diff --git a/.gitignore b/.gitignore
index db8733e..a88dd95 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tomcatjss-7.1.0.tar.gz
+SOURCES/tomcatjss-7.1.2.tar.gz
diff --git a/.tomcatjss.metadata b/.tomcatjss.metadata
index 3e2583f..5506bd5 100644
--- a/.tomcatjss.metadata
+++ b/.tomcatjss.metadata
@@ -1 +1 @@
-1032c2417165b219a5ea360bf4b8df7829e40464 SOURCES/tomcatjss-7.1.0.tar.gz
+add33e765de6154beee8927ea3bd5879cfa353bc SOURCES/tomcatjss-7.1.2.tar.gz
diff --git a/SOURCES/tomcatjss-TLSv1.1-1.2-support.patch b/SOURCES/tomcatjss-TLSv1.1-1.2-support.patch
deleted file mode 100644
index 0145c15..0000000
--- a/SOURCES/tomcatjss-TLSv1.1-1.2-support.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 278)
-+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (working copy)
-@@ -138,6 +138,23 @@
- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
-
-+ //TLSv1_2
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
-+ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-+
- }
-
- private static HashMap eccCipherMap = new HashMap();
-@@ -197,9 +214,13 @@
- }
- }
-
-- public void setSSLCiphers(String attr) throws SocketException
-+ public void setSSLCiphers(String attr) throws SocketException, IOException
- {
- String ciphers = (String)endpoint.getAttribute(attr);
-+ if (ciphers == null || ciphers.equals("")) {
-+ debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
-+ return;
-+ }
- StringTokenizer st = new StringTokenizer(ciphers, ",");
- while (st.hasMoreTokens()) {
- String cipherstr = st.nextToken();
-@@ -257,7 +278,14 @@
- }
- }
-
-- public void setSSLOptions() throws SocketException
-+ /*
-+ * note: the SSL_OptionSet-based API for controlling the enabled
-+ * protocol versions are obsolete and replaced by the
-+ * setSSLVersionRange calls. If the "range" parameters are
-+ * present in the attributes then the sslOptions parameter is
-+ * ignored.
-+ */
-+ public void setSSLOptions() throws SocketException, IOException
- {
- String options = (String)endpoint.getAttribute("sslOptions");
- StringTokenizer st = new StringTokenizer(options, ",");
-@@ -308,6 +336,61 @@
- }
- }
-
-+
-+ /*
-+ * setSSLVersionRangeDefault sets the range of allowed ssl versions.
-+ * This replaces the obsolete SSL_Option* API
-+ *
-+ * @param protoVariant indicates whether this setting is for
-+ type "stream" or "datagram"
-+ * @param sslVersionRange_s takes on the form of "min:max" where
-+ * min/max values can be "ssl3, tls1_0, tls1_1, or tls1_2"
-+ * ssl2 is not supported for tomcatjss via this interface
-+ * The format is "sslVersionRange=min:max"
-+ */
-+ public void setSSLVersionRangeDefault(
-+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant protoVariant,
-+ String sslVersionRange_s)
-+ throws SocketException, IllegalArgumentException, IOException {
-+
-+ // process sslVersionRange_s
-+ String[] sslVersionRange = sslVersionRange_s.split(":");
-+ if (sslVersionRange.length != 2) {
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
-+ throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
-+ }
-+ String min_s = sslVersionRange[0];
-+ String max_s = sslVersionRange[1];
-+ int min = getSSLVersionRangeEnum(min_s);
-+ int max = getSSLVersionRangeEnum(max_s);
-+ if ((min == -1) || (max== -1)) {
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
-+ throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
-+ }
-+
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min=" + min + " max = " + max +"\n");
-+ org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
-+ new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(min, max);
-+
-+ SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- variant set\n");
-+ }
-+
-+ int getSSLVersionRangeEnum (String rangeString) {
-+ if (rangeString == null)
-+ return -1;
-+ if (rangeString.equals("ssl3"))
-+ return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.ssl3;
-+ else if (rangeString.equals("tls1_0"))
-+ return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0;
-+ else if (rangeString.equals("tls1_1"))
-+ return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1;
-+ else if (rangeString.equals("tls1_2"))
-+ return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2;
-+
-+ return -1;
-+ }
-+
- void init() throws IOException {
- try {
- String deb = (String)endpoint.getAttribute("debug");
-@@ -543,14 +626,52 @@
- }
- if (mStrictCiphers == true) {
- // what ciphers do we have to start with? turn them all off
-- debugWrite("SSSocketFactory init - before setSSLOptions, strictCiphers is true\n");
-+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
- unsetSSLCiphers();
- } else {
-- debugWrite("SSSocketFactory init - before setSSLOptions, strictCiphers is false\n");
-+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
- }
-
-- setSSLOptions();
-- debugWrite("SSSocketFactory init - after setSSLOptions\n");
-+ String sslVersionRangeStream = (String)endpoint.getAttribute("sslVersionRangeStream");
-+ if ((sslVersionRangeStream != null) && !sslVersionRangeStream.equals("")) {
-+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
-+ setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, sslVersionRangeStream);
-+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
-+ }
-+
-+ String sslVersionRangeDatagram = (String)endpoint.getAttribute("sslVersionRangeDatagram");
-+ if ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram.equals("")) {
-+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
-+ setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM, sslVersionRangeDatagram);
-+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type DATA_GRAM\n");
-+ }
-+
-+ /*
-+ * According to NSS:
-+ * the SSL_OptionSet-based API for controlling the enabled
-+ * protocol versions are obsolete and replaced by the
-+ * setSSLVersionRange calls.
-+ * Therefore, if the "range" parameters are
-+ * present in the attributes then the sslOptions parameter is
-+ * ignored.
-+ * Using the new version range API in conjunction with the older
-+ * SSL_OptionSet-based API for controlling the enabled protocol
-+ * versions may cause unexpected results
-+ */
-+ if (((sslVersionRangeStream != null)
-+ && !sslVersionRangeStream.equals(""))
-+ || ((sslVersionRangeDatagram != null)
-+ && !sslVersionRangeDatagram.equals(""))) {
-+ /* deliberately lose the ssl2 here */
-+ debugWrite("SSSocketFactory init - calling setSSLCiphers() honoring only sslRangeCiphers\n");
-+ setSSLCiphers("sslRangeCiphers");
-+ debugWrite("SSSocketFactory init - after setSSLCiphers() honoring only sslRangeCiphers\n");
-+ } else {
-+ debugWrite("SSSocketFactory init - calling setSSLOptions()\n");
-+ setSSLOptions();
-+ debugWrite("SSSocketFactory init - after setSSLOptions()\n");
-+ }
-+
- } catch (Exception ex) {
- debugWrite("JSSSocketFactory init - exception thrown:"+
- ex.toString()+"\n");
diff --git a/SOURCES/tomcatjss-clientauth-NullPtrException.patch b/SOURCES/tomcatjss-clientauth-NullPtrException.patch
deleted file mode 100644
index 9657a5c..0000000
--- a/SOURCES/tomcatjss-clientauth-NullPtrException.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 278)
-+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (working copy)
-@@ -405,6 +405,10 @@
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
- String clientAuthStr = (String)endpoint.getAttribute("clientauth");
-+ if (clientAuthStr == null) {
-+ debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
-+ clientAuthStr = "want";
-+ }
- File file = null;
- try {
- mServerCertNickPath = (String)endpoint.getAttribute("serverCertNickFile");
diff --git a/SOURCES/tomcatjss-eclipse-support1.patch b/SOURCES/tomcatjss-eclipse-support1.patch
deleted file mode 100644
index cbad6bc..0000000
--- a/SOURCES/tomcatjss-eclipse-support1.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-diff -up ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu ./src/org/apache/tomcat/util/net/jss/JSSSupport.java
---- ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu 2015-05-05 12:12:38.897296507 -0700
-+++ ./src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-05-05 12:13:22.064157121 -0700
-@@ -19,16 +19,18 @@
-
- package org.apache.tomcat.util.net.jss;
-
--import org.apache.tomcat.util.net.*;
--import java.io.*;
--import java.net.*;
-+import java.io.ByteArrayInputStream;
-+import java.io.IOException;
-+import java.security.cert.CertificateFactory;
- import java.security.cert.X509Certificate;
--import org.mozilla.jss.ssl.*;
--import java.security.cert.*;
-
--class JSSSupport implements SSLSupport{
-- private static org.apache.commons.logging.Log log =
-- org.apache.commons.logging.LogFactory.getLog(JSSSupport.class);
-+import org.apache.tomcat.util.net.SSLSupport;
-+import org.mozilla.jss.ssl.SSLSecurityStatus;
-+import org.mozilla.jss.ssl.SSLSocket;
-+
-+class JSSSupport implements SSLSupport {
-+ private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
-+ .getLog(JSSSupport.class);
-
- private SSLSocket ssl = null;
- private SSLSecurityStatus status = null;
-@@ -41,15 +43,16 @@ class JSSSupport implements SSLSupport{
- }
- }
-
-- public X509Certificate[] getPeerCertificateChain(boolean force) throws
-- IOException {
-+ public X509Certificate[] getPeerCertificateChain(boolean force)
-+ throws IOException {
- // retrieve the status when we need it. status cache
- // the client certificate which may not be available
- // at the creation of JSSSupport
- status = ssl.getStatus();
- if (status != null) {
-- org.mozilla.jss.crypto.X509Certificate peerCert = status.getPeerCertificate();
--
-+ org.mozilla.jss.crypto.X509Certificate peerCert = status
-+ .getPeerCertificate();
-+
- if (peerCert == null) {
- ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
- try {
-@@ -65,10 +68,10 @@ class JSSSupport implements SSLSupport{
- X509Certificate[] certs = new X509Certificate[1];
- try {
- byte[] b = peerCert.getEncoded();
-- CertificateFactory cf = CertificateFactory.getInstance("X.509");
-- ByteArrayInputStream stream =
-- new ByteArrayInputStream(b);
-- certs[0] = (X509Certificate)cf.generateCertificate(stream);
-+ CertificateFactory cf = CertificateFactory
-+ .getInstance("X.509");
-+ ByteArrayInputStream stream = new ByteArrayInputStream(b);
-+ certs[0] = (X509Certificate) cf.generateCertificate(stream);
- } catch (Exception e) {
- }
- return certs;
-@@ -98,5 +101,3 @@ class JSSSupport implements SSLSupport{
- return null;
- }
- }
--
--
diff --git a/SOURCES/tomcatjss-eclipse-support2.patch b/SOURCES/tomcatjss-eclipse-support2.patch
deleted file mode 100644
index 7b6659d..0000000
--- a/SOURCES/tomcatjss-eclipse-support2.patch
+++ /dev/null
@@ -1,1972 +0,0 @@
-Index: .classpath
-===================================================================
---- .classpath (revision 0)
-+++ .classpath (revision 294)
-@@ -0,0 +1,10 @@
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-
-Property changes on: .classpath
-___________________________________________________________________
-Added: svn:mime-type
-## -0,0 +1 ##
-+text/plain
-\ No newline at end of property
-Index: .project
-===================================================================
---- .project (revision 0)
-+++ .project (revision 294)
-@@ -0,0 +1,17 @@
-+
-+
-+ tomcatjss
-+
-+
-+
-+
-+
-+ org.eclipse.jdt.core.javabuilder
-+
-+
-+
-+
-+
-+ org.eclipse.jdt.core.javanature
-+
-+
-
-Property changes on: .project
-___________________________________________________________________
-Added: svn:mime-type
-## -0,0 +1 ##
-+text/plain
-\ No newline at end of property
-Index: src/org/apache/tomcat/util/net/jss/IJSSFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/IJSSFactory.java (revision 294)
-@@ -19,11 +19,14 @@
-
- package org.apache.tomcat.util.net.jss;
-
--import org.mozilla.jss.ssl.*;
--import org.apache.tomcat.util.net.*;
--import java.net.*;
-+import java.net.Socket;
-
-+import org.apache.tomcat.util.net.AbstractEndpoint;
-+import org.apache.tomcat.util.net.SSLSupport;
-+import org.apache.tomcat.util.net.ServerSocketFactory;
-+
- interface IJSSFactory {
- public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
-+
- public SSLSupport getSSLSupport(Socket socket);
- }
-Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 294)
-@@ -19,364 +19,489 @@
-
- package org.apache.tomcat.util.net.jss;
-
--import java.util.*;
-+import java.io.BufferedReader;
-+import java.io.File;
-+import java.io.FileInputStream;
-+import java.io.FileWriter;
-+import java.io.IOException;
-+import java.io.InputStreamReader;
-+import java.net.InetAddress;
-+import java.net.ServerSocket;
-+import java.net.Socket;
-+import java.net.SocketException;
- import java.text.SimpleDateFormat;
--import java.lang.Thread;
--import java.lang.NumberFormatException;
--import org.mozilla.jss.ssl.*;
--import org.mozilla.jss.crypto.*;
--import org.mozilla.jss.CryptoManager;
--import org.mozilla.jss.util.*;
--import org.mozilla.jss.pkcs11.*;
--import java.net.*;
--import java.io.*;
-+import java.util.Date;
-+import java.util.Enumeration;
-+import java.util.HashMap;
-+import java.util.StringTokenizer;
-
--// Imports required to "implement" Tomcat 7 Interface
--import org.apache.tomcat.util.net.AbstractEndpoint;
- import javax.net.ssl.KeyManager;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.TrustManager;
-
--public class JSSSocketFactory
-- implements org.apache.tomcat.util.net.ServerSocketFactory,
-- org.apache.tomcat.util.net.SSLUtil {
-+// Imports required to "implement" Tomcat 7 Interface
-+import org.apache.tomcat.util.net.AbstractEndpoint;
-+import org.mozilla.jss.CryptoManager;
-+import org.mozilla.jss.crypto.AlreadyInitializedException;
-+import org.mozilla.jss.crypto.CryptoToken;
-+import org.mozilla.jss.ssl.SSLServerSocket;
-+import org.mozilla.jss.ssl.SSLSocket;
-+import org.mozilla.jss.util.Password;
-
-- private static HashMap cipherMap = new HashMap();
-+public class JSSSocketFactory implements
-+ org.apache.tomcat.util.net.ServerSocketFactory,
-+ org.apache.tomcat.util.net.SSLUtil {
-+
-+ private static HashMap cipherMap = new HashMap();
- static {
- // SSLv2
-- cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
-- cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
-- cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
-- cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
-- cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5", SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
-- cipherMap.put("SSL2_DES_64_CBC_WITH_MD5", SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
-- cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5", SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
-+ cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
-+ cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5",
-+ SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
-+ cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5",
-+ SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
-+ cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5",
-+ SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
-+ cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5",
-+ SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
-+ cipherMap.put("SSL2_DES_64_CBC_WITH_MD5",
-+ SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
-+ cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5",
-+ SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
-
- // SSLv3
-- cipherMap.put("SSL3_RSA_WITH_NULL_MD5", SSLSocket.SSL3_RSA_WITH_NULL_MD5);
-- cipherMap.put("SSL3_RSA_WITH_NULL_SHA", SSLSocket.SSL3_RSA_WITH_NULL_SHA);
-- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
-- cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5", SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
-- cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA", SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
-- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
-- cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA", SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
-- cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
--
-- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
--
-- cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
--
-- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
-- cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5", SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
-- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
-- cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
-- cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
--
-- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
-- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
-- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
--
-- cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
--
-+ cipherMap.put("SSL3_RSA_WITH_NULL_MD5",
-+ SSLSocket.SSL3_RSA_WITH_NULL_MD5);
-+ cipherMap.put("SSL3_RSA_WITH_NULL_SHA",
-+ SSLSocket.SSL3_RSA_WITH_NULL_SHA);
-+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
-+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
-+ cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5",
-+ SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
-+ cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA",
-+ SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
-+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
-+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
-+ cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA",
-+ SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
-+ cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-+
-+ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
-+
-+ cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-+
-+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
-+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
-+ cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5",
-+ SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
-+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
-+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
-+ cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
-+ cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
-+
-+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA",
-+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
-+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
-+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
-+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA",
-+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
-+
-+ cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA",
-+ SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
-+
- // TLS
-- cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
-- cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
--
-- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
-- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
-- cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA", SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
--
-- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
--
-- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
-- cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
-- cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
-- cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
-- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
-- cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
-+ SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
-+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
-+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
-
-+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
-+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
-+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
-+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
-+ cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA",
-+ SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
-+
-+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
-+
-+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
-+
- // ECC
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
--
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
-
-- cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
--
-- cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA", SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
-- cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
-- cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
-- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
-- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
-
-- //TLSv1_2
-- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
-- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
-- cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
-- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
-- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
-- cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
-- cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
-- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
-- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
-
-+ cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA",
-+ SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
-+ cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA",
-+ SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
-+ cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
-+
-+ // TLSv1_2
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_NULL_SHA256",
-+ SSLSocket.TLS_RSA_WITH_NULL_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256",
-+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256",
-+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
-+ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA",
-+ SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
-+ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
-+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
-+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-+
- }
-
-- private static HashMap eccCipherMap = new HashMap();
-+ private static HashMap eccCipherMap = new HashMap();
- static {
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA");
-- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
-+ "TLS_ECDH_RSA_WITH_RC4_128_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA,
-+ "TLS_ECDHE_RSA_WITH_NULL_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA,
-+ "TLS_ECDH_RSA_WITH_NULL_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
-+ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
- }
-
- private AbstractEndpoint endpoint;
-
-- static org.apache.commons.logging.Log log =
-- org.apache.commons.logging.LogFactory.getLog(JSSSocketFactory.class);
-+ static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
-+ .getLog(JSSSocketFactory.class);
-
- protected static boolean ocspConfigured = false;
- protected boolean requireClientAuth = false;
- protected boolean wantClientAuth = false;
-- private Vector enabledCiphers = new Vector();
- private boolean initialized = false;
- private String serverCertNick = "";
-- private String mServerCertNickPath ="";
-- private String mPwdPath ="";
-- private String mPwdClass ="";
-+ private String mServerCertNickPath = "";
-+ private String mPwdPath = "";
-+ private String mPwdClass = "";
- private static final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
-- private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(DATE_PATTERN);
-+ private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(
-+ DATE_PATTERN);
- FileWriter debugFile = null;
- boolean debug = false;
- private IPasswordStore mPasswordStore = null;
- private boolean mStrictCiphers = false;
-
-- public JSSSocketFactory (AbstractEndpoint endpoint) {
-+ public JSSSocketFactory(AbstractEndpoint endpoint) {
- this.endpoint = endpoint;
- }
-
- private void debugWrite(String m) throws IOException {
-- if (debug) {
-+ if (debug) {
- String timeStamp = timeStampFormat.format(new Date());
- String threadName = Thread.currentThread().getName();
-- debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
-+ debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
- }
- }
-
-- public void setSSLCiphers(String attr) throws SocketException, IOException
-- {
-- String ciphers = (String)endpoint.getAttribute(attr);
-- if (ciphers == null || ciphers.equals("")) {
-- debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
-- return;
-- }
-- StringTokenizer st = new StringTokenizer(ciphers, ",");
-- while (st.hasMoreTokens()) {
-- String cipherstr = st.nextToken();
-- int cipherid = 0;
-- String text;
-- boolean state;
--
-- if (cipherstr.startsWith("+")) {
-- state = true;
-- text = cipherstr.substring(1);
-- } else if (cipherstr.startsWith("-")) {
-- state = false;
-- text = cipherstr.substring(1);
-- } else {
-- state = true; // no enable/disable flag, assume enable
-- text = cipherstr;
-+ public void setSSLCiphers(String attr) throws SocketException, IOException {
-+ String ciphers = (String) endpoint.getAttribute(attr);
-+ if (ciphers == null || ciphers.equals("")) {
-+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
-+ return;
- }
-+ StringTokenizer st = new StringTokenizer(ciphers, ",");
-+ while (st.hasMoreTokens()) {
-+ String cipherstr = st.nextToken();
-+ int cipherid = 0;
-+ String text;
-+ boolean state;
-
-- if (text.startsWith("0x") || text.startsWith("0X")) {
-- // this allows us to specify new ciphers
-- try {
-- cipherid = Integer.parseInt(text.substring(2), 16);
-+ if (cipherstr.startsWith("+")) {
-+ state = true;
-+ text = cipherstr.substring(1);
-+ } else if (cipherstr.startsWith("-")) {
-+ state = false;
-+ text = cipherstr.substring(1);
-+ } else {
-+ state = true; // no enable/disable flag, assume enable
-+ text = cipherstr;
- }
-- catch (Exception e) {
-- System.err.println("Error: SSL cipher \"\""+text+"\" cannot be read as an integer");
-- continue;
-- }
-- } else {
-- Object mapValue;
-
-- mapValue = cipherMap.get(text);
-- if (mapValue == null) {
-- cipherid = 0;
-+ if (text.startsWith("0x") || text.startsWith("0X")) {
-+ // this allows us to specify new ciphers
-+ try {
-+ cipherid = Integer.parseInt(text.substring(2), 16);
-+ } catch (Exception e) {
-+ System.err.println("Error: SSL cipher \"\"" + text
-+ + "\" cannot be read as an integer");
-+ continue;
-+ }
- } else {
-- cipherid = (Integer)mapValue;
-- }
-- }
-- if (cipherid != 0) {
-- try {
-- debugWrite("JSSSocketFactory setSSLCiphers: "+
-- cipherstr+": 0x"+Integer.toHexString(cipherid) +"\n");
-- SSLSocket.setCipherPreferenceDefault(cipherid, state);
-- }
-- catch (Exception e) {
-- if (eccCipherMap.containsKey(cipherid)) {
-- System.err.println("Warning: SSL ECC cipher \""+text+"\" unsupported by NSS. "+
-- "This is probably O.K. unless ECC support has been installed.");
-+ Object mapValue;
-+
-+ mapValue = cipherMap.get(text);
-+ if (mapValue == null) {
-+ cipherid = 0;
- } else {
-- System.err.println("Error: SSL cipher \""+text+"\" unsupported by NSS");
-+ cipherid = (Integer) mapValue;
- }
- }
-- } else {
-- System.err.println("Error: SSL cipher \""+text+"\" not recognized by tomcatjss");
-+ if (cipherid != 0) {
-+ try {
-+ debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
-+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
-+ SSLSocket.setCipherPreferenceDefault(cipherid, state);
-+ } catch (Exception e) {
-+ if (eccCipherMap.containsKey(cipherid)) {
-+ System.err
-+ .println("Warning: SSL ECC cipher \""
-+ + text
-+ + "\" unsupported by NSS. "
-+ + "This is probably O.K. unless ECC support has been installed.");
-+ } else {
-+ System.err.println("Error: SSL cipher \"" + text
-+ + "\" unsupported by NSS");
-+ }
-+ }
-+ } else {
-+ System.err.println("Error: SSL cipher \"" + text
-+ + "\" not recognized by tomcatjss");
-+ }
- }
-- }
- }
-
- /*
-- * note: the SSL_OptionSet-based API for controlling the enabled
-- * protocol versions are obsolete and replaced by the
-- * setSSLVersionRange calls. If the "range" parameters are
-- * present in the attributes then the sslOptions parameter is
-- * ignored.
-+ * note: the SSL_OptionSet-based API for controlling the enabled protocol
-+ * versions are obsolete and replaced by the setSSLVersionRange calls. If
-+ * the "range" parameters are present in the attributes then the sslOptions
-+ * parameter is ignored.
- */
-- public void setSSLOptions() throws SocketException, IOException
-- {
-- String options = (String)endpoint.getAttribute("sslOptions");
-- StringTokenizer st = new StringTokenizer(options, ",");
-- while (st.hasMoreTokens()) {
-- String option = st.nextToken();
-- StringTokenizer st1 = new StringTokenizer(option, "=");
-- String name = st1.nextToken();
-- String value = st1.nextToken();
-- if (name.equals("ssl2")) {
-- if (value.equals("true")) {
-- SSLSocket.enableSSL2Default(true);
-- setSSLCiphers("ssl2Ciphers");
-- } else {
-- SSLSocket.enableSSL2Default(false);
-- }
-+ public void setSSLOptions() throws SocketException, IOException {
-+ String options = (String) endpoint.getAttribute("sslOptions");
-+ StringTokenizer st = new StringTokenizer(options, ",");
-+ while (st.hasMoreTokens()) {
-+ String option = st.nextToken();
-+ StringTokenizer st1 = new StringTokenizer(option, "=");
-+ String name = st1.nextToken();
-+ String value = st1.nextToken();
-+ if (name.equals("ssl2")) {
-+ if (value.equals("true")) {
-+ SSLSocket.enableSSL2Default(true);
-+ setSSLCiphers("ssl2Ciphers");
-+ } else {
-+ SSLSocket.enableSSL2Default(false);
-+ }
-+ }
-+ if (name.equals("ssl3")) {
-+ if (value.equals("true")) {
-+ SSLSocket.enableSSL3Default(true);
-+ setSSLCiphers("ssl3Ciphers");
-+ } else {
-+ SSLSocket.enableSSL3Default(false);
-+ }
-+ }
-+ if (name.equals("tls")) {
-+ if (value.equals("true")) {
-+ SSLSocket.enableTLSDefault(true);
-+ setSSLCiphers("tlsCiphers");
-+ } else {
-+ SSLSocket.enableTLSDefault(false);
-+ }
-+ }
- }
-- if (name.equals("ssl3")) {
-- if (value.equals("true")) {
-- SSLSocket.enableSSL3Default(true);
-- setSSLCiphers("ssl3Ciphers");
-- } else {
-- SSLSocket.enableSSL3Default(false);
-- }
-- }
-- if (name.equals("tls")) {
-- if (value.equals("true")) {
-- SSLSocket.enableTLSDefault(true);
-- setSSLCiphers("tlsCiphers");
-- } else {
-- SSLSocket.enableTLSDefault(false);
-- }
-- }
-- }
- }
-
- // remove all to start with a clean slate
-- public void unsetSSLCiphers() throws SocketException
-- {
-+ public void unsetSSLCiphers() throws SocketException {
- int ciphers[] = SSLSocket.getImplementedCipherSuites();
- try {
-- for (int i = 0; ciphers != null && i < ciphers.length; i++) {
-+ for (int i = 0; ciphers != null && i < ciphers.length; i++) {
-
-- debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"+
-- Integer.toHexString(ciphers[i]) + "'\n");
-- SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
-- }
-+ debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"
-+ + Integer.toHexString(ciphers[i]) + "'\n");
-+ SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
-+ }
- } catch (Exception e) {
- }
- }
-
--
- /*
-- * setSSLVersionRangeDefault sets the range of allowed ssl versions.
-- * This replaces the obsolete SSL_Option* API
-- *
-- * @param protoVariant indicates whether this setting is for
-- type "stream" or "datagram"
-- * @param sslVersionRange_s takes on the form of "min:max" where
-- * min/max values can be "ssl3, tls1_0, tls1_1, or tls1_2"
-- * ssl2 is not supported for tomcatjss via this interface
-- * The format is "sslVersionRange=min:max"
-+ * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
-+ * replaces the obsolete SSL_Option* API
-+ *
-+ * @param protoVariant indicates whether this setting is for type "stream"
-+ * or "datagram"
-+ *
-+ * @param sslVersionRange_s takes on the form of "min:max" where min/max
-+ * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
-+ * tomcatjss via this interface The format is "sslVersionRange=min:max"
- */
- public void setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant protoVariant,
-- String sslVersionRange_s)
-- throws SocketException, IllegalArgumentException, IOException {
-+ String sslVersionRange_s) throws SocketException,
-+ IllegalArgumentException, IOException {
-
- // process sslVersionRange_s
-- String[] sslVersionRange = sslVersionRange_s.split(":");
-+ String[] sslVersionRange = sslVersionRange_s.split(":");
- if (sslVersionRange.length != 2) {
-- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
-- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
-+ + sslVersionRange_s + "\n");
-+ throw new SocketException(
-+ "tomcatjss: setSSLversionRangeDefault format error");
- }
- String min_s = sslVersionRange[0];
- String max_s = sslVersionRange[1];
- int min = getSSLVersionRangeEnum(min_s);
- int max = getSSLVersionRangeEnum(max_s);
-- if ((min == -1) || (max== -1)) {
-- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
-- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
-+ if ((min == -1) || (max == -1)) {
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
-+ + sslVersionRange_s + "\n");
-+ throw new SocketException(
-+ "tomcatjss: setSSLversionRangeDefault format error");
- }
-
-- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min=" + min + " max = " + max +"\n");
-- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
-- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(min, max);
-+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min="
-+ + min + " max = " + max + "\n");
-+ org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range = new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
-+ min, max);
-
- SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- variant set\n");
- }
-
-- int getSSLVersionRangeEnum (String rangeString) {
-+ int getSSLVersionRangeEnum(String rangeString) {
- if (rangeString == null)
- return -1;
- if (rangeString.equals("ssl3"))
-@@ -393,39 +518,40 @@
-
- void init() throws IOException {
- try {
-- String deb = (String)endpoint.getAttribute("debug");
-+ String deb = (String) endpoint.getAttribute("debug");
- if (deb.equals("true")) {
-- debug = true;
-- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
-- debugWrite("JSSSocketFactory init - debug is on\n");
-+ debug = true;
-+ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
-+ debugWrite("JSSSocketFactory init - debug is on\n");
- }
- } catch (Exception e) {
-- // System.out.println("no tomcatjss debugging");
-+ // System.out.println("no tomcatjss debugging");
- }
-
- try {
- try {
-- mPwdPath = (String)endpoint.getAttribute("passwordFile");
-- mPwdClass = (String)endpoint.getAttribute("passwordClass");
-- if (mPwdClass != null) {
-- mPasswordStore = (IPasswordStore)Class.forName(mPwdClass).newInstance();
-+ mPwdPath = (String) endpoint.getAttribute("passwordFile");
-+ mPwdClass = (String) endpoint.getAttribute("passwordClass");
-+ if (mPwdClass != null) {
-+ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass)
-+ .newInstance();
- mPasswordStore.init(mPwdPath);
- debugWrite("JSSSocketFactory init - password reader initialized\n");
-- }
-- } catch (Exception e) {
-+ }
-+ } catch (Exception e) {
- debugWrite("JSSSocketFactory init - Exception caught: "
-- +e.toString() + "\n");
-+ + e.toString() + "\n");
- if (debugFile != null)
- debugFile.close();
-- throw new IOException("JSSSocketFactory: no passwordFilePath defined");
-+ throw new IOException(
-+ "JSSSocketFactory: no passwordFilePath defined");
- }
-
-- String certDir = (String)endpoint.getAttribute("certdbDir");
--
-- CryptoManager.InitializationValues vals =
-- new CryptoManager.InitializationValues(certDir,
-- "", "", "secmod.db");
-+ String certDir = (String) endpoint.getAttribute("certdbDir");
-
-+ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
-+ certDir, "", "", "secmod.db");
-+
- vals.removeSunProvider = false;
- vals.installJSSProvider = true;
- try {
-@@ -435,22 +561,22 @@
- }
- CryptoManager manager = CryptoManager.getInstance();
-
-- //JSSSocketFactory init - handle crypto tokens
-+ // JSSSocketFactory init - handle crypto tokens
- debugWrite("JSSSocketFactory init - about to handle crypto unit logins\n");
-
- if (mPasswordStore != null) {
-- Enumeration en = mPasswordStore.getTags();
-- while (en.hasMoreElements()){
-+ Enumeration en = mPasswordStore.getTags();
-+ while (en.hasMoreElements()) {
- String pwd = "";
- Password pw = null;
- String tokenName = "";
- String st = (String) en.nextElement();
-- debugWrite("JSSSocketFactory init - tag name="+st+"\n");
-+ debugWrite("JSSSocketFactory init - tag name=" + st + "\n");
- pwd = mPasswordStore.getPassword(st);
-
- if (pwd != null) {
- debugWrite("JSSSocketFactory init - got password\n");
-- pw = new Password(pwd.toCharArray());
-+ pw = new Password(pwd.toCharArray());
- } else {
- debugWrite("JSSSocketFactory init - no pwd found in password.conf\n");
- continue;
-@@ -464,12 +590,13 @@
- debugWrite("JSSSocketFactory init - got hardware\n");
-
- tokenName = st.substring(9);
-- debugWrite("JSSSocketFactory init - tokenName="+tokenName+"\n");
-+ debugWrite("JSSSocketFactory init - tokenName="
-+ + tokenName + "\n");
-
- // find the hsm and log in
- token = manager.getTokenByName(tokenName);
- } else {
-- //non-token entries
-+ // non-token entries
- }
- if (token != null) {
- if (!token.isLoggedIn()) {
-@@ -479,15 +606,15 @@
- debugWrite("JSSSocketFactory init - already logged in\n");
- }
- }
-- } //while
-+ } // while
- debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
- } else {
- debugWrite("JSSSocketFactory init - no login done\n");
-- } //mPasswordStore not null
-+ } // mPasswordStore not null
-
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
-- String clientAuthStr = (String)endpoint.getAttribute("clientauth");
-+ String clientAuthStr = (String) endpoint.getAttribute("clientauth");
- if (clientAuthStr == null) {
- debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
- clientAuthStr = "want";
-@@ -494,178 +621,208 @@
- }
- File file = null;
- try {
-- mServerCertNickPath = (String)endpoint.getAttribute("serverCertNickFile");
-- debugWrite("JSSSocketFactory init - got serverCertNickFile"+
-- mServerCertNickPath+"\n");
-+ mServerCertNickPath = (String) endpoint
-+ .getAttribute("serverCertNickFile");
-+ debugWrite("JSSSocketFactory init - got serverCertNickFile"
-+ + mServerCertNickPath + "\n");
- file = new File(mServerCertNickPath);
-- Long l = new Long(file.length());
- FileInputStream in = new FileInputStream(mServerCertNickPath);
-- BufferedReader d =
-- new BufferedReader(new InputStreamReader(in));
-+ BufferedReader d = new BufferedReader(new InputStreamReader(in));
- do {
-- serverCertNick = d.readLine();
-- debugWrite("JSSSocketFactory init - got line "+
-- serverCertNick +"\n");
-- if (serverCertNick == null) {
-- in.close();
-- d.close();
-- throw new IOException("JSSSocketFactory: error loading serverCertNickFile");
-- }
-- // handle comments or blank lines
-- if (serverCertNick.trim().startsWith("#") ||
-- serverCertNick.trim().equals("")) {
-- serverCertNick = null;
-- }
-+ serverCertNick = d.readLine();
-+ debugWrite("JSSSocketFactory init - got line "
-+ + serverCertNick + "\n");
-+ if (serverCertNick == null) {
-+ in.close();
-+ d.close();
-+ throw new IOException(
-+ "JSSSocketFactory: error loading serverCertNickFile");
-+ }
-+ // handle comments or blank lines
-+ if (serverCertNick.trim().startsWith("#")
-+ || serverCertNick.trim().equals("")) {
-+ serverCertNick = null;
-+ }
- } while (serverCertNick == null);
-- debugWrite("JSSSocketFactory init - found nickname=" + serverCertNick + "\n");
-+ debugWrite("JSSSocketFactory init - found nickname="
-+ + serverCertNick + "\n");
- in.close();
- d.close();
- } catch (Exception e) {
- debugWrite("JSSSocketFactory init - Exception caught: "
-- +e.toString() + "\n");
-+ + e.toString() + "\n");
- if (debugFile != null)
- debugFile.close();
-- throw new IOException("JSSSocketFactory: no serverCertNickFile defined");
-+ throw new IOException(
-+ "JSSSocketFactory: no serverCertNickFile defined");
- }
-
-- //serverCertNick = (String)endpoint.getAttribute("serverCert");
-- if (clientAuthStr.equalsIgnoreCase("true") ||
-- clientAuthStr.equalsIgnoreCase("yes")) {
-+ // serverCertNick = (String)endpoint.getAttribute("serverCert");
-+ if (clientAuthStr.equalsIgnoreCase("true")
-+ || clientAuthStr.equalsIgnoreCase("yes")) {
- requireClientAuth = true;
- } else if (clientAuthStr.equalsIgnoreCase("want")) {
- wantClientAuth = true;
- }
-- debugWrite("JSSSocketFActory init - requireClientAuth " + requireClientAuth +
-- " wantClientAuth " + wantClientAuth + " ocspConfigured "
-- + ocspConfigured);
-- if (requireClientAuth == true || wantClientAuth == true
-- && ocspConfigured == false ) {
-- debugWrite("JSSSocketFactory init - checking for OCSP settings. \n" );
-- boolean enableOCSP = false;
-+ debugWrite("JSSSocketFActory init - requireClientAuth "
-+ + requireClientAuth + " wantClientAuth " + wantClientAuth
-+ + " ocspConfigured " + ocspConfigured);
-+ if (requireClientAuth == true || wantClientAuth == true
-+ && ocspConfigured == false) {
-+ debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
-+ boolean enableOCSP = false;
- String doOCSP = (String) endpoint.getAttribute("enableOCSP");
-
-- debugWrite("JSSSocketFactory init - doOCSP flag:"+
-- doOCSP+ " \n");
-+ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP
-+ + " \n");
-
-- if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
-- enableOCSP = true;
-- }
--
-- debugWrite("JSSSocketFactory init - enableOCSP "+
-- enableOCSP+ "\n");
--
-- if( enableOCSP == true ) {
-- String ocspResponderURL = (String) endpoint.getAttribute("ocspResponderURL");
-- debugWrite("JSSSocketFactory init - ocspResponderURL "+
-- ocspResponderURL+ "\n");
-- String ocspResponderCertNickname = (String) endpoint.getAttribute("ocspResponderCertNickname");
-- debugWrite("JSSSocketFactory init - ocspResponderCertNickname" + ocspResponderCertNickname + "\n");
-- if( (ocspResponderURL != null && ocspResponderURL.length() > 0) &&
-- (ocspResponderCertNickname != null &&
-- ocspResponderCertNickname.length() > 0 )) {
-+ if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
-+ enableOCSP = true;
-+ }
-
-- ocspConfigured = true;
-- try {
-- manager.configureOCSP(true,ocspResponderURL,ocspResponderCertNickname);
-- int ocspCacheSize_i = 1000;
-- int ocspMinCacheEntryDuration_i = 3600;
-- int ocspMaxCacheEntryDuration_i = 86400;
-+ debugWrite("JSSSocketFactory init - enableOCSP " + enableOCSP
-+ + "\n");
-
-- String ocspCacheSize = (String) endpoint.getAttribute("ocspCacheSize");
-- String ocspMinCacheEntryDuration = (String) endpoint.getAttribute("ocspMinCacheEntryDuration");
-- String ocspMaxCacheEntryDuration = (String) endpoint.getAttribute("ocspMaxCacheEntryDuration");
-+ if (enableOCSP == true) {
-+ String ocspResponderURL = (String) endpoint
-+ .getAttribute("ocspResponderURL");
-+ debugWrite("JSSSocketFactory init - ocspResponderURL "
-+ + ocspResponderURL + "\n");
-+ String ocspResponderCertNickname = (String) endpoint
-+ .getAttribute("ocspResponderCertNickname");
-+ debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
-+ + ocspResponderCertNickname + "\n");
-+ if ((ocspResponderURL != null && ocspResponderURL.length() > 0)
-+ && (ocspResponderCertNickname != null && ocspResponderCertNickname
-+ .length() > 0)) {
-
-- if (ocspCacheSize != null ||
-- ocspMinCacheEntryDuration != null ||
-- ocspMaxCacheEntryDuration != null) {
-- // not specified then takes the default
-- if (ocspCacheSize != null) {
-- debugWrite("JSSSocketFactory init - ocspCacheSize= " + ocspCacheSize+"\n");
-- ocspCacheSize_i = Integer.parseInt(ocspCacheSize);
-- }
-- if (ocspMinCacheEntryDuration != null) {
-- debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= " + ocspMinCacheEntryDuration+"\n");
-- ocspMinCacheEntryDuration_i = Integer.parseInt(ocspMinCacheEntryDuration);
-- }
-- if (ocspMaxCacheEntryDuration != null) {
-- debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= " + ocspMaxCacheEntryDuration+"\n");
-- ocspMaxCacheEntryDuration_i = Integer.parseInt(ocspMaxCacheEntryDuration);
-- }
-- manager.OCSPCacheSettings(ocspCacheSize_i,
-- ocspMinCacheEntryDuration_i, ocspMaxCacheEntryDuration_i);
-- }
-+ ocspConfigured = true;
-+ try {
-+ manager.configureOCSP(true, ocspResponderURL,
-+ ocspResponderCertNickname);
-+ int ocspCacheSize_i = 1000;
-+ int ocspMinCacheEntryDuration_i = 3600;
-+ int ocspMaxCacheEntryDuration_i = 86400;
-
-- // defualt to 60 seconds;
-- String ocspTimeout = (String) endpoint.getAttribute("ocspTimeout");
-- if (ocspTimeout != null) {
-- debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
-- int ocspTimeout_i = Integer.parseInt(ocspTimeout);
-- if (ocspTimeout_i < 0)
-- ocspTimeout_i = 60;
-- manager.setOCSPTimeout(ocspTimeout_i);
-- }
-+ String ocspCacheSize = (String) endpoint
-+ .getAttribute("ocspCacheSize");
-+ String ocspMinCacheEntryDuration = (String) endpoint
-+ .getAttribute("ocspMinCacheEntryDuration");
-+ String ocspMaxCacheEntryDuration = (String) endpoint
-+ .getAttribute("ocspMaxCacheEntryDuration");
-
-- } catch(java.security.GeneralSecurityException e) {
-- ocspConfigured = false;
-- debugWrite("JSSSocketFactory init - error initializing OCSP e: " + e.toString()+"\n");
-- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuraion!");
-- } catch (java.lang.NumberFormatException e) {
-- debugWrite("JSSSocketFactory init - error setting OCSP cache e: " + e.toString()+"\n");
-- throw new java.lang.NumberFormatException("Error setting OCSP cache. Check configuraion!");
-- }
-- } else {
-+ if (ocspCacheSize != null
-+ || ocspMinCacheEntryDuration != null
-+ || ocspMaxCacheEntryDuration != null) {
-+ // not specified then takes the default
-+ if (ocspCacheSize != null) {
-+ debugWrite("JSSSocketFactory init - ocspCacheSize= "
-+ + ocspCacheSize + "\n");
-+ ocspCacheSize_i = Integer
-+ .parseInt(ocspCacheSize);
-+ }
-+ if (ocspMinCacheEntryDuration != null) {
-+ debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= "
-+ + ocspMinCacheEntryDuration + "\n");
-+ ocspMinCacheEntryDuration_i = Integer
-+ .parseInt(ocspMinCacheEntryDuration);
-+ }
-+ if (ocspMaxCacheEntryDuration != null) {
-+ debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= "
-+ + ocspMaxCacheEntryDuration + "\n");
-+ ocspMaxCacheEntryDuration_i = Integer
-+ .parseInt(ocspMaxCacheEntryDuration);
-+ }
-+ manager.OCSPCacheSettings(ocspCacheSize_i,
-+ ocspMinCacheEntryDuration_i,
-+ ocspMaxCacheEntryDuration_i);
-+ }
-+
-+ // defualt to 60 seconds;
-+ String ocspTimeout = (String) endpoint
-+ .getAttribute("ocspTimeout");
-+ if (ocspTimeout != null) {
-+ debugWrite("JSSSocketFactory init - ocspTimeout= \n"
-+ + ocspTimeout);
-+ int ocspTimeout_i = Integer
-+ .parseInt(ocspTimeout);
-+ if (ocspTimeout_i < 0)
-+ ocspTimeout_i = 60;
-+ manager.setOCSPTimeout(ocspTimeout_i);
-+ }
-+
-+ } catch (java.security.GeneralSecurityException e) {
-+ ocspConfigured = false;
-+ debugWrite("JSSSocketFactory init - error initializing OCSP e: "
-+ + e.toString() + "\n");
-+ throw new java.security.GeneralSecurityException(
-+ "Error setting up OCSP. Check configuraion!");
-+ } catch (java.lang.NumberFormatException e) {
-+ debugWrite("JSSSocketFactory init - error setting OCSP cache e: "
-+ + e.toString() + "\n");
-+ throw new java.lang.NumberFormatException(
-+ "Error setting OCSP cache. Check configuraion!");
-+ }
-+ } else {
- debugWrite("JSSSocketFactory init - error ocsp misconfigured! \n");
-- throw new java.security.GeneralSecurityException("Error setting up OCSP. Check configuration!");
-- }
-+ throw new java.security.GeneralSecurityException(
-+ "Error setting up OCSP. Check configuration!");
-+ }
- }
- }
-- //serverCertNick = "Server-Cert cert-tks";
-+ // serverCertNick = "Server-Cert cert-tks";
- // 12 hours = 43200 seconds
- SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
-
-- String strictCiphersStr = (String)endpoint.getAttribute("strictCiphers");
-- if (strictCiphersStr.equalsIgnoreCase("true") ||
-- strictCiphersStr.equalsIgnoreCase("yes")) {
-+ String strictCiphersStr = (String) endpoint
-+ .getAttribute("strictCiphers");
-+ if (strictCiphersStr.equalsIgnoreCase("true")
-+ || strictCiphersStr.equalsIgnoreCase("yes")) {
- mStrictCiphers = true;
- }
- if (mStrictCiphers == true) {
- // what ciphers do we have to start with? turn them all off
-- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
-- unsetSSLCiphers();
-+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is true\n");
-+ unsetSSLCiphers();
- } else {
-- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
-+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
- }
-
-- String sslVersionRangeStream = (String)endpoint.getAttribute("sslVersionRangeStream");
-- if ((sslVersionRangeStream != null) && !sslVersionRangeStream.equals("")) {
-+ String sslVersionRangeStream = (String) endpoint
-+ .getAttribute("sslVersionRangeStream");
-+ if ((sslVersionRangeStream != null)
-+ && !sslVersionRangeStream.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
-- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, sslVersionRangeStream);
-+ setSSLVersionRangeDefault(
-+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
-+ sslVersionRangeStream);
- debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
- }
-
-- String sslVersionRangeDatagram = (String)endpoint.getAttribute("sslVersionRangeDatagram");
-- if ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram.equals("")) {
-+ String sslVersionRangeDatagram = (String) endpoint
-+ .getAttribute("sslVersionRangeDatagram");
-+ if ((sslVersionRangeDatagram != null)
-+ && !sslVersionRangeDatagram.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
-- setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM, sslVersionRangeDatagram);
-+ setSSLVersionRangeDefault(
-+ org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
-+ sslVersionRangeDatagram);
- debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type DATA_GRAM\n");
- }
-
- /*
-- * According to NSS:
-- * the SSL_OptionSet-based API for controlling the enabled
-- * protocol versions are obsolete and replaced by the
-- * setSSLVersionRange calls.
-- * Therefore, if the "range" parameters are
-- * present in the attributes then the sslOptions parameter is
-- * ignored.
-- * Using the new version range API in conjunction with the older
-- * SSL_OptionSet-based API for controlling the enabled protocol
-- * versions may cause unexpected results
-+ * According to NSS: the SSL_OptionSet-based API for controlling the
-+ * enabled protocol versions are obsolete and replaced by the
-+ * setSSLVersionRange calls. Therefore, if the "range" parameters
-+ * are present in the attributes then the sslOptions parameter is
-+ * ignored. Using the new version range API in conjunction with the
-+ * older SSL_OptionSet-based API for controlling the enabled
-+ * protocol versions may cause unexpected results
- */
-- if (((sslVersionRangeStream != null)
-- && !sslVersionRangeStream.equals(""))
-- || ((sslVersionRangeDatagram != null)
-- && !sslVersionRangeDatagram.equals(""))) {
-+ if (((sslVersionRangeStream != null) && !sslVersionRangeStream
-+ .equals(""))
-+ || ((sslVersionRangeDatagram != null) && !sslVersionRangeDatagram
-+ .equals(""))) {
- /* deliberately lose the ssl2 here */
- debugWrite("SSSocketFactory init - calling setSSLCiphers() honoring only sslRangeCiphers\n");
- setSSLCiphers("sslRangeCiphers");
-@@ -677,18 +834,18 @@
- }
-
- } catch (Exception ex) {
-- debugWrite("JSSSocketFactory init - exception thrown:"+
-- ex.toString()+"\n");
-- System.err.println("JSSSocketFactory init - exception thrown:"+
-- ex.toString()+"\n");
-+ debugWrite("JSSSocketFactory init - exception thrown:"
-+ + ex.toString() + "\n");
-+ System.err.println("JSSSocketFactory init - exception thrown:"
-+ + ex.toString() + "\n");
- if (debugFile != null)
- debugFile.close();
- // The idea is, if admin take the trouble to configure the
- // ocsp cache, and made a mistake, we want to make server
- // unavailable until they get it right
-- if((ex instanceof java.security.GeneralSecurityException) ||
-- (ex instanceof java.lang.NumberFormatException))
-- throw new IOException(ex.toString());
-+ if ((ex instanceof java.security.GeneralSecurityException)
-+ || (ex instanceof java.lang.NumberFormatException))
-+ throw new IOException(ex.toString());
- }
- if (debugFile != null)
- debugFile.close();
-@@ -697,7 +854,7 @@
- public Socket acceptSocket(ServerSocket socket) throws IOException {
- SSLSocket asock = null;
- try {
-- asock = (SSLSocket)socket.accept();
-+ asock = (SSLSocket) socket.accept();
- if (wantClientAuth || requireClientAuth) {
- asock.requestClientAuth(true);
- if (requireClientAuth == true) {
-@@ -707,14 +864,14 @@
- }
- }
- } catch (Exception e) {
-- throw new SocketException("SSL handshake error "+e.toString());
-- }
-+ throw new SocketException("SSL handshake error " + e.toString());
-+ }
-
- return asock;
- }
-
- public void handshake(Socket sock) throws IOException {
-- //((SSLSocket)sock).forceHandshake();
-+ // ((SSLSocket)sock).forceHandshake();
- }
-
- public ServerSocket createSocket(int port) throws IOException {
-@@ -721,33 +878,31 @@
- return createSocket(port, SSLServerSocket.DEFAULT_BACKLOG, null);
- }
-
-- public ServerSocket createSocket(int port, int backlog)
-- throws IOException {
-+ public ServerSocket createSocket(int port, int backlog) throws IOException {
- return createSocket(port, backlog, null);
- }
-
- public ServerSocket createSocket(int port, int backlog,
-- InetAddress ifAddress) throws IOException {
-+ InetAddress ifAddress) throws IOException {
- return createSocket(port, backlog, ifAddress, true);
- }
-
- public ServerSocket createSocket(int port, int backlog,
-- InetAddress ifAddress, boolean reuseAddr) throws IOException {
-+ InetAddress ifAddress, boolean reuseAddr) throws IOException {
- if (!initialized)
- init();
- SSLServerSocket socket = null;
-- socket = (SSLServerSocket)(new SSLServerSocket(port, backlog,
-- ifAddress, null, reuseAddr));
-+ socket = (SSLServerSocket) (new SSLServerSocket(port, backlog,
-+ ifAddress, null, reuseAddr));
- initializeSocket(socket);
-- return (ServerSocket)socket;
-+ return (ServerSocket) socket;
- }
-
- private void initializeSocket(SSLServerSocket s) {
- try {
- /*
-- * Timeout's should not be enabled by default.
-- * Upper layers will call setSoTimeout() as needed.
-- * Zero means disable.
-+ * Timeout's should not be enabled by default. Upper layers will
-+ * call setSoTimeout() as needed. Zero means disable.
- */
- s.setSoTimeout(0);
- if (wantClientAuth || requireClientAuth) {
-@@ -757,7 +912,7 @@
- } else {
- s.requireClientAuth(SSLSocket.SSL_REQUIRE_NEVER);
- }
-- }
-+ }
- s.setServerCertNickname(serverCertNick);
- } catch (Exception e) {
- }
-@@ -776,7 +931,8 @@
- return null;
- }
-
-- public void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext) {
-+ public void configureSessionContext(
-+ javax.net.ssl.SSLSessionContext sslSessionContext) {
- return;
- }
-
-Index: src/org/apache/tomcat/util/net/jss/JSSImplementation.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/JSSImplementation.java (revision 294)
-@@ -20,7 +20,7 @@
- package org.apache.tomcat.util.net.jss;
-
- import java.net.Socket;
--import java.io.*;
-+
- import org.apache.tomcat.util.net.AbstractEndpoint;
- import org.apache.tomcat.util.net.SSLImplementation;
- import org.apache.tomcat.util.net.SSLSupport;
-@@ -27,14 +27,12 @@
- import org.apache.tomcat.util.net.SSLUtil;
- import org.apache.tomcat.util.net.ServerSocketFactory;
-
--public class JSSImplementation extends SSLImplementation
--{
-- static final String JSSFactory =
-- "org.apache.tomcat.util.net.jss.JSSFactory";
-+public class JSSImplementation extends SSLImplementation {
-+ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
- static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
-
-- static org.apache.commons.logging.Log logger =
-- org.apache.commons.logging.LogFactory.getLog(JSSImplementation.class);
-+ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
-+ .getLog(JSSImplementation.class);
-
- private JSSFactory factory = null;
-
-@@ -43,9 +41,9 @@
-
- try {
- Class factcl = Class.forName(JSSFactory);
-- factory = (JSSFactory)factcl.newInstance();
-+ factory = (JSSFactory) factcl.newInstance();
- } catch (Exception e) {
-- if(logger.isDebugEnabled())
-+ if (logger.isDebugEnabled())
- logger.debug("Error getting factory: " + JSSFactory, e);
- }
- }
-@@ -54,8 +52,7 @@
- return "JSS";
- }
-
-- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint)
-- {
-+ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
- ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
- return ssf;
- }
-@@ -68,28 +65,28 @@
-
- public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
- /*
-- * The Tomcat 6.0.26 docs says:
-- * This method has been deprecated since it adds a JSSE dependency
-- * to this interface. It will be removed in versions after 6.0.x.
-- *
-+ * The Tomcat 6.0.26 docs says: This method has been deprecated since it
-+ * adds a JSSE dependency to this interface. It will be removed in
-+ * versions after 6.0.x.
-+ *
- * But we have to provide a implementation of this method because it's
- * declared as abstract.
-- *
-+ *
- * Unfortunately there does not appear to be any way to get SSLSupport
- * information from a session with JSS. JSS looks up the information
- * based on a socket, not a session. This done in SSLSocket.c
- * Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
-- *
-+ *
- * So while it would be nice to provide a working implmentation there
- * doesn't seem to be an easy way to do this. Given that this method is
- * already deprecated and there hasn't been any evidence of it being
- * called it therefore seems reasonable to just return null to satify
- * the compiler's demand for an implementation.
-- *
-+ *
- * Once this abstract method is removed from SSLImplementation in a
- * future release we can remove this stub.
-- *
-- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
-+ *
-+ * NOTE: This method has NOT yet been deprecated in Tomcat 7!
- */
- return null;
- }
-Index: src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 294)
-@@ -19,11 +19,13 @@
-
- package org.apache.tomcat.util.net.jss;
-
-+import java.io.FileInputStream;
-+import java.io.FileOutputStream;
-+import java.io.IOException;
-+import java.util.Enumeration;
- import java.util.Properties;
--import java.io.*;
--import java.util.*;
-
--public class PlainPasswordFile implements IPasswordStore{
-+public class PlainPasswordFile implements IPasswordStore {
- private String mPwdPath = "";
- private Properties mPwdStore;
- private static final String PASSWORD_WRITER_HEADER = "";
-@@ -31,24 +33,23 @@
- public PlainPasswordFile() {
- }
-
-- public void init(String pwdPath)
-- throws IOException
-- {
-- mPwdStore = new Properties();
-- // initialize mPwdStore
-- mPwdPath = pwdPath;
-+ public void init(String pwdPath) throws IOException {
-+ mPwdStore = new Properties();
-+ // initialize mPwdStore
-+ mPwdPath = pwdPath;
-
-- FileInputStream file = new FileInputStream(mPwdPath);
-- mPwdStore.load(file);
-+ FileInputStream file = new FileInputStream(mPwdPath);
-+ mPwdStore.load(file);
- }
-
- public String getPassword(String tag) {
-- return (String) mPwdStore.getProperty(tag);
-+ return (String) mPwdStore.getProperty(tag);
- }
-
- // return an array of String-based tag
-- public Enumeration getTags() {
-- return mPwdStore.propertyNames();
-+ @SuppressWarnings("unchecked")
-+ public Enumeration getTags() {
-+ return (Enumeration) mPwdStore.propertyNames();
- }
-
- public Object putPassword(String tag, String password) {
-@@ -55,9 +56,8 @@
- return mPwdStore.setProperty(tag, password);
- }
-
-- public void commit()
-- throws IOException, ClassCastException, NullPointerException
-- {
-+ public void commit() throws IOException, ClassCastException,
-+ NullPointerException {
- FileOutputStream file = new FileOutputStream(mPwdPath);
- mPwdStore.store(file, PASSWORD_WRITER_HEADER);
- }
-Index: src/org/apache/tomcat/util/net/jss/JSSFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/JSSFactory.java (revision 294)
-@@ -19,10 +19,13 @@
-
- package org.apache.tomcat.util.net.jss;
-
--import org.mozilla.jss.ssl.*;
--import org.apache.tomcat.util.net.*;
--import java.net.*;
-+import java.net.Socket;
-
-+import org.apache.tomcat.util.net.AbstractEndpoint;
-+import org.apache.tomcat.util.net.SSLSupport;
-+import org.apache.tomcat.util.net.ServerSocketFactory;
-+import org.mozilla.jss.ssl.SSLSocket;
-+
- class JSSFactory implements IJSSFactory {
- JSSFactory() {
- }
-@@ -32,6 +35,6 @@
- }
-
- public SSLSupport getSSLSupport(Socket socket) {
-- return new JSSSupport((SSLSocket)socket);
-+ return new JSSSupport((SSLSocket) socket);
- }
- }
-Index: src/org/apache/tomcat/util/net/jss/IPasswordStore.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 292)
-+++ src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 294)
-@@ -19,14 +19,18 @@
-
- package org.apache.tomcat.util.net.jss;
-
--import java.util.*;
--import java.io.*;
-+import java.io.IOException;
-+import java.util.Enumeration;
-
- public interface IPasswordStore {
- public void init(String pwdPath) throws IOException;
-+
- public String getPassword(String tag);
-- public Enumeration getTags();
-+
-+ public Enumeration getTags();
-+
- public Object putPassword(String tag, String password);
-- public void commit()
-- throws IOException, ClassCastException, NullPointerException;
-+
-+ public void commit() throws IOException, ClassCastException,
-+ NullPointerException;
- }
-Index: .settings/org.eclipse.jdt.core.prefs
-===================================================================
---- .settings/org.eclipse.jdt.core.prefs (revision 0)
-+++ .settings/org.eclipse.jdt.core.prefs (revision 294)
-@@ -0,0 +1,282 @@
-+eclipse.preferences.version=1
-+org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
-+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
-+org.eclipse.jdt.core.formatter.alignment_for_assignment=0
-+org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
-+org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
-+org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
-+org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
-+org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
-+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
-+org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
-+org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_resources_in_try=80
-+org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
-+org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16
-+org.eclipse.jdt.core.formatter.alignment_for_union_type_in_multicatch=16
-+org.eclipse.jdt.core.formatter.blank_lines_after_imports=1
-+org.eclipse.jdt.core.formatter.blank_lines_after_package=1
-+org.eclipse.jdt.core.formatter.blank_lines_before_field=0
-+org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0
-+org.eclipse.jdt.core.formatter.blank_lines_before_imports=1
-+org.eclipse.jdt.core.formatter.blank_lines_before_member_type=1
-+org.eclipse.jdt.core.formatter.blank_lines_before_method=1
-+org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1
-+org.eclipse.jdt.core.formatter.blank_lines_before_package=0
-+org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1
-+org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=1
-+org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_block=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_switch=end_of_line
-+org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=end_of_line
-+org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false
-+org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false
-+org.eclipse.jdt.core.formatter.comment.format_block_comments=false
-+org.eclipse.jdt.core.formatter.comment.format_header=false
-+org.eclipse.jdt.core.formatter.comment.format_html=true
-+org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=true
-+org.eclipse.jdt.core.formatter.comment.format_line_comments=false
-+org.eclipse.jdt.core.formatter.comment.format_source_code=true
-+org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true
-+org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
-+org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
-+org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
-+org.eclipse.jdt.core.formatter.comment.line_length=120
-+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
-+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
-+org.eclipse.jdt.core.formatter.comment.preserve_white_space_between_code_and_line_comments=false
-+org.eclipse.jdt.core.formatter.compact_else_if=true
-+org.eclipse.jdt.core.formatter.continuation_indentation=2
-+org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
-+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
-+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
-+org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
-+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=false
-+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
-+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
-+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
-+org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true
-+org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true
-+org.eclipse.jdt.core.formatter.indent_empty_lines=false
-+org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true
-+org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true
-+org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true
-+org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false
-+org.eclipse.jdt.core.formatter.indentation.size=8
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_method=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_package=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_type=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=do not insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert
-+org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_try=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_try_resources=insert
-+org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_try=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_try=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert
-+org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_try_resources=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert
-+org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert
-+org.eclipse.jdt.core.formatter.join_lines_in_comments=false
-+org.eclipse.jdt.core.formatter.join_wrapped_lines=false
-+org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false
-+org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false
-+org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false
-+org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false
-+org.eclipse.jdt.core.formatter.lineSplit=120
-+org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false
-+org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false
-+org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0
-+org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
-+org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
-+org.eclipse.jdt.core.formatter.tabulation.char=space
-+org.eclipse.jdt.core.formatter.tabulation.size=4
-+org.eclipse.jdt.core.formatter.use_on_off_tags=false
-+org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
-+org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
-+org.eclipse.jdt.core.formatter.wrap_before_or_operator_multicatch=true
-+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
-Index: .settings/org.eclipse.jdt.ui.prefs
-===================================================================
---- .settings/org.eclipse.jdt.ui.prefs (revision 0)
-+++ .settings/org.eclipse.jdt.ui.prefs (revision 294)
-@@ -0,0 +1,56 @@
-+eclipse.preferences.version=1
-+editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
-+formatter_profile=_PKI Project Profile
-+formatter_settings_version=12
-+sp_cleanup.add_default_serial_version_id=true
-+sp_cleanup.add_generated_serial_version_id=false
-+sp_cleanup.add_missing_annotations=false
-+sp_cleanup.add_missing_deprecated_annotations=true
-+sp_cleanup.add_missing_methods=false
-+sp_cleanup.add_missing_nls_tags=false
-+sp_cleanup.add_missing_override_annotations=true
-+sp_cleanup.add_missing_override_annotations_interface_methods=true
-+sp_cleanup.add_serial_version_id=false
-+sp_cleanup.always_use_blocks=true
-+sp_cleanup.always_use_parentheses_in_expressions=false
-+sp_cleanup.always_use_this_for_non_static_field_access=false
-+sp_cleanup.always_use_this_for_non_static_method_access=false
-+sp_cleanup.convert_to_enhanced_for_loop=false
-+sp_cleanup.correct_indentation=false
-+sp_cleanup.format_source_code=false
-+sp_cleanup.format_source_code_changes_only=false
-+sp_cleanup.make_local_variable_final=false
-+sp_cleanup.make_parameters_final=false
-+sp_cleanup.make_private_fields_final=true
-+sp_cleanup.make_type_abstract_if_missing_method=false
-+sp_cleanup.make_variable_declarations_final=false
-+sp_cleanup.never_use_blocks=false
-+sp_cleanup.never_use_parentheses_in_expressions=true
-+sp_cleanup.on_save_use_additional_actions=true
-+sp_cleanup.organize_imports=true
-+sp_cleanup.qualify_static_field_accesses_with_declaring_class=false
-+sp_cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
-+sp_cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
-+sp_cleanup.qualify_static_member_accesses_with_declaring_class=false
-+sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
-+sp_cleanup.remove_private_constructors=true
-+sp_cleanup.remove_trailing_whitespaces=true
-+sp_cleanup.remove_trailing_whitespaces_all=true
-+sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
-+sp_cleanup.remove_unnecessary_casts=true
-+sp_cleanup.remove_unnecessary_nls_tags=false
-+sp_cleanup.remove_unused_imports=true
-+sp_cleanup.remove_unused_local_variables=false
-+sp_cleanup.remove_unused_private_fields=true
-+sp_cleanup.remove_unused_private_members=false
-+sp_cleanup.remove_unused_private_methods=true
-+sp_cleanup.remove_unused_private_types=true
-+sp_cleanup.sort_members=false
-+sp_cleanup.sort_members_all=false
-+sp_cleanup.use_blocks=false
-+sp_cleanup.use_blocks_only_for_return_and_throw=false
-+sp_cleanup.use_parentheses_in_expressions=false
-+sp_cleanup.use_this_for_non_static_field_access=false
-+sp_cleanup.use_this_for_non_static_field_access_only_if_necessary=true
-+sp_cleanup.use_this_for_non_static_method_access=false
-+sp_cleanup.use_this_for_non_static_method_access_only_if_necessary=true
diff --git a/SOURCES/tomcatjss-nuxwdog-support.patch b/SOURCES/tomcatjss-nuxwdog-support.patch
deleted file mode 100644
index 32dfec4..0000000
--- a/SOURCES/tomcatjss-nuxwdog-support.patch
+++ /dev/null
@@ -1,591 +0,0 @@
-Index: src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 294)
-+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java (revision 297)
-@@ -12,7 +12,7 @@
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- *
-+ *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-@@ -29,6 +29,7 @@
- import java.net.ServerSocket;
- import java.net.Socket;
- import java.net.SocketException;
-+import java.security.GeneralSecurityException;
- import java.text.SimpleDateFormat;
- import java.util.Date;
- import java.util.Enumeration;
-@@ -39,13 +40,20 @@
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.TrustManager;
-
-+import org.apache.commons.lang.StringUtils;
- // Imports required to "implement" Tomcat 7 Interface
- import org.apache.tomcat.util.net.AbstractEndpoint;
-+import org.mozilla.jss.CertDatabaseException;
- import org.mozilla.jss.CryptoManager;
-+import org.mozilla.jss.CryptoManager.NotInitializedException;
-+import org.mozilla.jss.KeyDatabaseException;
-+import org.mozilla.jss.NoSuchTokenException;
- import org.mozilla.jss.crypto.AlreadyInitializedException;
- import org.mozilla.jss.crypto.CryptoToken;
-+import org.mozilla.jss.crypto.TokenException;
- import org.mozilla.jss.ssl.SSLServerSocket;
- import org.mozilla.jss.ssl.SSLSocket;
-+import org.mozilla.jss.util.IncorrectPasswordException;
- import org.mozilla.jss.util.Password;
-
- public class JSSSocketFactory implements
-@@ -322,6 +330,7 @@
- boolean debug = false;
- private IPasswordStore mPasswordStore = null;
- private boolean mStrictCiphers = false;
-+ private static final int MAX_PW_ATTEMPTS = 3;
-
- public JSSSocketFactory(AbstractEndpoint endpoint) {
- this.endpoint = endpoint;
-@@ -336,8 +345,8 @@
- }
-
- public void setSSLCiphers(String attr) throws SocketException, IOException {
-- String ciphers = (String) endpoint.getAttribute(attr);
-- if (ciphers == null || ciphers.equals("")) {
-+ String ciphers = getEndpointAttribute(attr);
-+ if (StringUtils.isEmpty(ciphers)) {
- debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
- return;
- }
-@@ -409,7 +418,11 @@
- * parameter is ignored.
- */
- public void setSSLOptions() throws SocketException, IOException {
-- String options = (String) endpoint.getAttribute("sslOptions");
-+ String options = getEndpointAttribute("sslOptions");
-+ if (StringUtils.isEmpty(options)) {
-+ debugWrite("no sslOptions specified");
-+ return;
-+ }
- StringTokenizer st = new StringTokenizer(options, ",");
- while (st.hasMoreTokens()) {
- String option = st.nextToken();
-@@ -460,10 +473,10 @@
- /*
- * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
- * replaces the obsolete SSL_Option* API
-- *
-+ *
- * @param protoVariant indicates whether this setting is for type "stream"
- * or "datagram"
-- *
-+ *
- * @param sslVersionRange_s takes on the form of "min:max" where min/max
- * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
- * tomcatjss via this interface The format is "sslVersionRange=min:max"
-@@ -516,105 +529,54 @@
- return -1;
- }
-
-- void init() throws IOException {
-+ String getEndpointAttribute(String tag) {
- try {
-- String deb = (String) endpoint.getAttribute("debug");
-- if (deb.equals("true")) {
-- debug = true;
-- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
-- debugWrite("JSSSocketFactory init - debug is on\n");
-- }
-+ return (String) endpoint.getAttribute(tag);
- } catch (Exception e) {
-- // System.out.println("no tomcatjss debugging");
-+ // old tomcat throws an exception if the parameter does not exist
- }
-+ return null;
-+ }
-
-- try {
-- try {
-- mPwdPath = (String) endpoint.getAttribute("passwordFile");
-- mPwdClass = (String) endpoint.getAttribute("passwordClass");
-- if (mPwdClass != null) {
-- mPasswordStore = (IPasswordStore) Class.forName(mPwdClass)
-- .newInstance();
-- mPasswordStore.init(mPwdPath);
-- debugWrite("JSSSocketFactory init - password reader initialized\n");
-- }
-- } catch (Exception e) {
-- debugWrite("JSSSocketFactory init - Exception caught: "
-- + e.toString() + "\n");
-- if (debugFile != null)
-- debugFile.close();
-- throw new IOException(
-- "JSSSocketFactory: no passwordFilePath defined");
-- }
-+ String getEndpointAttribute(String tag, String defaultValue) {
-+ String value = getEndpointAttribute(tag);
-+ if (value == null) {
-+ return defaultValue;
-+ }
-+ return value;
-+ }
-
-- String certDir = (String) endpoint.getAttribute("certdbDir");
-+ void init() throws IOException {
-+ // debug enabled?
-+ String deb = getEndpointAttribute("debug");
-+ if (StringUtils.equals(deb, "true")) {
-+ debug = true;
-+ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
-+ debugWrite("JSSSocketFactory init - debug is on\n");
-+ }
-
-- CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
-- certDir, "", "", "secmod.db");
-+ try {
-+ initializePasswordStore();
-
-- vals.removeSunProvider = false;
-- vals.installJSSProvider = true;
-- try {
-- CryptoManager.initialize(vals);
-- } catch (AlreadyInitializedException ee) {
-- // do nothing
-- }
-- CryptoManager manager = CryptoManager.getInstance();
-+ CryptoManager manager = getCryptoManager();
-
- // JSSSocketFactory init - handle crypto tokens
- debugWrite("JSSSocketFactory init - about to handle crypto unit logins\n");
-
-- if (mPasswordStore != null) {
-- Enumeration en = mPasswordStore.getTags();
-- while (en.hasMoreElements()) {
-- String pwd = "";
-- Password pw = null;
-- String tokenName = "";
-- String st = (String) en.nextElement();
-- debugWrite("JSSSocketFactory init - tag name=" + st + "\n");
-- pwd = mPasswordStore.getPassword(st);
-+ //log into tokens
-+ Enumeration tags = mPasswordStore.getTags();
-+ while (tags.hasMoreElements()) {
-+ String tag = tags.nextElement();
-+ if (tag.equals("internal") || (tag.startsWith("hardware-"))) {
-+ debugWrite("JSSSocketFactory init - tag name=" + tag + "\n");
-+ logIntoToken(manager, tag);
-+ }
-+ }
-+ debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
-
-- if (pwd != null) {
-- debugWrite("JSSSocketFactory init - got password\n");
-- pw = new Password(pwd.toCharArray());
-- } else {
-- debugWrite("JSSSocketFactory init - no pwd found in password.conf\n");
-- continue;
-- }
--
-- CryptoToken token = null;
-- if (st.equals("internal")) {
-- debugWrite("JSSSocketFactory init - got internal software token\n");
-- token = manager.getInternalKeyStorageToken();
-- } else if (st.startsWith("hardware-")) {
-- debugWrite("JSSSocketFactory init - got hardware\n");
--
-- tokenName = st.substring(9);
-- debugWrite("JSSSocketFactory init - tokenName="
-- + tokenName + "\n");
--
-- // find the hsm and log in
-- token = manager.getTokenByName(tokenName);
-- } else {
-- // non-token entries
-- }
-- if (token != null) {
-- if (!token.isLoggedIn()) {
-- debugWrite("JSSSocketFactory init -not logged in...about to log in\n");
-- token.login(pw);
-- } else {
-- debugWrite("JSSSocketFactory init - already logged in\n");
-- }
-- }
-- } // while
-- debugWrite("JSSSocketFactory init - tokens initialized/logged in\n");
-- } else {
-- debugWrite("JSSSocketFactory init - no login done\n");
-- } // mPasswordStore not null
--
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
-- String clientAuthStr = (String) endpoint.getAttribute("clientauth");
-+ String clientAuthStr = getEndpointAttribute("clientauth");
- if (clientAuthStr == null) {
- debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
- clientAuthStr = "want";
-@@ -621,8 +583,10 @@
- }
- File file = null;
- try {
-- mServerCertNickPath = (String) endpoint
-- .getAttribute("serverCertNickFile");
-+ mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
-+ if (mServerCertNickPath == null) {
-+ throw new IOException("serverCertNickFile not specified");
-+ }
- debugWrite("JSSSocketFactory init - got serverCertNickFile"
- + mServerCertNickPath + "\n");
- file = new File(mServerCertNickPath);
-@@ -651,13 +615,11 @@
- } catch (Exception e) {
- debugWrite("JSSSocketFactory init - Exception caught: "
- + e.toString() + "\n");
-- if (debugFile != null)
-- debugFile.close();
- throw new IOException(
- "JSSSocketFactory: no serverCertNickFile defined");
- }
-
-- // serverCertNick = (String)endpoint.getAttribute("serverCert");
-+ // serverCertNick = (String)getEndpointAttribute("serverCert");
- if (clientAuthStr.equalsIgnoreCase("true")
- || clientAuthStr.equalsIgnoreCase("yes")) {
- requireClientAuth = true;
-@@ -671,10 +633,9 @@
- && ocspConfigured == false) {
- debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
- boolean enableOCSP = false;
-- String doOCSP = (String) endpoint.getAttribute("enableOCSP");
-+ String doOCSP = getEndpointAttribute("enableOCSP");
-
-- debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP
-- + " \n");
-+ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
-
- if (doOCSP != null && doOCSP.equalsIgnoreCase("true")) {
- enableOCSP = true;
-@@ -684,17 +645,15 @@
- + "\n");
-
- if (enableOCSP == true) {
-- String ocspResponderURL = (String) endpoint
-- .getAttribute("ocspResponderURL");
-+ String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
- debugWrite("JSSSocketFactory init - ocspResponderURL "
- + ocspResponderURL + "\n");
-- String ocspResponderCertNickname = (String) endpoint
-- .getAttribute("ocspResponderCertNickname");
-+ String ocspResponderCertNickname = getEndpointAttribute(
-+ "ocspResponderCertNickname");
- debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
- + ocspResponderCertNickname + "\n");
-- if ((ocspResponderURL != null && ocspResponderURL.length() > 0)
-- && (ocspResponderCertNickname != null && ocspResponderCertNickname
-- .length() > 0)) {
-+ if (StringUtils.isNotEmpty(ocspResponderURL) &&
-+ StringUtils.isNotEmpty(ocspResponderCertNickname)) {
-
- ocspConfigured = true;
- try {
-@@ -704,12 +663,9 @@
- int ocspMinCacheEntryDuration_i = 3600;
- int ocspMaxCacheEntryDuration_i = 86400;
-
-- String ocspCacheSize = (String) endpoint
-- .getAttribute("ocspCacheSize");
-- String ocspMinCacheEntryDuration = (String) endpoint
-- .getAttribute("ocspMinCacheEntryDuration");
-- String ocspMaxCacheEntryDuration = (String) endpoint
-- .getAttribute("ocspMaxCacheEntryDuration");
-+ String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
-+ String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
-+ String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
-
- if (ocspCacheSize != null
- || ocspMinCacheEntryDuration != null
-@@ -718,20 +674,17 @@
- if (ocspCacheSize != null) {
- debugWrite("JSSSocketFactory init - ocspCacheSize= "
- + ocspCacheSize + "\n");
-- ocspCacheSize_i = Integer
-- .parseInt(ocspCacheSize);
-+ ocspCacheSize_i = Integer.parseInt(ocspCacheSize);
- }
- if (ocspMinCacheEntryDuration != null) {
- debugWrite("JSSSocketFactory init - ocspMinCacheEntryDuration= "
- + ocspMinCacheEntryDuration + "\n");
-- ocspMinCacheEntryDuration_i = Integer
-- .parseInt(ocspMinCacheEntryDuration);
-+ ocspMinCacheEntryDuration_i = Integer.parseInt(ocspMinCacheEntryDuration);
- }
- if (ocspMaxCacheEntryDuration != null) {
- debugWrite("JSSSocketFactory init - ocspMaxCacheEntryDuration= "
- + ocspMaxCacheEntryDuration + "\n");
-- ocspMaxCacheEntryDuration_i = Integer
-- .parseInt(ocspMaxCacheEntryDuration);
-+ ocspMaxCacheEntryDuration_i = Integer.parseInt(ocspMaxCacheEntryDuration);
- }
- manager.OCSPCacheSettings(ocspCacheSize_i,
- ocspMinCacheEntryDuration_i,
-@@ -739,18 +692,14 @@
- }
-
- // defualt to 60 seconds;
-- String ocspTimeout = (String) endpoint
-- .getAttribute("ocspTimeout");
-+ String ocspTimeout = getEndpointAttribute("ocspTimeout");
- if (ocspTimeout != null) {
-- debugWrite("JSSSocketFactory init - ocspTimeout= \n"
-- + ocspTimeout);
-- int ocspTimeout_i = Integer
-- .parseInt(ocspTimeout);
-+ debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
-+ int ocspTimeout_i = Integer.parseInt(ocspTimeout);
- if (ocspTimeout_i < 0)
- ocspTimeout_i = 60;
- manager.setOCSPTimeout(ocspTimeout_i);
- }
--
- } catch (java.security.GeneralSecurityException e) {
- ocspConfigured = false;
- debugWrite("JSSSocketFactory init - error initializing OCSP e: "
-@@ -774,10 +723,9 @@
- // 12 hours = 43200 seconds
- SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
-
-- String strictCiphersStr = (String) endpoint
-- .getAttribute("strictCiphers");
-- if (strictCiphersStr.equalsIgnoreCase("true")
-- || strictCiphersStr.equalsIgnoreCase("yes")) {
-+ String strictCiphersStr = getEndpointAttribute("strictCiphers");
-+ if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
-+ || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
- mStrictCiphers = true;
- }
- if (mStrictCiphers == true) {
-@@ -788,8 +736,7 @@
- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
- }
-
-- String sslVersionRangeStream = (String) endpoint
-- .getAttribute("sslVersionRangeStream");
-+ String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
- if ((sslVersionRangeStream != null)
- && !sslVersionRangeStream.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
-@@ -799,8 +746,7 @@
- debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
- }
-
-- String sslVersionRangeDatagram = (String) endpoint
-- .getAttribute("sslVersionRangeDatagram");
-+ String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
- if ((sslVersionRangeDatagram != null)
- && !sslVersionRangeDatagram.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
-@@ -838,8 +784,6 @@
- + ex.toString() + "\n");
- System.err.println("JSSSocketFactory init - exception thrown:"
- + ex.toString() + "\n");
-- if (debugFile != null)
-- debugFile.close();
- // The idea is, if admin take the trouble to configure the
- // ocsp cache, and made a mistake, we want to make server
- // unavailable until they get it right
-@@ -846,11 +790,109 @@
- if ((ex instanceof java.security.GeneralSecurityException)
- || (ex instanceof java.lang.NumberFormatException))
- throw new IOException(ex.toString());
-+ } finally {
-+ if (debugFile != null)
-+ debugFile.close();
- }
-- if (debugFile != null)
-- debugFile.close();
- }
-
-+ private CryptoToken getToken(String tag, CryptoManager manager) throws IOException, NoSuchTokenException {
-+ CryptoToken token = null;
-+ if (tag.equals("internal")) {
-+ debugWrite("JSSSocketFactory init - got internal software token\n");
-+ token = manager.getInternalKeyStorageToken();
-+ } else if (tag.startsWith("hardware-")) {
-+ debugWrite("JSSSocketFactory init - got hardware\n");
-+
-+ String tokenName = tag.substring(9);
-+ debugWrite("JSSSocketFactory init - tokenName=" + tokenName + "\n");
-+
-+ // find the hsm and log in
-+ token = manager.getTokenByName(tokenName);
-+ } else {
-+ // non-token password entry
-+ }
-+ return token;
-+ }
-+
-+ private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
-+ ClassNotFoundException, IOException {
-+ mPwdClass = getEndpointAttribute("passwordClass");
-+ if (mPwdClass == null) {
-+ throw new IOException("Misconfiguration: passwordClass is not defined");
-+ }
-+ mPwdPath = getEndpointAttribute("passwordFile");
-+
-+ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
-+ debugWrite("JSSSocketFactory init - password reader initialized\n");
-+
-+ // initialize the password store
-+ mPasswordStore.init(mPwdPath);
-+ }
-+
-+ private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
-+ GeneralSecurityException, NotInitializedException, IOException {
-+ String certDir = getEndpointAttribute("certdbDir");
-+ if (certDir == null) {
-+ throw new IOException("Misconfiguration: certdir not defined");
-+ }
-+ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
-+ certDir, "", "", "secmod.db");
-+
-+ vals.removeSunProvider = false;
-+ vals.installJSSProvider = true;
-+ try {
-+ CryptoManager.initialize(vals);
-+ } catch (AlreadyInitializedException ee) {
-+ // do nothing
-+ }
-+ CryptoManager manager = CryptoManager.getInstance();
-+ return manager;
-+ }
-+
-+ private void logIntoToken(CryptoManager manager, String tag) throws IOException,
-+ TokenException {
-+ String pwd;
-+ Password pw = null;
-+ int iteration = 0;
-+
-+ CryptoToken token = null;
-+ try {
-+ token = getToken(tag, manager);
-+ } catch (NoSuchTokenException e) {
-+ debugWrite("token for " + tag + " not found by CryptoManager. Not logging in.");
-+ return;
-+ }
-+
-+ do {
-+ debugWrite("JSSSocketFactory init - iteration=" + iteration + "\n");
-+ pwd = mPasswordStore.getPassword(tag, iteration);
-+ if (pwd == null) {
-+ debugWrite("JSSSocketFactory init - no pwd gotten\n");
-+ return;
-+ }
-+
-+ pw = new Password(pwd.toCharArray());
-+
-+ if (!token.isLoggedIn()) {
-+ debugWrite("JSSSocketFactory init -not logged in...about to log in\n");
-+ try {
-+ token.login(pw);
-+ break;
-+ } catch (IncorrectPasswordException e) {
-+ debugWrite("Incorrect password received");
-+ iteration ++;
-+ if (iteration == MAX_PW_ATTEMPTS) {
-+ debugWrite("Failed to log into token:" + tag);
-+ }
-+ }
-+ } else {
-+ debugWrite("JSSSocketFactory init - already logged in\n");
-+ break;
-+ }
-+ } while (iteration < MAX_PW_ATTEMPTS);
-+ }
-+
- public Socket acceptSocket(ServerSocket socket) throws IOException {
- SSLSocket asock = null;
- try {
-@@ -892,10 +934,9 @@
- if (!initialized)
- init();
- SSLServerSocket socket = null;
-- socket = (SSLServerSocket) (new SSLServerSocket(port, backlog,
-- ifAddress, null, reuseAddr));
-+ socket = new SSLServerSocket(port, backlog, ifAddress, null, reuseAddr);
- initializeSocket(socket);
-- return (ServerSocket) socket;
-+ return socket;
- }
-
- private void initializeSocket(SSLServerSocket s) {
-Index: src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 294)
-+++ src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java (revision 297)
-@@ -12,7 +12,7 @@
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- *
-+ *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-@@ -43,9 +43,13 @@
- }
-
- public String getPassword(String tag) {
-- return (String) mPwdStore.getProperty(tag);
-+ return getPassword(tag, 0);
- }
-
-+ public String getPassword(String tag, int iteration) {
-+ return mPwdStore.getProperty(tag);
-+ }
-+
- // return an array of String-based tag
- @SuppressWarnings("unchecked")
- public Enumeration getTags() {
-Index: src/org/apache/tomcat/util/net/jss/IPasswordStore.java
-===================================================================
---- src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 294)
-+++ src/org/apache/tomcat/util/net/jss/IPasswordStore.java (revision 297)
-@@ -12,7 +12,7 @@
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- *
-+ *
- * Copyright (C) 2007 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK */
-@@ -25,6 +25,8 @@
- public interface IPasswordStore {
- public void init(String pwdPath) throws IOException;
-
-+ public String getPassword(String tag, int iteration);
-+
- public String getPassword(String tag);
-
- public Enumeration getTags();
-Index: build.xml
-===================================================================
---- build.xml (revision 294)
-+++ build.xml (revision 297)
-@@ -104,6 +104,7 @@
-
-
-
-+
-
-