From jbossweb-commits at lists.jboss.org Wed Jun 25 05:39:30 2014
Content-Type: multipart/mixed; boundary="===============2443555776268040345=="
MIME-Version: 1.0
From: jbossweb-commits at lists.jboss.org
To: jbossweb-commits at lists.jboss.org
Subject: [jbossweb-commits] JBossWeb SVN: r2464 - in
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse: openssl and 1
other directory.
Date: Wed, 25 Jun 2014 05:39:29 -0400
Message-ID: <201406250939.s5P9dTTb004252@svn01.web.mwc.hst.phx2.redhat.com>
--===============2443555776268040345==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Author: remy.maucherat(a)jboss.com
Date: 2014-06-25 05:39:29 -0400 (Wed, 25 Jun 2014)
New Revision: 2464
Added:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.=
java
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.j=
ava
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ope=
nSSLCipherConfigurationParser.java
Log:
More for 1078204: Add missing aliases and some debug, submitted by Emmanuel=
Hugonnet.
Added: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELog=
ger.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger=
.java (rev 0)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger=
.java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2014 Red Hat, inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+package org.apache.tomcat.util.net.jsse;
+
+import org.jboss.logging.BasicLogger;
+import org.jboss.logging.LogMessage;
+import org.jboss.logging.Logger;
+import org.jboss.logging.Message;
+import org.jboss.logging.MessageLogger;
+
+import static org.jboss.logging.Logger.Level.DEBUG;
+import static org.jboss.logging.Logger.Level.WARN;
+
+/**
+ * Logging IDs 9000-9500
+ * @author Emmanuel Hugonnet =
(c) 2014 Red Hat, inc.
+ */
+(a)MessageLogger(projectCode =3D "JBWEB")
+public interface JSSELogger extends BasicLogger {
+ /**
+ * A logger with the category of the package name.
+ */
+ JSSELogger ROOT_LOGGER =3D Logger.getMessageLogger(JSSELogger.class, "=
org.apache.tomcat.util.net.jsse");
+ =
+ =
+ @LogMessage(level =3D DEBUG)
+ @Message(id =3D 9000, value =3D "List of enabled ciphers: %s")
+ void logEnabledCiphers(final String ciphers);
+ =
+ @LogMessage(level =3D DEBUG)
+ @Message(id =3D 9001, value =3D "List of cipher suites that my be used=
: %s")
+ void logUseableCiphers(final String ciphers);
+
+ @LogMessage(level =3D WARN)
+ @Message(id =3D 9002, value =3D "Unknown element: %s")
+ void warnUnknowElement(final String alias);
+}
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSE=
Utils.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.=
java 2014-06-25 09:38:56 UTC (rev 2463)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.=
java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -52,7 +52,14 @@
}
}
}
+ if (!result.isEmpty()) {
+ StringBuilder builder =3D new StringBuilder(result.size() * 16=
);
+ for (String cipher : result) {
+ builder.append(cipher);
+ builder.append(",");
+ }
+ JSSELogger.ROOT_LOGGER.logUseableCiphers(builder.toString().su=
bstring(0, builder.length() - 1));
+ }
return result.toArray(new String[result.size()]);
}
-
}
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/open=
ssl/OpenSSLCipherConfigurationParser.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Op=
enSSLCipherConfigurationParser.java 2014-06-25 09:38:56 UTC (rev 2463)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Op=
enSSLCipherConfigurationParser.java 2014-06-25 09:39:29 UTC (rev 2464)
@@ -30,10 +30,11 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.jboss.web.CoyoteLogger;
+import org.apache.tomcat.util.net.jsse.JSSELogger;
=
/**
* Class in charge with parsing openSSL expressions to define a list of ci=
phers.
+ *
* @author Emmanuel Hugonnet =
(c) 2014 Red Hat, inc.
*/
public class OpenSSLCipherConfigurationParser {
@@ -120,10 +121,18 @@
*/
private static final String kEDH =3D "kEDH";
/**
+ * Cipher suites using ephemeral DH key agreement.
+ */
+ private static final String kDHE =3D "kDHE";
+ /**
* Cipher suites using ephemeral DH key agreement. equivalent to kEDH:=
-ADH
*/
private static final String EDH =3D "EDH";
/**
+ * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:=
-ADH
+ */
+ private static final String DHE =3D "DHE";
+ /**
* Cipher suites using DH key agreement and DH certificates signed by =
CAs with RSA keys.
*/
private static final String kDHr =3D "kDHr";
@@ -136,6 +145,42 @@
*/
private static final String kDH =3D "kDH";
/**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA=
keys.
+ */
+ private static final String kECDHr =3D "kECDHr";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with ECD=
SA keys.
+ */
+ private static final String kECDHe =3D "kECDHe";
+ /**
+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA=
and ECDSA keys or either respectively.
+ */
+ private static final String kECDH =3D "kECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymo=
us cipher suites.
+ */
+ private static final String kEECDH =3D "kEECDH";
+ /**
+ * Cipher suitesusing ECDH key exchange, including anonymous, ephemera=
l and fixed ECDH.
+ */
+ private static final String ECDH =3D "ECDH";
+ /**
+ * Cipher suites using ephemeral ECDH key agreement, including anonymo=
us cipher suites.
+ */
+ private static final String kECDHE =3D "kECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String ECDHE =3D "ECDHE";
+ /**
+ * Cipher suites using authenticated ephemeral ECDH key agreement
+ */
+ private static final String EECDHE =3D "EECDHE";
+ /**
+ * Anonymous Elliptic Curve Diffie Hellman cipher suites.
+ */
+ private static final String AECDH =3D "AECDH";
+ /**
* Cipher suites using DSS authentication, i.e. the certificates carry=
DSS keys.
*/
private static final String aDSS =3D "aDSS";
@@ -144,6 +189,18 @@
*/
private static final String aDH =3D "aDH";
/**
+ * Cipher suites effectively using ECDH authentication, i.e. the certi=
ficates carry ECDH keys.
+ */
+ private static final String aECDH =3D "aECDH";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the cert=
ificates carry ECDSA keys.
+ */
+ private static final String aECDSA =3D "aECDSA";
+ /**
+ * Cipher suites effectively using ECDSA authentication, i.e. the cert=
ificates carry ECDSA keys.
+ */
+ private static final String ECDSA =3D "ECDSA";
+ /**
* Ciphers suites using FORTEZZA key exchange algorithms.
*/
private static final String kFZA =3D "kFZA";
@@ -327,15 +384,32 @@
addListAlias(aRSA, filterByAuthentication(all, Collections.singlet=
on(Authentication.RSA)));
addListAlias(RSA, filter(all, null, Collections.singleton(KeyExcha=
nge.RSA), Collections.singleton(Authentication.RSA), null, null, null));
addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(=
KeyExchange.EDH)));
+ addListAlias(kDHE, filterByKeyExchange(all, Collections.singleton(=
KeyExchange.EDH)));
Set edh =3D filterByKeyExchange(all, Collections.singleto=
n(KeyExchange.EDH));
edh.removeAll(filterByAuthentication(all, Collections.singleton(Au=
thentication.DH)));
addListAlias(EDH, edh);
+ addListAlias(DHE, edh);
addListAlias(kDHr, filterByKeyExchange(all, Collections.singleton(=
KeyExchange.DHr)));
addListAlias(kDHd, filterByKeyExchange(all, Collections.singleton(=
KeyExchange.DHd)));
addListAlias(kDH, filterByKeyExchange(all, new HashSet(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
+
+ addListAlias(kECDHr, filterByKeyExchange(all, Collections.singleto=
n(KeyExchange.ECDHr)));
+ addListAlias(kECDHe, filterByKeyExchange(all, Collections.singleto=
n(KeyExchange.ECDHe)));
+ addListAlias(kECDH, filterByKeyExchange(all, new HashSet(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+ aliases.put(ECDH, aliases.get(kECDH));
+ addListAlias(kECDHE, filterByKeyExchange(all, Collections.singleto=
n(KeyExchange.ECDHe)));
+ aliases.put(ECDHE, aliases.get(kECDHE));
+ addListAlias(kEECDH, filterByKeyExchange(all, Collections.singleto=
n(KeyExchange.EECDH)));
+ aliases.put(EECDHE, aliases.get(kEECDH));
addListAlias(aDSS, filterByAuthentication(all, Collections.singlet=
on(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
addListAlias(aDH, filterByAuthentication(all, Collections.singleto=
n(Authentication.DH)));
+ Set aecdh =3D filterByKeyExchange(all, new HashSet(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
+ aecdh.removeAll(filterByAuthentication(all, Collections.singleton(=
Authentication.aNULL)));
+ addListAlias(AECDH, aecdh);
+ addListAlias(aECDH, filterByAuthentication(all, Collections.single=
ton(Authentication.ECDH)));
+ addListAlias(ECDSA, filterByAuthentication(all, Collections.single=
ton(Authentication.ECDSA)));
+ aliases.put(aECDSA, aliases.get(ECDSA));
addListAlias(kFZA, filterByKeyExchange(all, Collections.singleton(=
KeyExchange.FZA)));
addListAlias(aFZA, filterByAuthentication(all, Collections.singlet=
on(Authentication.FZA)));
addListAlias(eFZA, filterByEncryption(all, Collections.singleton(E=
ncryption.FZA)));
@@ -533,7 +607,7 @@
if (aliases.containsKey(alias)) {
removedCiphers.addAll(aliases.get(alias));
} else {
- CoyoteLogger.UTIL_LOGGER.warn("Unknown element " + al=
ias);
+ JSSELogger.ROOT_LOGGER.warnUnknowElement(alias);
}
} else if (element.startsWith(TO_END)) {
String alias =3D element.substring(1);
@@ -556,11 +630,13 @@
for (Ciphers cipher : ciphers) {
result.add(cipher.name());
}
+ JSSELogger.ROOT_LOGGER.logEnabledCiphers(displayResult(ciphers, tr=
ue, ","));
return result;
}
=
/**
* Parse the specified expression according to the OpenSSL syntax and =
returns a list of standard cipher names.
+ *
* @param expression: the openssl expression to define a list of ciphe=
r.
* @return the corresponding list of ciphers.
*/
@@ -568,13 +644,17 @@
return convertForJSSE(parse(expression));
}
=
- static String displayResult(Set ciphers, String separator) {
+ static String displayResult(Collection ciphers, boolean useJS=
SEFormat, String separator) {
if (ciphers.isEmpty()) {
return "";
}
StringBuilder builder =3D new StringBuilder(ciphers.size() * 16);
for (Ciphers cipher : ciphers) {
- builder.append(cipher.getOpenSSLAlias());
+ if (useJSSEFormat) {
+ builder.append(cipher.name());
+ } else {
+ builder.append(cipher.getOpenSSLAlias());
+ }
builder.append(separator);
}
return builder.toString().substring(0, builder.length() - 1);
--===============2443555776268040345==--