
+ + ocspResponderURL + "\n");
+ String ocspResponderCertNickname = (String) endpoint
+ .getAttribute("ocspResponderCertNickname");
+ debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+ + ocspResponderCertNickname + "\n");
+ if ((ocspResponderURL != null && ocspResponderURL.length() > 0)
+ && (ocspResponderCertNickname != null && ocspResponderCertNickname
+ .length() > 0)) {
- if (ocspCacheSize != null ||
- ocspMinCacheEntryDuration != null ||
- ocspMaxCacheEntryDuration != null) {
- // not specified then takes the default
- if (ocspCacheSize != null) {
- debugWrite("JSSSocketFactory init - ocspCacheSize= " + ocspCacheSize+"\n");
- ocspCacheSize_i = Integer.parseInt(ocspCacheSize);
- }
- if (ocspMinCacheEntryDuration != null) {
- debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= " + ocspMinCacheEntryDuration+"\n");
- ocspMinCacheEntryDuration_i = Integer.parseInt(ocspMinCacheEntryDuration);
- }
- if (ocspMaxCacheEntryDuration != null) {
- debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= " + ocspMaxCacheEntryDuration+"\n");
- ocspMaxCacheEntryDuration_i = Integer.parseInt(ocspMaxCacheEntryDuration);
- }
- manager.OCSPCacheSettings(ocspCacheSize_i,
- ocspMinCacheEntryDuration_i, ocspMaxCacheEntryDuration_i);
- }
+ ocspConfigured = true;
+ try {
+ manager.configureOCSP(true, ocspResponderURL,
+ ocspResponderCertNickname);
+ int ocspCacheSize_i = 1000;
+ int ocspMinCacheEntryDuration_i = 3600;
+ int ocspMaxCacheEntryDuration_i = 86400;
- // defualt to 60 seconds;
- String ocspTimeout = (String) endpoint.getAttribute("ocspTimeout");
- if (ocspTimeout != null) {
- debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
- int ocspTimeout_i = Integer.parseInt(ocspTimeout);
- if (ocspTimeout_i < 0)
- ocspTimeout_i = 60;
- manager.setOCSPTimeout(ocspTimeout_i);
- }
+ String ocspCacheSize = (String) endpoint
+ .getAttribute("ocspCacheSize");
+ String ocspMinCacheEntryDuration = (String) endpoint
+ .getAttribute("ocspMinCacheEntryDuration");
+ String ocspMaxCacheEntryDuration = (String) endpoint
+ .getAttribute("ocspMaxCacheEntryDuration");
- } catch(java.security.GeneralSecurityException e) {
- ocspConfigured = false;
- debugWrite("JSSSocketFactory init - error initializing OCSP e: " + e.toString()+"\n");
- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuraion!");
- } catch (java.lang.NumberFormatException e) {
- debugWrite("JSSSocketFactory init - error setting OCSP cache e: " + e.toString()+"\n");
- throw new java.lang.NumberFormatException("Error setting OCSP cache. Check configuraion!");
- }
- } else {
+ if (ocspCacheSize != null
+ || ocspMinCacheEntryDuration != null
+ || ocspMaxCacheEntryDuration != null) {
+ // not specified then takes the default
+ if (ocspCacheSize != null) {
+ debugWrite("JSSSocketFactory init - ocspCacheSize= "
+ + ocspCacheSize + "\n");
+ ocspCacheSize_i = Integer
+ .parseInt(ocspCacheSize);
+ }
+ if (ocspMinCacheEntryDuration != null) {
+ debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= "
+ + ocspMinCacheEntryDuration + "\n");
+ ocspMinCacheEntryDuration_i = Integer
+ .parseInt(ocspMinCacheEntryDuration);
+ }
+ if (ocspMaxCacheEntryDuration != null) {
+ debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= "
+ + ocspMaxCacheEntryDuration + "\n");
+ ocspMaxCacheEntryDuration_i = Integer
+ .parseInt(ocspMaxCacheEntryDuration);
+ }
+ manager.OCSPCacheSettings(ocspCacheSize_i,
+ ocspMinCacheEntryDuration_i,
+ ocspMaxCacheEntryDuration_i);
+ }
+
+ // defualt to 60 seconds;
+ String ocspTimeout = (String) endpoint
+ .getAttribute("ocspTimeout");
+ if (ocspTimeout != null) {
+ debugWrite("JSSSocketFactory init - ocspTimeout= \n"
+ + ocspTimeout);
+ int ocspTimeout_i = Integer
+ .parseInt(ocspTimeout);
+ if (ocspTimeout_i < 0)
+ ocspTimeout_i = 60;
+ manager.setOCSPTimeout(ocspTimeout_i);
+ }
+
+ } catch (java.security.GeneralSecurityException e) {
+ ocspConfigured = false;
+ debugWrite("JSSSocketFactory init - error initializing OCSP e: "
+ + e.toString() + "\n");
+ throw new java.security.GeneralSecurityException(
+ "Error setting up OCSP. Check configuraion!");
+ } catch (java.lang.NumberFormatException e) {
+ debugWrite("JSSSocketFactory init - error setting OCSP cache e: "
+ + e.toString() + "\n");
+ throw new java.lang.NumberFormatException(
+ "Error setting OCSP cache. Check configuraion!");
+ }
+ } else {
debugWrite("JSSSocketFactory init - error ocsp misconfigured! \n");
- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuration!");
- }
+ throw new java.security.GeneralSecurityException(
+ "Error setting up OCSP. Check configuration!");
+ }
}
}
- //serverCertNick = "Server-Cert cert-tks";
+ // serverCertNick = "Server-Cert cert-tks";
// 12 hours = 43200 seconds
SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
- String strictCiphersStr = (String)endpoint.getAttribute("strictCiphers");
- if (strictCiphersStr.equalsIgnoreCase("true") ||
- strictCiphersStr.equalsIgnoreCase("yes")) {
+ String strictCiphersStr = (String) endpoint
+ .getAttribute("strictCiphers");
+ if (strictCiphersStr.equalsIgnoreCase("true")
+ || strictCiphersStr.equalsIgnoreCase("yes")) {
mStrictCiphers = true;
}
if (mStrictCiphers == true) {
// what ciphers do we have to start with? turn them all off
- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
- unsetSSLCiphers();
+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
+ unsetSSLCiphers();
} else {
- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
}
- String sslVersionRangeStream = (String)endpoint.getAttribute("sslVersionRangeStream");
- if ((sslVersionRangeStream != null) && !sslVersionRangeStream.equals("")) {
+ String sslVersionRangeStream = (String) endpoint
+ .getAttribute("sslVersionRangeStream");
+ if ((sslVersionRangeStream != null)
+ && !sslVersionRangeStream.equals("")) {
debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, sslVersionRangeStream);
+ setSSLVersionRangeDefault(
+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
+ sslVersionRangeStream);
debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
}
- String sslVersionRangeDatagram = (String)endpoint.getAttribute("sslVersionRangeDatagram");
- if ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram.equals("")) {
+ String sslVersionRangeDatagram = (String) endpoint
+ .getAttribute("sslVersionRangeDatagram");
+ if ((sslVersionRangeDatagram != null)
+ && !sslVersionRangeDatagram.equals("")) {
debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM, sslVersionRangeDatagram);
+ setSSLVersionRangeDefault(
+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
+ sslVersionRangeDatagram);
debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type DATA_GRAM\n");
}
/*
- * According to NSS:
- * the SSL_OptionSet-based API for controlling the enabled
- * protocol versions are obsolete and replaced by the
- * setSSLVersionRange calls.
- * Therefore, if the "range" parameters are
- * present in the attributes then the sslOptions parameter is
- * ignored.
- * Using the new version range API in conjunction with the older
- * SSL_OptionSet-based API for controlling the enabled protocol
- * versions may cause unexpected results
+ * According to NSS: the SSL_OptionSet-based API for controlling the
+ * enabled protocol versions are obsolete and replaced by the
+ * setSSLVersionRange calls. Therefore, if the "range" parameters
+ * are present in the attributes then the sslOptions parameter is
+ * ignored. Using the new version range API in conjunction with the
+ * older SSL_OptionSet-based API for controlling the enabled
+ * protocol versions may cause unexpected results
*/
- if (((sslVersionRangeStream != null)
- && !sslVersionRangeStream.equals(""))
- || ((sslVersionRangeDatagram != null)
- && !sslVersionRangeDatagram.equals(""))) {
+ if (((sslVersionRangeStream != null) && !sslVersionRangeStream
+ .equals(""))
+ || ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram
+ .equals(""))) {
/* deliberately lose the ssl2 here */
debugWrite("SSSocketFactory init - calling setSSLCiphers() honoring only sslRangeCiphers\n");
setSSLCiphers("sslRangeCiphers");
@@ -677,18 +834,18 @@
}
} catch (Exception ex) {
- debugWrite("JSSSocketFactory init - exception thrown:"+
- ex.toString()+"\n");
- System.err.println("JSSSocketFactory init - exception thrown:"+
- ex.toString()+"\n");
+ debugWrite("JSSSocketFactory init - exception thrown:"
+ + ex.toString() + "\n");
+ System.err.println("JSSSocketFactory init - exception thrown:"
+ + ex.toString() + "\n");
if (debugFile != null)
debugFile.close();
// The idea is, if admin take the trouble to configure the
// ocsp cache, and made a mistake, we want to make server
// unavailable until they get it right
- if((ex instanceof java.security.GeneralSecurityException) ||
- (ex instanceof java.lang.NumberFormatException))
- throw new IOException(ex.toString());
+ if ((ex instanceof java.security.GeneralSecurityException)
+ || (ex instanceof java.lang.NumberFormatException))
+ throw new IOException(ex.toString());
}
if (debugFile != null)
debugFile.close();
@@ -697,7 +854,7 @@
public Socket acceptSocket(ServerSocket socket) throws IOException {
SSLSocket asock = null;
try {
- asock = (SSLSocket)socket.accept();
+ asock = (SSLSocket) socket.accept();
if (wantClientAuth || requireClientAuth) {
asock.requestClientAuth(true);
if (requireClientAuth == true) {
@@ -707,14 +864,14 @@
}
}
} catch (Exception e) {
- throw new SocketException("SSL handshake error "+e.toString());
- }
+ throw new SocketException("SSL handshake error " + e.toString());
+ }
return asock;
}
public void handshake(Socket sock) throws IOException {
- //((SSLSocket)sock).forceHandshake();
+ // ((SSLSocket)sock).forceHandshake();
}
public ServerSocket createSocket(int port) throws IOException {
@@ -721,33 +878,31 @@
return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
}
- public ServerSocket createSocket(int port, int backlog)
- throws IOException {
+ public ServerSocket createSocket(int port, int backlog) throws IOException {
return createSocket(port, backlog, null);
}
public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress) throws IOException {
+ InetAddress ifAddress) throws IOException {
return createSocket(port, backlog, ifAddress, true);
}
public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress, boolean reuseAddr) throws IOException {
+ InetAddress ifAddress, boolean reuseAddr) throws IOException {
if (!initialized)
init();
SSLServerSocket socket = null;
- socket = (SSLServerSocket)(new SSLServerSocket(port, backlog,
- ifAddress, null, reuseAddr));
+ socket = (SSLServerSocket) (new SSLServerSocket(port, backlog,
+ ifAddress, null, reuseAddr));
initializeSocket(socket);
- return (ServerSocket)socket;
+ return (ServerSocket) socket;
}
private void initializeSocket(SSLServerSocket s) {
try {
/*
- * Timeout's should not be enabled by default.
- * Upper layers will call setSoTimeout() as needed.
- * Zero means disable.
+ * Timeout's should not be enabled by default. Upper layers will
+ * call setSoTimeout() as needed. Zero means disable.
*/
s.setSoTimeout(0);
if (wantClientAuth || requireClientAuth) {
@@ -757,7 +912,7 @@
} else {
s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
}
- }
+ }
s.setServerCertNickname(serverCertNick);
} catch (Exception e) {
}
@@ -776,7 +931,8 @@
return null;
}
- public void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext) {
+ public void configureSessionContext(
+ javax.net.ssl.SSLSessionContext sslSessionContext) {
return;
}
Index: src/org/apache/tomcat/util/net/jss/JSSImplementation.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 294)
@@ -20,7 +20,7 @@
package org.apache.tomcat.util.net.jss;
import java.net.Socket;
-import java.io.*;
+
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
@@ -27,14 +27,12 @@
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
-public class JSSImplementation extends SSLImplementation
-{
- static final String JSSFactory =
- "org.apache.tomcat.util.net.jss.JSSFactory";
+public class JSSImplementation extends SSLImplementation {
+ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
- static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(JSSImplementation.class);
+ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
+ .getLog(JSSImplementation.class);
private JSSFactory factory = null;
@@ -43,9 +41,9 @@
try {
Class factcl = Class.forName(JSSFactory);
- factory = (JSSFactory)factcl.newInstance();
+ factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
- if(logger.isDebugEnabled())
+ if (logger.isDebugEnabled())
logger.debug("Error getting factory: " + JSSFactory, e);
}
}
@@ -54,8 +52,7 @@
return "JSS";
}
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint)
- {
+ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
return ssf;
}
@@ -68,28 +65,28 @@
public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
/*
- * The Tomcat 6.0.26 docs says:
- * This method has been deprecated since it adds a JSSE dependency
- * to this interface. It will be removed in versions after 6.0.x.
- *
+ * The Tomcat 6.0.26 docs says: This method has been deprecated since it
+ * adds a JSSE dependency to this interface. It will be removed in
+ * versions after 6.0.x.
+ *
* But we have to provide a implementation of this method because it's
* declared as abstract.
- *
+ *
* Unfortunately there does not appear to be any way to get SSLSupport
* information from a session with JSS. JSS looks up the information
* based on a socket, not a session. This done in SSLSocket.c
* Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
- *
+ *
* So while it would be nice to provide a working implmentation there
* doesn't seem to be an easy way to do this. Given that this method is
* already deprecated and there hasn't been any evidence of it being
* called it therefore seems reasonable to just return null to satify
* the compiler's demand for an implementation.
- *
+ *
* Once this abstract method is removed from SSLImplementation in a
* future release we can remove this stub.
- *
- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
+ *
+ * NOTE: This method has NOT yet been deprecated in Tomcat 7!
*/
return null;
}
Index: src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 294)
@@ -19,11 +19,13 @@
package org.apache.tomcat.util.net.jss;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
import java.util.Properties;
-import java.io.*;
-import java.util.*;
-public class PlainPasswordFile implements IPasswordStore{
+public class PlainPasswordFile implements IPasswordStore {
private String mPwdPath = "";
private Properties mPwdStore;
private static final String PASSWORD_WRITER_HEADER = "";
@@ -31,24 +33,23 @@
public PlainPasswordFile() {
}
- public void init(String pwdPath)
- throws IOException
- {
- mPwdStore = new Properties();
- // initialize mPwdStore
- mPwdPath = pwdPath;
+ public void init(String pwdPath) throws IOException {
+ mPwdStore = new Properties();
+ // initialize mPwdStore
+ mPwdPath = pwdPath;
- FileInputStream file = new FileInputStream(mPwdPath);
- mPwdStore.load(file);
+ FileInputStream file = new FileInputStream(mPwdPath);
+ mPwdStore.load(file);
}
public String getPassword(String tag) {
- return (String) mPwdStore.getProperty(tag);
+ return (String) mPwdStore.getProperty(tag);
}
// return an array of String-based tag
- public Enumeration getTags() {
- return mPwdStore.propertyNames();
+ @SuppressWarnings("unchecked")
+ public Enumeration<String> getTags() {
+ return (Enumeration<String>) mPwdStore.propertyNames();
}
public Object putPassword(String tag, String password) {
@@ -55,9 +56,8 @@
return mPwdStore.setProperty(tag, password);
}
- public void commit()
- throws IOException, ClassCastException, NullPointerException
- {
+ public void commit() throws IOException, ClassCastException,
+ NullPointerException {
FileOutputStream file = new FileOutputStream(mPwdPath);
mPwdStore.store(file, PASSWORD_WRITER_HEADER);
}
Index: src/org/apache/tomcat/util/net/jss/JSSFactory.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 294)
@@ -19,10 +19,13 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import org.mozilla.jss.ssl.SSLSocket;
+
class JSSFactory implements IJSSFactory {
JSSFactory() {
}
@@ -32,6 +35,6 @@
}
public SSLSupport getSSLSupport(Socket socket) {
- return new JSSSupport((SSLSocket)socket);
+ return new JSSSupport((SSLSocket) socket);
}
}
Index: src/org/apache/tomcat/util/net/jss/IPasswordStore.java
===================================================================
--- src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 292)
+++ src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 294)
@@ -19,14 +19,18 @@
package org.apache.tomcat.util.net.jss;
-import java.util.*;
-import java.io.*;
+import java.io.IOException;
+import java.util.Enumeration;
public interface IPasswordStore {
public void init(String pwdPath) throws IOException;
+
public String getPassword(String tag);
- public Enumeration getTags();
+
+ public Enumeration<String> getTags();
+
public Object putPassword(String tag, String password);
- public void commit()
- throws IOException, ClassCastException, NullPointerException;
+
+ public void commit() throws IOException, ClassCastException,
+ NullPointerException;
}
Index: .settings/org.eclipse.jdt.core.prefs
===================================================================
--- .settings/org.eclipse.jdt.core.prefs (revision 0)
+++ .settings/org.eclipse.jdt.core.prefs (revision 294)
@@ -0,0 +1,282 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_assignment=0
+org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
+org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
+org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
+org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
+org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
+org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_resources_in_try=80
+org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16
+org.eclipse.jdt.core.formatter.alignment_for_union_type_in_multicatch=16
+org.eclipse.jdt.core.formatter.blank_lines_after_imports=1
+org.eclipse.jdt.core.formatter.blank_lines_after_package=1
+org.eclipse.jdt.core.formatter.blank_lines_before_field=0
+org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0
+org.eclipse.jdt.core.formatter.blank_lines_before_imports=1
+org.eclipse.jdt.core.formatter.blank_lines_before_member_type=1
+org.eclipse.jdt.core.formatter.blank_lines_before_method=1
+org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1
+org.eclipse.jdt.core.formatter.blank_lines_before_package=0
+org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1
+org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=1
+org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_block=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_switch=end_of_line
+org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=end_of_line
+org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false
+org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false
+org.eclipse.jdt.core.formatter.comment.format_block_comments=false
+org.eclipse.jdt.core.formatter.comment.format_header=false
+org.eclipse.jdt.core.formatter.comment.format_html=true
+org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=true
+org.eclipse.jdt.core.formatter.comment.format_line_comments=false
+org.eclipse.jdt.core.formatter.comment.format_source_code=true
+org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true
+org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
+org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
+org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
+org.eclipse.jdt.core.formatter.comment.line_length=120
+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
+org.eclipse.jdt.core.formatter.comment.preserve_white_space_between_code_and_line_comments=false
+org.eclipse.jdt.core.formatter.compact_else_if=true
+org.eclipse.jdt.core.formatter.continuation_indentation=2
+org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
+org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=false
+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true
+org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true
+org.eclipse.jdt.core.formatter.indent_empty_lines=false
+org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true
+org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true
+org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true
+org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false
+org.eclipse.jdt.core.formatter.indentation.size=8
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_method=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_package=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_type=insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert
+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert
+org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert
+org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert
+org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert
+org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert
+org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert
+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert
+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert
+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert
+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert
+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert
+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert
+org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_try=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert
+org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert
+org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert
+org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_try_resources=insert
+org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert
+org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert
+org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_try=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert
+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_try=insert
+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert
+org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert
+org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert
+org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert
+org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_try_resources=do not insert
+org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert
+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert
+org.eclipse.jdt.core.formatter.join_lines_in_comments=false
+org.eclipse.jdt.core.formatter.join_wrapped_lines=false
+org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false
+org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false
+org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false
+org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false
+org.eclipse.jdt.core.formatter.lineSplit=120
+org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false
+org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false
+org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0
+org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
+org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
+org.eclipse.jdt.core.formatter.tabulation.char=space
+org.eclipse.jdt.core.formatter.tabulation.size=4
+org.eclipse.jdt.core.formatter.use_on_off_tags=false
+org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
+org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
+org.eclipse.jdt.core.formatter.wrap_before_or_operator_multicatch=true
+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
Index: .settings/org.eclipse.jdt.ui.prefs
===================================================================
--- .settings/org.eclipse.jdt.ui.prefs (revision 0)
+++ .settings/org.eclipse.jdt.ui.prefs (revision 294)
@@ -0,0 +1,56 @@
+eclipse.preferences.version=1
+editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
+formatter_profile=_PKI Project Profile
+formatter_settings_version=12
+sp_cleanup.add_default_serial_version_id=true
+sp_cleanup.add_generated_serial_version_id=false
+sp_cleanup.add_missing_annotations=false
+sp_cleanup.add_missing_deprecated_annotations=true
+sp_cleanup.add_missing_methods=false
+sp_cleanup.add_missing_nls_tags=false
+sp_cleanup.add_missing_override_annotations=true
+sp_cleanup.add_missing_override_annotations_interface_methods=true
+sp_cleanup.add_serial_version_id=false
+sp_cleanup.always_use_blocks=true
+sp_cleanup.always_use_parentheses_in_expressions=false
+sp_cleanup.always_use_this_for_non_static_field_access=false
+sp_cleanup.always_use_this_for_non_static_method_access=false
+sp_cleanup.convert_to_enhanced_for_loop=false
+sp_cleanup.correct_indentation=false
+sp_cleanup.format_source_code=false
+sp_cleanup.format_source_code_changes_only=false
+sp_cleanup.make_local_variable_final=false
+sp_cleanup.make_parameters_final=false
+sp_cleanup.make_private_fields_final=true
+sp_cleanup.make_type_abstract_if_missing_method=false
+sp_cleanup.make_variable_declarations_final=false
+sp_cleanup.never_use_blocks=false
+sp_cleanup.never_use_parentheses_in_expressions=true
+sp_cleanup.on_save_use_additional_actions=true
+sp_cleanup.organize_imports=true
+sp_cleanup.qualify_static_field_accesses_with_declaring_class=false
+sp_cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
+sp_cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
+sp_cleanup.qualify_static_member_accesses_with_declaring_class=false
+sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
+sp_cleanup.remove_private_constructors=true
+sp_cleanup.remove_trailing_whitespaces=true
+sp_cleanup.remove_trailing_whitespaces_all=true
+sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
+sp_cleanup.remove_unnecessary_casts=true
+sp_cleanup.remove_unnecessary_nls_tags=false
+sp_cleanup.remove_unused_imports=true
+sp_cleanup.remove_unused_local_variables=false
+sp_cleanup.remove_unused_private_fields=true
+sp_cleanup.remove_unused_private_members=false
+sp_cleanup.remove_unused_private_methods=true
+sp_cleanup.remove_unused_private_types=true
+sp_cleanup.sort_members=false
+sp_cleanup.sort_members_all=false
+sp_cleanup.use_blocks=false
+sp_cleanup.use_blocks_only_for_return_and_throw=false
+sp_cleanup.use_parentheses_in_expressions=false
+sp_cleanup.use_this_for_non_static_field_access=false
+sp_cleanup.use_this_for_non_static_field_access_only_if_necessary=true
+sp_cleanup.use_this_for_non_static_method_access=false
+sp_cleanup.use_this_for_non_static_method_access_only_if_necessary=true