diff --git a/SOURCES/tomcatjss-eclipse-support1.patch b/SOURCES/tomcatjss-eclipse-support1.patch
new file mode 100644
index 0000000..cbad6bc
--- /dev/null
+++ b/SOURCES/tomcatjss-eclipse-support1.patch
@@ -0,0 +1,72 @@
+diff -up ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu ./src/org/apache/tomcat/util/net/jss/JSSSupport.java
+--- ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu 2015-05-05 12:12:38.897296507 -0700
++++ ./src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-05-05 12:13:22.064157121 -0700
+@@ -19,16 +19,18 @@
+
+ package org.apache.tomcat.util.net.jss;
+
+-import org.apache.tomcat.util.net.*;
+-import java.io.*;
+-import java.net.*;
++import java.io.ByteArrayInputStream;
++import java.io.IOException;
++import java.security.cert.CertificateFactory;
+ import java.security.cert.X509Certificate;
+-import org.mozilla.jss.ssl.*;
+-import java.security.cert.*;
+
+-class JSSSupport implements SSLSupport{
+- private static org.apache.commons.logging.Log log =
+- org.apache.commons.logging.LogFactory.getLog(JSSSupport.class);
++import org.apache.tomcat.util.net.SSLSupport;
++import org.mozilla.jss.ssl.SSLSecurityStatus;
++import org.mozilla.jss.ssl.SSLSocket;
++
++class JSSSupport implements SSLSupport {
++ private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
++ .getLog(JSSSupport.class);
+
+ private SSLSocket ssl = null;
+ private SSLSecurityStatus status = null;
+@@ -41,15 +43,16 @@ class JSSSupport implements SSLSupport{
+ }
+ }
+
+- public X509Certificate[] getPeerCertificateChain(boolean force) throws
+- IOException {
++ public X509Certificate[] getPeerCertificateChain(boolean force)
++ throws IOException {
+ // retrieve the status when we need it. status cache
+ // the client certificate which may not be available
+ // at the creation of JSSSupport
+ status = ssl.getStatus();
+ if (status != null) {
+- org.mozilla.jss.crypto.X509Certificate peerCert = status.getPeerCertificate();
+-
++ org.mozilla.jss.crypto.X509Certificate peerCert = status
++ .getPeerCertificate();
++
+ if (peerCert == null) {
+ ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
+ try {
+@@ -65,10 +68,10 @@ class JSSSupport implements SSLSupport{
+ X509Certificate[] certs = new X509Certificate[1];
+ try {
+ byte[] b = peerCert.getEncoded();
+- CertificateFactory cf = CertificateFactory.getInstance("X.509");
+- ByteArrayInputStream stream =
+- new ByteArrayInputStream(b);
+- certs[0] = (X509Certificate)cf.generateCertificate(stream);
++ CertificateFactory cf = CertificateFactory
++ .getInstance("X.509");
++ ByteArrayInputStream stream = new ByteArrayInputStream(b);
++ certs[0] = (X509Certificate) cf.generateCertificate(stream);
+ } catch (Exception e) {
+ }
+ return certs;
+@@ -98,5 +101,3 @@ class JSSSupport implements SSLSupport{
+ return null;
+ }
+ }
+-
+-
diff --git a/SOURCES/tomcatjss-eclipse-support2.patch b/SOURCES/tomcatjss-eclipse-support2.patch
new file mode 100644
index 0000000..7b6659d
--- /dev/null
+++ b/SOURCES/tomcatjss-eclipse-support2.patch
@@ -0,0 +1,1972 @@
+Index: .classpath
+===================================================================
+--- .classpath (revision 0)
++++ .classpath (revision 294)
+@@ -0,0 +1,10 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<classpath>
++ <classpathentry kind="src" path="src"/>
++ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
++ <classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
++ <classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
++ <classpathentry kind="lib" path="/usr/lib/java/jss4.jar"/>
++ <classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
++ <classpathentry kind="output" path="bin"/>
++</classpath>
+
+Property changes on: .classpath
+___________________________________________________________________
+Added: svn:mime-type
+## -0,0 +1 ##
++text/plain
+\ No newline at end of property
+Index: .project
+===================================================================
+--- .project (revision 0)
++++ .project (revision 294)
+@@ -0,0 +1,17 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<projectDescription>
++ <name>tomcatjss</name>
++ <comment></comment>
++ <projects>
++ </projects>
++ <buildSpec>
++ <buildCommand>
++ <name>org.eclipse.jdt.core.javabuilder</name>
++ <arguments>
++ </arguments>
++ </buildCommand>
++ </buildSpec>
++ <natures>
++ <nature>org.eclipse.jdt.core.javanature</nature>
++ </natures>
++</projectDescription>
+
+Property changes on: .project
+___________________________________________________________________
+Added: svn:mime-type
+## -0,0 +1 ##
++text/plain
+\ No newline at end of property
+Index: src/org/apache/tomcat/util/net/jss/IJSSFactory.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 294)
+@@ -19,11 +19,14 @@
+
+ package org.apache.tomcat.util.net.jss;
+
+-import org.mozilla.jss.ssl.*;
+-import org.apache.tomcat.util.net.*;
+-import java.net.*;
++import java.net.Socket;
+
++import org.apache.tomcat.util.net.AbstractEndpoint;
++import org.apache.tomcat.util.net.SSLSupport;
++import org.apache.tomcat.util.net.ServerSocketFactory;
++
+ interface IJSSFactory {
+ public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
++
+ public SSLSupport getSSLSupport(Socket socket);
+ }
+Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 294)
+@@ -19,364 +19,489 @@
+
+ package org.apache.tomcat.util.net.jss;
+
+-import java.util.*;
++import java.io.BufferedReader;
++import java.io.File;
++import java.io.FileInputStream;
++import java.io.FileWriter;
++import java.io.IOException;
++import java.io.InputStreamReader;
++import java.net.InetAddress;
++import java.net.ServerSocket;
++import java.net.Socket;
++import java.net.SocketException;
+ import java.text.SimpleDateFormat;
+-import java.lang.Thread;
+-import java.lang.NumberFormatException;
+-import org.mozilla.jss.ssl.*;
+-import org.mozilla.jss.crypto.*;
+-import org.mozilla.jss.CryptoManager;
+-import org.mozilla.jss.util.*;
+-import org.mozilla.jss.pkcs11.*;
+-import java.net.*;
+-import java.io.*;
++import java.util.Date;
++import java.util.Enumeration;
++import java.util.HashMap;
++import java.util.StringTokenizer;
+
+-// Imports required to "implement" Tomcat 7 Interface
+-import org.apache.tomcat.util.net.AbstractEndpoint;
+ import javax.net.ssl.KeyManager;
+ import javax.net.ssl.SSLContext;
+ import javax.net.ssl.TrustManager;
+
+-public class JSSSocketFactory
+- implements org.apache.tomcat.util.net.ServerSocketFactory,
+- org.apache.tomcat.util.net.SSLUtil {
++// Imports required to "implement" Tomcat 7 Interface
++import org.apache.tomcat.util.net.AbstractEndpoint;
++import org.mozilla.jss.CryptoManager;
++import org.mozilla.jss.crypto.AlreadyInitializedException;
++import org.mozilla.jss.crypto.CryptoToken;
++import org.mozilla.jss.ssl.SSLServerSocket;
++import org.mozilla.jss.ssl.SSLSocket;
++import org.mozilla.jss.util.Password;
+
+- private static HashMap cipherMap = new HashMap();
++public class JSSSocketFactory implements
++ org.apache.tomcat.util.net.ServerSocketFactory,
++ org.apache.tomcat.util.net.SSLUtil {
++
++ private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
+ static {
+ // SSLv2
+- cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
+- cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
+- cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
+- cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
+- cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5", SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
+- cipherMap.put("SSL2_DES_64_CBC_WITH_MD5", SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
+- cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5", SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
++ cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
++ cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5",
++ SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
++ cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5",
++ SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
++ cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5",
++ SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
++ cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5",
++ SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
++ cipherMap.put("SSL2_DES_64_CBC_WITH_MD5",
++ SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
++ cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5",
++ SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+
+ // SSLv3
+- cipherMap.put("SSL3_RSA_WITH_NULL_MD5", SSLSocket.SSL3_RSA_WITH_NULL_MD5);
+- cipherMap.put("SSL3_RSA_WITH_NULL_SHA", SSLSocket.SSL3_RSA_WITH_NULL_SHA);
+- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
+- cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5", SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
+- cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA", SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
+- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+- cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA", SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
+- cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+-
+- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+-
+- cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+-
+- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
+- cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5", SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
+- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
+- cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
+- cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
+-
+- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
+- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
+- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
+-
+- cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
+-
++ cipherMap.put("SSL3_RSA_WITH_NULL_MD5",
++ SSLSocket.SSL3_RSA_WITH_NULL_MD5);
++ cipherMap.put("SSL3_RSA_WITH_NULL_SHA",
++ SSLSocket.SSL3_RSA_WITH_NULL_SHA);
++ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
++ SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
++ cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5",
++ SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
++ cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA",
++ SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
++ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
++ SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
++ cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA",
++ SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
++ cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
++
++ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
++
++ cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
++
++ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
++ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
++ cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5",
++ SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
++ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
++ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
++ cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA",
++ SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
++ cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
++
++ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA",
++ SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
++ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
++ SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
++ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA",
++ SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
++
++ cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA",
++ SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
++
+ // TLS
+- cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+- cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+-
+- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+- cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA", SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
+-
+- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
+-
+- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
+- cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+- cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+- cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
+- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+- cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
++ SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
++ cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
++ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+
++ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
++ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
++ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
++ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
++ cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA",
++ SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
++
++ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
++
++ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
++
+ // ECC
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+-
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+
+- cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+-
+- cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA", SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
+- cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
+- cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
+- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+
+- //TLSv1_2
+- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+- cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
+- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
+- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
+- cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
+- cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA",
++ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
++ SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+
++ cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA",
++ SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
++ cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA",
++ SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
++ cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
++ cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
++
++ // TLSv1_2
++ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
++ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
++ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
++ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
++ cipherMap.put("TLS_RSA_WITH_NULL_SHA256",
++ SSLSocket.TLS_RSA_WITH_NULL_SHA256);
++ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256",
++ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
++ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256",
++ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
++ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA",
++ SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
++ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
++ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
++ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
++ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
++ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
++
+ }
+
+- private static HashMap eccCipherMap = new HashMap();
++ private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
+ static {
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA");
+- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
++ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
++ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
++ "TLS_ECDH_RSA_WITH_RC4_128_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
++ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
++ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
++ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
++ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
++ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
++ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
++ "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA,
++ "TLS_ECDHE_RSA_WITH_NULL_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA,
++ "TLS_ECDH_RSA_WITH_NULL_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
++ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+ }
+
+ private AbstractEndpoint endpoint;
+
+- static org.apache.commons.logging.Log log =
+- org.apache.commons.logging.LogFactory.getLog(JSSSocketFactory.class);
++ static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
++ .getLog(JSSSocketFactory.class);
+
+ protected static boolean ocspConfigured = false;
+ protected boolean requireClientAuth = false;
+ protected boolean wantClientAuth = false;
+- private Vector enabledCiphers = new Vector();
+ private boolean initialized = false;
+ private String serverCertNick = "";
+- private String mServerCertNickPath ="";
+- private String mPwdPath ="";
+- private String mPwdClass ="";
++ private String mServerCertNickPath = "";
++ private String mPwdPath = "";
++ private String mPwdClass = "";
+ private static final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
+- private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(DATE_PATTERN);
++ private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(
++ DATE_PATTERN);
+ FileWriter debugFile = null;
+ boolean debug = false;
+ private IPasswordStore mPasswordStore = null;
+ private boolean mStrictCiphers = false;
+
+- public JSSSocketFactory (AbstractEndpoint endpoint) {
++ public JSSSocketFactory(AbstractEndpoint endpoint) {
+ this.endpoint = endpoint;
+ }
+
+ private void debugWrite(String m) throws IOException {
+- if (debug) {
++ if (debug) {
+ String timeStamp = timeStampFormat.format(new Date());
+ String threadName = Thread.currentThread().getName();
+- debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
++ debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
+ }
+ }
+
+- public void setSSLCiphers(String attr) throws SocketException, IOException
+- {
+- String ciphers = (String)endpoint.getAttribute(attr);
+- if (ciphers == null || ciphers.equals("")) {
+- debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
+- return;
+- }
+- StringTokenizer st = new StringTokenizer(ciphers, ",");
+- while (st.hasMoreTokens()) {
+- String cipherstr = st.nextToken();
+- int cipherid = 0;
+- String text;
+- boolean state;
+-
+- if (cipherstr.startsWith("+")) {
+- state = true;
+- text = cipherstr.substring(1);
+- } else if (cipherstr.startsWith("-")) {
+- state = false;
+- text = cipherstr.substring(1);
+- } else {
+- state = true; // no enable/disable flag, assume enable
+- text = cipherstr;
++ public void setSSLCiphers(String attr) throws SocketException, IOException {
++ String ciphers = (String) endpoint.getAttribute(attr);
++ if (ciphers == null || ciphers.equals("")) {
++ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
++ return;
+ }
++ StringTokenizer st = new StringTokenizer(ciphers, ",");
++ while (st.hasMoreTokens()) {
++ String cipherstr = st.nextToken();
++ int cipherid = 0;
++ String text;
++ boolean state;
+
+- if (text.startsWith("0x") || text.startsWith("0X")) {
+- // this allows us to specify new ciphers
+- try {
+- cipherid = Integer.parseInt(text.substring(2), 16);
++ if (cipherstr.startsWith("+")) {
++ state = true;
++ text = cipherstr.substring(1);
++ } else if (cipherstr.startsWith("-")) {
++ state = false;
++ text = cipherstr.substring(1);
++ } else {
++ state = true; // no enable/disable flag, assume enable
++ text = cipherstr;
+ }
+- catch (Exception e) {
+- System.err.println("Error: SSL cipher \"\""+text+"\" cannot be read as an integer");
+- continue;
+- }
+- } else {
+- Object mapValue;
+
+- mapValue = cipherMap.get(text);
+- if (mapValue == null) {
+- cipherid = 0;
++ if (text.startsWith("0x") || text.startsWith("0X")) {
++ // this allows us to specify new ciphers
++ try {
++ cipherid = Integer.parseInt(text.substring(2), 16);
++ } catch (Exception e) {
++ System.err.println("Error: SSL cipher \"\"" + text
++ + "\" cannot be read as an integer");
++ continue;
++ }
+ } else {
+- cipherid = (Integer)mapValue;
+- }
+- }
+- if (cipherid != 0) {
+- try {
+- debugWrite("JSSSocketFactory setSSLCiphers: "+
+- cipherstr+": 0x"+Integer.toHexString(cipherid) +"\n");
+- SSLSocket.setCipherPreferenceDefault(cipherid, state);
+- }
+- catch (Exception e) {
+- if (eccCipherMap.containsKey(cipherid)) {
+- System.err.println("Warning: SSL ECC cipher \""+text+"\" unsupported by NSS. "+
+- "This is probably O.K. unless ECC support has been installed.");
++ Object mapValue;
++
++ mapValue = cipherMap.get(text);
++ if (mapValue == null) {
++ cipherid = 0;
+ } else {
+- System.err.println("Error: SSL cipher \""+text+"\" unsupported by NSS");
++ cipherid = (Integer) mapValue;
+ }
+ }
+- } else {
+- System.err.println("Error: SSL cipher \""+text+"\" not recognized by tomcatjss");
++ if (cipherid != 0) {
++ try {
++ debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
++ + ": 0x" + Integer.toHexString(cipherid) + "\n");
++ SSLSocket.setCipherPreferenceDefault(cipherid, state);
++ } catch (Exception e) {
++ if (eccCipherMap.containsKey(cipherid)) {
++ System.err
++ .println("Warning: SSL ECC cipher \""
++ + text
++ + "\" unsupported by NSS. "
++ + "This is probably O.K. unless ECC support has been installed.");
++ } else {
++ System.err.println("Error: SSL cipher \"" + text
++ + "\" unsupported by NSS");
++ }
++ }
++ } else {
++ System.err.println("Error: SSL cipher \"" + text
++ + "\" not recognized by tomcatjss");
++ }
+ }
+- }
+ }
+
+ /*
+- * note: the SSL_OptionSet-based API for controlling the enabled
+- * protocol versions are obsolete and replaced by the
+- * setSSLVersionRange calls. If the "range" parameters are
+- * present in the attributes then the sslOptions parameter is
+- * ignored.
++ * note: the SSL_OptionSet-based API for controlling the enabled protocol
++ * versions are obsolete and replaced by the setSSLVersionRange calls. If
++ * the "range" parameters are present in the attributes then the sslOptions
++ * parameter is ignored.
+ */
+- public void setSSLOptions() throws SocketException, IOException
+- {
+- String options = (String)endpoint.getAttribute("sslOptions");
+- StringTokenizer st = new StringTokenizer(options, ",");
+- while (st.hasMoreTokens()) {
+- String option = st.nextToken();
+- StringTokenizer st1 = new StringTokenizer(option, "=");
+- String name = st1.nextToken();
+- String value = st1.nextToken();
+- if (name.equals("ssl2")) {
+- if (value.equals("true")) {
+- SSLSocket.enableSSL2Default(true);
+- setSSLCiphers("ssl2Ciphers");
+- } else {
+- SSLSocket.enableSSL2Default(false);
+- }
++ public void setSSLOptions() throws SocketException, IOException {
++ String options = (String) endpoint.getAttribute("sslOptions");
++ StringTokenizer st = new StringTokenizer(options, ",");
++ while (st.hasMoreTokens()) {
++ String option = st.nextToken();
++ StringTokenizer st1 = new StringTokenizer(option, "=");
++ String name = st1.nextToken();
++ String value = st1.nextToken();
++ if (name.equals("ssl2")) {
++ if (value.equals("true")) {
++ SSLSocket.enableSSL2Default(true);
++ setSSLCiphers("ssl2Ciphers");
++ } else {
++ SSLSocket.enableSSL2Default(false);
++ }
++ }
++ if (name.equals("ssl3")) {
++ if (value.equals("true")) {
++ SSLSocket.enableSSL3Default(true);
++ setSSLCiphers("ssl3Ciphers");
++ } else {
++ SSLSocket.enableSSL3Default(false);
++ }
++ }
++ if (name.equals("tls")) {
++ if (value.equals("true")) {
++ SSLSocket.enableTLSDefault(true);
++ setSSLCiphers("tlsCiphers");
++ } else {
++ SSLSocket.enableTLSDefault(false);
++ }
++ }
+ }
+- if (name.equals("ssl3")) {
+- if (value.equals("true")) {
+- SSLSocket.enableSSL3Default(true);
+- setSSLCiphers("ssl3Ciphers");
+- } else {
+- SSLSocket.enableSSL3Default(false);
+- }
+- }
+- if (name.equals("tls")) {
+- if (value.equals("true")) {
+- SSLSocket.enableTLSDefault(true);
+- setSSLCiphers("tlsCiphers");
+- } else {
+- SSLSocket.enableTLSDefault(false);
+- }
+- }
+- }
+ }
+
+ // remove all to start with a clean slate
+- public void unsetSSLCiphers() throws SocketException
+- {
++ public void unsetSSLCiphers() throws SocketException {
+ int ciphers[] = SSLSocket.getImplementedCipherSuites();
+ try {
+- for (int i = 0; ciphers != null && i < ciphers.length; i++) {
++ for (int i = 0; ciphers != null && i < ciphers.length; i++) {
+
+- debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"+
+- Integer.toHexString(ciphers[i]) + "'\n");
+- SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
+- }
++ debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"
++ + Integer.toHexString(ciphers[i]) + "'\n");
++ SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
++ }
+ } catch (Exception e) {
+ }
+ }
+
+-
+ /*
+- * setSSLVersionRangeDefault sets the range of allowed ssl versions.
+- * This replaces the obsolete SSL_Option* API
+- *
+- * @param protoVariant indicates whether this setting is for
+- type "stream" or "datagram"
+- * @param sslVersionRange_s takes on the form of "min:max" where
+- * min/max values can be "ssl3, tls1_0, tls1_1, or tls1_2"
+- * ssl2 is not supported for tomcatjss via this interface
+- * The format is "sslVersionRange=min:max"
++ * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
++ * replaces the obsolete SSL_Option* API
++ *
++ * @param protoVariant indicates whether this setting is for type "stream"
++ * or "datagram"
++ *
++ * @param sslVersionRange_s takes on the form of "min:max" where min/max
++ * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
++ * tomcatjss via this interface The format is "sslVersionRange=min:max"
+ */
+ public void setSSLVersionRangeDefault(
+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant protoVariant,
+- String sslVersionRange_s)
+- throws SocketException, IllegalArgumentException, IOException {
++ String sslVersionRange_s) throws SocketException,
++ IllegalArgumentException, IOException {
+
+ // process sslVersionRange_s
+- String[] sslVersionRange = sslVersionRange_s.split(":");
++ String[] sslVersionRange = sslVersionRange_s.split(":");
+ if (sslVersionRange.length != 2) {
+- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
+- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
++ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
++ + sslVersionRange_s + "\n");
++ throw new SocketException(
++ "tomcatjss: setSSLversionRangeDefault format error");
+ }
+ String min_s = sslVersionRange[0];
+ String max_s = sslVersionRange[1];
+ int min = getSSLVersionRangeEnum(min_s);
+ int max = getSSLVersionRangeEnum(max_s);
+- if ((min == -1) || (max== -1)) {
+- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
+- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
++ if ((min == -1) || (max == -1)) {
++ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
++ + sslVersionRange_s + "\n");
++ throw new SocketException(
++ "tomcatjss: setSSLversionRangeDefault format error");
+ }
+
+- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min=" + min + " max = " + max +"\n");
+- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
+- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(min, max);
++ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min="
++ + min + " max = " + max + "\n");
++ org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range = new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
++ min, max);
+
+ SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- variant set\n");
+ }
+
+- int getSSLVersionRangeEnum (String rangeString) {
++ int getSSLVersionRangeEnum(String rangeString) {
+ if (rangeString == null)
+ return -1;
+ if (rangeString.equals("ssl3"))
+@@ -393,39 +518,40 @@
+
+ void init() throws IOException {
+ try {
+- String deb = (String)endpoint.getAttribute("debug");
++ String deb = (String) endpoint.getAttribute("debug");
+ if (deb.equals("true")) {
+- debug = true;
+- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
+- debugWrite("JSSSocketFactory init - debug is on\n");
++ debug = true;
++ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
++ debugWrite("JSSSocketFactory init - debug is on\n");
+ }
+ } catch (Exception e) {
+- // System.out.println("no tomcatjss debugging");
++ // System.out.println("no tomcatjss debugging");
+ }
+
+ try {
+ try {
+- mPwdPath = (String)endpoint.getAttribute("passwordFile");
+- mPwdClass = (String)endpoint.getAttribute("passwordClass");
+- if (mPwdClass != null) {
+- mPasswordStore = (IPasswordStore)Class.forName(mPwdClass).newInstance();
++ mPwdPath = (String) endpoint.getAttribute("passwordFile");
++ mPwdClass = (String) endpoint.getAttribute("passwordClass");
++ if (mPwdClass != null) {
++ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass)
++ .newInstance();
+ mPasswordStore.init(mPwdPath);
+ debugWrite("JSSSocketFactory init - password reader initialized\n");
+- }
+- } catch (Exception e) {
++ }
++ } catch (Exception e) {
+ debugWrite("JSSSocketFactory init - Exception caught: "
+- +e.toString() + "\n");
++ + e.toString() + "\n");
+ if (debugFile != null)
+ debugFile.close();
+- throw new IOException("JSSSocketFactory: no passwordFilePath defined");
++ throw new IOException(
++ "JSSSocketFactory: no passwordFilePath defined");
+ }
+
+- String certDir = (String)endpoint.getAttribute("certdbDir");
+-
+- CryptoManager.InitializationValues vals =
+- new CryptoManager.InitializationValues(certDir,
+- "", "", "secmod.db");
++ String certDir = (String) endpoint.getAttribute("certdbDir");
+
++ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
++ certDir, "", "", "secmod.db");
++
+ vals.removeSunProvider = false;
+ vals.installJSSProvider = true;
+ try {
+@@ -435,22 +561,22 @@
+ }
+ CryptoManager manager = CryptoManager.getInstance();
+
+- //JSSSocketFactory init - handle crypto tokens
++ // JSSSocketFactory init - handle crypto tokens
+ debugWrite("JSSSocketFactory init - about to handle crypto unit logins\n");
+
+ if (mPasswordStore != null) {
+- Enumeration en = mPasswordStore.getTags();
+- while (en.hasMoreElements()){
++ Enumeration<?> en = mPasswordStore.getTags();
++ while (en.hasMoreElements()) {
+ String pwd = "";
+ Password pw = null;
+ String tokenName = "";
+ String st = (String) en.nextElement();
+- debugWrite("JSSSocketFactory init - tag name="+st+"\n");
++ debugWrite("JSSSocketFactory init - tag name=" + st + "\n");
+ pwd = mPasswordStore.getPassword(st);
+
+ if (pwd != null) {
+ debugWrite("JSSSocketFactory init - got password\n");
+- pw = new Password(pwd.toCharArray());
++ pw = new Password(pwd.toCharArray());
+ } else {
+ debugWrite("JSSSocketFactory init - no pwd found in password.conf\n");
+ continue;
+@@ -464,12 +590,13 @@
+ debugWrite("JSSSocketFactory init - got hardware\n");
+
+ tokenName = st.substring(9);
+- debugWrite("JSSSocketFactory init - tokenName="+tokenName+"\n");
++ debugWrite("JSSSocketFactory init - tokenName="
++ + tokenName + "\n");
+
+ // find the hsm and log in
+ token = manager.getTokenByName(tokenName);
+ } else {
+- //non-token entries
++ // non-token entries
+ }
+ if (token != null) {
+ if (!token.isLoggedIn()) {
+@@ -479,15 +606,15 @@
+ debugWrite("JSSSocketFactory init - already logged in\n");
+ }
+ }
+- } //while
++ } // while
+ debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
+ } else {
+ debugWrite("JSSSocketFactory init - no login done\n");
+- } //mPasswordStore not null
++ } // mPasswordStore not null
+
+ // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
+ // (camel case) has already been processed by Tomcat 7
+- String clientAuthStr = (String)endpoint.getAttribute("clientauth");
++ String clientAuthStr = (String) endpoint.getAttribute("clientauth");
+ if (clientAuthStr == null) {
+ debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
+ clientAuthStr = "want";
+@@ -494,178 +621,208 @@
+ }
+ File file = null;
+ try {
+- mServerCertNickPath = (String)endpoint.getAttribute("serverCertNickFile");
+- debugWrite("JSSSocketFactory init - got serverCertNickFile"+
+- mServerCertNickPath+"\n");
++ mServerCertNickPath = (String) endpoint
++ .getAttribute("serverCertNickFile");
++ debugWrite("JSSSocketFactory init - got serverCertNickFile"
++ + mServerCertNickPath + "\n");
+ file = new File(mServerCertNickPath);
+- Long l = new Long(file.length());
+ FileInputStream in = new FileInputStream(mServerCertNickPath);
+- BufferedReader d =
+- new BufferedReader(new InputStreamReader(in));
++ BufferedReader d = new BufferedReader(new InputStreamReader(in));
+ do {
+- serverCertNick = d.readLine();
+- debugWrite("JSSSocketFactory init - got line "+
+- serverCertNick +"\n");
+- if (serverCertNick == null) {
+- in.close();
+- d.close();
+- throw new IOException("JSSSocketFactory: error loading serverCertNickFile");
+- }
+- // handle comments or blank lines
+- if (serverCertNick.trim().startsWith("#") ||
+- serverCertNick.trim().equals("")) {
+- serverCertNick = null;
+- }
++ serverCertNick = d.readLine();
++ debugWrite("JSSSocketFactory init - got line "
++ + serverCertNick + "\n");
++ if (serverCertNick == null) {
++ in.close();
++ d.close();
++ throw new IOException(
++ "JSSSocketFactory: error loading serverCertNickFile");
++ }
++ // handle comments or blank lines
++ if (serverCertNick.trim().startsWith("#")
++ || serverCertNick.trim().equals("")) {
++ serverCertNick = null;
++ }
+ } while (serverCertNick == null);
+- debugWrite("JSSSocketFactory init - found nickname=" + serverCertNick + "\n");
++ debugWrite("JSSSocketFactory init - found nickname="
++ + serverCertNick + "\n");
+ in.close();
+ d.close();
+ } catch (Exception e) {
+ debugWrite("JSSSocketFactory init - Exception caught: "
+- +e.toString() + "\n");
++ + e.toString() + "\n");
+ if (debugFile != null)
+ debugFile.close();
+- throw new IOException("JSSSocketFactory: no serverCertNickFile defined");
++ throw new IOException(
++ "JSSSocketFactory: no serverCertNickFile defined");
+ }
+
+- //serverCertNick = (String)endpoint.getAttribute("serverCert");
+- if (clientAuthStr.equalsIgnoreCase("true") ||
+- clientAuthStr.equalsIgnoreCase("yes")) {
++ // serverCertNick = (String)endpoint.getAttribute("serverCert");
++ if (clientAuthStr.equalsIgnoreCase("true")
++ || clientAuthStr.equalsIgnoreCase("yes")) {
+ requireClientAuth = true;
+ } else if (clientAuthStr.equalsIgnoreCase("want")) {
+ wantClientAuth = true;
+ }
+- debugWrite("JSSSocketFActory init - requireClientAuth " + requireClientAuth +
+- " wantClientAuth " + wantClientAuth + " ocspConfigured "
+- + ocspConfigured);
+- if (requireClientAuth == true || wantClientAuth == true
+- && ocspConfigured == false ) {
+- debugWrite("JSSSocketFactory init - checking for OCSP settings. \n" );
+- boolean enableOCSP = false;
++ debugWrite("JSSSocketFActory init - requireClientAuth "
++ + requireClientAuth + " wantClientAuth " + wantClientAuth
++ + " ocspConfigured " + ocspConfigured);
++ if (requireClientAuth == true || wantClientAuth == true
++ && ocspConfigured == false) {
++ debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
++ boolean enableOCSP = false;
+ String doOCSP = (String) endpoint.getAttribute("enableOCSP");
+
+- debugWrite("JSSSocketFactory init - doOCSP flag:"+
+- doOCSP+ " \n");
++ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP
++ + " \n");
+
+- if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
+- enableOCSP = true;
+- }
+-
+- debugWrite("JSSSocketFactory init - enableOCSP "+
+- enableOCSP+ "\n");
+-
+- if( enableOCSP == true ) {
+- String ocspResponderURL = (String) endpoint.getAttribute("ocspResponderURL");
+- debugWrite("JSSSocketFactory init - ocspResponderURL "+
+- ocspResponderURL+ "\n");
+- String ocspResponderCertNickname = (String) endpoint.getAttribute("ocspResponderCertNickname");
+- debugWrite("JSSSocketFactory init - ocspResponderCertNickname" + ocspResponderCertNickname + "\n");
+- if( (ocspResponderURL != null && ocspResponderURL.length() > 0) &&
+- (ocspResponderCertNickname != null &&
+- ocspResponderCertNickname.length() > 0 )) {
++ if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
++ enableOCSP = true;
++ }
+
+- ocspConfigured = true;
+- try {
+- manager.configureOCSP(true,ocspResponderURL,ocspResponderCertNickname);
+- int ocspCacheSize_i = 1000;
+- int ocspMinCacheEntryDuration_i = 3600;
+- int ocspMaxCacheEntryDuration_i = 86400;
++ debugWrite("JSSSocketFactory init - enableOCSP " + enableOCSP
++ + "\n");
+
+- String ocspCacheSize = (String) endpoint.getAttribute("ocspCacheSize");
+- String ocspMinCacheEntryDuration = (String) endpoint.getAttribute("ocspMinCacheEntryDuration");
+- String ocspMaxCacheEntryDuration = (String) endpoint.getAttribute("ocspMaxCacheEntryDuration");
++ if (enableOCSP == true) {
++ String ocspResponderURL = (String) endpoint
++ .getAttribute("ocspResponderURL");
++ debugWrite("JSSSocketFactory init - ocspResponderURL "
++ + ocspResponderURL + "\n");
++ String ocspResponderCertNickname = (String) endpoint
++ .getAttribute("ocspResponderCertNickname");
++ debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
++ + ocspResponderCertNickname + "\n");
++ if ((ocspResponderURL != null && ocspResponderURL.length() > 0)
++ && (ocspResponderCertNickname != null && ocspResponderCertNickname
++ .length() > 0)) {
+
+- if (ocspCacheSize != null ||
+- ocspMinCacheEntryDuration != null ||
+- ocspMaxCacheEntryDuration != null) {
+- // not specified then takes the default
+- if (ocspCacheSize != null) {
+- debugWrite("JSSSocketFactory init - ocspCacheSize= " + ocspCacheSize+"\n");
+- ocspCacheSize_i = Integer.parseInt(ocspCacheSize);
+- }
+- if (ocspMinCacheEntryDuration != null) {
+- debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= " + ocspMinCacheEntryDuration+"\n");
+- ocspMinCacheEntryDuration_i = Integer.parseInt(ocspMinCacheEntryDuration);
+- }
+- if (ocspMaxCacheEntryDuration != null) {
+- debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= " + ocspMaxCacheEntryDuration+"\n");
+- ocspMaxCacheEntryDuration_i = Integer.parseInt(ocspMaxCacheEntryDuration);
+- }
+- manager.OCSPCacheSettings(ocspCacheSize_i,
+- ocspMinCacheEntryDuration_i, ocspMaxCacheEntryDuration_i);
+- }
++ ocspConfigured = true;
++ try {
++ manager.configureOCSP(true, ocspResponderURL,
++ ocspResponderCertNickname);
++ int ocspCacheSize_i = 1000;
++ int ocspMinCacheEntryDuration_i = 3600;
++ int ocspMaxCacheEntryDuration_i = 86400;
+
+- // defualt to 60 seconds;
+- String ocspTimeout = (String) endpoint.getAttribute("ocspTimeout");
+- if (ocspTimeout != null) {
+- debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
+- int ocspTimeout_i = Integer.parseInt(ocspTimeout);
+- if (ocspTimeout_i < 0)
+- ocspTimeout_i = 60;
+- manager.setOCSPTimeout(ocspTimeout_i);
+- }
++ String ocspCacheSize = (String) endpoint
++ .getAttribute("ocspCacheSize");
++ String ocspMinCacheEntryDuration = (String) endpoint
++ .getAttribute("ocspMinCacheEntryDuration");
++ String ocspMaxCacheEntryDuration = (String) endpoint
++ .getAttribute("ocspMaxCacheEntryDuration");
+
+- } catch(java.security.GeneralSecurityException e) {
+- ocspConfigured = false;
+- debugWrite("JSSSocketFactory init - error initializing OCSP e: " + e.toString()+"\n");
+- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuraion!");
+- } catch (java.lang.NumberFormatException e) {
+- debugWrite("JSSSocketFactory init - error setting OCSP cache e: " + e.toString()+"\n");
+- throw new java.lang.NumberFormatException("Error setting OCSP cache. Check configuraion!");
+- }
+- } else {
++ if (ocspCacheSize != null
++ || ocspMinCacheEntryDuration != null
++ || ocspMaxCacheEntryDuration != null) {
++ // not specified then takes the default
++ if (ocspCacheSize != null) {
++ debugWrite("JSSSocketFactory init - ocspCacheSize= "
++ + ocspCacheSize + "\n");
++ ocspCacheSize_i = Integer
++ .parseInt(ocspCacheSize);
++ }
++ if (ocspMinCacheEntryDuration != null) {
++ debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= "
++ + ocspMinCacheEntryDuration + "\n");
++ ocspMinCacheEntryDuration_i = Integer
++ .parseInt(ocspMinCacheEntryDuration);
++ }
++ if (ocspMaxCacheEntryDuration != null) {
++ debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= "
++ + ocspMaxCacheEntryDuration + "\n");
++ ocspMaxCacheEntryDuration_i = Integer
++ .parseInt(ocspMaxCacheEntryDuration);
++ }
++ manager.OCSPCacheSettings(ocspCacheSize_i,
++ ocspMinCacheEntryDuration_i,
++ ocspMaxCacheEntryDuration_i);
++ }
++
++ // defualt to 60 seconds;
++ String ocspTimeout = (String) endpoint
++ .getAttribute("ocspTimeout");
++ if (ocspTimeout != null) {
++ debugWrite("JSSSocketFactory init - ocspTimeout= \n"
++ + ocspTimeout);
++ int ocspTimeout_i = Integer
++ .parseInt(ocspTimeout);
++ if (ocspTimeout_i < 0)
++ ocspTimeout_i = 60;
++ manager.setOCSPTimeout(ocspTimeout_i);
++ }
++
++ } catch (java.security.GeneralSecurityException e) {
++ ocspConfigured = false;
++ debugWrite("JSSSocketFactory init - error initializing OCSP e: "
++ + e.toString() + "\n");
++ throw new java.security.GeneralSecurityException(
++ "Error setting up OCSP. Check configuraion!");
++ } catch (java.lang.NumberFormatException e) {
++ debugWrite("JSSSocketFactory init - error setting OCSP cache e: "
++ + e.toString() + "\n");
++ throw new java.lang.NumberFormatException(
++ "Error setting OCSP cache. Check configuraion!");
++ }
++ } else {
+ debugWrite("JSSSocketFactory init - error ocsp misconfigured! \n");
+- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuration!");
+- }
++ throw new java.security.GeneralSecurityException(
++ "Error setting up OCSP. Check configuration!");
++ }
+ }
+ }
+- //serverCertNick = "Server-Cert cert-tks";
++ // serverCertNick = "Server-Cert cert-tks";
+ // 12 hours = 43200 seconds
+ SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
+
+- String strictCiphersStr = (String)endpoint.getAttribute("strictCiphers");
+- if (strictCiphersStr.equalsIgnoreCase("true") ||
+- strictCiphersStr.equalsIgnoreCase("yes")) {
++ String strictCiphersStr = (String) endpoint
++ .getAttribute("strictCiphers");
++ if (strictCiphersStr.equalsIgnoreCase("true")
++ || strictCiphersStr.equalsIgnoreCase("yes")) {
+ mStrictCiphers = true;
+ }
+ if (mStrictCiphers == true) {
+ // what ciphers do we have to start with? turn them all off
+- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
+- unsetSSLCiphers();
++ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
++ unsetSSLCiphers();
+ } else {
+- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
++ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
+ }
+
+- String sslVersionRangeStream = (String)endpoint.getAttribute("sslVersionRangeStream");
+- if ((sslVersionRangeStream != null) && !sslVersionRangeStream.equals("")) {
++ String sslVersionRangeStream = (String) endpoint
++ .getAttribute("sslVersionRangeStream");
++ if ((sslVersionRangeStream != null)
++ && !sslVersionRangeStream.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
+- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, sslVersionRangeStream);
++ setSSLVersionRangeDefault(
++ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
++ sslVersionRangeStream);
+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
+ }
+
+- String sslVersionRangeDatagram = (String)endpoint.getAttribute("sslVersionRangeDatagram");
+- if ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram.equals("")) {
++ String sslVersionRangeDatagram = (String) endpoint
++ .getAttribute("sslVersionRangeDatagram");
++ if ((sslVersionRangeDatagram != null)
++ && !sslVersionRangeDatagram.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
+- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM, sslVersionRangeDatagram);
++ setSSLVersionRangeDefault(
++ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
++ sslVersionRangeDatagram);
+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type DATA_GRAM\n");
+ }
+
+ /*
+- * According to NSS:
+- * the SSL_OptionSet-based API for controlling the enabled
+- * protocol versions are obsolete and replaced by the
+- * setSSLVersionRange calls.
+- * Therefore, if the "range" parameters are
+- * present in the attributes then the sslOptions parameter is
+- * ignored.
+- * Using the new version range API in conjunction with the older
+- * SSL_OptionSet-based API for controlling the enabled protocol
+- * versions may cause unexpected results
++ * According to NSS: the SSL_OptionSet-based API for controlling the
++ * enabled protocol versions are obsolete and replaced by the
++ * setSSLVersionRange calls. Therefore, if the "range" parameters
++ * are present in the attributes then the sslOptions parameter is
++ * ignored. Using the new version range API in conjunction with the
++ * older SSL_OptionSet-based API for controlling the enabled
++ * protocol versions may cause unexpected results
+ */
+- if (((sslVersionRangeStream != null)
+- && !sslVersionRangeStream.equals(""))
+- || ((sslVersionRangeDatagram != null)
+- && !sslVersionRangeDatagram.equals(""))) {
++ if (((sslVersionRangeStream != null) && !sslVersionRangeStream
++ .equals(""))
++ || ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram
++ .equals(""))) {
+ /* deliberately lose the ssl2 here */
+ debugWrite("SSSocketFactory init - calling setSSLCiphers() honoring only sslRangeCiphers\n");
+ setSSLCiphers("sslRangeCiphers");
+@@ -677,18 +834,18 @@
+ }
+
+ } catch (Exception ex) {
+- debugWrite("JSSSocketFactory init - exception thrown:"+
+- ex.toString()+"\n");
+- System.err.println("JSSSocketFactory init - exception thrown:"+
+- ex.toString()+"\n");
++ debugWrite("JSSSocketFactory init - exception thrown:"
++ + ex.toString() + "\n");
++ System.err.println("JSSSocketFactory init - exception thrown:"
++ + ex.toString() + "\n");
+ if (debugFile != null)
+ debugFile.close();
+ // The idea is, if admin take the trouble to configure the
+ // ocsp cache, and made a mistake, we want to make server
+ // unavailable until they get it right
+- if((ex instanceof java.security.GeneralSecurityException) ||
+- (ex instanceof java.lang.NumberFormatException))
+- throw new IOException(ex.toString());
++ if ((ex instanceof java.security.GeneralSecurityException)
++ || (ex instanceof java.lang.NumberFormatException))
++ throw new IOException(ex.toString());
+ }
+ if (debugFile != null)
+ debugFile.close();
+@@ -697,7 +854,7 @@
+ public Socket acceptSocket(ServerSocket socket) throws IOException {
+ SSLSocket asock = null;
+ try {
+- asock = (SSLSocket)socket.accept();
++ asock = (SSLSocket) socket.accept();
+ if (wantClientAuth || requireClientAuth) {
+ asock.requestClientAuth(true);
+ if (requireClientAuth == true) {
+@@ -707,14 +864,14 @@
+ }
+ }
+ } catch (Exception e) {
+- throw new SocketException("SSL handshake error "+e.toString());
+- }
++ throw new SocketException("SSL handshake error " + e.toString());
++ }
+
+ return asock;
+ }
+
+ public void handshake(Socket sock) throws IOException {
+- //((SSLSocket)sock).forceHandshake();
++ // ((SSLSocket)sock).forceHandshake();
+ }
+
+ public ServerSocket createSocket(int port) throws IOException {
+@@ -721,33 +878,31 @@
+ return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
+ }
+
+- public ServerSocket createSocket(int port, int backlog)
+- throws IOException {
++ public ServerSocket createSocket(int port, int backlog) throws IOException {
+ return createSocket(port, backlog, null);
+ }
+
+ public ServerSocket createSocket(int port, int backlog,
+- InetAddress ifAddress) throws IOException {
++ InetAddress ifAddress) throws IOException {
+ return createSocket(port, backlog, ifAddress, true);
+ }
+
+ public ServerSocket createSocket(int port, int backlog,
+- InetAddress ifAddress, boolean reuseAddr) throws IOException {
++ InetAddress ifAddress, boolean reuseAddr) throws IOException {
+ if (!initialized)
+ init();
+ SSLServerSocket socket = null;
+- socket = (SSLServerSocket)(new SSLServerSocket(port, backlog,
+- ifAddress, null, reuseAddr));
++ socket = (SSLServerSocket) (new SSLServerSocket(port, backlog,
++ ifAddress, null, reuseAddr));
+ initializeSocket(socket);
+- return (ServerSocket)socket;
++ return (ServerSocket) socket;
+ }
+
+ private void initializeSocket(SSLServerSocket s) {
+ try {
+ /*
+- * Timeout's should not be enabled by default.
+- * Upper layers will call setSoTimeout() as needed.
+- * Zero means disable.
++ * Timeout's should not be enabled by default. Upper layers will
++ * call setSoTimeout() as needed. Zero means disable.
+ */
+ s.setSoTimeout(0);
+ if (wantClientAuth || requireClientAuth) {
+@@ -757,7 +912,7 @@
+ } else {
+ s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
+ }
+- }
++ }
+ s.setServerCertNickname(serverCertNick);
+ } catch (Exception e) {
+ }
+@@ -776,7 +931,8 @@
+ return null;
+ }
+
+- public void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext) {
++ public void configureSessionContext(
++ javax.net.ssl.SSLSessionContext sslSessionContext) {
+ return;
+ }
+
+Index: src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 294)
+@@ -20,7 +20,7 @@
+ package org.apache.tomcat.util.net.jss;
+
+ import java.net.Socket;
+-import java.io.*;
++
+ import org.apache.tomcat.util.net.AbstractEndpoint;
+ import org.apache.tomcat.util.net.SSLImplementation;
+ import org.apache.tomcat.util.net.SSLSupport;
+@@ -27,14 +27,12 @@
+ import org.apache.tomcat.util.net.SSLUtil;
+ import org.apache.tomcat.util.net.ServerSocketFactory;
+
+-public class JSSImplementation extends SSLImplementation
+-{
+- static final String JSSFactory =
+- "org.apache.tomcat.util.net.jss.JSSFactory";
++public class JSSImplementation extends SSLImplementation {
++ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
+ static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
+
+- static org.apache.commons.logging.Log logger =
+- org.apache.commons.logging.LogFactory.getLog(JSSImplementation.class);
++ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
++ .getLog(JSSImplementation.class);
+
+ private JSSFactory factory = null;
+
+@@ -43,9 +41,9 @@
+
+ try {
+ Class factcl = Class.forName(JSSFactory);
+- factory = (JSSFactory)factcl.newInstance();
++ factory = (JSSFactory) factcl.newInstance();
+ } catch (Exception e) {
+- if(logger.isDebugEnabled())
++ if (logger.isDebugEnabled())
+ logger.debug("Error getting factory: " + JSSFactory, e);
+ }
+ }
+@@ -54,8 +52,7 @@
+ return "JSS";
+ }
+
+- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint)
+- {
++ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
+ ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
+ return ssf;
+ }
+@@ -68,28 +65,28 @@
+
+ public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
+ /*
+- * The Tomcat 6.0.26 docs says:
+- * This method has been deprecated since it adds a JSSE dependency
+- * to this interface. It will be removed in versions after 6.0.x.
+- *
++ * The Tomcat 6.0.26 docs says: This method has been deprecated since it
++ * adds a JSSE dependency to this interface. It will be removed in
++ * versions after 6.0.x.
++ *
+ * But we have to provide a implementation of this method because it's
+ * declared as abstract.
+- *
++ *
+ * Unfortunately there does not appear to be any way to get SSLSupport
+ * information from a session with JSS. JSS looks up the information
+ * based on a socket, not a session. This done in SSLSocket.c
+ * Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
+- *
++ *
+ * So while it would be nice to provide a working implmentation there
+ * doesn't seem to be an easy way to do this. Given that this method is
+ * already deprecated and there hasn't been any evidence of it being
+ * called it therefore seems reasonable to just return null to satify
+ * the compiler's demand for an implementation.
+- *
++ *
+ * Once this abstract method is removed from SSLImplementation in a
+ * future release we can remove this stub.
+- *
+- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
++ *
++ * NOTE: This method has NOT yet been deprecated in Tomcat 7!
+ */
+ return null;
+ }
+Index: src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 294)
+@@ -19,11 +19,13 @@
+
+ package org.apache.tomcat.util.net.jss;
+
++import java.io.FileInputStream;
++import java.io.FileOutputStream;
++import java.io.IOException;
++import java.util.Enumeration;
+ import java.util.Properties;
+-import java.io.*;
+-import java.util.*;
+
+-public class PlainPasswordFile implements IPasswordStore{
++public class PlainPasswordFile implements IPasswordStore {
+ private String mPwdPath = "";
+ private Properties mPwdStore;
+ private static final String PASSWORD_WRITER_HEADER = "";
+@@ -31,24 +33,23 @@
+ public PlainPasswordFile() {
+ }
+
+- public void init(String pwdPath)
+- throws IOException
+- {
+- mPwdStore = new Properties();
+- // initialize mPwdStore
+- mPwdPath = pwdPath;
++ public void init(String pwdPath) throws IOException {
++ mPwdStore = new Properties();
++ // initialize mPwdStore
++ mPwdPath = pwdPath;
+
+- FileInputStream file = new FileInputStream(mPwdPath);
+- mPwdStore.load(file);
++ FileInputStream file = new FileInputStream(mPwdPath);
++ mPwdStore.load(file);
+ }
+
+ public String getPassword(String tag) {
+- return (String) mPwdStore.getProperty(tag);
++ return (String) mPwdStore.getProperty(tag);
+ }
+
+ // return an array of String-based tag
+- public Enumeration getTags() {
+- return mPwdStore.propertyNames();
++ @SuppressWarnings("unchecked")
++ public Enumeration<String> getTags() {
++ return (Enumeration<String>) mPwdStore.propertyNames();
+ }
+
+ public Object putPassword(String tag, String password) {
+@@ -55,9 +56,8 @@
+ return mPwdStore.setProperty(tag, password);
+ }
+
+- public void commit()
+- throws IOException, ClassCastException, NullPointerException
+- {
++ public void commit() throws IOException, ClassCastException,
++ NullPointerException {
+ FileOutputStream file = new FileOutputStream(mPwdPath);
+ mPwdStore.store(file, PASSWORD_WRITER_HEADER);
+ }
+Index: src/org/apache/tomcat/util/net/jss/JSSFactory.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 294)
+@@ -19,10 +19,13 @@
+
+ package org.apache.tomcat.util.net.jss;
+
+-import org.mozilla.jss.ssl.*;
+-import org.apache.tomcat.util.net.*;
+-import java.net.*;
++import java.net.Socket;
+
++import org.apache.tomcat.util.net.AbstractEndpoint;
++import org.apache.tomcat.util.net.SSLSupport;
++import org.apache.tomcat.util.net.ServerSocketFactory;
++import org.mozilla.jss.ssl.SSLSocket;
++
+ class JSSFactory implements IJSSFactory {
+ JSSFactory() {
+ }
+@@ -32,6 +35,6 @@
+ }
+
+ public SSLSupport getSSLSupport(Socket socket) {
+- return new JSSSupport((SSLSocket)socket);
++ return new JSSSupport((SSLSocket) socket);
+ }
+ }
+Index: src/org/apache/tomcat/util/net/jss/IPasswordStore.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 292)
++++ src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 294)
+@@ -19,14 +19,18 @@
+
+ package org.apache.tomcat.util.net.jss;
+
+-import java.util.*;
+-import java.io.*;
++import java.io.IOException;
++import java.util.Enumeration;
+
+ public interface IPasswordStore {
+ public void init(String pwdPath) throws IOException;
++
+ public String getPassword(String tag);
+- public Enumeration getTags();
++
++ public Enumeration<String> getTags();
++
+ public Object putPassword(String tag, String password);
+- public void commit()
+- throws IOException, ClassCastException, NullPointerException;
++
++ public void commit() throws IOException, ClassCastException,
++ NullPointerException;
+ }
+Index: .settings/org.eclipse.jdt.core.prefs
+===================================================================
+--- .settings/org.eclipse.jdt.core.prefs (revision 0)
++++ .settings/org.eclipse.jdt.core.prefs (revision 294)
+@@ -0,0 +1,282 @@
++eclipse.preferences.version=1
++org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
++org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
++org.eclipse.jdt.core.formatter.alignment_for_assignment=0
++org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
++org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
++org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
++org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
++org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
++org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
++org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
++org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_resources_in_try=80
++org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
++org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16
++org.eclipse.jdt.core.formatter.alignment_for_union_type_in_multicatch=16
++org.eclipse.jdt.core.formatter.blank_lines_after_imports=1
++org.eclipse.jdt.core.formatter.blank_lines_after_package=1
++org.eclipse.jdt.core.formatter.blank_lines_before_field=0
++org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0
++org.eclipse.jdt.core.formatter.blank_lines_before_imports=1
++org.eclipse.jdt.core.formatter.blank_lines_before_member_type=1
++org.eclipse.jdt.core.formatter.blank_lines_before_method=1
++org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1
++org.eclipse.jdt.core.formatter.blank_lines_before_package=0
++org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1
++org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=1
++org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_block=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_switch=end_of_line
++org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=end_of_line
++org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false
++org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false
++org.eclipse.jdt.core.formatter.comment.format_block_comments=false
++org.eclipse.jdt.core.formatter.comment.format_header=false
++org.eclipse.jdt.core.formatter.comment.format_html=true
++org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=true
++org.eclipse.jdt.core.formatter.comment.format_line_comments=false
++org.eclipse.jdt.core.formatter.comment.format_source_code=true
++org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true
++org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
++org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
++org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
++org.eclipse.jdt.core.formatter.comment.line_length=120
++org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
++org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
++org.eclipse.jdt.core.formatter.comment.preserve_white_space_between_code_and_line_comments=false
++org.eclipse.jdt.core.formatter.compact_else_if=true
++org.eclipse.jdt.core.formatter.continuation_indentation=2
++org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
++org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
++org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
++org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
++org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=false
++org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
++org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
++org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
++org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true
++org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true
++org.eclipse.jdt.core.formatter.indent_empty_lines=false
++org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true
++org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true
++org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true
++org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false
++org.eclipse.jdt.core.formatter.indentation.size=8
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_method=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_package=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_type=insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=do not insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert
++org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert
++org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert
++org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert
++org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert
++org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert
++org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert
++org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert
++org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert
++org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert
++org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert
++org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert
++org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert
++org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_try=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert
++org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert
++org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert
++org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_try_resources=insert
++org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert
++org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert
++org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_try=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert
++org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_try=insert
++org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert
++org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert
++org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert
++org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert
++org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_try_resources=do not insert
++org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert
++org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert
++org.eclipse.jdt.core.formatter.join_lines_in_comments=false
++org.eclipse.jdt.core.formatter.join_wrapped_lines=false
++org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false
++org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false
++org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false
++org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false
++org.eclipse.jdt.core.formatter.lineSplit=120
++org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false
++org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false
++org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0
++org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
++org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
++org.eclipse.jdt.core.formatter.tabulation.char=space
++org.eclipse.jdt.core.formatter.tabulation.size=4
++org.eclipse.jdt.core.formatter.use_on_off_tags=false
++org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
++org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
++org.eclipse.jdt.core.formatter.wrap_before_or_operator_multicatch=true
++org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
+Index: .settings/org.eclipse.jdt.ui.prefs
+===================================================================
+--- .settings/org.eclipse.jdt.ui.prefs (revision 0)
++++ .settings/org.eclipse.jdt.ui.prefs (revision 294)
+@@ -0,0 +1,56 @@
++eclipse.preferences.version=1
++editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
++formatter_profile=_PKI Project Profile
++formatter_settings_version=12
++sp_cleanup.add_default_serial_version_id=true
++sp_cleanup.add_generated_serial_version_id=false
++sp_cleanup.add_missing_annotations=false
++sp_cleanup.add_missing_deprecated_annotations=true
++sp_cleanup.add_missing_methods=false
++sp_cleanup.add_missing_nls_tags=false
++sp_cleanup.add_missing_override_annotations=true
++sp_cleanup.add_missing_override_annotations_interface_methods=true
++sp_cleanup.add_serial_version_id=false
++sp_cleanup.always_use_blocks=true
++sp_cleanup.always_use_parentheses_in_expressions=false
++sp_cleanup.always_use_this_for_non_static_field_access=false
++sp_cleanup.always_use_this_for_non_static_method_access=false
++sp_cleanup.convert_to_enhanced_for_loop=false
++sp_cleanup.correct_indentation=false
++sp_cleanup.format_source_code=false
++sp_cleanup.format_source_code_changes_only=false
++sp_cleanup.make_local_variable_final=false
++sp_cleanup.make_parameters_final=false
++sp_cleanup.make_private_fields_final=true
++sp_cleanup.make_type_abstract_if_missing_method=false
++sp_cleanup.make_variable_declarations_final=false
++sp_cleanup.never_use_blocks=false
++sp_cleanup.never_use_parentheses_in_expressions=true
++sp_cleanup.on_save_use_additional_actions=true
++sp_cleanup.organize_imports=true
++sp_cleanup.qualify_static_field_accesses_with_declaring_class=false
++sp_cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
++sp_cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
++sp_cleanup.qualify_static_member_accesses_with_declaring_class=false
++sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
++sp_cleanup.remove_private_constructors=true
++sp_cleanup.remove_trailing_whitespaces=true
++sp_cleanup.remove_trailing_whitespaces_all=true
++sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
++sp_cleanup.remove_unnecessary_casts=true
++sp_cleanup.remove_unnecessary_nls_tags=false
++sp_cleanup.remove_unused_imports=true
++sp_cleanup.remove_unused_local_variables=false
++sp_cleanup.remove_unused_private_fields=true
++sp_cleanup.remove_unused_private_members=false
++sp_cleanup.remove_unused_private_methods=true
++sp_cleanup.remove_unused_private_types=true
++sp_cleanup.sort_members=false
++sp_cleanup.sort_members_all=false
++sp_cleanup.use_blocks=false
++sp_cleanup.use_blocks_only_for_return_and_throw=false
++sp_cleanup.use_parentheses_in_expressions=false
++sp_cleanup.use_this_for_non_static_field_access=false
++sp_cleanup.use_this_for_non_static_field_access_only_if_necessary=true
++sp_cleanup.use_this_for_non_static_method_access=false
++sp_cleanup.use_this_for_non_static_method_access_only_if_necessary=true
diff --git a/SOURCES/tomcatjss-nuxwdog-support.patch b/SOURCES/tomcatjss-nuxwdog-support.patch
new file mode 100644
index 0000000..32dfec4
--- /dev/null
+++ b/SOURCES/tomcatjss-nuxwdog-support.patch
@@ -0,0 +1,591 @@
+Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 294)
++++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 297)
+@@ -12,7 +12,7 @@
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+- *
++ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK */
+@@ -29,6 +29,7 @@
+ import java.net.ServerSocket;
+ import java.net.Socket;
+ import java.net.SocketException;
++import java.security.GeneralSecurityException;
+ import java.text.SimpleDateFormat;
+ import java.util.Date;
+ import java.util.Enumeration;
+@@ -39,13 +40,20 @@
+ import javax.net.ssl.SSLContext;
+ import javax.net.ssl.TrustManager;
+
++import org.apache.commons.lang.StringUtils;
+ // Imports required to "implement" Tomcat 7 Interface
+ import org.apache.tomcat.util.net.AbstractEndpoint;
++import org.mozilla.jss.CertDatabaseException;
+ import org.mozilla.jss.CryptoManager;
++import org.mozilla.jss.CryptoManager.NotInitializedException;
++import org.mozilla.jss.KeyDatabaseException;
++import org.mozilla.jss.NoSuchTokenException;
+ import org.mozilla.jss.crypto.AlreadyInitializedException;
+ import org.mozilla.jss.crypto.CryptoToken;
++import org.mozilla.jss.crypto.TokenException;
+ import org.mozilla.jss.ssl.SSLServerSocket;
+ import org.mozilla.jss.ssl.SSLSocket;
++import org.mozilla.jss.util.IncorrectPasswordException;
+ import org.mozilla.jss.util.Password;
+
+ public class JSSSocketFactory implements
+@@ -322,6 +330,7 @@
+ boolean debug = false;
+ private IPasswordStore mPasswordStore = null;
+ private boolean mStrictCiphers = false;
++ private static final int MAX_PW_ATTEMPTS = 3;
+
+ public JSSSocketFactory(AbstractEndpoint endpoint) {
+ this.endpoint = endpoint;
+@@ -336,8 +345,8 @@
+ }
+
+ public void setSSLCiphers(String attr) throws SocketException, IOException {
+- String ciphers = (String) endpoint.getAttribute(attr);
+- if (ciphers == null || ciphers.equals("")) {
++ String ciphers = getEndpointAttribute(attr);
++ if (StringUtils.isEmpty(ciphers)) {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
+ }
+@@ -409,7 +418,11 @@
+ * parameter is ignored.
+ */
+ public void setSSLOptions() throws SocketException, IOException {
+- String options = (String) endpoint.getAttribute("sslOptions");
++ String options = getEndpointAttribute("sslOptions");
++ if (StringUtils.isEmpty(options)) {
++ debugWrite("no sslOptions specified");
++ return;
++ }
+ StringTokenizer st = new StringTokenizer(options, ",");
+ while (st.hasMoreTokens()) {
+ String option = st.nextToken();
+@@ -460,10 +473,10 @@
+ /*
+ * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
+ * replaces the obsolete SSL_Option* API
+- *
++ *
+ * @param protoVariant indicates whether this setting is for type "stream"
+ * or "datagram"
+- *
++ *
+ * @param sslVersionRange_s takes on the form of "min:max" where min/max
+ * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
+ * tomcatjss via this interface The format is "sslVersionRange=min:max"
+@@ -516,105 +529,54 @@
+ return -1;
+ }
+
+- void init() throws IOException {
++ String getEndpointAttribute(String tag) {
+ try {
+- String deb = (String) endpoint.getAttribute("debug");
+- if (deb.equals("true")) {
+- debug = true;
+- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
+- debugWrite("JSSSocketFactory init - debug is on\n");
+- }
++ return (String) endpoint.getAttribute(tag);
+ } catch (Exception e) {
+- // System.out.println("no tomcatjss debugging");
++ // old tomcat throws an exception if the parameter does not exist
+ }
++ return null;
++ }
+
+- try {
+- try {
+- mPwdPath = (String) endpoint.getAttribute("passwordFile");
+- mPwdClass = (String) endpoint.getAttribute("passwordClass");
+- if (mPwdClass != null) {
+- mPasswordStore = (IPasswordStore) Class.forName(mPwdClass)
+- .newInstance();
+- mPasswordStore.init(mPwdPath);
+- debugWrite("JSSSocketFactory init - password reader initialized\n");
+- }
+- } catch (Exception e) {
+- debugWrite("JSSSocketFactory init - Exception caught: "
+- + e.toString() + "\n");
+- if (debugFile != null)
+- debugFile.close();
+- throw new IOException(
+- "JSSSocketFactory: no passwordFilePath defined");
+- }
++ String getEndpointAttribute(String tag, String defaultValue) {
++ String value = getEndpointAttribute(tag);
++ if (value == null) {
++ return defaultValue;
++ }
++ return value;
++ }
+
+- String certDir = (String) endpoint.getAttribute("certdbDir");
++ void init() throws IOException {
++ // debug enabled?
++ String deb = getEndpointAttribute("debug");
++ if (StringUtils.equals(deb, "true")) {
++ debug = true;
++ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
++ debugWrite("JSSSocketFactory init - debug is on\n");
++ }
+
+- CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
+- certDir, "", "", "secmod.db");
++ try {
++ initializePasswordStore();
+
+- vals.removeSunProvider = false;
+- vals.installJSSProvider = true;
+- try {
+- CryptoManager.initialize(vals);
+- } catch (AlreadyInitializedException ee) {
+- // do nothing
+- }
+- CryptoManager manager = CryptoManager.getInstance();
++ CryptoManager manager = getCryptoManager();
+
+ // JSSSocketFactory init - handle crypto tokens
+ debugWrite("JSSSocketFactory init - about to handle crypto unit logins\n");
+
+- if (mPasswordStore != null) {
+- Enumeration<?> en = mPasswordStore.getTags();
+- while (en.hasMoreElements()) {
+- String pwd = "";
+- Password pw = null;
+- String tokenName = "";
+- String st = (String) en.nextElement();
+- debugWrite("JSSSocketFactory init - tag name=" + st + "\n");
+- pwd = mPasswordStore.getPassword(st);
++ //log into tokens
++ Enumeration<String> tags = mPasswordStore.getTags();
++ while (tags.hasMoreElements()) {
++ String tag = tags.nextElement();
++ if (tag.equals("internal") || (tag.startsWith("hardware-"))) {
++ debugWrite("JSSSocketFactory init - tag name=" + tag + "\n");
++ logIntoToken(manager, tag);
++ }
++ }
++ debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
+
+- if (pwd != null) {
+- debugWrite("JSSSocketFactory init - got password\n");
+- pw = new Password(pwd.toCharArray());
+- } else {
+- debugWrite("JSSSocketFactory init - no pwd found in password.conf\n");
+- continue;
+- }
+-
+- CryptoToken token = null;
+- if (st.equals("internal")) {
+- debugWrite("JSSSocketFactory init - got internal software token\n");
+- token = manager.getInternalKeyStorageToken();
+- } else if (st.startsWith("hardware-")) {
+- debugWrite("JSSSocketFactory init - got hardware\n");
+-
+- tokenName = st.substring(9);
+- debugWrite("JSSSocketFactory init - tokenName="
+- + tokenName + "\n");
+-
+- // find the hsm and log in
+- token = manager.getTokenByName(tokenName);
+- } else {
+- // non-token entries
+- }
+- if (token != null) {
+- if (!token.isLoggedIn()) {
+- debugWrite("JSSSocketFactory init -not logged in...about to log in\n");
+- token.login(pw);
+- } else {
+- debugWrite("JSSSocketFactory init - already logged in\n");
+- }
+- }
+- } // while
+- debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
+- } else {
+- debugWrite("JSSSocketFactory init - no login done\n");
+- } // mPasswordStore not null
+-
+ // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
+ // (camel case) has already been processed by Tomcat 7
+- String clientAuthStr = (String) endpoint.getAttribute("clientauth");
++ String clientAuthStr = getEndpointAttribute("clientauth");
+ if (clientAuthStr == null) {
+ debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
+ clientAuthStr = "want";
+@@ -621,8 +583,10 @@
+ }
+ File file = null;
+ try {
+- mServerCertNickPath = (String) endpoint
+- .getAttribute("serverCertNickFile");
++ mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
++ if (mServerCertNickPath == null) {
++ throw new IOException("serverCertNickFile not specified");
++ }
+ debugWrite("JSSSocketFactory init - got serverCertNickFile"
+ + mServerCertNickPath + "\n");
+ file = new File(mServerCertNickPath);
+@@ -651,13 +615,11 @@
+ } catch (Exception e) {
+ debugWrite("JSSSocketFactory init - Exception caught: "
+ + e.toString() + "\n");
+- if (debugFile != null)
+- debugFile.close();
+ throw new IOException(
+ "JSSSocketFactory: no serverCertNickFile defined");
+ }
+
+- // serverCertNick = (String)endpoint.getAttribute("serverCert");
++ // serverCertNick = (String)getEndpointAttribute("serverCert");
+ if (clientAuthStr.equalsIgnoreCase("true")
+ || clientAuthStr.equalsIgnoreCase("yes")) {
+ requireClientAuth = true;
+@@ -671,10 +633,9 @@
+ && ocspConfigured == false) {
+ debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
+ boolean enableOCSP = false;
+- String doOCSP = (String) endpoint.getAttribute("enableOCSP");
++ String doOCSP = getEndpointAttribute("enableOCSP");
+
+- debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP
+- + " \n");
++ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
+
+ if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
+ enableOCSP = true;
+@@ -684,17 +645,15 @@
+ + "\n");
+
+ if (enableOCSP == true) {
+- String ocspResponderURL = (String) endpoint
+- .getAttribute("ocspResponderURL");
++ String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
+ debugWrite("JSSSocketFactory init - ocspResponderURL "
+ + ocspResponderURL + "\n");
+- String ocspResponderCertNickname = (String) endpoint
+- .getAttribute("ocspResponderCertNickname");
++ String ocspResponderCertNickname = getEndpointAttribute(
++ "ocspResponderCertNickname");
+ debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+ + ocspResponderCertNickname + "\n");
+- if ((ocspResponderURL != null && ocspResponderURL.length() > 0)
+- && (ocspResponderCertNickname != null && ocspResponderCertNickname
+- .length() > 0)) {
++ if (StringUtils.isNotEmpty(ocspResponderURL) &&
++ StringUtils.isNotEmpty(ocspResponderCertNickname)) {
+
+ ocspConfigured = true;
+ try {
+@@ -704,12 +663,9 @@
+ int ocspMinCacheEntryDuration_i = 3600;
+ int ocspMaxCacheEntryDuration_i = 86400;
+
+- String ocspCacheSize = (String) endpoint
+- .getAttribute("ocspCacheSize");
+- String ocspMinCacheEntryDuration = (String) endpoint
+- .getAttribute("ocspMinCacheEntryDuration");
+- String ocspMaxCacheEntryDuration = (String) endpoint
+- .getAttribute("ocspMaxCacheEntryDuration");
++ String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
++ String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
++ String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
+
+ if (ocspCacheSize != null
+ || ocspMinCacheEntryDuration != null
+@@ -718,20 +674,17 @@
+ if (ocspCacheSize != null) {
+ debugWrite("JSSSocketFactory init - ocspCacheSize= "
+ + ocspCacheSize + "\n");
+- ocspCacheSize_i = Integer
+- .parseInt(ocspCacheSize);
++ ocspCacheSize_i = Integer.parseInt(ocspCacheSize);
+ }
+ if (ocspMinCacheEntryDuration != null) {
+ debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= "
+ + ocspMinCacheEntryDuration + "\n");
+- ocspMinCacheEntryDuration_i = Integer
+- .parseInt(ocspMinCacheEntryDuration);
++ ocspMinCacheEntryDuration_i = Integer.parseInt(ocspMinCacheEntryDuration);
+ }
+ if (ocspMaxCacheEntryDuration != null) {
+ debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= "
+ + ocspMaxCacheEntryDuration + "\n");
+- ocspMaxCacheEntryDuration_i = Integer
+- .parseInt(ocspMaxCacheEntryDuration);
++ ocspMaxCacheEntryDuration_i = Integer.parseInt(ocspMaxCacheEntryDuration);
+ }
+ manager.OCSPCacheSettings(ocspCacheSize_i,
+ ocspMinCacheEntryDuration_i,
+@@ -739,18 +692,14 @@
+ }
+
+ // defualt to 60 seconds;
+- String ocspTimeout = (String) endpoint
+- .getAttribute("ocspTimeout");
++ String ocspTimeout = getEndpointAttribute("ocspTimeout");
+ if (ocspTimeout != null) {
+- debugWrite("JSSSocketFactory init - ocspTimeout= \n"
+- + ocspTimeout);
+- int ocspTimeout_i = Integer
+- .parseInt(ocspTimeout);
++ debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
++ int ocspTimeout_i = Integer.parseInt(ocspTimeout);
+ if (ocspTimeout_i < 0)
+ ocspTimeout_i = 60;
+ manager.setOCSPTimeout(ocspTimeout_i);
+ }
+-
+ } catch (java.security.GeneralSecurityException e) {
+ ocspConfigured = false;
+ debugWrite("JSSSocketFactory init - error initializing OCSP e: "
+@@ -774,10 +723,9 @@
+ // 12 hours = 43200 seconds
+ SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
+
+- String strictCiphersStr = (String) endpoint
+- .getAttribute("strictCiphers");
+- if (strictCiphersStr.equalsIgnoreCase("true")
+- || strictCiphersStr.equalsIgnoreCase("yes")) {
++ String strictCiphersStr = getEndpointAttribute("strictCiphers");
++ if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
++ || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
+ mStrictCiphers = true;
+ }
+ if (mStrictCiphers == true) {
+@@ -788,8 +736,7 @@
+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
+ }
+
+- String sslVersionRangeStream = (String) endpoint
+- .getAttribute("sslVersionRangeStream");
++ String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
+ if ((sslVersionRangeStream != null)
+ && !sslVersionRangeStream.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
+@@ -799,8 +746,7 @@
+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
+ }
+
+- String sslVersionRangeDatagram = (String) endpoint
+- .getAttribute("sslVersionRangeDatagram");
++ String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
+ if ((sslVersionRangeDatagram != null)
+ && !sslVersionRangeDatagram.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
+@@ -838,8 +784,6 @@
+ + ex.toString() + "\n");
+ System.err.println("JSSSocketFactory init - exception thrown:"
+ + ex.toString() + "\n");
+- if (debugFile != null)
+- debugFile.close();
+ // The idea is, if admin take the trouble to configure the
+ // ocsp cache, and made a mistake, we want to make server
+ // unavailable until they get it right
+@@ -846,11 +790,109 @@
+ if ((ex instanceof java.security.GeneralSecurityException)
+ || (ex instanceof java.lang.NumberFormatException))
+ throw new IOException(ex.toString());
++ } finally {
++ if (debugFile != null)
++ debugFile.close();
+ }
+- if (debugFile != null)
+- debugFile.close();
+ }
+
++ private CryptoToken getToken(String tag, CryptoManager manager) throws IOException, NoSuchTokenException {
++ CryptoToken token = null;
++ if (tag.equals("internal")) {
++ debugWrite("JSSSocketFactory init - got internal software token\n");
++ token = manager.getInternalKeyStorageToken();
++ } else if (tag.startsWith("hardware-")) {
++ debugWrite("JSSSocketFactory init - got hardware\n");
++
++ String tokenName = tag.substring(9);
++ debugWrite("JSSSocketFactory init - tokenName=" + tokenName + "\n");
++
++ // find the hsm and log in
++ token = manager.getTokenByName(tokenName);
++ } else {
++ // non-token password entry
++ }
++ return token;
++ }
++
++ private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
++ ClassNotFoundException, IOException {
++ mPwdClass = getEndpointAttribute("passwordClass");
++ if (mPwdClass == null) {
++ throw new IOException("Misconfiguration: passwordClass is not defined");
++ }
++ mPwdPath = getEndpointAttribute("passwordFile");
++
++ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
++ debugWrite("JSSSocketFactory init - password reader initialized\n");
++
++ // initialize the password store
++ mPasswordStore.init(mPwdPath);
++ }
++
++ private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
++ GeneralSecurityException, NotInitializedException, IOException {
++ String certDir = getEndpointAttribute("certdbDir");
++ if (certDir == null) {
++ throw new IOException("Misconfiguration: certdir not defined");
++ }
++ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
++ certDir, "", "", "secmod.db");
++
++ vals.removeSunProvider = false;
++ vals.installJSSProvider = true;
++ try {
++ CryptoManager.initialize(vals);
++ } catch (AlreadyInitializedException ee) {
++ // do nothing
++ }
++ CryptoManager manager = CryptoManager.getInstance();
++ return manager;
++ }
++
++ private void logIntoToken(CryptoManager manager, String tag) throws IOException,
++ TokenException {
++ String pwd;
++ Password pw = null;
++ int iteration = 0;
++
++ CryptoToken token = null;
++ try {
++ token = getToken(tag, manager);
++ } catch (NoSuchTokenException e) {
++ debugWrite("token for " + tag + " not found by CryptoManager. Not logging in.");
++ return;
++ }
++
++ do {
++ debugWrite("JSSSocketFactory init - iteration=" + iteration + "\n");
++ pwd = mPasswordStore.getPassword(tag, iteration);
++ if (pwd == null) {
++ debugWrite("JSSSocketFactory init - no pwd gotten\n");
++ return;
++ }
++
++ pw = new Password(pwd.toCharArray());
++
++ if (!token.isLoggedIn()) {
++ debugWrite("JSSSocketFactory init -not logged in...about to log in\n");
++ try {
++ token.login(pw);
++ break;
++ } catch (IncorrectPasswordException e) {
++ debugWrite("Incorrect password received");
++ iteration ++;
++ if (iteration == MAX_PW_ATTEMPTS) {
++ debugWrite("Failed to log into token:" + tag);
++ }
++ }
++ } else {
++ debugWrite("JSSSocketFactory init - already logged in\n");
++ break;
++ }
++ } while (iteration < MAX_PW_ATTEMPTS);
++ }
++
+ public Socket acceptSocket(ServerSocket socket) throws IOException {
+ SSLSocket asock = null;
+ try {
+@@ -892,10 +934,9 @@
+ if (!initialized)
+ init();
+ SSLServerSocket socket = null;
+- socket = (SSLServerSocket) (new SSLServerSocket(port, backlog,
+- ifAddress, null, reuseAddr));
++ socket = new SSLServerSocket(port, backlog, ifAddress, null, reuseAddr);
+ initializeSocket(socket);
+- return (ServerSocket) socket;
++ return socket;
+ }
+
+ private void initializeSocket(SSLServerSocket s) {
+Index: src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 294)
++++ src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 297)
+@@ -12,7 +12,7 @@
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+- *
++ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK */
+@@ -43,9 +43,13 @@
+ }
+
+ public String getPassword(String tag) {
+- return (String) mPwdStore.getProperty(tag);
++ return getPassword(tag, 0);
+ }
+
++ public String getPassword(String tag, int iteration) {
++ return mPwdStore.getProperty(tag);
++ }
++
+ // return an array of String-based tag
+ @SuppressWarnings("unchecked")
+ public Enumeration<String> getTags() {
+Index: src/org/apache/tomcat/util/net/jss/IPasswordStore.java
+===================================================================
+--- src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 294)
++++ src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 297)
+@@ -12,7 +12,7 @@
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+- *
++ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK */
+@@ -25,6 +25,8 @@
+ public interface IPasswordStore {
+ public void init(String pwdPath) throws IOException;
+
++ public String getPassword(String tag, int iteration);
++
+ public String getPassword(String tag);
+
+ public Enumeration<String> getTags();
+Index: build.xml
+===================================================================
+--- build.xml (revision 294)
++++ build.xml (revision 297)
+@@ -104,6 +104,7 @@
+ <!-- This property is set to '/dirsec' when built on rhel4 -->
+ <property name="dirsec" value="" />
+ <property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
++ <property name="commons-lang.jar" value="${jar.home}/commons-lang.jar" />
+
+ <!--
+ Classpath
+@@ -112,6 +113,7 @@
+ <pathelement location="${jss.jar}"/>
+ <pathelement location="${tomcat-coyote.jar}"/>
+ <pathelement location="${commons-logging.jar}"/>
++ <pathelement location="${commons-lang.jar}"/>
+ </path>
+
+ <!--
diff --git a/SOURCES/tomcatjss-tomcat8-support.patch b/SOURCES/tomcatjss-tomcat8-support.patch
new file mode 100644
index 0000000..c21167a
--- /dev/null
+++ b/SOURCES/tomcatjss-tomcat8-support.patch
@@ -0,0 +1,46 @@
+diff -up ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu ./src/org/apache/tomcat/util/net/jss/JSSSupport.java
+--- ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu 2015-05-05 10:37:39.420676993 -0700
++++ ./src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-05-05 10:39:14.120378020 -0700
+@@ -22,7 +22,7 @@ package org.apache.tomcat.util.net.jss;
+ import org.apache.tomcat.util.net.*;
+ import java.io.*;
+ import java.net.*;
+-import org.mozilla.jss.crypto.X509Certificate;
++import java.security.cert.X509Certificate;
+ import org.mozilla.jss.ssl.*;
+ import java.security.cert.*;
+
+@@ -41,13 +41,14 @@ class JSSSupport implements SSLSupport{
+ }
+ }
+
+- public Object[] getPeerCertificateChain(boolean force) throws IOException {
++ public X509Certificate[] getPeerCertificateChain(boolean force) throws
++ IOException {
+ // retrieve the status when we need it. status cache
+ // the client certificate which may not be available
+ // at the creation of JSSSupport
+ status = ssl.getStatus();
+ if (status != null) {
+- X509Certificate peerCert = status.getPeerCertificate();
++ org.mozilla.jss.crypto.X509Certificate peerCert = status.getPeerCertificate();
+
+ if (peerCert == null) {
+ ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
+@@ -61,14 +62,13 @@ class JSSSupport implements SSLSupport{
+ }
+
+ if (peerCert != null) {
+- java.security.cert.X509Certificate[] certs =
+- new java.security.cert.X509Certificate[1];
++ X509Certificate[] certs = new X509Certificate[1];
+ try {
+ byte[] b = peerCert.getEncoded();
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream stream =
+ new ByteArrayInputStream(b);
+- certs[0] = (java.security.cert.X509Certificate)cf.generateCertificate(stream);
++ certs[0] = (X509Certificate)cf.generateCertificate(stream);
+ } catch (Exception e) {
+ }
+ return certs;
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index 1f14c50..2ea8892 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -1,6 +1,6 @@
Name: tomcatjss
Version: 7.1.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -15,11 +15,13 @@ Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.ta
# jss requires versioning to meet both build and runtime requirements
# tomcat requires versioning to meet both build and runtime requirements
BuildRequires: ant
+BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
BuildRequires: jss >= 4.2.6-35
BuildRequires: tomcat >= 7.0.40
+Requires: apache-commons-lang
Requires: java
Requires: jpackage-utils >= 0:1.7.5-15
Requires: jss >= 4.2.6-35
@@ -27,6 +29,10 @@ Requires: tomcat >= 7.0.40
Patch1: tomcatjss-clientauth-NullPtrException.patch
Patch2: tomcatjss-TLSv1.1-1.2-support.patch
+Patch3: tomcatjss-tomcat8-support.patch
+Patch4: tomcatjss-eclipse-support1.patch
+Patch5: tomcatjss-eclipse-support2.patch
+Patch6: tomcatjss-nuxwdog-support.patch
# The 'tomcatjss' package conflicts with the 'tomcat-native' package
# because it uses an underlying NSS security model rather than the
@@ -51,6 +57,10 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%setup -q
%patch1 -p0
%patch2 -p0
+%patch3 -p0
+%patch4 -p0
+%patch5 -p0
+%patch6 -p0
%build
@@ -80,6 +90,11 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Tue May 5 2015 Christina Fu <cfu@redhat.com> 7.1.0-6
+- Bugzilla Bug #1198450 - Support for Tomcat 8 (edewata)
+- Eclipse support - 2 patches(alee)
+- Add nuxwdog support (alee)
+
* Mon Sep 29 2014 Christina Fu <cfu@redhat.com> - 7.1.0-5
- Bugzilla Bug #1058366 NullPointerException in tomcatjss searching
for attribute "clientauth" (cfu)