JBossWeb SVN: r2470 - branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-30 10:14:27 -0400 (Mon, 30 Jun 2014)
New Revision: 2470
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for BZ1078204: OpenSSL allows a wide variety of separators. Submitted by Radim Hatlapatka.
Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-30 14:12:36 UTC (rev 2469)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-30 14:14:27 UTC (rev 2470)
@@ -47,7 +47,7 @@
private static boolean initialized = false;
- private static final String SEPARATOR = ":";
+ private static final String SEPARATOR = ":|,| ";
/**
* If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list
* even if they are explicitly stated.
10 years, 5 months
JBossWeb SVN: r2469 - in branches: 7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-30 10:12:36 -0400 (Mon, 30 Jun 2014)
New Revision: 2469
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for BZ1078204: Use of + would empty the ciphers list. Submitted by Kabir Khan.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-27 12:11:05 UTC (rev 2468)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-30 14:12:36 UTC (rev 2469)
@@ -630,7 +630,7 @@
} else if (element.contains(AND)) {
String[] intersections = element.split("\\" + AND);
if(intersections.length > 0) {
- List<Ciphers> result = aliases.get(intersections[0]);
+ List<Ciphers> result = new ArrayList<Ciphers>(aliases.get(intersections[0]));
for(int i = 1; i < intersections.length; i++) {
if(aliases.containsKey(intersections[i])) {
result.retainAll(aliases.get(intersections[i]));
Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-27 12:11:05 UTC (rev 2468)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-30 14:12:36 UTC (rev 2469)
@@ -30,6 +30,7 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+
import org.apache.tomcat.util.net.jsse.JSSELogger;
/**
@@ -630,7 +631,7 @@
} else if (element.contains(AND)) {
String[] intersections = element.split("\\" + AND);
if(intersections.length > 0) {
- List<Ciphers> result = aliases.get(intersections[0]);
+ List<Ciphers> result = new ArrayList<Ciphers>(aliases.get(intersections[0]));
for(int i = 1; i < intersections.length; i++) {
if(aliases.containsKey(intersections[i])) {
result.retainAll(aliases.get(intersections[i]));
10 years, 5 months
JBossWeb SVN: r2468 - branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-27 08:11:05 -0400 (Fri, 27 Jun 2014)
New Revision: 2468
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for 1078204: Fix issues with '+', submitted by Emmanuel Hugonnet.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-27 10:25:14 UTC (rev 2467)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-27 12:11:05 UTC (rev 2468)
@@ -62,6 +62,12 @@
* matching existing ones.
*/
private static final String TO_END = "+";
+ /**
+ * Lists of cipher suites can be combined in a single cipher string using the + character.
+ * This is used as a logical and operation.
+ * For example SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms.
+ */
+ private static final String AND = "+";
/**
* All ciphers by their openssl alias name.
*/
@@ -466,8 +472,10 @@
}
static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final Collection<Ciphers> toBeMovedCiphers) {
- ciphers.removeAll(toBeMovedCiphers);
- ciphers.addAll(toBeMovedCiphers);
+ List<Ciphers> movedCiphers = new ArrayList<Ciphers>(toBeMovedCiphers);
+ movedCiphers.retainAll(ciphers);
+ ciphers.removeAll(movedCiphers);
+ ciphers.addAll(movedCiphers);
}
static void add(final LinkedHashSet<Ciphers> ciphers, final String alias) {
@@ -619,6 +627,17 @@
break;
} else if (aliases.containsKey(element)) {
add(ciphers, element);
+ } else if (element.contains(AND)) {
+ String[] intersections = element.split("\\" + AND);
+ if(intersections.length > 0) {
+ List<Ciphers> result = aliases.get(intersections[0]);
+ for(int i = 1; i < intersections.length; i++) {
+ if(aliases.containsKey(intersections[i])) {
+ result.retainAll(aliases.get(intersections[i]));
+ }
+ }
+ ciphers.addAll(result);
+ }
}
}
ciphers.removeAll(removedCiphers);
10 years, 6 months
JBossWeb SVN: r2467 - branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-27 06:25:14 -0400 (Fri, 27 Jun 2014)
New Revision: 2467
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for 1078204: Fix issues with '+', submitted by Emmanuel Hugonnet.
Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-25 15:31:11 UTC (rev 2466)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-27 10:25:14 UTC (rev 2467)
@@ -62,6 +62,12 @@
* matching existing ones.
*/
private static final String TO_END = "+";
+ /**
+ * Lists of cipher suites can be combined in a single cipher string using the + character.
+ * This is used as a logical and operation.
+ * For example SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms.
+ */
+ private static final String AND = "+";
/**
* All ciphers by their openssl alias name.
*/
@@ -466,8 +472,10 @@
}
static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final Collection<Ciphers> toBeMovedCiphers) {
- ciphers.removeAll(toBeMovedCiphers);
- ciphers.addAll(toBeMovedCiphers);
+ List<Ciphers> movedCiphers = new ArrayList<Ciphers>(toBeMovedCiphers);
+ movedCiphers.retainAll(ciphers);
+ ciphers.removeAll(movedCiphers);
+ ciphers.addAll(movedCiphers);
}
static void add(final LinkedHashSet<Ciphers> ciphers, final String alias) {
@@ -619,6 +627,17 @@
break;
} else if (aliases.containsKey(element)) {
add(ciphers, element);
+ } else if (element.contains(AND)) {
+ String[] intersections = element.split("\\" + AND);
+ if(intersections.length > 0) {
+ List<Ciphers> result = aliases.get(intersections[0]);
+ for(int i = 1; i < intersections.length; i++) {
+ if(aliases.containsKey(intersections[i])) {
+ result.retainAll(aliases.get(intersections[i]));
+ }
+ }
+ ciphers.addAll(result);
+ }
}
}
ciphers.removeAll(removedCiphers);
10 years, 6 months
JBossWeb SVN: r2466 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-25 11:31:11 -0400 (Wed, 25 Jun 2014)
New Revision: 2466
Added:
tags/JBOSSWEB_7_4_8_FINAL/
Log:
New 7.4.8 web build.
10 years, 6 months
JBossWeb SVN: r2465 - branches/7.4.x.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-25 11:29:59 -0400 (Wed, 25 Jun 2014)
New Revision: 2465
Modified:
branches/7.4.x/pom.xml
Log:
New 7.4.8 web build.
Modified: branches/7.4.x/pom.xml
===================================================================
--- branches/7.4.x/pom.xml 2014-06-25 09:39:29 UTC (rev 2464)
+++ branches/7.4.x/pom.xml 2014-06-25 15:29:59 UTC (rev 2465)
@@ -33,7 +33,7 @@
<groupId>org.jboss.web</groupId>
<artifactId>jbossweb</artifactId>
- <version>7.4.7.Final</version>
+ <version>7.4.8.Final</version>
<name>JBoss Web</name>
<description>Servlet 3.0 container</description>
10 years, 6 months
JBossWeb SVN: r2464 - in branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse: openssl and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-25 05:39:29 -0400 (Wed, 25 Jun 2014)
New Revision: 2464
Added:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for 1078204: Add missing aliases and some debug, submitted by Emmanuel Hugonnet.
Added: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java (rev 0)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2014 Red Hat, inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+package org.apache.tomcat.util.net.jsse;
+
+import org.jboss.logging.BasicLogger;
+import org.jboss.logging.LogMessage;
+import org.jboss.logging.Logger;
+import org.jboss.logging.Message;
+import org.jboss.logging.MessageLogger;
+
+import static org.jboss.logging.Logger.Level.DEBUG;
+import static org.jboss.logging.Logger.Level.WARN;
+
+/**
+ * Logging IDs 9000-9500
+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc.
+ */
+@MessageLogger(projectCode = "JBWEB")
+public interface JSSELogger extends BasicLogger {
+ /**
+ * A logger with the category of the package name.
+ */
+ JSSELogger ROOT_LOGGER = Logger.getMessageLogger(JSSELogger.class, "org.apache.tomcat.util.net.jsse");
+
+
+ @LogMessage(level = DEBUG)
+ @Message(id = 9000, value = "List of enabled ciphers: %s")
+ void logEnabledCiphers(final String ciphers);
+
+ @LogMessage(level = DEBUG)
+ @Message(id = 9001, value = "List of cipher suites that my be used: %s")
+ void logUseableCiphers(final String ciphers);
+
+ @LogMessage(level = WARN)
+ @Message(id = 9002, value = "Unknown element: %s")
+ void warnUnknowElement(final String alias);
+}
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java 2014-06-25 09:38:56 UTC (rev 2463)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -52,7 +52,14 @@
}
}
}
+ if (!result.isEmpty()) {
+ StringBuilder builder = new StringBuilder(result.size() * 16);
+ for (String cipher : result) {
+ builder.append(cipher);
+ builder.append(",");
+ }
+ JSSELogger.ROOT_LOGGER.logUseableCiphers(builder.toString().substring(0, builder.length() - 1));
+ }
return result.toArray(new String[result.size()]);
}
-
}
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-25 09:38:56 UTC (rev 2463)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -30,10 +30,11 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.jboss.web.CoyoteLogger;
+import org.apache.tomcat.util.net.jsse.JSSELogger;
/**
* Class in charge with parsing openSSL expressions to define a list of ciphers.
+ *
* @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc.
*/
public class OpenSSLCipherConfigurationParser {
@@ -120,10 +121,18 @@
*/
private static final String kEDH = "kEDH";
/**
+ * Cipher suites using ephemeral DH key agreement.
+ */
+ private static final String kDHE = "kDHE";
+ /**
* Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH
*/
private static final String EDH = "EDH";
/**
+ * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH
+ */
+ private static final String DHE = "DHE";
+ /**
* Cipher suites using DH key agreement and DH certificates signed by CAs with RSA keys.
*/
private static final String kDHr = "kDHr";
@@ -136,6 +145,42 @@
*/
private static final String kDH = "kDH";
/**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA keys.
+ */
+ private static final String kECDHr = "kECDHr";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys.
+ */
+ private static final String kECDHe = "kECDHe";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA keys or either respectively.
+ */
+ private static final String kECDH = "kECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.
+ */
+ private static final String kEECDH = "kEECDH";
+ /**
+ * Cipher suitesusing ECDH key exchange, including anonymous, ephemeral and fixed ECDH.
+ */
+ private static final String ECDH = "ECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.
+ */
+ private static final String kECDHE = "kECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String ECDHE = "ECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String EECDHE = "EECDHE";
+ /**
+ * Anonymous Elliptic Curve Diffie Hellman cipher suites.
+ */
+ private static final String AECDH = "AECDH";
+ /**
* Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
*/
private static final String aDSS = "aDSS";
@@ -144,6 +189,18 @@
*/
private static final String aDH = "aDH";
/**
+ * Cipher suites effectively using ECDH authentication, i.e. the certificates carry ECDH keys.
+ */
+ private static final String aECDH = "aECDH";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys.
+ */
+ private static final String aECDSA = "aECDSA";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys.
+ */
+ private static final String ECDSA = "ECDSA";
+ /**
* Ciphers suites using FORTEZZA key exchange algorithms.
*/
private static final String kFZA = "kFZA";
@@ -327,15 +384,32 @@
addListAlias(aRSA, filterByAuthentication(all, Collections.singleton(Authentication.RSA)));
addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA), Collections.singleton(Authentication.RSA), null, null, null));
addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)));
+ addListAlias(kDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)));
Set<Ciphers> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH));
edh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.DH)));
addListAlias(EDH, edh);
+ addListAlias(DHE, edh);
addListAlias(kDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHr)));
addListAlias(kDHd, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHd)));
addListAlias(kDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
+
+ addListAlias(kECDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHr)));
+ addListAlias(kECDHe, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+ aliases.put(ECDH, aliases.get(kECDH));
+ addListAlias(kECDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe)));
+ aliases.put(ECDHE, aliases.get(kECDHE));
+ addListAlias(kEECDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EECDH)));
+ aliases.put(EECDHE, aliases.get(kEECDH));
addListAlias(aDSS, filterByAuthentication(all, Collections.singleton(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
addListAlias(aDH, filterByAuthentication(all, Collections.singleton(Authentication.DH)));
+ Set<Ciphers> aecdh = filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
+ aecdh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL)));
+ addListAlias(AECDH, aecdh);
+ addListAlias(aECDH, filterByAuthentication(all, Collections.singleton(Authentication.ECDH)));
+ addListAlias(ECDSA, filterByAuthentication(all, Collections.singleton(Authentication.ECDSA)));
+ aliases.put(aECDSA, aliases.get(ECDSA));
addListAlias(kFZA, filterByKeyExchange(all, Collections.singleton(KeyExchange.FZA)));
addListAlias(aFZA, filterByAuthentication(all, Collections.singleton(Authentication.FZA)));
addListAlias(eFZA, filterByEncryption(all, Collections.singleton(Encryption.FZA)));
@@ -533,7 +607,7 @@
if (aliases.containsKey(alias)) {
removedCiphers.addAll(aliases.get(alias));
} else {
- CoyoteLogger.UTIL_LOGGER.warn("Unknown element " + alias);
+ JSSELogger.ROOT_LOGGER.warnUnknowElement(alias);
}
} else if (element.startsWith(TO_END)) {
String alias = element.substring(1);
@@ -556,11 +630,13 @@
for (Ciphers cipher : ciphers) {
result.add(cipher.name());
}
+ JSSELogger.ROOT_LOGGER.logEnabledCiphers(displayResult(ciphers, true, ","));
return result;
}
/**
* Parse the specified expression according to the OpenSSL syntax and returns a list of standard cipher names.
+ *
* @param expression: the openssl expression to define a list of cipher.
* @return the corresponding list of ciphers.
*/
@@ -568,13 +644,17 @@
return convertForJSSE(parse(expression));
}
- static String displayResult(Set<Ciphers> ciphers, String separator) {
+ static String displayResult(Collection<Ciphers> ciphers, boolean useJSSEFormat, String separator) {
if (ciphers.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder(ciphers.size() * 16);
for (Ciphers cipher : ciphers) {
- builder.append(cipher.getOpenSSLAlias());
+ if (useJSSEFormat) {
+ builder.append(cipher.name());
+ } else {
+ builder.append(cipher.getOpenSSLAlias());
+ }
builder.append(separator);
}
return builder.toString().substring(0, builder.length() - 1);
10 years, 6 months
JBossWeb SVN: r2463 - in branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse: openssl and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-25 05:38:56 -0400 (Wed, 25 Jun 2014)
New Revision: 2463
Added:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Log:
More for 1078204: Add missing aliases and some debug, submitted by Emmanuel Hugonnet.
Added: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java (rev 0)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java 2014-06-25 09:38:56 UTC (rev 2463)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2014 Red Hat, inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+package org.apache.tomcat.util.net.jsse;
+
+import org.jboss.logging.BasicLogger;
+import org.jboss.logging.LogMessage;
+import org.jboss.logging.Logger;
+import org.jboss.logging.Message;
+import org.jboss.logging.MessageLogger;
+
+import static org.jboss.logging.Logger.Level.DEBUG;
+import static org.jboss.logging.Logger.Level.WARN;
+
+/**
+ * Logging IDs 9000-9500
+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc.
+ */
+@MessageLogger(projectCode = "JBWEB")
+public interface JSSELogger extends BasicLogger {
+ /**
+ * A logger with the category of the package name.
+ */
+ JSSELogger ROOT_LOGGER = Logger.getMessageLogger(JSSELogger.class, "org.apache.tomcat.util.net.jsse");
+
+
+ @LogMessage(level = DEBUG)
+ @Message(id = 9000, value = "List of enabled ciphers: %s")
+ void logEnabledCiphers(final String ciphers);
+
+ @LogMessage(level = DEBUG)
+ @Message(id = 9001, value = "List of cipher suites that my be used: %s")
+ void logUseableCiphers(final String ciphers);
+
+ @LogMessage(level = WARN)
+ @Message(id = 9002, value = "Unknown element: %s")
+ void warnUnknowElement(final String alias);
+}
Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java 2014-06-16 12:46:55 UTC (rev 2462)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java 2014-06-25 09:38:56 UTC (rev 2463)
@@ -52,7 +52,14 @@
}
}
}
+ if (!result.isEmpty()) {
+ StringBuilder builder = new StringBuilder(result.size() * 16);
+ for (String cipher : result) {
+ builder.append(cipher);
+ builder.append(",");
+ }
+ JSSELogger.ROOT_LOGGER.logUseableCiphers(builder.toString().substring(0, builder.length() - 1));
+ }
return result.toArray(new String[result.size()]);
}
-
}
Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-16 12:46:55 UTC (rev 2462)
+++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-06-25 09:38:56 UTC (rev 2463)
@@ -30,10 +30,11 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.jboss.web.CoyoteLogger;
+import org.apache.tomcat.util.net.jsse.JSSELogger;
/**
* Class in charge with parsing openSSL expressions to define a list of ciphers.
+ *
* @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc.
*/
public class OpenSSLCipherConfigurationParser {
@@ -120,10 +121,18 @@
*/
private static final String kEDH = "kEDH";
/**
+ * Cipher suites using ephemeral DH key agreement.
+ */
+ private static final String kDHE = "kDHE";
+ /**
* Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH
*/
private static final String EDH = "EDH";
/**
+ * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH
+ */
+ private static final String DHE = "DHE";
+ /**
* Cipher suites using DH key agreement and DH certificates signed by CAs with RSA keys.
*/
private static final String kDHr = "kDHr";
@@ -136,6 +145,42 @@
*/
private static final String kDH = "kDH";
/**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA keys.
+ */
+ private static final String kECDHr = "kECDHr";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys.
+ */
+ private static final String kECDHe = "kECDHe";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA keys or either respectively.
+ */
+ private static final String kECDH = "kECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.
+ */
+ private static final String kEECDH = "kEECDH";
+ /**
+ * Cipher suitesusing ECDH key exchange, including anonymous, ephemeral and fixed ECDH.
+ */
+ private static final String ECDH = "ECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.
+ */
+ private static final String kECDHE = "kECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String ECDHE = "ECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String EECDHE = "EECDHE";
+ /**
+ * Anonymous Elliptic Curve Diffie Hellman cipher suites.
+ */
+ private static final String AECDH = "AECDH";
+ /**
* Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
*/
private static final String aDSS = "aDSS";
@@ -144,6 +189,18 @@
*/
private static final String aDH = "aDH";
/**
+ * Cipher suites effectively using ECDH authentication, i.e. the certificates carry ECDH keys.
+ */
+ private static final String aECDH = "aECDH";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys.
+ */
+ private static final String aECDSA = "aECDSA";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys.
+ */
+ private static final String ECDSA = "ECDSA";
+ /**
* Ciphers suites using FORTEZZA key exchange algorithms.
*/
private static final String kFZA = "kFZA";
@@ -327,15 +384,32 @@
addListAlias(aRSA, filterByAuthentication(all, Collections.singleton(Authentication.RSA)));
addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA), Collections.singleton(Authentication.RSA), null, null, null));
addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)));
+ addListAlias(kDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)));
Set<Ciphers> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH));
edh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.DH)));
addListAlias(EDH, edh);
+ addListAlias(DHE, edh);
addListAlias(kDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHr)));
addListAlias(kDHd, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHd)));
addListAlias(kDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
+
+ addListAlias(kECDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHr)));
+ addListAlias(kECDHe, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+ aliases.put(ECDH, aliases.get(kECDH));
+ addListAlias(kECDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe)));
+ aliases.put(ECDHE, aliases.get(kECDHE));
+ addListAlias(kEECDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EECDH)));
+ aliases.put(EECDHE, aliases.get(kEECDH));
addListAlias(aDSS, filterByAuthentication(all, Collections.singleton(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
addListAlias(aDH, filterByAuthentication(all, Collections.singleton(Authentication.DH)));
+ Set<Ciphers> aecdh = filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
+ aecdh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL)));
+ addListAlias(AECDH, aecdh);
+ addListAlias(aECDH, filterByAuthentication(all, Collections.singleton(Authentication.ECDH)));
+ addListAlias(ECDSA, filterByAuthentication(all, Collections.singleton(Authentication.ECDSA)));
+ aliases.put(aECDSA, aliases.get(ECDSA));
addListAlias(kFZA, filterByKeyExchange(all, Collections.singleton(KeyExchange.FZA)));
addListAlias(aFZA, filterByAuthentication(all, Collections.singleton(Authentication.FZA)));
addListAlias(eFZA, filterByEncryption(all, Collections.singleton(Encryption.FZA)));
@@ -533,7 +607,7 @@
if (aliases.containsKey(alias)) {
removedCiphers.addAll(aliases.get(alias));
} else {
- CoyoteLogger.UTIL_LOGGER.warn("Unknown element " + alias);
+ JSSELogger.ROOT_LOGGER.warnUnknowElement(alias);
}
} else if (element.startsWith(TO_END)) {
String alias = element.substring(1);
@@ -556,11 +630,13 @@
for (Ciphers cipher : ciphers) {
result.add(cipher.name());
}
+ JSSELogger.ROOT_LOGGER.logEnabledCiphers(displayResult(ciphers, true, ","));
return result;
}
/**
* Parse the specified expression according to the OpenSSL syntax and returns a list of standard cipher names.
+ *
* @param expression: the openssl expression to define a list of cipher.
* @return the corresponding list of ciphers.
*/
@@ -568,13 +644,17 @@
return convertForJSSE(parse(expression));
}
- static String displayResult(Set<Ciphers> ciphers, String separator) {
+ static String displayResult(Collection<Ciphers> ciphers, boolean useJSSEFormat, String separator) {
if (ciphers.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder(ciphers.size() * 16);
for (Ciphers cipher : ciphers) {
- builder.append(cipher.getOpenSSLAlias());
+ if (useJSSEFormat) {
+ builder.append(cipher.name());
+ } else {
+ builder.append(cipher.getOpenSSLAlias());
+ }
builder.append(separator);
}
return builder.toString().substring(0, builder.length() - 1);
10 years, 6 months
JBossWeb SVN: r2462 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-16 08:46:55 -0400 (Mon, 16 Jun 2014)
New Revision: 2462
Added:
tags/JBOSSWEB_7_4_7_FINAL/
Log:
10 years, 6 months
JBossWeb SVN: r2461 - branches/7.4.x.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-06-16 08:46:15 -0400 (Mon, 16 Jun 2014)
New Revision: 2461
Modified:
branches/7.4.x/pom.xml
Log:
New 7.4.7 web build.
Modified: branches/7.4.x/pom.xml
===================================================================
--- branches/7.4.x/pom.xml 2014-06-16 11:00:39 UTC (rev 2460)
+++ branches/7.4.x/pom.xml 2014-06-16 12:46:15 UTC (rev 2461)
@@ -33,7 +33,7 @@
<groupId>org.jboss.web</groupId>
<artifactId>jbossweb</artifactId>
- <version>7.4.6.Final</version>
+ <version>7.4.7.Final</version>
<name>JBoss Web</name>
<description>Servlet 3.0 container</description>
10 years, 6 months