New upstream version 9.0.36
Emmanuel Bourg
3 years ago
36 | 36 | *.asc |
37 | 37 | *.jj |
38 | 38 | *.tmp |
39 | maven-ant-tasks-*.jar | |
39 | maven-resolver-ant-tasks-*.jar | |
40 | 40 | thumbs.db |
41 | 41 | Thumbs.db |
42 | 42 | bin/setenv.* |
34 | 34 | # CATALINA_OUT (Optional) Full path to a file where stdout and stderr |
35 | 35 | # will be redirected. |
36 | 36 | # Default is $CATALINA_BASE/logs/catalina.out |
37 | # | |
38 | # CATALINA_OUT_CMD (Optional) Command which will be executed and receive | |
39 | # as its stdin the stdout and stderr from the Tomcat java | |
40 | # process. If CATALINA_OUT_CMD is set, the value of | |
41 | # CATALINA_OUT will be used as a named pipe. | |
42 | # No default. | |
43 | # Example (all one line) | |
44 | # CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" | |
37 | 45 | # |
38 | 46 | # CATALINA_OPTS (Optional) Java runtime options used when the "start", |
39 | 47 | # "run" or "debug" command is executed. |
462 | 470 | fi |
463 | 471 | |
464 | 472 | shift |
465 | touch "$CATALINA_OUT" | |
473 | if [ -z "$CATALINA_OUT_CMD" ] ; then | |
474 | touch "$CATALINA_OUT" | |
475 | else | |
476 | if [ ! -e "$CATALINA_OUT" ]; then | |
477 | if ! mkfifo "$CATALINA_OUT"; then | |
478 | echo "cannot create named pipe $CATALINA_OUT. Start aborted." | |
479 | exit 1 | |
480 | fi | |
481 | elif [ ! -p "$CATALINA_OUT" ]; then | |
482 | echo "$CATALINA_OUT exists and is not a named pipe. Start aborted." | |
483 | exit 1 | |
484 | fi | |
485 | $CATALINA_OUT_CMD <"$CATALINA_OUT" & | |
486 | fi | |
466 | 487 | if [ "$1" = "-security" ] ; then |
467 | 488 | if [ $have_tty -eq 1 ]; then |
468 | 489 | echo "Using Security Manager" |
24 | 24 | # ----- Version Control Flags ----- |
25 | 25 | version.major=9 |
26 | 26 | version.minor=0 |
27 | version.build=35 | |
27 | version.build=36 | |
28 | 28 | version.patch=0 |
29 | 29 | version.suffix= |
30 | 30 | |
287 | 287 | |
288 | 288 | # ----- bnd & bndlib, version 4.0.0 or later ----- |
289 | 289 | # ----- provides OSGI metadata for JARs ----- |
290 | bnd.version=5.0.1 | |
291 | ||
292 | # checksums for biz.aQute.bnd-5.0.1.jar, biz.aQute.bndlib-5.0.1.jar | |
290 | bnd.version=5.1.0 | |
291 | ||
292 | # checksums for biz.aQute.bnd-5.1.0.jar | |
293 | 293 | bnd.checksum.enabled=true |
294 | 294 | bnd.checksum.algorithm=MD5|SHA-1 |
295 | bnd.checksum.value=42cb2f3bbb5556f0182131c6543f1579|67d8bb4f274e8ecfd8ebfcdeed3b328f7078b13b | |
296 | ||
295 | bnd.checksum.value=477684fd83707666cc84a766b147ed0c|9069bc1afad9201e3dc2efe62c0d5193777d16ae | |
296 | ||
297 | # checksums for biz.aQute.bndlib-5.1.0.jar | |
297 | 298 | bndlib.checksum.enabled=true |
298 | 299 | bndlib.checksum.algorithm=MD5|SHA-1 |
299 | bndlib.checksum.value=9d29031f80e3b94e3578fea75b45c8e6|aa13aef49a74fe0bd8bbcb016df124bab5d4064e | |
300 | bndlib.checksum.value=59dfe87f09e3f03be891327a91430182|30e119e5b3ae63dbb86532490855707b009e1b2e | |
300 | 301 | |
301 | 302 | bnd.home=${base.path}/bnd-${bnd.version} |
302 | 303 | bnd.jar=${bnd.home}/biz.aQute.bnd-${bnd.version}.jar |
2150 | 2150 | </and> |
2151 | 2151 | <filename name="**/*.asc" /> |
2152 | 2152 | <filename name="**/*.tmp" /> |
2153 | <filename name="**/maven-ant-tasks-*.jar" /> | |
2153 | <filename name="**/maven-resolver-ant-tasks-*.jar" /> | |
2154 | 2154 | <filename name="**/thumbs.db" /> |
2155 | 2155 | <filename name="**/Thumbs.db" /> |
2156 | 2156 | <filename name="*.launch"/> |
23 | 23 | version="1.0"> |
24 | 24 | <xs:element name="tomcat-users"> |
25 | 25 | <xs:complexType> |
26 | <xs:sequence> | |
27 | <xs:element name="role" minOccurs="0" maxOccurs="unbounded"> | |
26 | <xs:choice minOccurs="0" maxOccurs="unbounded"> | |
27 | <xs:element name="role"> | |
28 | 28 | <xs:complexType> |
29 | 29 | <xs:attribute name="rolename" use="required" type="users:entityname" /> |
30 | 30 | <xs:attribute name="description" type="xs:string" /> |
31 | 31 | </xs:complexType> |
32 | 32 | </xs:element> |
33 | <xs:element name="group" minOccurs="0" maxOccurs="unbounded"> | |
33 | <xs:element name="group"> | |
34 | 34 | <xs:complexType> |
35 | 35 | <xs:attribute name="groupname" use="required" type="users:entityname" /> |
36 | 36 | <xs:attribute name="description" type="xs:string" /> |
37 | 37 | <xs:attribute name="roles" type="xs:string" /> |
38 | 38 | </xs:complexType> |
39 | 39 | </xs:element> |
40 | <xs:element name="user" minOccurs="0" maxOccurs="unbounded"> | |
40 | <xs:element name="user"> | |
41 | 41 | <xs:complexType> |
42 | 42 | <xs:attribute name="username" use="required" type="users:entityname" /> |
43 | 43 | <xs:attribute name="fullname" type="xs:string" /> |
46 | 46 | <xs:attribute name="groups" type="xs:string" /> |
47 | 47 | </xs:complexType> |
48 | 48 | </xs:element> |
49 | </xs:sequence> | |
49 | </xs:choice> | |
50 | 50 | <xs:attribute name="version" type="xs:string" /> |
51 | 51 | </xs:complexType> |
52 | 52 | </xs:element> |
55 | 55 | <xs:minLength value="1"/> |
56 | 56 | </xs:restriction> |
57 | 57 | </xs:simpleType> |
58 | </xs:schema>⏎ | |
58 | </xs:schema> |
18 | 18 | import java.lang.reflect.Field; |
19 | 19 | import java.lang.reflect.Method; |
20 | 20 | import java.lang.reflect.Modifier; |
21 | import java.security.AccessController; | |
22 | import java.security.PrivilegedAction; | |
21 | 23 | import java.util.Collections; |
22 | 24 | import java.util.HashMap; |
23 | 25 | import java.util.HashSet; |
29 | 31 | * @since EL 3.0 |
30 | 32 | */ |
31 | 33 | public class ImportHandler { |
34 | ||
35 | private static final boolean IS_SECURITY_ENABLED = (System.getSecurityManager() != null); | |
32 | 36 | |
33 | 37 | private static final Map<String,Set<String>> standardPackages = new HashMap<>(); |
34 | 38 | |
451 | 455 | * for the case where the class does exist is a lot less than the |
452 | 456 | * overhead we save by not calling loadClass(). |
453 | 457 | */ |
454 | if (cl.getResource(path) == null) { | |
455 | return null; | |
458 | if (IS_SECURITY_ENABLED) { | |
459 | // Webapps don't have read permission for JAVA_HOME (and | |
460 | // possibly other sources of classes). Only need to know if the | |
461 | // class exists at this point. Class loading occurs with | |
462 | // standard SecurityManager policy next. | |
463 | if (!AccessController.doPrivileged(new PrivilegedResourceExists(cl, path)).booleanValue()) { | |
464 | return null; | |
465 | } | |
466 | } else { | |
467 | if (cl.getResource(path) == null) { | |
468 | return null; | |
469 | } | |
456 | 470 | } |
457 | 471 | } catch (ClassCircularityError cce) { |
458 | 472 | // May happen under a security manager. Ignore it and try loading |
488 | 502 | */ |
489 | 503 | private static class NotFound { |
490 | 504 | } |
505 | ||
506 | ||
507 | private static class PrivilegedResourceExists implements PrivilegedAction<Boolean> { | |
508 | ||
509 | private final ClassLoader cl; | |
510 | private final String name; | |
511 | ||
512 | public PrivilegedResourceExists(ClassLoader cl, String name) { | |
513 | this.cl = cl; | |
514 | this.name = name; | |
515 | } | |
516 | ||
517 | @Override | |
518 | public Boolean run() { | |
519 | if (cl.getResource(name) == null) { | |
520 | return Boolean.FALSE; | |
521 | } else { | |
522 | return Boolean.TRUE; | |
523 | } | |
524 | } | |
525 | } | |
491 | 526 | } |
64 | 64 | * if called after the application's |
65 | 65 | * <code>ServletContextListeners</code> have been initialized. |
66 | 66 | */ |
67 | public void addELResolver(ELResolver resolver) throws IllegalStateException; | |
67 | public void addELResolver(ELResolver resolver); | |
68 | 68 | |
69 | 69 | /** |
70 | 70 | * <p> |
41 | 41 | import org.apache.tomcat.util.buf.B2CConverter; |
42 | 42 | import org.apache.tomcat.util.buf.CharsetUtil; |
43 | 43 | import org.apache.tomcat.util.buf.EncodedSolidusHandling; |
44 | import org.apache.tomcat.util.buf.UDecoder; | |
44 | 45 | import org.apache.tomcat.util.net.SSLHostConfig; |
45 | 46 | import org.apache.tomcat.util.net.openssl.OpenSSLImplementation; |
46 | 47 | import org.apache.tomcat.util.res.StringManager; |
78 | 79 | |
79 | 80 | |
80 | 81 | public Connector(String protocol) { |
81 | configuredProtocol = protocol; | |
82 | 82 | boolean apr = AprLifecycleListener.isAprAvailable() && |
83 | 83 | AprLifecycleListener.getUseAprConnector(); |
84 | 84 | ProtocolHandler p = null; |
102 | 102 | |
103 | 103 | public Connector(ProtocolHandler protocolHandler) { |
104 | 104 | protocolHandlerClassName = protocolHandler.getClass().getName(); |
105 | configuredProtocol = protocolHandlerClassName; | |
106 | 105 | this.protocolHandler = protocolHandler; |
107 | 106 | // Default for Connector depends on this system property |
108 | 107 | setThrowOnFailure(Boolean.getBoolean("org.apache.catalina.startup.EXIT_ON_INIT_FAILURE")); |
136 | 135 | protected boolean enableLookups = false; |
137 | 136 | |
138 | 137 | |
139 | /* | |
138 | /** | |
140 | 139 | * Is generation of X-Powered-By response header enabled/disabled? |
141 | 140 | */ |
142 | 141 | protected boolean xpoweredBy = false; |
248 | 247 | |
249 | 248 | |
250 | 249 | /** |
251 | * Name of the protocol that was configured. | |
252 | */ | |
253 | protected final String configuredProtocol; | |
254 | ||
255 | ||
256 | /** | |
257 | 250 | * Coyote protocol handler. |
258 | 251 | */ |
259 | 252 | protected final ProtocolHandler protocolHandler; |
265 | 258 | protected Adapter adapter = null; |
266 | 259 | |
267 | 260 | |
261 | /** | |
262 | * The URI encoding in use. | |
263 | */ | |
268 | 264 | private Charset uriCharset = StandardCharsets.UTF_8; |
269 | 265 | |
270 | 266 | |
271 | private EncodedSolidusHandling encodedSolidusHandling = EncodedSolidusHandling.REJECT; | |
267 | /** | |
268 | * The behavior when an encoded solidus (slash) is submitted. | |
269 | */ | |
270 | @SuppressWarnings("deprecation") | |
271 | private EncodedSolidusHandling encodedSolidusHandling = | |
272 | UDecoder.ALLOW_ENCODED_SLASH ? EncodedSolidusHandling.DECODE : EncodedSolidusHandling.REJECT; | |
272 | 273 | |
273 | 274 | |
274 | 275 | /** |
623 | 624 | * @return the Coyote protocol handler in use. |
624 | 625 | */ |
625 | 626 | public String getProtocol() { |
626 | return configuredProtocol; | |
627 | boolean apr = AprLifecycleListener.getUseAprConnector(); | |
628 | if ((!apr && org.apache.coyote.http11.Http11NioProtocol.class.getName().equals(protocolHandlerClassName)) | |
629 | || (apr && org.apache.coyote.http11.Http11AprProtocol.class.getName().equals(protocolHandlerClassName))) { | |
630 | return "HTTP/1.1"; | |
631 | } else if ((!apr && org.apache.coyote.ajp.AjpNioProtocol.class.getName().equals(protocolHandlerClassName)) | |
632 | || (apr && org.apache.coyote.ajp.AjpAprProtocol.class.getName().equals(protocolHandlerClassName))) { | |
633 | return "AJP/1.3"; | |
634 | } | |
635 | return protocolHandlerClassName; | |
627 | 636 | } |
628 | 637 | |
629 | 638 |
82 | 82 | request.fragmentInDispatchPath=Le fragment dans le chemin de dispatch [{0}] a été enlevé |
83 | 83 | request.illegalWrap=L'enrobeur de la réponse doit enrober la requête obtenue à partir de getRequest() |
84 | 84 | request.notAsync=Il est interdit d'appeler cette méthode si la requête actuelle n'est pas en mode asynchrone (isAsyncStarted() a renvoyé false) |
85 | request.session.failed=Erreur de chargement de la session [{0}] à cause de [{1}] | |
85 | 86 | |
86 | 87 | requestFacade.nullRequest=L'objet requête a été recyclé et n'est plus associé à cette façade |
87 | 88 |
185 | 185 | /** |
186 | 186 | * Thread local data used during request dispatch. |
187 | 187 | */ |
188 | private static final ThreadLocal<DispatchData> dispatchData = new ThreadLocal<>(); | |
188 | private final ThreadLocal<DispatchData> dispatchData = new ThreadLocal<>(); | |
189 | 189 | |
190 | 190 | |
191 | 191 | /** |
736 | 736 | } |
737 | 737 | |
738 | 738 | // Release the filter chain (if any) for this request |
739 | try { | |
740 | if (filterChain != null) | |
741 | filterChain.release(); | |
742 | } catch (Throwable e) { | |
743 | ExceptionUtils.handleThrowable(e); | |
744 | wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters", | |
745 | wrapper.getName()), e); | |
746 | // FIXME: Exception handling needs to be similar to what is in the StandardWrapperValue | |
739 | if (filterChain != null) { | |
740 | filterChain.release(); | |
747 | 741 | } |
748 | 742 | |
749 | 743 | // Deallocate the allocated servlet instance |
296 | 296 | standardWrapper.notContext=Parent container of a Wrapper must be a Context |
297 | 297 | standardWrapper.notFound=Servlet [{0}] is not available |
298 | 298 | standardWrapper.notServlet=Class [{0}] is not a Servlet |
299 | standardWrapper.releaseFilters=Release filters exception for servlet [{0}] | |
300 | 299 | standardWrapper.serviceException=Servlet.service() for servlet [{0}] in context with path [{1}] threw exception |
301 | 300 | standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in context with path [{1}] threw exception [{2}] with root cause |
302 | 301 | standardWrapper.unavailable=Marking servlet [{0}] as unavailable |
170 | 170 | standardWrapper.notContext=El contenedor padre para un Arropador (Wrapper) debe de ser un Contexto |
171 | 171 | standardWrapper.notFound=No está disponible el Servlet [{0}] |
172 | 172 | standardWrapper.notServlet=La Clase [{0}] no es un Servlet |
173 | standardWrapper.releaseFilters=Excepción de Liberación de filtros para servlet [{0}] | |
174 | 173 | standardWrapper.serviceException=Servlet.service() para servlet [{0}] lanzó excepción |
175 | 174 | standardWrapper.serviceExceptionRoot=El Servlet.service() para el servlet [{0}] en el contexto con ruta [{1}] lanzó la excepción [{2}] con causa raíz |
176 | 175 | standardWrapper.unavailable=Marcando el servlet [{0}] como no disponible |
296 | 296 | standardWrapper.notContext=Le conteneur parent d'un enrobeur (wrapper) doit être un contexte |
297 | 297 | standardWrapper.notFound=Servlet [{0}] n''est pas disponible. |
298 | 298 | standardWrapper.notServlet=La classe [{0}] n''est pas une servlet |
299 | standardWrapper.releaseFilters=Exception des filtres de sortie (release filters) pour la servlet [{0}] | |
300 | 299 | standardWrapper.serviceException="Servlet.service()" pour la servlet [{0}] a généré une exception |
301 | 300 | standardWrapper.serviceExceptionRoot=Servlet.service() du Servlet [{0}] dans le contexte au chemin [{1}] a retourné une exception [{2}] avec la cause |
302 | 301 | standardWrapper.unavailable=La servlet [{0}] est marqué comme indisponible |
296 | 296 | standardWrapper.notContext=Wrapper の親のコンテナはContextでなければいけません |
297 | 297 | standardWrapper.notFound=サーブレット [{0}] が利用できません |
298 | 298 | standardWrapper.notServlet=クラス [{0}] はServletではありません |
299 | standardWrapper.releaseFilters=サーブレット [{0}] のフィルタ例外を解除します | |
300 | 299 | standardWrapper.serviceException=サーブレット [{0}] のServlet.service()が例外を投げました |
301 | 300 | standardWrapper.serviceExceptionRoot=パス[{1}]を持つコンテキスト内のサーブレット[{0}]のServlet.service() が例外[{2}]が根本的要因と共に投げられました。 |
302 | 301 | standardWrapper.unavailable=サーブレット [{0}] を利用不可能にマークします |
296 | 296 | standardWrapper.notContext=Wrapper의 부모 컨테이너는 반드시 컨텍스트여야 합니다. |
297 | 297 | standardWrapper.notFound=서블릿 [{0}]은(는) 가용하지 않습니다. |
298 | 298 | standardWrapper.notServlet=클래스 [{0}]은(는) 서블릿이 아닙니다, |
299 | standardWrapper.releaseFilters=서블릿 [{0}]을(를) 위해 필터를 해제하는 중 예외 발생 | |
300 | 299 | standardWrapper.serviceException=경로가 [{1}]인 컨텍스트의 서블릿 [{0}]을(를) 위한 Servlet.service() 호출이 예외를 발생시켰습니다. |
301 | 300 | standardWrapper.serviceExceptionRoot=경로 [{1}]의 컨텍스트 내의 서블릿 [{0}]을(를) 위한 Servlet.service() 호출이, 근본 원인(root cause)과 함께, 예외 [{2}]을(를) 발생시켰습니다. |
302 | 301 | standardWrapper.unavailable=서블릿 [{0}]을(를) 가용하지 않은 상태로 표시합니다. |
297 | 297 | standardWrapper.notContext=包装的父容器必须是上下文 |
298 | 298 | standardWrapper.notFound=Servlet [{0}] 不可用 |
299 | 299 | standardWrapper.notServlet=类{0}不是Servlet |
300 | standardWrapper.releaseFilters=发布过滤器异常,servlet:[{0}] | |
301 | 300 | standardWrapper.serviceException=在路径为[{1}]的上下文中,servlet[{0}]的Servlet.service()引发异常 |
302 | 301 | standardWrapper.serviceExceptionRoot=在路径为{1}的上下文中,Servlet[{0}]的Servlet.service()引发了具有根本原因的异常{2} |
303 | 302 | standardWrapper.unavailable=将servlet[{0}]标记为不可用 |
2803 | 2803 | } |
2804 | 2804 | fireContainerEvent("addApplicationListener", listener); |
2805 | 2805 | |
2806 | // FIXME - add instance if already started? | |
2807 | 2806 | } |
2808 | 2807 | |
2809 | 2808 | |
3017 | 3016 | (servletNames.length == 0) && (urlPatterns.length == 0)) |
3018 | 3017 | throw new IllegalArgumentException |
3019 | 3018 | (sm.getString("standardContext.filterMap.either")); |
3020 | // FIXME: Older spec revisions may still check this | |
3021 | /* | |
3022 | if ((servletNames.length != 0) && (urlPatterns.length != 0)) | |
3023 | throw new IllegalArgumentException | |
3024 | (sm.getString("standardContext.filterMap.either")); | |
3025 | */ | |
3026 | 3019 | for (String urlPattern : urlPatterns) { |
3027 | 3020 | if (!validateURLPattern(urlPattern)) { |
3028 | 3021 | throw new IllegalArgumentException |
3808 | 3801 | // Inform interested listeners |
3809 | 3802 | fireContainerEvent("removeApplicationListener", listener); |
3810 | 3803 | |
3811 | // FIXME - behavior if already started? | |
3812 | 3804 | } |
3813 | 3805 | |
3814 | 3806 | |
5217 | 5209 | // Reinitializing if something went wrong |
5218 | 5210 | if (!ok) { |
5219 | 5211 | setState(LifecycleState.FAILED); |
5212 | // Send j2ee.object.failed notification | |
5213 | if (this.getObjectName() != null) { | |
5214 | Notification notification = new Notification("j2ee.object.failed", | |
5215 | this.getObjectName(), sequenceNumber.getAndIncrement()); | |
5216 | broadcaster.sendNotification(notification); | |
5217 | } | |
5220 | 5218 | } else { |
5221 | 5219 | setState(LifecycleState.STARTING); |
5222 | 5220 | } |
5471 | 5469 | |
5472 | 5470 | } |
5473 | 5471 | |
5474 | /** Destroy needs to clean up the context completely. | |
5472 | /** | |
5473 | * Destroy needs to clean up the context completely. | |
5475 | 5474 | * |
5476 | 5475 | * The problem is that undoing all the config in start() and restoring |
5477 | 5476 | * a 'fresh' state is impossible. After stop()/destroy()/init()/start() |
5479 | 5478 | * read modified web.xml, etc. This can only be done by completely |
5480 | 5479 | * removing the context object and remapping a new one, or by cleaning |
5481 | 5480 | * up everything. |
5482 | * | |
5483 | * XXX Should this be done in stop() ? | |
5484 | * | |
5485 | 5481 | */ |
5486 | 5482 | @Override |
5487 | 5483 | protected void destroyInternal() throws LifecycleException { |
6202 | 6198 | } |
6203 | 6199 | |
6204 | 6200 | |
6205 | /* Remove a JMX notificationListener | |
6201 | /** | |
6202 | * Remove a JMX notificationListener | |
6206 | 6203 | * @see javax.management.NotificationEmitter#removeNotificationListener(javax.management.NotificationListener, javax.management.NotificationFilter, java.lang.Object) |
6207 | 6204 | */ |
6208 | 6205 | @Override |
6213 | 6210 | |
6214 | 6211 | private MBeanNotificationInfo[] notificationInfo; |
6215 | 6212 | |
6216 | /* Get JMX Broadcaster Info | |
6217 | * @TODO use StringManager for international support! | |
6218 | * @TODO This two events we not send j2ee.state.failed and j2ee.attribute.changed! | |
6213 | /** | |
6214 | * Get JMX Broadcaster Info | |
6219 | 6215 | * @see javax.management.NotificationBroadcaster#getNotificationInfo() |
6220 | 6216 | */ |
6221 | 6217 | @Override |
6222 | 6218 | public MBeanNotificationInfo[] getNotificationInfo() { |
6223 | // FIXME: i18n | |
6224 | if(notificationInfo == null) { | |
6225 | notificationInfo = new MBeanNotificationInfo[]{ | |
6226 | new MBeanNotificationInfo(new String[] { | |
6227 | "j2ee.object.created"}, | |
6228 | Notification.class.getName(), | |
6229 | "web application is created" | |
6230 | ), | |
6231 | new MBeanNotificationInfo(new String[] { | |
6232 | "j2ee.state.starting"}, | |
6233 | Notification.class.getName(), | |
6234 | "change web application is starting" | |
6235 | ), | |
6236 | new MBeanNotificationInfo(new String[] { | |
6237 | "j2ee.state.running"}, | |
6238 | Notification.class.getName(), | |
6239 | "web application is running" | |
6240 | ), | |
6241 | new MBeanNotificationInfo(new String[] { | |
6242 | "j2ee.state.stopping"}, | |
6243 | Notification.class.getName(), | |
6244 | "web application start to stopped" | |
6245 | ), | |
6246 | new MBeanNotificationInfo(new String[] { | |
6247 | "j2ee.object.stopped"}, | |
6248 | Notification.class.getName(), | |
6249 | "web application is stopped" | |
6250 | ), | |
6251 | new MBeanNotificationInfo(new String[] { | |
6252 | "j2ee.object.deleted"}, | |
6253 | Notification.class.getName(), | |
6254 | "web application is deleted" | |
6255 | ) | |
6256 | }; | |
6257 | ||
6219 | // FIXME: we not send j2ee.attribute.changed | |
6220 | if (notificationInfo == null) { | |
6221 | notificationInfo = new MBeanNotificationInfo[] { | |
6222 | new MBeanNotificationInfo( | |
6223 | new String[] { "j2ee.object.created" }, | |
6224 | Notification.class.getName(), | |
6225 | "web application is created"), | |
6226 | new MBeanNotificationInfo( | |
6227 | new String[] { "j2ee.state.starting" }, | |
6228 | Notification.class.getName(), | |
6229 | "change web application is starting"), | |
6230 | new MBeanNotificationInfo( | |
6231 | new String[] { "j2ee.state.running" }, | |
6232 | Notification.class.getName(), | |
6233 | "web application is running"), | |
6234 | new MBeanNotificationInfo( | |
6235 | new String[] { "j2ee.state.stopping" }, | |
6236 | Notification.class.getName(), | |
6237 | "web application start to stopped"), | |
6238 | new MBeanNotificationInfo( | |
6239 | new String[] { "j2ee.object.stopped" }, | |
6240 | Notification.class.getName(), | |
6241 | "web application is stopped"), | |
6242 | new MBeanNotificationInfo( | |
6243 | new String[] { "j2ee.object.deleted" }, | |
6244 | Notification.class.getName(), | |
6245 | "web application is deleted"), | |
6246 | new MBeanNotificationInfo( | |
6247 | new String[] { "j2ee.object.failed" }, | |
6248 | Notification.class.getName(), | |
6249 | "web application failed") }; | |
6258 | 6250 | } |
6259 | 6251 | |
6260 | 6252 | return notificationInfo; |
1694 | 1694 | |
1695 | 1695 | /** |
1696 | 1696 | * Get JMX Broadcaster Info |
1697 | * FIXME: This two events we not send j2ee.state.failed and j2ee.attribute.changed! | |
1698 | 1697 | * @see javax.management.NotificationBroadcaster#getNotificationInfo() |
1699 | 1698 | */ |
1700 | 1699 | @Override |
1701 | 1700 | public MBeanNotificationInfo[] getNotificationInfo() { |
1702 | ||
1703 | if(notificationInfo == null) { | |
1704 | notificationInfo = new MBeanNotificationInfo[]{ | |
1705 | new MBeanNotificationInfo(new String[] { | |
1706 | "j2ee.object.created"}, | |
1707 | Notification.class.getName(), | |
1708 | "servlet is created" | |
1709 | ), | |
1710 | new MBeanNotificationInfo(new String[] { | |
1711 | "j2ee.state.starting"}, | |
1712 | Notification.class.getName(), | |
1713 | "servlet is starting" | |
1714 | ), | |
1715 | new MBeanNotificationInfo(new String[] { | |
1716 | "j2ee.state.running"}, | |
1717 | Notification.class.getName(), | |
1718 | "servlet is running" | |
1719 | ), | |
1720 | new MBeanNotificationInfo(new String[] { | |
1721 | "j2ee.state.stopped"}, | |
1722 | Notification.class.getName(), | |
1723 | "servlet start to stopped" | |
1724 | ), | |
1725 | new MBeanNotificationInfo(new String[] { | |
1726 | "j2ee.object.stopped"}, | |
1727 | Notification.class.getName(), | |
1728 | "servlet is stopped" | |
1729 | ), | |
1730 | new MBeanNotificationInfo(new String[] { | |
1731 | "j2ee.object.deleted"}, | |
1732 | Notification.class.getName(), | |
1733 | "servlet is deleted" | |
1734 | ) | |
1735 | }; | |
1736 | } | |
1737 | ||
1701 | // FIXME: we not send j2ee.state.failed | |
1702 | // FIXME: we not send j2ee.attribute.changed | |
1703 | if (notificationInfo == null) { | |
1704 | notificationInfo = new MBeanNotificationInfo[] { | |
1705 | new MBeanNotificationInfo( | |
1706 | new String[] { "j2ee.object.created" }, | |
1707 | Notification.class.getName(), "servlet is created"), | |
1708 | new MBeanNotificationInfo( | |
1709 | new String[] { "j2ee.state.starting" }, | |
1710 | Notification.class.getName(), | |
1711 | "servlet is starting"), | |
1712 | new MBeanNotificationInfo( | |
1713 | new String[] { "j2ee.state.running" }, | |
1714 | Notification.class.getName(), "servlet is running"), | |
1715 | new MBeanNotificationInfo( | |
1716 | new String[] { "j2ee.state.stopped" }, | |
1717 | Notification.class.getName(), | |
1718 | "servlet start to stopped"), | |
1719 | new MBeanNotificationInfo( | |
1720 | new String[] { "j2ee.object.stopped" }, | |
1721 | Notification.class.getName(), "servlet is stopped"), | |
1722 | new MBeanNotificationInfo( | |
1723 | new String[] { "j2ee.object.deleted" }, | |
1724 | Notification.class.getName(), | |
1725 | "servlet is deleted") }; | |
1726 | } | |
1738 | 1727 | return notificationInfo; |
1739 | 1728 | } |
1740 | 1729 |
84 | 84 | /** |
85 | 85 | * crossContext session container |
86 | 86 | */ |
87 | protected static final ThreadLocal<ArrayList<DeltaSession>> crossContextSessions = | |
87 | protected final ThreadLocal<ArrayList<DeltaSession>> crossContextSessions = | |
88 | 88 | new ThreadLocal<>() ; |
89 | 89 | |
90 | 90 | /** |
187 | 187 | * Session that is currently getting swapped in to prevent loading it more |
188 | 188 | * than once concurrently |
189 | 189 | */ |
190 | private static final ThreadLocal<Session> sessionToSwapIn = new ThreadLocal<>(); | |
190 | private final ThreadLocal<Session> sessionToSwapIn = new ThreadLocal<>(); | |
191 | 191 | |
192 | 192 | |
193 | 193 | // ------------------------------------------------------------- Properties |
69 | 69 | |
70 | 70 | @Override |
71 | 71 | public ServletContext getServletContext() { |
72 | // FIXME : Facade this object ? | |
73 | 72 | return session.getServletContext(); |
74 | 73 | } |
75 | 74 |
89 | 89 | } |
90 | 90 | |
91 | 91 | // Try classloader |
92 | InputStream stream = getClass().getClassLoader().getResourceAsStream(name); | |
93 | if (stream != null) { | |
94 | try { | |
92 | InputStream stream = null; | |
93 | try { | |
94 | stream = getClass().getClassLoader().getResourceAsStream(name); | |
95 | if (stream != null) { | |
95 | 96 | return new Resource(stream, getClass().getClassLoader().getResource(name).toURI()); |
96 | } catch (InvalidPathException e) { | |
97 | // Ignore. Some valid file URIs can trigger this. | |
97 | } | |
98 | } catch (InvalidPathException e) { | |
99 | // Ignore. Some valid file URIs can trigger this. | |
100 | // Stream should be null here but check to be on the safe side. | |
101 | if (stream != null) { | |
98 | 102 | stream.close(); |
99 | } catch (URISyntaxException e) { | |
100 | stream.close(); | |
101 | throw new IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), e); | |
102 | 103 | } |
104 | } catch (URISyntaxException e) { | |
105 | stream.close(); | |
106 | throw new IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), e); | |
103 | 107 | } |
104 | 108 | |
105 | 109 | // Then try URI. |
424 | 424 | |
425 | 425 | String pathName = getPathname(); |
426 | 426 | try (ConfigurationSource.Resource resource = ConfigFileLoader.getSource().getResource(pathName)) { |
427 | this.lastModified = resource.getURI().toURL().openConnection().getLastModified(); | |
427 | lastModified = resource.getLastModified(); | |
428 | 428 | |
429 | 429 | // Construct a digester to read the XML input file |
430 | 430 | Digester digester = new Digester(); |
735 | 735 | } |
736 | 736 | String description = attributes.getValue("description"); |
737 | 737 | String roles = attributes.getValue("roles"); |
738 | Group group = database.createGroup(groupname, description); | |
738 | Group group = database.findGroup(groupname); | |
739 | if (group == null) { | |
740 | group = database.createGroup(groupname, description); | |
741 | } else { | |
742 | if (group.getDescription() == null) { | |
743 | group.setDescription(description); | |
744 | } | |
745 | } | |
739 | 746 | if (roles != null) { |
740 | 747 | while (roles.length() > 0) { |
741 | 748 | String rolename = null; |
780 | 787 | rolename = attributes.getValue("name"); |
781 | 788 | } |
782 | 789 | String description = attributes.getValue("description"); |
783 | Role role = database.createRole(rolename, description); | |
784 | return role; | |
790 | Role existingRole = database.findRole(rolename); | |
791 | if (existingRole == null) { | |
792 | return database.createRole(rolename, description); | |
793 | } | |
794 | if (existingRole.getDescription() == null) { | |
795 | existingRole.setDescription(description); | |
796 | } | |
797 | return existingRole; | |
785 | 798 | } |
786 | 799 | |
787 | 800 | private final MemoryUserDatabase database; |
0 | /* | |
1 | * Licensed to the Apache Software Foundation (ASF) under one or more | |
2 | * contributor license agreements. See the NOTICE file distributed with | |
3 | * this work for additional information regarding copyright ownership. | |
4 | * The ASF licenses this file to You under the Apache License, Version 2.0 | |
5 | * (the "License"); you may not use this file except in compliance with | |
6 | * the License. You may obtain a copy of the License at | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
15 | */ | |
16 | package org.apache.catalina.valves.rewrite; | |
17 | ||
18 | import java.nio.charset.Charset; | |
19 | import java.nio.charset.StandardCharsets; | |
20 | import java.util.Locale; | |
21 | ||
22 | import org.apache.catalina.util.URLEncoder; | |
23 | import org.apache.tomcat.util.buf.UDecoder; | |
24 | ||
25 | public class InternalRewriteMap { | |
26 | ||
27 | public static RewriteMap toMap(String name) { | |
28 | if ("toupper".equals(name)) { | |
29 | return new UpperCase(); | |
30 | } else if ("tolower".equals(name)) { | |
31 | return new LowerCase(); | |
32 | } else if ("escape".equals(name)) { | |
33 | return new Escape(); | |
34 | } else if ("unescape".equals(name)) { | |
35 | return new Unescape(); | |
36 | } else { | |
37 | return null; | |
38 | } | |
39 | } | |
40 | ||
41 | public static class LowerCase implements RewriteMap { | |
42 | ||
43 | private Locale locale = Locale.getDefault(); | |
44 | ||
45 | @Override | |
46 | public String setParameters(String params) { | |
47 | this.locale = Locale.forLanguageTag(params); | |
48 | return null; | |
49 | } | |
50 | ||
51 | @Override | |
52 | public String lookup(String key) { | |
53 | if (key != null) { | |
54 | return key.toLowerCase(locale); | |
55 | } | |
56 | return null; | |
57 | } | |
58 | ||
59 | } | |
60 | ||
61 | public static class UpperCase implements RewriteMap { | |
62 | ||
63 | private Locale locale = Locale.getDefault(); | |
64 | ||
65 | @Override | |
66 | public String setParameters(String params) { | |
67 | this.locale = Locale.forLanguageTag(params); | |
68 | return null; | |
69 | } | |
70 | ||
71 | @Override | |
72 | public String lookup(String key) { | |
73 | if (key != null) { | |
74 | return key.toUpperCase(locale); | |
75 | } | |
76 | return null; | |
77 | } | |
78 | ||
79 | } | |
80 | ||
81 | public static class Escape implements RewriteMap { | |
82 | ||
83 | private Charset charset = StandardCharsets.UTF_8; | |
84 | ||
85 | @Override | |
86 | public String setParameters(String params) { | |
87 | this.charset = Charset.forName(params); | |
88 | return null; | |
89 | } | |
90 | ||
91 | @Override | |
92 | public String lookup(String key) { | |
93 | if (key != null) { | |
94 | return URLEncoder.DEFAULT.encode(key, charset); | |
95 | } | |
96 | return null; | |
97 | } | |
98 | ||
99 | } | |
100 | ||
101 | public static class Unescape implements RewriteMap { | |
102 | ||
103 | private Charset charset = StandardCharsets.UTF_8; | |
104 | ||
105 | @Override | |
106 | public String setParameters(String params) { | |
107 | this.charset = Charset.forName(params); | |
108 | return null; | |
109 | } | |
110 | ||
111 | @Override | |
112 | public String lookup(String key) { | |
113 | if (key != null) { | |
114 | return UDecoder.URLDecode(key, charset); | |
115 | } | |
116 | return null; | |
117 | } | |
118 | ||
119 | } | |
120 | ||
121 | } |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | quotedStringTokenizer.tokenizeError=Error tokenizing text [{0}] after position [{1}] from mode [{2}] | |
16 | ||
17 | rewriteMap.tooManyParameters=Too many parameters for this map | |
18 | ||
15 | 19 | rewriteValve.closeError=Error closing configuration |
16 | 20 | rewriteValve.invalidFlags=Invalid flag in [{0}] flags [{1}] |
17 | 21 | rewriteValve.invalidLine=Invalid line [{0}] |
20 | 20 | import java.util.Iterator; |
21 | 21 | import java.util.List; |
22 | 22 | |
23 | import org.apache.tomcat.util.res.StringManager; | |
24 | ||
23 | 25 | public class QuotedStringTokenizer { |
26 | ||
27 | protected static final StringManager sm = StringManager.getManager(QuotedStringTokenizer.class); | |
24 | 28 | |
25 | 29 | private Iterator<String> tokenIterator; |
26 | 30 | private int tokenCount; |
69 | 73 | } |
70 | 74 | break; |
71 | 75 | default: |
72 | throw new IllegalStateException( | |
73 | "Couldn't tokenize text '" + inputText + "' after position " + pos + " from mode " + currentMode); | |
76 | throw new IllegalStateException(sm.getString("quotedStringTokenizer.tokenizeError", | |
77 | inputText, Integer.valueOf(pos), currentMode)); | |
74 | 78 | } |
75 | 79 | pos++; |
76 | 80 | } |
15 | 15 | */ |
16 | 16 | package org.apache.catalina.valves.rewrite; |
17 | 17 | |
18 | import java.io.IOException; | |
18 | 19 | import java.nio.charset.Charset; |
20 | import java.security.cert.CertificateEncodingException; | |
21 | import java.security.cert.X509Certificate; | |
19 | 22 | import java.util.Calendar; |
23 | import java.util.Set; | |
24 | import java.util.concurrent.TimeUnit; | |
20 | 25 | |
21 | 26 | import org.apache.catalina.WebResource; |
22 | 27 | import org.apache.catalina.WebResourceRoot; |
23 | 28 | import org.apache.catalina.connector.Request; |
29 | import org.apache.tomcat.util.codec.binary.Base64; | |
24 | 30 | import org.apache.tomcat.util.http.FastHttpDateFormat; |
31 | import org.apache.tomcat.util.net.SSLSupport; | |
32 | import org.apache.tomcat.util.net.openssl.ciphers.Cipher; | |
33 | import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel; | |
34 | import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; | |
25 | 35 | |
26 | 36 | public class ResolverImpl extends Resolver { |
27 | 37 | |
132 | 142 | |
133 | 143 | @Override |
134 | 144 | public String resolveSsl(String key) { |
135 | // FIXME: Implement SSL environment variables | |
145 | SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); | |
146 | try { | |
147 | // FIXME SSL_SESSION_RESUMED in SSLHostConfig | |
148 | // FIXME SSL_SECURE_RENEG in SSLHostConfig | |
149 | // FIXME SSL_COMPRESS_METHOD in SSLHostConfig | |
150 | // FIXME SSL_TLS_SNI from handshake | |
151 | // FIXME SSL_SRP_USER | |
152 | // FIXME SSL_SRP_USERINFO | |
153 | if (key.equals("HTTPS")) { | |
154 | return String.valueOf(sslSupport != null); | |
155 | } else if (key.equals("SSL_PROTOCOL")) { | |
156 | return sslSupport.getProtocol(); | |
157 | } else if (key.equals("SSL_SESSION_ID")) { | |
158 | return sslSupport.getSessionId(); | |
159 | } else if (key.equals("SSL_CIPHER")) { | |
160 | return sslSupport.getCipherSuite(); | |
161 | } else if (key.equals("SSL_CIPHER_EXPORT")) { | |
162 | String cipherSuite = sslSupport.getCipherSuite(); | |
163 | Set<Cipher> cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); | |
164 | if (cipherList.size() == 1) { | |
165 | Cipher cipher = cipherList.iterator().next(); | |
166 | if (cipher.getLevel().equals(EncryptionLevel.EXP40) | |
167 | || cipher.getLevel().equals(EncryptionLevel.EXP56)) { | |
168 | return "true"; | |
169 | } else { | |
170 | return "false"; | |
171 | } | |
172 | } | |
173 | } else if (key.equals("SSL_CIPHER_ALGKEYSIZE")) { | |
174 | String cipherSuite = sslSupport.getCipherSuite(); | |
175 | Set<Cipher> cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); | |
176 | if (cipherList.size() == 1) { | |
177 | Cipher cipher = cipherList.iterator().next(); | |
178 | return String.valueOf(cipher.getAlg_bits()); | |
179 | } | |
180 | } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { | |
181 | return sslSupport.getKeySize().toString(); | |
182 | } else if (key.startsWith("SSL_CLIENT_")) { | |
183 | X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); | |
184 | if (certificates != null && certificates.length > 0) { | |
185 | key = key.substring("SSL_CLIENT_".length()); | |
186 | String result = resolveSslCertificates(key, certificates); | |
187 | if (result != null) { | |
188 | return result; | |
189 | } else if (key.startsWith("SAN_OTHER_msUPN_")) { | |
190 | key = key.substring("SAN_OTHER_msUPN_".length()); | |
191 | // FIXME return certificates[0].getSubjectAlternativeNames() | |
192 | } else if (key.equals("CERT_RFC4523_CEA")) { | |
193 | // FIXME return certificates[0] | |
194 | } else if (key.equals("VERIFY")) { | |
195 | // FIXME return verification state | |
196 | } | |
197 | } | |
198 | } else if (key.startsWith("SSL_SERVER_")) { | |
199 | X509Certificate[] certificates = sslSupport.getLocalCertificateChain(); | |
200 | if (certificates != null && certificates.length > 0) { | |
201 | key = key.substring("SSL_SERVER_".length()); | |
202 | String result = resolveSslCertificates(key, certificates); | |
203 | if (result != null) { | |
204 | return result; | |
205 | } else if (key.startsWith("SAN_OTHER_dnsSRV_")) { | |
206 | key = key.substring("SAN_OTHER_dnsSRV_".length()); | |
207 | // FIXME return certificates[0].getSubjectAlternativeNames() | |
208 | } | |
209 | } | |
210 | } | |
211 | } catch (IOException e) { | |
212 | // TLS access error | |
213 | } | |
136 | 214 | return null; |
215 | } | |
216 | ||
217 | private String resolveSslCertificates(String key, X509Certificate[] certificates) { | |
218 | if (key.equals("M_VERSION")) { | |
219 | return String.valueOf(certificates[0].getVersion()); | |
220 | } else if (key.equals("M_SERIAL")) { | |
221 | return certificates[0].getSerialNumber().toString(); | |
222 | } else if (key.equals("S_DN")) { | |
223 | return certificates[0].getSubjectDN().getName(); | |
224 | } else if (key.startsWith("S_DN_")) { | |
225 | key = key.substring("S_DN_".length()); | |
226 | // FIXME would need access to X500Name from X500Principal | |
227 | } else if (key.startsWith("SAN_Email_")) { | |
228 | key = key.substring("SAN_Email_".length()); | |
229 | // FIXME return certificates[0].getSubjectAlternativeNames() | |
230 | } else if (key.startsWith("SAN_DNS_")) { | |
231 | key = key.substring("SAN_DNS_".length()); | |
232 | // FIXME return certificates[0].getSubjectAlternativeNames() | |
233 | } else if (key.equals("I_DN")) { | |
234 | return certificates[0].getIssuerDN().getName(); | |
235 | } else if (key.startsWith("I_DN_")) { | |
236 | key = key.substring("I_DN_".length()); | |
237 | // FIXME would need access to X500Name from X500Principal | |
238 | } else if (key.equals("V_START")) { | |
239 | return String.valueOf(certificates[0].getNotBefore().getTime()); | |
240 | } else if (key.equals("V_END")) { | |
241 | return String.valueOf(certificates[0].getNotAfter().getTime()); | |
242 | } else if (key.equals("V_REMAIN")) { | |
243 | long remain = certificates[0].getNotAfter().getTime() - System.currentTimeMillis(); | |
244 | if (remain < 0) { | |
245 | remain = 0L; | |
246 | } | |
247 | // Return remaining days | |
248 | return String.valueOf(TimeUnit.MILLISECONDS.toDays(remain)); | |
249 | } else if (key.equals("A_SIG")) { | |
250 | return certificates[0].getSigAlgName(); | |
251 | } else if (key.equals("A_KEY")) { | |
252 | return certificates[0].getPublicKey().getAlgorithm(); | |
253 | } else if (key.equals("CERT")) { | |
254 | try { | |
255 | return toPEM(certificates[0]); | |
256 | } catch (CertificateEncodingException e) { | |
257 | } | |
258 | } else if (key.startsWith("CERT_CHAIN_")) { | |
259 | key = key.substring("CERT_CHAIN_".length()); | |
260 | try { | |
261 | return toPEM(certificates[Integer.parseInt(key)]); | |
262 | } catch (NumberFormatException | CertificateEncodingException e) { | |
263 | // Ignore | |
264 | } | |
265 | } | |
266 | return null; | |
267 | } | |
268 | ||
269 | private String toPEM(X509Certificate certificate) throws CertificateEncodingException { | |
270 | StringBuilder result = new StringBuilder(); | |
271 | result.append("-----BEGIN CERTIFICATE-----"); | |
272 | result.append(System.lineSeparator()); | |
273 | Base64 b64 = new Base64(64); | |
274 | result.append(b64.encodeAsString(certificate.getEncoded())); | |
275 | result.append("-----END CERTIFICATE-----"); | |
276 | return result.toString(); | |
137 | 277 | } |
138 | 278 | |
139 | 279 | @Override |
27 | 27 | |
28 | 28 | public static class PatternCondition extends Condition { |
29 | 29 | public Pattern pattern; |
30 | private static ThreadLocal<Matcher> matcher = new ThreadLocal<>(); | |
30 | private ThreadLocal<Matcher> matcher = new ThreadLocal<>(); | |
31 | 31 | |
32 | 32 | @Override |
33 | 33 | public boolean evaluate(String value, Resolver resolver) { |
14 | 14 | * limitations under the License. |
15 | 15 | */ |
16 | 16 | package org.apache.catalina.valves.rewrite; |
17 | ||
18 | import org.apache.tomcat.util.res.StringManager; | |
17 | 19 | |
18 | 20 | /** |
19 | 21 | * Interface for user defined lookup/replacement logic that can be defined in |
55 | 57 | return; |
56 | 58 | } |
57 | 59 | if (params.length > 1) { |
58 | throw new IllegalArgumentException("Too many parameters for this map"); | |
60 | throw new IllegalArgumentException( | |
61 | StringManager.getManager(RewriteMap.class).getString("rewriteMap.tooManyParameters")); | |
59 | 62 | } |
60 | 63 | setParameters(params[0]); |
61 | 64 | } |
25 | 25 | |
26 | 26 | protected RewriteCond[] conditions = new RewriteCond[0]; |
27 | 27 | |
28 | protected static ThreadLocal<Pattern> pattern = new ThreadLocal<>(); | |
28 | protected ThreadLocal<Pattern> pattern = new ThreadLocal<>(); | |
29 | 29 | protected Substitution substitution = null; |
30 | 30 | |
31 | 31 | protected String patternString = null; |
85 | 85 | * @return <code>null</code> if no rewrite took place |
86 | 86 | */ |
87 | 87 | public CharSequence evaluate(CharSequence url, Resolver resolver) { |
88 | Pattern pattern = RewriteRule.pattern.get(); | |
88 | Pattern pattern = this.pattern.get(); | |
89 | 89 | if (pattern == null) { |
90 | 90 | // Parse the pattern |
91 | 91 | int flags = 0; |
93 | 93 | flags |= Pattern.CASE_INSENSITIVE; |
94 | 94 | } |
95 | 95 | pattern = Pattern.compile(patternString, flags); |
96 | RewriteRule.pattern.set(pattern); | |
96 | this.pattern.set(pattern); | |
97 | 97 | } |
98 | 98 | Matcher matcher = pattern.matcher(url); |
99 | 99 | // Use XOR |
185 | 185 | protected boolean cookieSecure = false; |
186 | 186 | protected boolean cookieHttpOnly = false; |
187 | 187 | protected Substitution cookieSubstitution = null; |
188 | protected static ThreadLocal<String> cookieResult = new ThreadLocal<>(); | |
188 | protected ThreadLocal<String> cookieResult = new ThreadLocal<>(); | |
189 | 189 | |
190 | 190 | /** |
191 | 191 | * This forces a request attribute named VAR to be set to the value VAL, |
76 | 76 | /** |
77 | 77 | * If rewriting occurs, the whole request will be processed again. |
78 | 78 | */ |
79 | protected static ThreadLocal<Boolean> invoked = new ThreadLocal<>(); | |
79 | protected ThreadLocal<Boolean> invoked = new ThreadLocal<>(); | |
80 | 80 | |
81 | 81 | |
82 | 82 | /** |
616 | 616 | return rule; |
617 | 617 | } else if (token.equals("RewriteMap")) { |
618 | 618 | // RewriteMap name rewriteMapClassName whateverOptionalParameterInWhateverFormat |
619 | // FIXME: Possibly implement more special maps from https://httpd.apache.org/docs/2.4/rewrite/rewritemap.html | |
619 | 620 | if (tokenizer.countTokens() < 2) { |
620 | 621 | throw new IllegalArgumentException(sm.getString("rewriteValve.invalidLine", line)); |
621 | 622 | } |
622 | 623 | String name = tokenizer.nextToken(); |
623 | 624 | String rewriteMapClassName = tokenizer.nextToken(); |
624 | 625 | RewriteMap map = null; |
625 | try { | |
626 | map = (RewriteMap) (Class.forName( | |
627 | rewriteMapClassName).getConstructor().newInstance()); | |
628 | } catch (Exception e) { | |
629 | throw new IllegalArgumentException(sm.getString("rewriteValve.invalidMapClassName", line)); | |
626 | if (rewriteMapClassName.startsWith("int:")) { | |
627 | map = InternalRewriteMap.toMap(rewriteMapClassName.substring("int:".length())); | |
628 | } else if (rewriteMapClassName.startsWith("prg:")) { | |
629 | rewriteMapClassName = rewriteMapClassName.substring("prg:".length()); | |
630 | } | |
631 | if (map == null) { | |
632 | try { | |
633 | map = (RewriteMap) (Class.forName( | |
634 | rewriteMapClassName).getConstructor().newInstance()); | |
635 | } catch (Exception e) { | |
636 | throw new IllegalArgumentException(sm.getString("rewriteValve.invalidMapClassName", line)); | |
637 | } | |
630 | 638 | } |
631 | 639 | if (tokenizer.hasMoreTokens()) { |
632 | map.setParameters(tokenizer.nextToken()); | |
633 | } | |
634 | Object[] result = new Object[2]; | |
635 | result[0] = name; | |
636 | result[1] = map; | |
637 | return result; | |
640 | if (tokenizer.countTokens() == 1) { | |
641 | map.setParameters(tokenizer.nextToken()); | |
642 | } else { | |
643 | List<String> params = new ArrayList<>(); | |
644 | while (tokenizer.hasMoreTokens()) { | |
645 | params.add(tokenizer.nextToken()); | |
646 | } | |
647 | map.setParameters(params.toArray(new String[0])); | |
648 | } | |
649 | } | |
650 | return new Object[] { name, map }; | |
638 | 651 | } else if (token.startsWith("#")) { |
639 | 652 | // it's a comment, ignore it |
640 | 653 | } else { |
27 | 27 | import java.util.Collections; |
28 | 28 | import java.util.HashSet; |
29 | 29 | import java.util.Set; |
30 | import java.util.regex.Matcher; | |
31 | 30 | import java.util.regex.Pattern; |
32 | 31 | |
33 | 32 | import javax.servlet.http.HttpServletResponse; |
770 | 769 | // All 'known' attributes will be processed by the previous |
771 | 770 | // blocks. Any remaining attribute is an 'arbitrary' one. |
772 | 771 | Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal(); |
773 | if (pattern == null) { | |
772 | if (pattern != null && pattern.matcher(n).matches()) { | |
773 | request.setAttribute(n, v); | |
774 | } else { | |
775 | log.warn(sm.getString("ajpprocessor.unknownAttribute", n)); | |
774 | 776 | response.setStatus(403); |
775 | 777 | setErrorState(ErrorState.CLOSE_CLEAN, null); |
776 | } else { | |
777 | Matcher m = pattern.matcher(n); | |
778 | if (m.matches()) { | |
779 | request.setAttribute(n, v); | |
780 | } else { | |
781 | response.setStatus(403); | |
782 | setErrorState(ErrorState.CLOSE_CLEAN, null); | |
783 | } | |
784 | 778 | } |
785 | 779 | } |
786 | 780 | break; |
25 | 25 | ajpprocessor.readtimeout=Timeout attempting to read data from the socket |
26 | 26 | ajpprocessor.request.prepare=Error preparing request |
27 | 27 | ajpprocessor.request.process=Error processing request |
28 | ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy | |
28 | 29 | |
29 | 30 | ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored |
30 | 31 | ajpprotocol.noSecret=The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. |
1472 | 1472 | } |
1473 | 1473 | |
1474 | 1474 | |
1475 | private void closeIdleStreams(int newMaxActiveRemoteStreamId) throws Http2Exception { | |
1476 | for (int i = maxActiveRemoteStreamId + 2; i < newMaxActiveRemoteStreamId; i += 2) { | |
1477 | Stream stream = getStream(i, false); | |
1478 | if (stream != null) { | |
1479 | stream.closeIfIdle(); | |
1475 | private void closeIdleStreams(int newMaxActiveRemoteStreamId) { | |
1476 | for (Entry<Integer,Stream> entry : streams.entrySet()) { | |
1477 | if (entry.getKey().intValue() > maxActiveRemoteStreamId && | |
1478 | entry.getKey().intValue() < newMaxActiveRemoteStreamId) { | |
1479 | entry.getValue().closeIfIdle(); | |
1480 | 1480 | } |
1481 | 1481 | } |
1482 | 1482 | maxActiveRemoteStreamId = newMaxActiveRemoteStreamId; |
111 | 111 | * This prefix is used to allow using prefixes for the properties names |
112 | 112 | * of handlers and their subcomponents. |
113 | 113 | */ |
114 | protected static final ThreadLocal<String> prefix = new ThreadLocal<>(); | |
114 | protected final ThreadLocal<String> prefix = new ThreadLocal<>(); | |
115 | 115 | |
116 | 116 | |
117 | 117 | /** |
276 | 276 | return null; |
277 | 277 | } |
278 | 278 | |
279 | String prefix = ClassLoaderLogManager.prefix.get(); | |
279 | String prefix = this.prefix.get(); | |
280 | 280 | String result = null; |
281 | 281 | |
282 | 282 | // If a prefix is defined look for a prefixed property first |
594 | 594 | } |
595 | 595 | } |
596 | 596 | try { |
597 | ClassLoaderLogManager.prefix.set(prefix); | |
597 | this.prefix.set(prefix); | |
598 | 598 | Handler handler = (Handler) classLoader.loadClass( |
599 | 599 | handlerClassName).getConstructor().newInstance(); |
600 | 600 | // The specification strongly implies all configuration should be done |
601 | 601 | // during the creation of the handler object. |
602 | 602 | // This includes setting level, filter, formatter and encoding. |
603 | ClassLoaderLogManager.prefix.set(null); | |
603 | this.prefix.set(null); | |
604 | 604 | info.handlers.put(handlerName, handler); |
605 | 605 | if (rootHandlers == null) { |
606 | 606 | localRootLogger.addHandler(handler); |
149 | 149 | "ibm-1146", "ibm-1147", "ibm-1148", "ibm-1149", "ibm-29626c", "ibm-858", "ibm-eucjp", "ibm1140", "ibm1141", |
150 | 150 | "ibm1142", "ibm1143", "ibm1144", "ibm1145", "ibm1146", "ibm1147", "ibm1148", "ibm1149", "ibm29626c", |
151 | 151 | "ibm858", "x-ibm29626c", |
152 | // Added from OpenJDK 15 ea24 | |
153 | "iso8859_16", | |
152 | 154 | // Added from HPE JVM 1.8.0.17-hp-ux |
153 | 155 | "cp1051", "cp1386", "cshproman8", "hp-roman8", "ibm-1051", "r8", "roman8", "roman9" |
154 | 156 | // If you add and entry to this list, ensure you run |
30 | 30 | import java.util.jar.JarFile; |
31 | 31 | import java.util.zip.ZipFile; |
32 | 32 | |
33 | import javax.net.ssl.SSLEngine; | |
34 | import javax.net.ssl.SSLParameters; | |
35 | ||
36 | 33 | import org.apache.juli.logging.Log; |
37 | 34 | import org.apache.juli.logging.LogFactory; |
38 | 35 | import org.apache.tomcat.util.res.StringManager; |
43 | 40 | private static final StringManager sm = StringManager.getManager(Jre9Compat.class); |
44 | 41 | |
45 | 42 | private static final Class<?> inaccessibleObjectExceptionClazz; |
46 | private static final Method setApplicationProtocolsMethod; | |
47 | private static final Method getApplicationProtocolMethod; | |
48 | 43 | private static final Method setDefaultUseCachesMethod; |
49 | 44 | private static final Method bootMethod; |
50 | 45 | private static final Method configurationMethod; |
63 | 58 | |
64 | 59 | static { |
65 | 60 | Class<?> c1 = null; |
66 | Method m2 = null; | |
67 | Method m3 = null; | |
68 | 61 | Method m4 = null; |
69 | 62 | Method m5 = null; |
70 | 63 | Method m6 = null; |
95 | 88 | Method runtimeVersionMethod = JarFile.class.getMethod("runtimeVersion"); |
96 | 89 | Method majorMethod = versionClazz.getMethod("major"); |
97 | 90 | |
98 | m2 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class); | |
99 | m3 = SSLEngine.class.getMethod("getApplicationProtocol"); | |
100 | 91 | m4 = URLConnection.class.getMethod("setDefaultUseCaches", String.class, boolean.class); |
101 | 92 | m5 = moduleLayerClazz.getMethod("boot"); |
102 | 93 | m6 = moduleLayerClazz.getMethod("configuration"); |
128 | 119 | } |
129 | 120 | |
130 | 121 | inaccessibleObjectExceptionClazz = c1; |
131 | setApplicationProtocolsMethod = m2; | |
132 | getApplicationProtocolMethod = m3; | |
133 | 122 | setDefaultUseCachesMethod = m4; |
134 | 123 | bootMethod = m5; |
135 | 124 | configurationMethod = m6; |
167 | 156 | } |
168 | 157 | |
169 | 158 | return inaccessibleObjectExceptionClazz.isAssignableFrom(t.getClass()); |
170 | } | |
171 | ||
172 | ||
173 | @Override | |
174 | public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) { | |
175 | try { | |
176 | setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols); | |
177 | } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { | |
178 | throw new UnsupportedOperationException(e); | |
179 | } | |
180 | } | |
181 | ||
182 | ||
183 | @Override | |
184 | public String getApplicationProtocol(SSLEngine sslEngine) { | |
185 | try { | |
186 | return (String) getApplicationProtocolMethod.invoke(sslEngine); | |
187 | } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { | |
188 | throw new UnsupportedOperationException(e); | |
189 | } | |
190 | 159 | } |
191 | 160 | |
192 | 161 |
18 | 18 | import java.io.File; |
19 | 19 | import java.io.IOException; |
20 | 20 | import java.lang.reflect.AccessibleObject; |
21 | import java.lang.reflect.InvocationTargetException; | |
22 | import java.lang.reflect.Method; | |
21 | 23 | import java.net.URL; |
22 | 24 | import java.net.URLConnection; |
23 | 25 | import java.util.Deque; |
42 | 44 | private static final boolean jre11Available; |
43 | 45 | private static final boolean jre9Available; |
44 | 46 | private static final StringManager sm = StringManager.getManager(JreCompat.class); |
47 | ||
48 | protected static final Method setApplicationProtocolsMethod; | |
49 | protected static final Method getApplicationProtocolMethod; | |
45 | 50 | |
46 | 51 | static { |
47 | 52 | // This is Tomcat 9 with a minimum Java version of Java 8. |
60 | 65 | jre9Available = false; |
61 | 66 | } |
62 | 67 | jre11Available = instance.jarFileRuntimeMajorVersion() >= 11; |
68 | ||
69 | Method m1 = null; | |
70 | Method m2 = null; | |
71 | try { | |
72 | m1 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class); | |
73 | m2 = SSLEngine.class.getMethod("getApplicationProtocol"); | |
74 | } catch (ReflectiveOperationException | IllegalArgumentException e) { | |
75 | // Only the newest Java 8 have the ALPN API, so ignore | |
76 | } | |
77 | setApplicationProtocolsMethod = m1; | |
78 | getApplicationProtocolMethod = m2; | |
63 | 79 | } |
64 | 80 | |
65 | 81 | |
70 | 86 | |
71 | 87 | public static boolean isGraalAvailable() { |
72 | 88 | return graalAvailable; |
89 | } | |
90 | ||
91 | ||
92 | public static boolean isAlpnSupported() { | |
93 | return setApplicationProtocolsMethod != null && getApplicationProtocolMethod != null; | |
73 | 94 | } |
74 | 95 | |
75 | 96 | |
108 | 129 | * connection |
109 | 130 | */ |
110 | 131 | public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) { |
111 | throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols")); | |
132 | if (setApplicationProtocolsMethod != null) { | |
133 | try { | |
134 | setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols); | |
135 | } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { | |
136 | throw new UnsupportedOperationException(e); | |
137 | } | |
138 | } else { | |
139 | throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols")); | |
140 | } | |
112 | 141 | } |
113 | 142 | |
114 | 143 | |
122 | 151 | * @return The name of the negotiated protocol |
123 | 152 | */ |
124 | 153 | public String getApplicationProtocol(SSLEngine sslEngine) { |
125 | throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol")); | |
154 | if (getApplicationProtocolMethod != null) { | |
155 | try { | |
156 | return (String) getApplicationProtocolMethod.invoke(sslEngine); | |
157 | } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { | |
158 | throw new UnsupportedOperationException(e); | |
159 | } | |
160 | } else { | |
161 | throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol")); | |
162 | } | |
126 | 163 | } |
127 | 164 | |
128 | 165 |
23 | 23 | import java.net.MalformedURLException; |
24 | 24 | import java.net.URI; |
25 | 25 | import java.net.URL; |
26 | import java.net.URLConnection; | |
26 | 27 | |
27 | 28 | /** |
28 | 29 | * Abstracts configuration file storage. Allows Tomcat embedding using the regular |
91 | 92 | } |
92 | 93 | public long getLastModified() |
93 | 94 | throws MalformedURLException, IOException { |
94 | return uri.toURL().openConnection().getLastModified(); | |
95 | URLConnection connection = null; | |
96 | try { | |
97 | connection = uri.toURL().openConnection(); | |
98 | return connection.getLastModified(); | |
99 | } finally { | |
100 | if (connection != null) { | |
101 | connection.getInputStream().close(); | |
102 | } | |
103 | } | |
95 | 104 | } |
96 | 105 | @Override |
97 | 106 | public void close() throws IOException { |
122 | 122 | |
123 | 123 | SSLParameters sslParameters = engine.getSSLParameters(); |
124 | 124 | sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder()); |
125 | if (JreCompat.isJre9Available() && clientRequestedApplicationProtocols != null | |
125 | if (JreCompat.isAlpnSupported() && clientRequestedApplicationProtocols != null | |
126 | 126 | && clientRequestedApplicationProtocols.size() > 0 |
127 | 127 | && negotiableProtocols.size() > 0) { |
128 | 128 | // Only try to negotiate if both client and server have at least |
134 | 134 | endpoint.warn.noUtilityExecutor=No utility executor was set, creating one |
135 | 135 | endpoint.warn.unlockAcceptorFailed=Acceptor thread [{0}] failed to unlock. Forcing hard socket shutdown. |
136 | 136 | |
137 | jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. | |
138 | jsse.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] due to [{2}] | |
139 | jsse.ssl3=SSLv3 has been explicitly enabled. This protocol is known to be insecure. | |
140 | jsse.tls13.auth=The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is therefore incompatible with optional client authentication | |
141 | ||
142 | 137 | nioBlockingSelector.keyNotRegistered=Key no longer registered |
143 | 138 | nioBlockingSelector.possibleLeak=Possible key leak, cancelling key in the finalizer |
144 | 139 | nioBlockingSelector.processingError=Error processing selection key operations |
157 | 152 | sslHostConfig.certificate.notype=Multiple certificates were specified and at least one is missing the required attribute type |
158 | 153 | sslHostConfig.certificateVerificationInvalid=The certificate verification value [{0}] is not recognised |
159 | 154 | sslHostConfig.fileNotFound=Configured file [{0}] does not exist |
155 | sslHostConfig.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. | |
160 | 156 | sslHostConfig.mismatch=The property [{0}] was set on the SSLHostConfig named [{1}] and is for the [{2}] configuration syntax but the SSLHostConfig is being used with the [{3}] configuration syntax |
161 | 157 | sslHostConfig.opensslconf.null=Attempt to set null OpenSSLConf ignored |
162 | 158 | sslHostConfig.prefix_missing=The protocol [{0}] was added to the list of protocols on the SSLHostConfig named [{1}]. Check if a +/- prefix is missing. |
166 | 162 | sslImplementation.cnfe=Unable to create SSLImplementation for class [{0}] |
167 | 163 | |
168 | 164 | sslUtilBase.active=The [{0}] that are active are : [{1}] |
165 | sslUtilBase.alias_no_key_entry=Alias name [{0}] does not identify a key entry | |
166 | sslUtilBase.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager | |
167 | sslUtilBase.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] due to [{2}] | |
168 | sslUtilBase.noCertFile=SSLHostConfig attribute certificateFile must be defined when using an SSL connector | |
169 | sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does not support the certificateRevocationFile configuration option | |
170 | sslUtilBase.noKeys=No aliases for private keys found in key store | |
171 | sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support the certificateVerificationDepth configuration option | |
169 | 172 | sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL engine : [{1}] |
170 | 173 | sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL engine and have been skipped: [{1}] |
174 | sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to be insecure. | |
175 | sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is therefore incompatible with optional client authentication | |
176 | sslUtilBase.trustedCertNotChecked=The validity dates of the trusted certificate with alias [{0}] were not checked as the certificate was of an unknown type | |
177 | sslUtilBase.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted |
33 | 33 | endpoint.warn.incorrectConnectionCount=Nesprávný počet spojení, více volání metody socket.close pro stejný socket. |
34 | 34 | endpoint.warn.noLocalName=Nelze určit lokální jméno serveru pro socket [{0}] |
35 | 35 | |
36 | jsse.ssl3=SSLv3 byl explicitně povolen. Tento protokol není bezpečný. | |
37 | ||
38 | 36 | socket.apr.closed=Socket [{0}] přiřazený na spojení byl uzavřen. |
39 | 37 | socket.closed=Socket přiřazený k tomuto spojení byl uzavřen. |
40 | 38 | |
41 | 39 | sslHostConfig.fileNotFound=Konfigurační soubor [{0}] neexistuje |
42 | 40 | |
43 | 41 | sslUtilBase.noneSupported=Žádný z uvedených [{0}] není podporován SSL enginem: [{1}] |
42 | sslUtilBase.ssl3=SSLv3 byl explicitně povolen. Tento protokol není bezpečný. |
37 | 37 | endpoint.warn.incorrectConnectionCount=Falsche Verbindungsanzahl, mehrere socket.close-Aufrufe auf dem gleichen Socket |
38 | 38 | endpoint.warn.noLocalName=Lokaler Hostname für Socket [{0}] konnte nicht ermittelt werden |
39 | 39 | |
40 | jsse.ssl3=SSLv3 wurde explizit eingeschalten. Dieses Protokoll ist als unsicher bekannt. | |
41 | ||
42 | 40 | socket.apr.closed=Der zu dieser Verbindung gehörende Socket [{0}] wurde geschlossen. |
43 | 41 | |
44 | 42 | sslHostConfig.certificate.notype=Es wurden mehrere Zertifikate angegeben und mindestens einem fehlt ein erforderlicher Attributs Typ |
45 | 43 | sslHostConfig.fileNotFound=Die konfigurierte Datei [{0}] existiert nicht.\n |
46 | 44 | sslHostConfig.opensslconf.null=Versuch eine null OpenSSLConf zu setzen ignoriert |
47 | 45 | |
46 | sslUtilBase.noVerificationDepth=Der truststoreProvider [{0}] unterstützt nicht die Option certificateVerificationDepth | |
48 | 47 | sslUtilBase.noneSupported=Keine der spezifizierten [{0}] wird von der SSL Engine unterstützt: [{1}] |
48 | sslUtilBase.ssl3=SSLv3 wurde explizit eingeschalten. Dieses Protokoll ist als unsicher bekannt. | |
49 | sslUtilBase.trustedCertNotValid=Das vertrauenswürdige Zertifikat mit alias [{0}] und DN [{1}] ist auf Grund von [{2}] nicht gültig. Zertifikate die von diesem signiert worden sind WERDEN akzeptiert. |
56 | 56 | endpoint.warn.noLocalPort=Uncapaz de determinar el puerto local para el socket [{0}]\n |
57 | 57 | endpoint.warn.unlockAcceptorFailed=El hilo aceptador [{0}] falló al desbloquear. Forzando apagado de enchufe (socket). |
58 | 58 | |
59 | jsse.invalid_truststore_password=La clave del almacén de confianza suministrada no se pudo usar para desbloquear y/o validar el almacén de confianza. Reintentando acceder el almacén de confianza con una clave nula que se saltará la validación. | |
60 | jsse.keystore_load_failed=No pude cargar almacén de claves de tipo [{0}] con ruta [{1}] debido a [{2}] | |
61 | jsse.ssl3=SSLv3 ha sido explicitamente habilitado. Se conoce que este protocolo es inseguro | |
62 | ||
63 | 59 | sniExtractor.clientHelloTooBig=El ClientHello no fue presentado en un sólo registro TLS por lo cual no se pudo extraer la información SNI |
64 | 60 | |
65 | 61 | socket.apr.closed=El socket [{0}] asociado con esta conexión ha sido cerrado. |
67 | 63 | |
68 | 64 | sslHostConfig.certificate.notype=Se especificaron multiples certificados y al menos uno de ellos no tiene el tipo de atributo requerido |
69 | 65 | sslHostConfig.fileNotFound=No existe el archivo configurado [{0}] |
66 | sslHostConfig.invalid_truststore_password=La clave del almacén de confianza suministrada no se pudo usar para desbloquear y/o validar el almacén de confianza. Reintentando acceder el almacén de confianza con una clave nula que se saltará la validación. | |
70 | 67 | sslHostConfig.opensslconf.null=El intento de fijar OpenSSLConf en nulo fue ignorado |
71 | 68 | |
72 | 69 | sslImplementation.cnfe=Incapaz de crear SSLImplementation para la clase [{0}] |
73 | 70 | |
71 | sslUtilBase.alias_no_key_entry=El nombre de Alias [{0}] no identifica una entrada de clave | |
72 | sslUtilBase.invalidTrustManagerClassName=El trustManagerClassName suministrado [{0}] no implementa javax.net.ssl.TrustManager | |
73 | sslUtilBase.keystore_load_failed=No pude cargar almacén de claves de tipo [{0}] con ruta [{1}] debido a [{2}] | |
74 | 74 | sslUtilBase.noneSupported=Ninguno de los [{0}] especificados es soportado por el motor SSL : [{1}] |
75 | sslUtilBase.ssl3=SSLv3 ha sido explicitamente habilitado. Se conoce que este protocolo es inseguro | |
76 | sslUtilBase.trustedCertNotValid=El certificado confiable con alias [{0}] y DN [{1}] no es válido debido a [{2}]. Los certificados firmados por este certificados confiable SERAN aceptados\n |
134 | 134 | endpoint.warn.noUtilityExecutor=Aucun exécuteur utilitaire configuré, un nouveau sera crée |
135 | 135 | endpoint.warn.unlockAcceptorFailed=Le thread qui accepte les sockets [{0}] n''a pu être débloqué, arrêt forcé su socket serveur |
136 | 136 | |
137 | jsse.invalid_truststore_password=Le mot de passe de la base de confiance n'a pas pu être utilisé pour déverrouiller et ou valider celle ci, nouvel essai en utilisant un mot de passe null pour passer la validation | |
138 | jsse.keystore_load_failed=Impossible de changer la base de clés de type [{0}] avec le chemin [{1}] à cause de [{2}] | |
139 | jsse.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu comme non-sécurisé. | |
140 | jsse.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas l'authentification après la négociation initiale, elle est donc incompatible avec l’authentification optionnelle du client | |
141 | ||
142 | 137 | nioBlockingSelector.keyNotRegistered=La clé n'est plus enregistrée |
143 | 138 | nioBlockingSelector.possibleLeak=Une fuite de mémoire sur la clé a pu se produire, la clé est annulée dans le finalizer |
144 | 139 | nioBlockingSelector.processingError=Erreur lors du traitement des opérations de sélection des clés |
157 | 152 | sslHostConfig.certificate.notype=Plusieurs certificats ont été spécifiés et au moins un n'a pas d'attribut type |
158 | 153 | sslHostConfig.certificateVerificationInvalid=La valeur de vérification de certificat [{0}] n''est pas reconnue |
159 | 154 | sslHostConfig.fileNotFound=Le fichier [{0}] configuré n''existe pas. |
155 | sslHostConfig.invalid_truststore_password=Le mot de passe de la base de confiance n'a pas pu être utilisé pour déverrouiller et ou valider celle ci, nouvel essai en utilisant un mot de passe null pour passer la validation | |
160 | 156 | sslHostConfig.mismatch=La propriété [{0}] a été fixée sur le SSLHostConfig nommé [{1}] et est pour la syntaxe de configuration [{2}] mais le SSLHostConfig est utilisé avec la syntaxe de configuration [{3}] |
161 | 157 | sslHostConfig.opensslconf.null=L'OpenSSLConf nul a été ignoré |
162 | 158 | sslHostConfig.prefix_missing=Le protocole [{0}] a été ajouté à la liste des protocoles du SSLHostConfig nommé [{1}], vérifier qu''un préfixe +/- ne manque pas |
166 | 162 | sslImplementation.cnfe=Impossible de créer une SSLImplementation avec la class [{0}] |
167 | 163 | |
168 | 164 | sslUtilBase.active=Les [{0}] qui sont actifs sont : [{1}] |
165 | sslUtilBase.alias_no_key_entry=Le nom alias [{0}] n''identifie pas une entrée de clé | |
166 | sslUtilBase.invalidTrustManagerClassName=Le trustManagerClassName fourni [{0}] n''implémente pas javax.net.ssl.TrustManager | |
167 | sslUtilBase.keystore_load_failed=Impossible de changer la base de clés de type [{0}] avec le chemin [{1}] à cause de [{2}] | |
168 | sslUtilBase.noCertFile=L'attribut certificateFile de SSLHostConfig doit être défini lorsqu'un connecteur SSL est utilisé | |
169 | sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne supporte pas d''option de configuration certificateRevocationFile | |
170 | sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la base de clés | |
171 | sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas l''option de configuration certificateVerificationDepth | |
169 | 172 | sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le moteur SSL : [{1}] |
170 | 173 | sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le moteur SSL et ont été ignorés : [{1}] |
174 | sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu comme non-sécurisé. | |
175 | sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas l'authentification après la négociation initiale, elle est donc incompatible avec l’authentification optionnelle du client | |
176 | sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est inconnu | |
177 | sslUtilBase.trustedCertNotValid=Le certificat de confiance avec l''alias [{0}] et le DN [{1}] n''est pas valide à cause de [{2}], les certificats signés par ce certificat de confiance SERONT acceptés |
134 | 134 | endpoint.warn.noUtilityExecutor=ユーティリティエグゼキュターが構成されていません。新たに作成します。 |
135 | 135 | endpoint.warn.unlockAcceptorFailed=Acceptor スレッド[{0}]のロックを解除できませんでした。 強制的にハードソケットをシャットダウンします。 |
136 | 136 | |
137 | jsse.invalid_truststore_password=提供されたトラストストアパスワードは、トラストストアのロック解除および検証に使用できませんでした。 検証をスキップするnullパスワードでトラストストアにアクセスしようとしました。 | |
138 | jsse.keystore_load_failed=[{0}] のキーストア [{1}] の読み込みは [{2}] により失敗しました。 | |
139 | jsse.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。 | |
140 | jsse.tls13.auth=JSSE TLS 1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。 | |
141 | ||
142 | 137 | nioBlockingSelector.keyNotRegistered=セレクタにキーが登録されていません。 |
143 | 138 | nioBlockingSelector.possibleLeak=潜在的なキーのリークです。finalizer でキーをキャンセルします。 |
144 | 139 | nioBlockingSelector.processingError=選択キー操作の処理中のエラー |
157 | 152 | sslHostConfig.certificate.notype=指定された複数の証明書の中に、少なくとも1つは必須要素の存在しない証明書が含まれています。 |
158 | 153 | sslHostConfig.certificateVerificationInvalid=証明書検証値[{0}]が認識されません |
159 | 154 | sslHostConfig.fileNotFound=構成ファイル[{0}]は存在しません |
155 | sslHostConfig.invalid_truststore_password=提供されたトラストストアパスワードは、トラストストアのロック解除および検証に使用できませんでした。 検証をスキップするnullパスワードでトラストストアにアクセスしようとしました。 | |
160 | 156 | sslHostConfig.mismatch=[{0}]プロパティは[{1}]という名前のSSLHostConfigで設定され、[{2}]構成構文用ですが、[{3}]構成構文でSSLHostConfigが使用されています。 |
161 | 157 | sslHostConfig.opensslconf.null=Null OpenSSLConfを設定しようとしましたが無視されました |
162 | 158 | sslHostConfig.prefix_missing=[{1}]というSSLHostConfigのプロトコルのリストにプロトコル[{0}]が追加されました。 +/-接頭辞がないか確認してください。 |
166 | 162 | sslImplementation.cnfe=クラス [{0}] のインスタンスを SSLImplementation として作成できません。 |
167 | 163 | |
168 | 164 | sslUtilBase.active=アクティブな[{0}]は次のとおりです:[{1}] |
165 | sslUtilBase.alias_no_key_entry=別名 [{0}] はキーエントリを発見できません | |
166 | sslUtilBase.invalidTrustManagerClassName=[{0}]が提供するtrustManagerClassNameはjavax.net.ssl.TrustManagerを実装していません。 | |
167 | sslUtilBase.keystore_load_failed=[{0}] のキーストア [{1}] の読み込みは [{2}] により失敗しました。 | |
168 | sslUtilBase.noCertFile=SSLコネクタを使用する場合は、SSLHostConfigのcertificateFile属性を定義する必要があります。 | |
169 | sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定項目 certificateRevocationFile に対応していません。 | |
170 | sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。 | |
171 | sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目 certificateVerificationDepth に未対応です。 | |
169 | 172 | sslUtilBase.noneSupported=指定された[{0}]のどれもSSLエンジンでサポートされていません:[{1}] |
170 | 173 | sslUtilBase.skipped=指定された[{0}]の一部はSSLエンジンでサポートされておらず、スキップされています:[{1}] |
174 | sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。 | |
175 | sslUtilBase.tls13.auth=JSSE TLS 1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。 | |
176 | sslUtilBase.trustedCertNotChecked=エイリアス[{0}]を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした。 | |
177 | sslUtilBase.trustedCertNotValid=エイリアス[{0}]とDN [{1}]を持つ信頼できる証明書が[{2}]のために無効です。 この信頼できる証明書で署名された証明書が受け入れられるでしょう |
134 | 134 | endpoint.warn.noUtilityExecutor=UtilityExecutor가 설정되지 않아, 새로 생성합니다. |
135 | 135 | endpoint.warn.unlockAcceptorFailed=Acceptor 쓰레드 [{0}]이(가) 잠금을 풀지 못했습니다. 강제로 소켓을 셧다운합니다. |
136 | 136 | |
137 | jsse.invalid_truststore_password=Trust 저장소를 잠금을 풀거나 유효한지 확인하는 용도로, 제공된 Trust 저장소 비밀번호를 사용할 수 없었습니다. 널 비밀번호를 사용하여, 해당 Trust 저장소에 대한 접근을 다시 시도합니다. 이는 유효한지 확인하는 작업을 건너뛸 것입니다. | |
138 | jsse.keystore_load_failed=[{2}](으)로 인하여, 경로 [{1}]에 있고 타입이 [{0}]인 키 저장소를 로드하지 못했습니다. | |
139 | jsse.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다. | |
140 | jsse.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라, 선택사항인 클라이언트 인증과 호환되지 않습니다. | |
141 | ||
142 | 137 | nioBlockingSelector.keyNotRegistered=키가 더 이상 등록되어 있지 않습니다. |
143 | 138 | nioBlockingSelector.possibleLeak=키 누수가 가능한 상황입니다. finalize()에서 키를 취소합니다. |
144 | 139 | nioBlockingSelector.processingError=Selection 키 오퍼레이션들을 처리 중 오류 발생 |
157 | 152 | sslHostConfig.certificate.notype=여러 개의 인증서들이 지정되었는데, 적어도 하나의 인증서에 필수 속성 타입이 없습니다. |
158 | 153 | sslHostConfig.certificateVerificationInvalid=인증서 검증 값 [{0}]은(는) 인식되지 않는 값입니다. |
159 | 154 | sslHostConfig.fileNotFound=설정된 파일 [{0}]이(가) 존재하지 않습니다. |
155 | sslHostConfig.invalid_truststore_password=Trust 저장소를 잠금을 풀거나 유효한지 확인하는 용도로, 제공된 Trust 저장소 비밀번호를 사용할 수 없었습니다. 널 비밀번호를 사용하여, 해당 Trust 저장소에 대한 접근을 다시 시도합니다. 이는 유효한지 확인하는 작업을 건너뛸 것입니다. | |
160 | 156 | sslHostConfig.mismatch=[{1}](이)라는 이름의 SSLHostConfig에 프로퍼티 [{0}]이(가) 설정되었는데, 이 프로퍼티는 [{2}] 설정 문법을 위한 것이나, 해당 SSLHostConfig은 [{3}] 설정 문법으로 사용되고 있습니다. |
161 | 157 | sslHostConfig.opensslconf.null=널인 OpenSSLConf를 설정하려는 시도가 무시되었습니다. |
162 | 158 | sslHostConfig.prefix_missing=프로토콜 [{0}]이(가) [{1}](이)라는 이름을 가진 SSLHostConfig의 프로토콜 목록에 추가되어 있습니다. +/- prefix가 누락되었는지 점검하십시오. |
166 | 162 | sslImplementation.cnfe=클래스 [{0}]의 SSLImplementation 객체를 생성할 수 없습니다. |
167 | 163 | |
168 | 164 | sslUtilBase.active=활성화 된 [{0}]은(는) 다음과 같습니다: [{1}] |
165 | sslUtilBase.alias_no_key_entry=별칭 이름 [{0}]을(를) 사용하여 키 엔트리를 식별해낼 수 없습니다. | |
166 | sslUtilBase.invalidTrustManagerClassName=trustManagerClassName에 의해 제공된 클래스 [{0}]은(는) javax.net.ssl.TrustManager를 구현하지 않았습니다. | |
167 | sslUtilBase.keystore_load_failed=[{2}](으)로 인하여, 경로 [{1}]에 있고 타입이 [{0}]인 키 저장소를 로드하지 못했습니다. | |
168 | sslUtilBase.noCertFile=SSLHostConfig의 속성인 certificateFile은, 반드시 SSL connector를 사용할 때에만 정의되어야 합니다. | |
169 | sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는) certificateRevocationFile 설정 옵션을 지원하지 않습니다. | |
170 | sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다. | |
171 | sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는) certificateVerificationDepth 설정 옵션을 지원하지 않습니다. | |
169 | 172 | sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}] |
170 | 173 | sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}] |
174 | sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다. | |
175 | sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라, 선택사항인 클라이언트 인증과 호환되지 않습니다. | |
176 | sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의 유효일자들이 점검되지 않았습니다. | |
177 | sslUtilBase.trustedCertNotValid=별칭이 [{0}](이)고 DN이 [{1}]인 해당 신뢰받는 인증서는 [{2}](으)로 인하여 유효하지 않습니다. 이 신뢰되는 인증서에 의해 서명된 인증서들은 받아들여질 것입니다. |
134 | 134 | endpoint.warn.noUtilityExecutor=没有公共的executor 被设置时,创建一个. |
135 | 135 | endpoint.warn.unlockAcceptorFailed=接收器线程[{0}]解锁失败。强制硬套接字关闭。 |
136 | 136 | |
137 | jsse.invalid_truststore_password=提供的信任存储密码无法用于解锁和/或验证信任存储。正在重试使用空密码访问信任存储,该密码将跳过验证。 | |
138 | jsse.keystore_load_failed=由于{2},无法加载路径为{1}]的密钥库类型{0}] | |
139 | jsse.ssl3=SSLv3 已显式启用。 已知该协议是不安全。 | |
140 | jsse.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容 | |
141 | ||
142 | 137 | nioBlockingSelector.keyNotRegistered=密钥不再注册 |
143 | 138 | nioBlockingSelector.possibleLeak=可能的密钥泄漏,正在取消终结器中的密钥 |
144 | 139 | nioBlockingSelector.processingError=处理选择键操作时出错 |
157 | 152 | sslHostConfig.certificate.notype=指定了多个证书,并且至少有一个证书缺少必需的属性类型 |
158 | 153 | sslHostConfig.certificateVerificationInvalid=证书认证值[{0}]未识别 |
159 | 154 | sslHostConfig.fileNotFound=配置文件 [{0}] 不存在 |
155 | sslHostConfig.invalid_truststore_password=提供的信任存储密码无法用于解锁和/或验证信任存储。正在重试使用空密码访问信任存储,该密码将跳过验证。 | |
160 | 156 | sslHostConfig.mismatch=属性[{0}]是在名为[{1}]的SSLHostConfig 上设置的,用于[{2}]配置语法,但SSLHostConfig 正与[{3}]配置语法一起使用 |
161 | 157 | sslHostConfig.opensslconf.null=(:忽略设置空OpenSSLConf 的尝试 |
162 | 158 | sslHostConfig.prefix_missing=协议[{0}]已添加到名为[{1}]的SSLHostConfig 上的协议列表中。检查是否缺少一个+/-前缀。 |
166 | 162 | sslImplementation.cnfe=无法为类 [{0}] 创建SSLImplementation |
167 | 163 | |
168 | 164 | sslUtilBase.active=活跃的[{0}]是:[{1}] |
165 | sslUtilBase.alias_no_key_entry=别名[{0}]不标识密钥项 | |
166 | sslUtilBase.invalidTrustManagerClassName=提供的trustManagerClassName[{0}]未实现javax.net.ssl.TrustManager | |
167 | sslUtilBase.keystore_load_failed=由于{2},无法加载路径为{1}]的密钥库类型{0}] | |
168 | sslUtilBase.noCertFile=使用SSL连接器时必须定义SSLHostConfig属性certificateFile | |
169 | sslUtilBase.noCrlSupport=truststoreProvider [{0}]不支持certificateRevocationFile配置选项 | |
170 | sslUtilBase.noKeys=在密钥存储中找不到私钥的别名 | |
171 | sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项 | |
169 | 172 | sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]:[{1}] |
170 | 173 | sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持,已被跳过:[{1}] |
174 | sslUtilBase.ssl3=SSLv3 已显式启用。 已知该协议是不安全。 | |
175 | sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容 | |
176 | sslUtilBase.trustedCertNotChecked=未检查别名为{0}的受信任证书的有效日期,因为该证书属于未知类型 | |
177 | sslUtilBase.trustedCertNotValid=由于[{2}],别名为[{0}]且DN [{1}]的可信证书无效。 将接受由此可信证书签署的证书 |
724 | 724 | Throwable cause = ioe.getCause(); |
725 | 725 | if (cause instanceof UnrecoverableKeyException) { |
726 | 726 | // Log a warning we had a password issue |
727 | log.warn(sm.getString("jsse.invalid_truststore_password"), | |
727 | log.warn(sm.getString("sslHostConfig.invalid_truststore_password"), | |
728 | 728 | cause); |
729 | 729 | // Re-try |
730 | 730 | result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), |
84 | 84 | public X509Certificate[] getPeerCertificateChain() throws IOException; |
85 | 85 | |
86 | 86 | /** |
87 | * The server certificate chain (if any) that were sent to the peer. | |
88 | * | |
89 | * @return The certificate chain sent with the server | |
90 | * certificate first, followed by those of any certificate | |
91 | * authorities | |
92 | */ | |
93 | public default X509Certificate[] getLocalCertificateChain() { | |
94 | return null; | |
95 | } | |
96 | ||
97 | /** | |
87 | 98 | * Get the keysize. |
88 | 99 | * |
89 | 100 | * What we're supposed to put here is ill-defined by the |
107 | 107 | List<String> enabledProtocols = |
108 | 108 | getEnabled("protocols", getLog(), warnTls13, configuredProtocols, implementedProtocols); |
109 | 109 | if (enabledProtocols.contains("SSLv3")) { |
110 | log.warn(sm.getString("jsse.ssl3")); | |
110 | log.warn(sm.getString("sslUtilBase.ssl3")); | |
111 | 111 | } |
112 | 112 | this.enabledProtocols = enabledProtocols.toArray(new String[0]); |
113 | 113 | |
114 | 114 | if (enabledProtocols.contains(Constants.SSL_PROTO_TLSv1_3) && |
115 | 115 | sslHostConfig.getCertificateVerification() == CertificateVerification.OPTIONAL && |
116 | 116 | !isTls13RenegAuthAvailable() && warnTls13) { |
117 | log.warn(sm.getString("jsse.tls13.auth")); | |
117 | log.warn(sm.getString("sslUtilBase.tls13.auth")); | |
118 | 118 | } |
119 | 119 | |
120 | 120 | // Calculate the enabled ciphers |
221 | 221 | // Re-throw. Caller will catch and log as required |
222 | 222 | throw ioe; |
223 | 223 | } catch(Exception ex) { |
224 | String msg = sm.getString("jsse.keystore_load_failed", type, path, | |
224 | String msg = sm.getString("sslUtilBase.keystore_load_failed", type, path, | |
225 | 225 | ex.getMessage()); |
226 | 226 | log.error(msg, ex); |
227 | 227 | throw new IOException(msg); |
297 | 297 | |
298 | 298 | if (ks == null) { |
299 | 299 | if (certificate.getCertificateFile() == null) { |
300 | throw new IOException(sm.getString("jsse.noCertFile")); | |
300 | throw new IOException(sm.getString("sslUtilBase.noCertFile")); | |
301 | 301 | } |
302 | 302 | |
303 | 303 | PEMFile privateKeyFile = new PEMFile( |
322 | 322 | chain.toArray(new Certificate[0])); |
323 | 323 | } else { |
324 | 324 | if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { |
325 | throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); | |
325 | throw new IOException(sm.getString("sslUtilBase.alias_no_key_entry", keyAlias)); | |
326 | 326 | } else if (keyAlias == null) { |
327 | 327 | Enumeration<String> aliases = ks.aliases(); |
328 | 328 | if (!aliases.hasMoreElements()) { |
329 | throw new IOException(sm.getString("jsse.noKeys")); | |
329 | throw new IOException(sm.getString("sslUtilBase.noKeys")); | |
330 | 330 | } |
331 | 331 | while (aliases.hasMoreElements() && keyAlias == null) { |
332 | 332 | keyAlias = aliases.nextElement(); |
335 | 335 | } |
336 | 336 | } |
337 | 337 | if (keyAlias == null) { |
338 | throw new IOException(sm.getString("jsse.alias_no_key_entry", (Object) null)); | |
338 | throw new IOException(sm.getString("sslUtilBase.alias_no_key_entry", (Object) null)); | |
339 | 339 | } |
340 | 340 | } |
341 | 341 | |
401 | 401 | Class<?> clazz = classLoader.loadClass(className); |
402 | 402 | if(!(TrustManager.class.isAssignableFrom(clazz))){ |
403 | 403 | throw new InstantiationException(sm.getString( |
404 | "jsse.invalidTrustManagerClassName", className)); | |
404 | "sslUtilBase.invalidTrustManagerClassName", className)); | |
405 | 405 | } |
406 | 406 | Object trustManagerObject = clazz.getConstructor().newInstance(); |
407 | 407 | TrustManager trustManager = (TrustManager) trustManagerObject; |
428 | 428 | tmf.init(trustStore); |
429 | 429 | tms = tmf.getTrustManagers(); |
430 | 430 | if (crlf != null && crlf.length() > 0) { |
431 | throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm)); | |
431 | throw new CRLException(sm.getString("sslUtilBase.noCrlSupport", algorithm)); | |
432 | 432 | } |
433 | 433 | // Only warn if the attribute has been explicitly configured |
434 | 434 | if (sslHostConfig.isCertificateVerificationDepthConfigured()) { |
435 | log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm)); | |
435 | log.warn(sm.getString("sslUtilBase.noVerificationDepth", algorithm)); | |
436 | 436 | } |
437 | 437 | } |
438 | 438 | } |
453 | 453 | try { |
454 | 454 | ((X509Certificate) cert).checkValidity(now); |
455 | 455 | } catch (CertificateExpiredException | CertificateNotYetValidException e) { |
456 | String msg = sm.getString("jsseUtil.trustedCertNotValid", alias, | |
456 | String msg = sm.getString("sslUtilBase.trustedCertNotValid", alias, | |
457 | 457 | ((X509Certificate) cert).getSubjectDN(), e.getMessage()); |
458 | 458 | if (log.isDebugEnabled()) { |
459 | 459 | log.debug(msg, e); |
463 | 463 | } |
464 | 464 | } else { |
465 | 465 | if (log.isDebugEnabled()) { |
466 | log.debug(sm.getString("jsseUtil.trustedCertNotChecked", alias)); | |
466 | log.debug(sm.getString("sslUtilBase.trustedCertNotChecked", alias)); | |
467 | 467 | } |
468 | 468 | } |
469 | 469 | } |
244 | 244 | if (sslEngine instanceof SSLUtil.ProtocolInfo) { |
245 | 245 | socketWrapper.setNegotiatedProtocol( |
246 | 246 | ((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol()); |
247 | } else if (JreCompat.isJre9Available()) { | |
247 | } else if (JreCompat.isAlpnSupported()) { | |
248 | 248 | socketWrapper.setNegotiatedProtocol( |
249 | 249 | JreCompat.getInstance().getApplicationProtocol(sslEngine)); |
250 | 250 | } |
195 | 195 | if (sslEngine instanceof SSLUtil.ProtocolInfo) { |
196 | 196 | socketWrapper.setNegotiatedProtocol( |
197 | 197 | ((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol()); |
198 | } else if (JreCompat.isJre9Available()) { | |
198 | } else if (JreCompat.isAlpnSupported()) { | |
199 | 199 | socketWrapper.setNegotiatedProtocol( |
200 | 200 | JreCompat.getInstance().getApplicationProtocol(sslEngine)); |
201 | 201 | } |
51 | 51 | |
52 | 52 | @Override |
53 | 53 | public boolean isAlpnSupported() { |
54 | return JreCompat.isJre9Available(); | |
54 | return JreCompat.isAlpnSupported(); | |
55 | 55 | } |
56 | 56 | } |
20 | 20 | import java.io.IOException; |
21 | 21 | import java.security.cert.Certificate; |
22 | 22 | import java.security.cert.CertificateFactory; |
23 | import java.security.cert.X509Certificate; | |
23 | 24 | import java.util.HashMap; |
24 | 25 | import java.util.Map; |
25 | 26 | |
86 | 87 | } |
87 | 88 | |
88 | 89 | @Override |
90 | public X509Certificate[] getLocalCertificateChain() { | |
91 | if (session == null) { | |
92 | return null; | |
93 | } | |
94 | return convertCertificates(session.getLocalCertificates()); | |
95 | } | |
96 | ||
97 | @Override | |
89 | 98 | public java.security.cert.X509Certificate[] getPeerCertificateChain() throws IOException { |
90 | 99 | // Look up the current SSLSession |
91 | 100 | if (session == null) |
98 | 107 | log.debug(sm.getString("jsseSupport.clientCertError"), t); |
99 | 108 | return null; |
100 | 109 | } |
110 | ||
111 | return convertCertificates(certs); | |
112 | } | |
113 | ||
114 | ||
115 | private static java.security.cert.X509Certificate[] convertCertificates(Certificate[] certs) { | |
101 | 116 | if( certs==null ) return null; |
102 | 117 | |
103 | 118 | java.security.cert.X509Certificate [] x509Certs = |
121 | 121 | String protocolUpper = protocol.toUpperCase(Locale.ENGLISH); |
122 | 122 | if (!"SSLV2HELLO".equals(protocolUpper) && !"SSLV3".equals(protocolUpper)) { |
123 | 123 | if (protocolUpper.contains("SSL")) { |
124 | log.debug(sm.getString("jsse.excludeProtocol", protocol)); | |
124 | log.debug(sm.getString("jsseUtil.excludeProtocol", protocol)); | |
125 | 125 | continue; |
126 | 126 | } |
127 | 127 | } |
129 | 129 | } |
130 | 130 | |
131 | 131 | if (implementedProtocols.size() == 0) { |
132 | log.warn(sm.getString("jsse.noDefaultProtocols")); | |
132 | log.warn(sm.getString("jsseUtil.noDefaultProtocols")); | |
133 | 133 | } |
134 | 134 | |
135 | 135 | String[] implementedCipherSuiteArray = context.getSupportedSSLParameters().getCipherSuites(); |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=Alias name [{0}] does not identify a key entry | |
16 | jsse.excludeProtocol=The SSL protocol [{0}] which is supported in this JRE was excluded from the protocols available to Tomcat | |
17 | jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager | |
18 | jsse.noCertFile=SSLHostConfig attribute certificateFile must be defined when using an SSL connector | |
19 | jsse.noDefaultProtocols=Unable to determine a default for sslEnabledProtocols. Set an explicit value to ensure the connector can start. | |
20 | jsse.noKeys=No aliases for private keys found in key store | |
21 | jsse.openssl.effectiveCiphers=Ciphers used: [{0}] | |
22 | jsse.openssl.unknownElement=Unknown element in cipher string: [{0}] | |
23 | jsse.pemParseError=Unable to parse the key from [{0}] | |
24 | ||
25 | 15 | jsseSupport.certTranslationError=Error translating certificate [{0}] |
26 | 16 | jsseSupport.clientCertError=Error trying to obtain a certificate from the client |
27 | 17 | |
28 | jsseUtil.noCrlSupport=The truststoreProvider [{0}] does not support the certificateRevocationFile configuration option | |
29 | jsseUtil.noVerificationDepth=The truststoreProvider [{0}] does not support the certificateVerificationDepth configuration option | |
30 | jsseUtil.trustedCertNotChecked=The validity dates of the trusted certificate with alias [{0}] were not checked as the certificate was of an unknown type | |
31 | jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted | |
18 | jsseUtil.excludeProtocol=The SSL protocol [{0}] which is supported in this JRE was excluded from the protocols available to Tomcat | |
19 | jsseUtil.noDefaultProtocols=Unable to determine a default for sslEnabledProtocols. Set an explicit value to ensure the connector can start. | |
32 | 20 | |
33 | 21 | pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java does not provide an API for constructing an RSA private key object from that format |
34 | 22 | pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915 |
23 | pemFile.parseError=Unable to parse the key from [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.pemParseError=Nelze analyzovat klíč [{0}] | |
15 | pemFile.parseError=Nelze analyzovat klíč [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.openssl.effectiveCiphers=Verwendete Ciphers: [{0}] | |
16 | jsse.pemParseError=Der Schlüssel konnte nicht aus [{0}] geparst werden. | |
17 | ||
18 | 15 | jsseSupport.certTranslationError=Fehler beim Übersetzen des Zertifikates [{0}] |
19 | 16 | jsseSupport.clientCertError=Fehler beim Versuch ein Zertifikat vom Client zu erhalten. |
20 | 17 | |
21 | jsseUtil.noVerificationDepth=Der truststoreProvider [{0}] unterstützt nicht die Option certificateVerificationDepth | |
22 | jsseUtil.trustedCertNotValid=Das vertrauenswürdige Zertifikat mit alias [{0}] und DN [{1}] ist auf Grund von [{2}] nicht gültig. Zertifikate die von diesem signiert worden sind WERDEN akzeptiert. | |
18 | pemFile.parseError=Der Schlüssel konnte nicht aus [{0}] geparst werden. |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=El nombre de Alias [{0}] no identifica una entrada de clave | |
16 | jsse.invalidTrustManagerClassName=El trustManagerClassName suministrado [{0}] no implementa javax.net.ssl.TrustManager | |
17 | jsse.openssl.effectiveCiphers=Cifradores usados: [{0}] | |
18 | jsse.pemParseError=Imposible parsear la clave desde [{0}] | |
19 | ||
20 | 15 | jsseSupport.clientCertError=Error tratando de obtener un certificado desde el cliente |
21 | 16 | |
22 | jsseUtil.trustedCertNotValid=El certificado confiable con alias [{0}] y DN [{1}] no es válido debido a [{2}]. Los certificados firmados por este certificados confiable SERAN aceptados\n | |
17 | pemFile.parseError=Imposible parsear la clave desde [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=Le nom alias [{0}] n''identifie pas une entrée de clé | |
16 | jsse.excludeProtocol=Le protocole SSL [{0}] qui est supporté par ce JRE a été exclu des protocoles disponibles dans Tomcat | |
17 | jsse.invalidTrustManagerClassName=Le trustManagerClassName fourni [{0}] n''implémente pas javax.net.ssl.TrustManager | |
18 | jsse.noCertFile=L'attribut certificateFile de SSLHostConfig doit être défini lorsqu'un connecteur SSL est utilisé | |
19 | jsse.noDefaultProtocols=Impossible de déterminer un défaut pour sslEnabledProtocols de [{0}], indiquez une valeur explicite pour permettre le démarrage du connecteur | |
20 | jsse.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la base de clés | |
21 | jsse.openssl.effectiveCiphers=Chiffres utilisés : [{0}] | |
22 | jsse.openssl.unknownElement=Elément inconnu dans la chaîne de chiffres : [{0}] | |
23 | jsse.pemParseError=Impossible de parser la clé de [{0}] | |
24 | ||
25 | 15 | jsseSupport.certTranslationError=Erreur lors de la traduction du certificat [{0}] |
26 | 16 | jsseSupport.clientCertError=Echec de l'obtention d'un certificat de la part du client |
27 | 17 | |
28 | jsseUtil.noCrlSupport=Le truststoreProvider [{0}] ne supporte pas d''option de configuration certificateRevocationFile | |
29 | jsseUtil.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas l''option de configuration certificateVerificationDepth | |
30 | jsseUtil.trustedCertNotChecked=Les dates de validité du certificat de confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est inconnu | |
31 | jsseUtil.trustedCertNotValid=Le certificat de confiance avec l''alias [{0}] et le DN [{1}] n''est pas valide à cause de [{2}], les certificats signés par ce certificat de confiance SERONT acceptés | |
18 | jsseUtil.excludeProtocol=Le protocole SSL [{0}] qui est supporté par ce JRE a été exclu des protocoles disponibles dans Tomcat | |
19 | jsseUtil.noDefaultProtocols=Impossible de déterminer un défaut pour sslEnabledProtocols de [{0}], indiquez une valeur explicite pour permettre le démarrage du connecteur | |
32 | 20 | |
33 | 21 | pemFile.noMultiPrimes=Le certificat PKCS#1 est dans un format mutli-prime et Java ne fournit pas d'API pour construire une clé privée RSA à partir de ce format |
34 | 22 | pemFile.notValidRFC5915=La fichier de clé fourni ne se conforme pas à la RFC 5915 |
23 | pemFile.parseError=Impossible de parser la clé de [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=別名 [{0}] はキーエントリを発見できません | |
16 | jsse.excludeProtocol=JRE は SSL プロトコル [{0}] に対応しています。しかし Tomcat の利用可能プロトコルからは除外されています。 | |
17 | jsse.invalidTrustManagerClassName=[{0}]が提供するtrustManagerClassNameはjavax.net.ssl.TrustManagerを実装していません。 | |
18 | jsse.noCertFile=SSLコネクタを使用する場合は、SSLHostConfigのcertificateFile属性を定義する必要があります。 | |
19 | jsse.noDefaultProtocols=sslEnableProtocols の既定値を取得できません。コネクターを開始できるよう明示的に値を設定してください。 | |
20 | jsse.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。 | |
21 | jsse.openssl.effectiveCiphers=使用された暗号:[{0}] | |
22 | jsse.openssl.unknownElement=暗号文字列の不明な要素:[{0}] | |
23 | jsse.pemParseError=秘密鍵ファイル [{0}] を解析できませんでした。 | |
24 | ||
25 | 15 | jsseSupport.certTranslationError=証明書の翻訳中にエラーが発生しました[{0}] |
26 | 16 | jsseSupport.clientCertError=クライアント証明書を取得中のエラー |
27 | 17 | |
28 | jsseUtil.noCrlSupport=トラストストアプロバイダー [{0}] は設定項目 certificateRevocationFile に対応していません。 | |
29 | jsseUtil.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目 certificateVerificationDepth に未対応です。 | |
30 | jsseUtil.trustedCertNotChecked=エイリアス[{0}]を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした。 | |
31 | jsseUtil.trustedCertNotValid=エイリアス[{0}]とDN [{1}]を持つ信頼できる証明書が[{2}]のために無効です。 この信頼できる証明書で署名された証明書が受け入れられるでしょう | |
18 | jsseUtil.excludeProtocol=JRE は SSL プロトコル [{0}] に対応しています。しかし Tomcat の利用可能プロトコルからは除外されています。 | |
19 | jsseUtil.noDefaultProtocols=sslEnableProtocols の既定値を取得できません。コネクターを開始できるよう明示的に値を設定してください。 | |
32 | 20 | |
33 | 21 | pemFile.noMultiPrimes=PKCS#1 証明書は multi-prime RSA フォーマットですが、Java はそのようなフォーマットに対する RSA 秘密鍵を構築する API を提供していません |
34 | 22 | pemFile.notValidRFC5915=与えられたキーファイルは RFC 5915 に準拠していません |
23 | pemFile.parseError=秘密鍵ファイル [{0}] を解析できませんでした。 |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=별칭 이름 [{0}]을(를) 사용하여 키 엔트리를 식별해낼 수 없습니다. | |
16 | jsse.excludeProtocol=이 JRE에서 지원되는 해당 SSL 프로토콜 [{0}]이(가), Tomcat의 가용 프로토콜 목록에서 제외되어 있습니다. | |
17 | jsse.invalidTrustManagerClassName=trustManagerClassName에 의해 제공된 클래스 [{0}]은(는) javax.net.ssl.TrustManager를 구현하지 않았습니다. | |
18 | jsse.noCertFile=SSLHostConfig의 속성인 certificateFile은, 반드시 SSL connector를 사용할 때에만 정의되어야 합니다. | |
19 | jsse.noDefaultProtocols=sslEnabledProtocols의 기본값을 결정할 수 없습니다. Connector가 제대로 시작되는지 보증하려면 명시적으로 값을 설정하십시오. | |
20 | jsse.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다. | |
21 | jsse.openssl.effectiveCiphers=사용되는 Cipher들: [{0}] | |
22 | jsse.openssl.unknownElement=Cipher 문자열에 알 수 없는 엘리먼트: [{0}] | |
23 | jsse.pemParseError=[{0}](으)로부터 키를 파싱할 수 없습니다. | |
24 | ||
25 | 15 | jsseSupport.certTranslationError=인증서 [{0}]에 대한 인증서 변환을 하는 중 오류 발생 |
26 | 16 | jsseSupport.clientCertError=클라이언트로부터 인증서를 구하려 시도하는 중 오류 발생 |
27 | 17 | |
28 | jsseUtil.noCrlSupport=truststoreProvider [{0}]은(는) certificateRevocationFile 설정 옵션을 지원하지 않습니다. | |
29 | jsseUtil.noVerificationDepth=truststoreProvider [{0}]은(는) certificateVerificationDepth 설정 옵션을 지원하지 않습니다. | |
30 | jsseUtil.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의 유효일자들이 점검되지 않았습니다. | |
31 | jsseUtil.trustedCertNotValid=별칭이 [{0}](이)고 DN이 [{1}]인 해당 신뢰받는 인증서는 [{2}](으)로 인하여 유효하지 않습니다. 이 신뢰되는 인증서에 의해 서명된 인증서들은 받아들여질 것입니다. | |
18 | jsseUtil.excludeProtocol=이 JRE에서 지원되는 해당 SSL 프로토콜 [{0}]이(가), Tomcat의 가용 프로토콜 목록에서 제외되어 있습니다. | |
19 | jsseUtil.noDefaultProtocols=sslEnabledProtocols의 기본값을 결정할 수 없습니다. Connector가 제대로 시작되는지 보증하려면 명시적으로 값을 설정하십시오. | |
32 | 20 | |
33 | 21 | pemFile.noMultiPrimes=해당 PKCS#1 인증서는 multi-prime 포맷으로 되어 있는데, 자바는 해당 포맷으로부터 RSA 개인 키 객체를 생성할 API를 제공하지 않습니다. |
34 | 22 | pemFile.notValidRFC5915=제공된 키는 RFC 5915를 따르지 않습니다 |
23 | pemFile.parseError=[{0}](으)로부터 키를 파싱할 수 없습니다. |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.pemParseError=Impossível parsear a chave de [{0}] | |
15 | pemFile.parseError=Impossível parsear a chave de [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.pemParseError=Невозможно получить ключ из [{0}] | |
15 | pemFile.parseError=Невозможно получить ключ из [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | jsse.alias_no_key_entry=别名[{0}]不标识密钥项 | |
16 | jsse.excludeProtocol=此JRE支持的SSL协议[{0}]已从Tomcat可用的协议中排除 | |
17 | jsse.invalidTrustManagerClassName=提供的trustManagerClassName[{0}]未实现javax.net.ssl.TrustManager | |
18 | jsse.noCertFile=使用SSL连接器时必须定义SSLHostConfig属性certificateFile | |
19 | jsse.noDefaultProtocols=无法确定sslEnabledProtocols的默认值。设置显式值以确保连接器可以启动。 | |
20 | jsse.noKeys=在密钥存储中找不到私钥的别名 | |
21 | jsse.openssl.effectiveCiphers=使用的密码:[{0}] | |
22 | jsse.openssl.unknownElement=密码字符串中的未知元素:[{0}]。 | |
23 | jsse.pemParseError=无法从 [{0}] 解析 key | |
24 | ||
25 | 15 | jsseSupport.certTranslationError=错误的转换证书[{0}] |
26 | 16 | jsseSupport.clientCertError=尝试从客户端获取证书时出错 |
27 | 17 | |
28 | jsseUtil.noCrlSupport=truststoreProvider [{0}]不支持certificateRevocationFile配置选项 | |
29 | jsseUtil.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项 | |
30 | jsseUtil.trustedCertNotChecked=未检查别名为{0}的受信任证书的有效日期,因为该证书属于未知类型 | |
31 | jsseUtil.trustedCertNotValid=由于[{2}],别名为[{0}]且DN [{1}]的可信证书无效。 将接受由此可信证书签署的证书 | |
18 | jsseUtil.excludeProtocol=此JRE支持的SSL协议[{0}]已从Tomcat可用的协议中排除 | |
19 | jsseUtil.noDefaultProtocols=无法确定sslEnabledProtocols的默认值。设置显式值以确保连接器可以启动。 | |
32 | 20 | |
33 | 21 | pemFile.noMultiPrimes=PKCS#1证书是多素数格式的,Java不提供从该格式构造RSA私钥对象的API |
34 | 22 | pemFile.notValidRFC5915=提供的key文件不符合RFC 5915 |
23 | pemFile.parseError=无法从 [{0}] 解析 key |
171 | 171 | keySpec = privateKeyInfo.getKeySpec(cipher); |
172 | 172 | } |
173 | 173 | |
174 | InvalidKeyException exception = new InvalidKeyException(sm.getString("jsse.pemParseError", filename)); | |
174 | InvalidKeyException exception = new InvalidKeyException(sm.getString("pemFile.parseError", filename)); | |
175 | 175 | if (keyAlgorithm == null) { |
176 | 176 | for (String algorithm : new String[] {"RSA", "DSA", "EC"}) { |
177 | 177 | try { |
34 | 34 | public class OpenSSLUtil extends SSLUtilBase { |
35 | 35 | |
36 | 36 | private static final Log log = LogFactory.getLog(OpenSSLUtil.class); |
37 | private static final StringManager sm = StringManager.getManager(OpenSSLContext.class); | |
37 | private static final StringManager sm = StringManager.getManager(OpenSSLUtil.class); | |
38 | 38 | |
39 | 39 | |
40 | 40 | public OpenSSLUtil(SSLHostConfigCertificate certificate) { |
16 | 16 | |
17 | 17 | package org.apache.tomcat.util.net.openssl.ciphers; |
18 | 18 | |
19 | enum Encryption { | |
19 | public enum Encryption { | |
20 | 20 | AES128, |
21 | 21 | AES128CCM, |
22 | 22 | AES128CCM8, |
16 | 16 | |
17 | 17 | package org.apache.tomcat.util.net.openssl.ciphers; |
18 | 18 | |
19 | enum EncryptionLevel { | |
19 | public enum EncryptionLevel { | |
20 | 20 | STRONG_NONE, |
21 | 21 | EXP40, |
22 | 22 | EXP56, |
16 | 16 | |
17 | 17 | package org.apache.tomcat.util.net.openssl.ciphers; |
18 | 18 | |
19 | enum KeyExchange { | |
19 | public enum KeyExchange { | |
20 | 20 | EECDH /* SSL_kEECDH - ephemeral ECDH */, |
21 | 21 | RSA /* SSL_kRSA - RSA key exchange */, |
22 | 22 | DHr /* SSL_kDHr - DH cert, RSA CA cert */ /* no such ciphersuites supported! */, |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | converter.mapping=Cipher suite mapping: [{0}] => [{1}] | |
15 | opensslCipherConfigurationParser.effectiveCiphers=Ciphers used: [{0}] | |
16 | opensslCipherConfigurationParser.unknownElement=Unknown element in cipher string: [{0}] |
0 | # Licensed to the Apache Software Foundation (ASF) under one or more | |
1 | # contributor license agreements. See the NOTICE file distributed with | |
2 | # this work for additional information regarding copyright ownership. | |
3 | # The ASF licenses this file to You under the Apache License, Version 2.0 | |
4 | # (the "License"); you may not use this file except in compliance with | |
5 | # the License. You may obtain a copy of the License at | |
6 | # | |
7 | # http://www.apache.org/licenses/LICENSE-2.0 | |
8 | # | |
9 | # Unless required by applicable law or agreed to in writing, software | |
10 | # distributed under the License is distributed on an "AS IS" BASIS, | |
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
12 | # See the License for the specific language governing permissions and | |
13 | # limitations under the License. | |
14 | ||
15 | opensslCipherConfigurationParser.effectiveCiphers=Verwendete Ciphers: [{0}] |
0 | # Licensed to the Apache Software Foundation (ASF) under one or more | |
1 | # contributor license agreements. See the NOTICE file distributed with | |
2 | # this work for additional information regarding copyright ownership. | |
3 | # The ASF licenses this file to You under the Apache License, Version 2.0 | |
4 | # (the "License"); you may not use this file except in compliance with | |
5 | # the License. You may obtain a copy of the License at | |
6 | # | |
7 | # http://www.apache.org/licenses/LICENSE-2.0 | |
8 | # | |
9 | # Unless required by applicable law or agreed to in writing, software | |
10 | # distributed under the License is distributed on an "AS IS" BASIS, | |
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
12 | # See the License for the specific language governing permissions and | |
13 | # limitations under the License. | |
14 | ||
15 | opensslCipherConfigurationParser.effectiveCiphers=Cifradores usados: [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | converter.mapping=Association de la suite de chiffres : [{0}] => [{1}] | |
15 | opensslCipherConfigurationParser.effectiveCiphers=Chiffres utilisés : [{0}] | |
16 | opensslCipherConfigurationParser.unknownElement=Elément inconnu dans la chaîne de chiffres : [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | converter.mapping=暗号スイートの対応付け: [{0}] => [{1}] | |
15 | opensslCipherConfigurationParser.effectiveCiphers=使用された暗号:[{0}] | |
16 | opensslCipherConfigurationParser.unknownElement=暗号文字列の不明な要素:[{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | converter.mapping=Cipher suite 매핑: [{0}] => [{1}] | |
15 | opensslCipherConfigurationParser.effectiveCiphers=사용되는 Cipher들: [{0}] | |
16 | opensslCipherConfigurationParser.unknownElement=Cipher 문자열에 알 수 없는 엘리먼트: [{0}] |
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 | |
15 | converter.mapping=密码套件映射:[{0}]=>[{1}] | |
15 | opensslCipherConfigurationParser.effectiveCiphers=使用的密码:[{0}] | |
16 | opensslCipherConfigurationParser.unknownElement=密码字符串中的未知元素:[{0}]。 |
16 | 16 | |
17 | 17 | package org.apache.tomcat.util.net.openssl.ciphers; |
18 | 18 | |
19 | enum MessageDigest { | |
19 | public enum MessageDigest { | |
20 | 20 | MD5, |
21 | 21 | SHA1, |
22 | 22 | GOST94, |
+3
-4
39 | 39 | public class OpenSSLCipherConfigurationParser { |
40 | 40 | |
41 | 41 | private static final Log log = LogFactory.getLog(OpenSSLCipherConfigurationParser.class); |
42 | private static final StringManager sm = | |
43 | StringManager.getManager("org.apache.tomcat.util.net.jsse.res"); | |
42 | private static final StringManager sm = StringManager.getManager(OpenSSLCipherConfigurationParser.class); | |
44 | 43 | |
45 | 44 | private static boolean initialized = false; |
46 | 45 | |
731 | 730 | if (aliases.containsKey(alias)) { |
732 | 731 | removedCiphers.addAll(aliases.get(alias)); |
733 | 732 | } else { |
734 | log.warn(sm.getString("jsse.openssl.unknownElement", alias)); | |
733 | log.warn(sm.getString("opensslCipherConfigurationParser.unknownElement", alias)); | |
735 | 734 | } |
736 | 735 | } else if (element.startsWith(TO_END)) { |
737 | 736 | String alias = element.substring(1); |
766 | 765 | result.addAll(cipher.getJsseNames()); |
767 | 766 | } |
768 | 767 | if (log.isDebugEnabled()) { |
769 | log.debug(sm.getString("jsse.openssl.effectiveCiphers", displayResult(ciphers, true, ","))); | |
768 | log.debug(sm.getString("opensslCipherConfigurationParser.effectiveCiphers", displayResult(ciphers, true, ","))); | |
770 | 769 | } |
771 | 770 | return result; |
772 | 771 | } |
18 | 18 | |
19 | 19 | import org.apache.tomcat.util.net.Constants; |
20 | 20 | |
21 | enum Protocol { | |
21 | public enum Protocol { | |
22 | 22 | |
23 | 23 | SSLv3(Constants.SSL_PROTO_SSLv3), |
24 | 24 | SSLv2(Constants.SSL_PROTO_SSLv2), |
127 | 127 | wsWebSocketContainer.defaultConfiguratorFail=Failed to create the default configurator |
128 | 128 | wsWebSocketContainer.endpointCreateFail=Failed to create a local endpoint of type [{0}] |
129 | 129 | wsWebSocketContainer.failedAuthentication=Failed to handle HTTP response code [{0}]. Authentication header was not accepted by server. |
130 | wsWebSocketContainer.httpRequestFailed=The HTTP request to initiate the WebSocket connection failed | |
130 | wsWebSocketContainer.httpRequestFailed=The HTTP request to initiate the WebSocket connection to [{0}] failed | |
131 | 131 | wsWebSocketContainer.invalidExtensionParameters=The server responded with extension parameters the client is unable to support |
132 | 132 | wsWebSocketContainer.invalidHeader=Unable to parse HTTP header as no colon is present to delimit header name and header value in [{0}]. The header has been skipped. |
133 | 133 | wsWebSocketContainer.invalidStatus=The HTTP response from the server [{0}] did not permit the HTTP upgrade to WebSocket |
481 | 481 | success = true; |
482 | 482 | } catch (ExecutionException | InterruptedException | SSLException | |
483 | 483 | EOFException | TimeoutException | URISyntaxException | AuthenticationException e) { |
484 | throw new DeploymentException( | |
485 | sm.getString("wsWebSocketContainer.httpRequestFailed"), e); | |
484 | throw new DeploymentException(sm.getString("wsWebSocketContainer.httpRequestFailed", path), e); | |
486 | 485 | } finally { |
487 | 486 | if (!success) { |
488 | 487 | channel.close(); |
23 | 23 | upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible RSV bit usage |
24 | 24 | |
25 | 25 | uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in the path which is not permitted |
26 | uriTemplate.emptySegment=The path [{0}] contains one or more empty segments which are is not permitted | |
26 | uriTemplate.emptySegment=The path [{0}] contains one or more empty segments which is not permitted | |
27 | 27 | uriTemplate.invalidPath=The path [{0}] is not valid. |
28 | 28 | uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path [{1}] |
29 | 29 |
42 | 42 | |
43 | 43 | public UriTemplate(String path) throws DeploymentException { |
44 | 44 | |
45 | if (path == null || path.length() ==0 || !path.startsWith("/")) { | |
45 | if (path == null || path.length() == 0 || !path.startsWith("/") || path.contains("/../") || | |
46 | path.contains("/./") || path.contains("//")) { | |
46 | 47 | throw new DeploymentException( |
47 | 48 | sm.getString("uriTemplate.invalidPath", path)); |
48 | 49 | } |
67 | 68 | } else { |
68 | 69 | // As per EG discussion, all other empty segments are |
69 | 70 | // invalid |
70 | throw new IllegalArgumentException(sm.getString( | |
71 | throw new DeploymentException(sm.getString( | |
71 | 72 | "uriTemplate.emptySegment", path)); |
72 | 73 | } |
73 | 74 | } |
80 | 81 | normalized.append(paramCount++); |
81 | 82 | normalized.append('}'); |
82 | 83 | if (!paramNames.add(segment)) { |
83 | throw new IllegalArgumentException(sm.getString( | |
84 | throw new DeploymentException(sm.getString( | |
84 | 85 | "uriTemplate.duplicateParameter", segment)); |
85 | 86 | } |
86 | 87 | } else { |
87 | 88 | if (segment.contains("{") || segment.contains("}")) { |
88 | throw new IllegalArgumentException(sm.getString( | |
89 | throw new DeploymentException(sm.getString( | |
89 | 90 | "uriTemplate.invalidSegment", segment, path)); |
90 | 91 | } |
91 | 92 | normalized.append(segment); |
13 | 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 | 14 | # See the License for the specific language governing permissions and |
15 | 15 | # limitations under the License. |
16 | ||
17 | set -e | |
16 | 18 | |
17 | 19 | CURDIR=`pwd` |
18 | 20 | |
52 | 54 | -H:+ReportExceptionStackTraces \ |
53 | 55 | --allow-incomplete-classpath \ |
54 | 56 | --no-fallback \ |
55 | -cp ../embed/tomcat-embed-core.jar:../embed/tomcat-embed-websocket.jar:../embed/tomcat-embed-el.jar:tomcat-embedded-sample.jar \ | |
57 | -cp ../embed/tomcat-embed-core.jar:../embed/tomcat-embed-websocket.jar:../embed/tomcat-embed-el.jar:tomcat-embedded-sample.jar:../embed/annotations-api.jar \ | |
56 | 58 | org.apache.catalina.startup.EmbeddedTomcat |
57 | 59 | |
58 | 60 | cd $CURDIR⏎ |
0 | 0 | [ |
1 | { "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "methods" : [{"name": "<init>","parameterTypes":[] }] }, | |
2 | { "name":"org.apache.tomcat.websocket.pojo.PojoEndpointBase", "allDeclaredMethods":true }, | |
3 | { "name":"org.apache.tomcat.websocket.pojo.PojoEndpointServer", "allDeclaredMethods":true }, | |
4 | { "name":"org.apache.tomcat.websocket.server.WsContextListener", "allDeclaredMethods":true }, | |
5 | { "name":"org.apache.tomcat.websocket.server.WsFilter", "allDeclaredMethods":true }, | |
6 | { "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "methods":[{"name":"<init>","parameterTypes":[] }] } | |
1 | { "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }, | |
2 | { "name":"org.apache.tomcat.websocket.pojo.PojoEndpointBase", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }, | |
3 | { "name":"org.apache.tomcat.websocket.pojo.PojoEndpointServer", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }, | |
4 | { "name":"org.apache.tomcat.websocket.server.WsContextListener", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }, | |
5 | { "name":"org.apache.tomcat.websocket.server.WsFilter", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }, | |
6 | { "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true } | |
7 | 7 | ] |
15 | 15 | limitations under the License. |
16 | 16 | --> |
17 | 17 | <project name="Tomcat 9.0 Maven Deployment" default="" basedir="." |
18 | xmlns:artifact="urn:maven-artifact-ant" | |
18 | xmlns:resolver="antlib:org.apache.maven.resolver.ant" | |
19 | 19 | xmlns:if="ant:if" |
20 | 20 | xmlns:unless="ant:unless"> |
21 | <!-- | |
22 | Built for using Maven Ant Tasks (version 2.1.0 is known to work) | |
23 | --> | |
24 | 21 | |
25 | 22 | <property file="${basedir}/mvn.properties"/> |
26 | 23 | <property file="${basedir}/mvn.properties.default"/> |
28 | 25 | |
29 | 26 | <target name="init-maven"> |
30 | 27 | <antcall target="downloadfile"> |
31 | <param name="sourcefile" value="${maven-ant-tasks.loc}"/> | |
32 | <param name="destfile" value="${maven-ant-tasks.jar}"/> | |
33 | <param name="destdir" value="${maven-ant-tasks.home}"/> | |
34 | </antcall> | |
35 | ||
36 | <typedef resource="org/apache/maven/artifact/ant/antlib.xml" | |
37 | uri="urn:maven-artifact-ant"> | |
28 | <param name="sourcefile" value="${maven-resolver-ant-tasks.loc}"/> | |
29 | <param name="destfile" value="${maven-resolver-ant-tasks.jar}"/> | |
30 | <param name="destdir" value="${maven-resolver-ant-tasks.home}"/> | |
31 | </antcall> | |
32 | ||
33 | <taskdef resource="org/apache/maven/resolver/ant/antlib.xml" | |
34 | uri="antlib:org.apache.maven.resolver.ant"> | |
38 | 35 | <classpath> |
39 | <pathelement location="${maven-ant-tasks.jar}" /> | |
36 | <pathelement location="${maven-resolver-ant-tasks.jar}" /> | |
40 | 37 | </classpath> |
41 | </typedef> | |
38 | </taskdef> | |
42 | 39 | </target> |
43 | 40 | |
44 | 41 | <target name="maven-install" depends="init-maven"> |
52 | 49 | </filterset> |
53 | 50 | </copy> |
54 | 51 | |
55 | <artifact:install file="${file}"> | |
52 | <resolver:install file="${file}"> | |
56 | 53 | <pom file="${pom}.tmp"/> |
57 | </artifact:install> | |
54 | </resolver:install> | |
58 | 55 | |
59 | 56 | <delete file="${pom}.tmp"/> |
60 | 57 | </target> |
108 | 105 | <param name="file.out" value="${pom}.asc" /> |
109 | 106 | </antcall> |
110 | 107 | |
111 | <artifact:deploy file="${file}"> | |
108 | <resolver:deploy> | |
109 | <artifact file="${file}" /> | |
112 | 110 | <pom file="${pom}.tmp"/> |
113 | <remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
111 | <remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
114 | 112 | <authentication username="${asf.ldap.username}" |
115 | 113 | password="${asf.ldap.password}" |
116 | 114 | unless:set="maven.auth.useSettings" /> |
117 | </remoteRepository> | |
118 | <attach file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/> | |
119 | <attach file="${src}" classifier="sources" type="jar"/> | |
120 | <attach file="${src}.asc" classifier="sources" type="jar.asc" if:set="gpg.passphrase"/> | |
121 | <attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
122 | </artifact:deploy> | |
115 | </remoterepo> | |
116 | <artifact file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/> | |
117 | <artifact file="${src}" classifier="sources" type="jar"/> | |
118 | <artifact file="${src}.asc" classifier="sources" type="jar.asc" if:set="gpg.passphrase"/> | |
119 | <artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
120 | </resolver:deploy> | |
123 | 121 | |
124 | 122 | <delete file="${pom}.tmp"/> |
125 | 123 | <delete file="${pom}.asc"/> |
170 | 168 | <param name="file.out" value="${pom}.asc" /> |
171 | 169 | </antcall> |
172 | 170 | |
173 | <artifact:deploy file="${file}"> | |
171 | <resolver:deploy> | |
172 | <artifact file="${file}" /> | |
174 | 173 | <pom file="${pom}.tmp"/> |
175 | <remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
174 | <remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
176 | 175 | <authentication username="${asf.ldap.username}" |
177 | 176 | password="${asf.ldap.password}" |
178 | 177 | unless:set="maven.auth.useSettings"/> |
179 | </remoteRepository> | |
180 | <attach file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/> | |
181 | <attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
182 | </artifact:deploy> | |
178 | </remoterepo> | |
179 | <artifact file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/> | |
180 | <artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
181 | </resolver:deploy> | |
183 | 182 | |
184 | 183 | <delete file="${pom}.tmp"/> |
185 | 184 | <delete file="${pom}.asc"/> |
230 | 229 | <param name="file.out" value="${pom}.asc" /> |
231 | 230 | </antcall> |
232 | 231 | |
233 | <artifact:deploy file="${pom}"> | |
232 | <resolver:deploy> | |
234 | 233 | <pom file="${pom}.tmp"/> |
235 | <remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
234 | <remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}"> | |
236 | 235 | <authentication username="${asf.ldap.username}" |
237 | 236 | password="${asf.ldap.password}" |
238 | 237 | unless:set="maven.auth.useSettings"/> |
239 | </remoteRepository> | |
240 | <attach file="${file}.zip" type="zip"/> | |
241 | <attach file="${file}.zip.asc" type="zip.asc" if:set="gpg.passphrase"/> | |
242 | <attach file="${file}.tar.gz" type="tar.gz"/> | |
243 | <attach file="${file}.tar.gz.asc" type="tar.gz.asc" if:set="gpg.passphrase"/> | |
244 | <attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
245 | </artifact:deploy> | |
238 | </remoterepo> | |
239 | <artifact file="${file}.zip" type="zip"/> | |
240 | <artifact file="${file}.zip.asc" type="zip.asc" if:set="gpg.passphrase"/> | |
241 | <artifact file="${file}.tar.gz" type="tar.gz"/> | |
242 | <artifact file="${file}.tar.gz.asc" type="tar.gz.asc" if:set="gpg.passphrase"/> | |
243 | <artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/> | |
244 | </resolver:deploy> | |
246 | 245 | |
247 | 246 | <delete file="${pom}.tmp"/> |
248 | 247 | <delete file="${pom}.asc"/> |
38 | 38 | maven.asf.release.repo.repositoryId=apache.releases.https |
39 | 39 | |
40 | 40 | # Release version info |
41 | maven.asf.release.deploy.version=9.0.35 | |
41 | maven.asf.release.deploy.version=9.0.36 | |
42 | 42 | |
43 | 43 | #Where do we load the libraries from |
44 | 44 | tomcat.lib.path=../../output/build/lib |
58 | 58 | base.path=${user.home}/tomcat-build-libs |
59 | 59 | |
60 | 60 | # ----- Maven Ant Tasks ----- |
61 | maven-ant-tasks.version=2.1.3 | |
62 | maven-ant-tasks.home=${base.path}/maven-ant-tasks-${maven-ant-tasks.version} | |
63 | maven-ant-tasks.loc=https://archive.apache.org/dist/maven/ant-tasks/${maven-ant-tasks.version}/binaries/maven-ant-tasks-${maven-ant-tasks.version}.jar | |
64 | maven-ant-tasks.jar=${maven-ant-tasks.home}/maven-ant-tasks-${maven-ant-tasks.version}.jar | |
61 | maven-resolver-ant-tasks.version=1.2.0 | |
62 | maven-resolver-ant-tasks.home=${base.path}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version} | |
63 | maven-resolver-ant-tasks.loc=https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/${maven-resolver-ant-tasks.version}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar | |
64 | maven-resolver-ant-tasks.jar=${maven-resolver-ant-tasks.home}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar |
34 | 34 | import org.apache.juli.logging.LogFactory; |
35 | 35 | import org.apache.tomcat.util.scan.StandardJarScanFilter; |
36 | 36 | import org.apache.tomcat.util.scan.StandardJarScanner; |
37 | import org.apache.tomcat.websocket.server.WsContextListener; | |
37 | 38 | |
38 | 39 | @Ignore |
39 | 40 | public class EmbeddedTomcat { |
65 | 66 | CounterServlet counterServlet = new CounterServlet(); |
66 | 67 | Tomcat.addServlet(ctx, "counterServlet", counterServlet); |
67 | 68 | ctx.addServletMappingDecoded("/", "counterServlet"); |
69 | ctx.addApplicationListener(WsContextListener.class.getName()); | |
68 | 70 | |
69 | 71 | tomcat.start(); |
70 | 72 | Thread.sleep(60*1000); |
75 | 75 | return "ThreadLocals"; |
76 | 76 | } |
77 | 77 | |
78 | private static ThreadLocal<Long> currentMillisLocal = new ThreadLocal<Long>() { | |
78 | private ThreadLocal<Long> currentMillisLocal = new ThreadLocal<Long>() { | |
79 | 79 | @Override |
80 | 80 | protected Long initialValue() { |
81 | 81 | return Long.valueOf(0); |
82 | 82 | } |
83 | 83 | }; |
84 | 84 | |
85 | private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<>(); | |
85 | private ThreadLocal<Date> currentDateLocal = new ThreadLocal<>(); | |
86 | 86 | |
87 | 87 | @Override |
88 | 88 | public void run() { |
111 | 111 | long value = 0; |
112 | 112 | } |
113 | 113 | |
114 | private static ThreadLocal<MutableLong> currentMillisLocal = new ThreadLocal<MutableLong>() { | |
114 | private ThreadLocal<MutableLong> currentMillisLocal = new ThreadLocal<MutableLong>() { | |
115 | 115 | @Override |
116 | 116 | protected MutableLong initialValue() { |
117 | 117 | return new MutableLong(); |
118 | 118 | } |
119 | 119 | }; |
120 | 120 | |
121 | private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<>(); | |
121 | private ThreadLocal<Date> currentDateLocal = new ThreadLocal<>(); | |
122 | 122 | |
123 | 123 | @Override |
124 | 124 | public void run() { |
148 | 148 | public Date currentDate; |
149 | 149 | } |
150 | 150 | |
151 | private static ThreadLocal<Struct> currentStruct = new ThreadLocal<Struct>() { | |
151 | private ThreadLocal<Struct> currentStruct = new ThreadLocal<Struct>() { | |
152 | 152 | @Override |
153 | 153 | protected Struct initialValue() { |
154 | 154 | return new Struct(); |
265 | 265 | return "ThreadLocals"; |
266 | 266 | } |
267 | 267 | |
268 | private static ThreadLocal<String> currentDateStringLocal = new ThreadLocal<>(); | |
269 | ||
270 | private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<Date>() { | |
268 | private ThreadLocal<String> currentDateStringLocal = new ThreadLocal<>(); | |
269 | ||
270 | private ThreadLocal<Date> currentDateLocal = new ThreadLocal<Date>() { | |
271 | 271 | @Override |
272 | 272 | protected Date initialValue() { |
273 | 273 | return new Date(); |
274 | 274 | } |
275 | 275 | }; |
276 | private static ThreadLocal<SimpleDateFormat> dayFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
276 | private ThreadLocal<SimpleDateFormat> dayFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
277 | 277 | @Override |
278 | 278 | protected SimpleDateFormat initialValue() { |
279 | 279 | return new SimpleDateFormat("dd"); |
280 | 280 | } |
281 | 281 | }; |
282 | private static ThreadLocal<SimpleDateFormat> monthFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
282 | private ThreadLocal<SimpleDateFormat> monthFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
283 | 283 | @Override |
284 | 284 | protected SimpleDateFormat initialValue() { |
285 | 285 | return new SimpleDateFormat("MM"); |
286 | 286 | } |
287 | 287 | }; |
288 | private static ThreadLocal<SimpleDateFormat> yearFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
288 | private ThreadLocal<SimpleDateFormat> yearFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
289 | 289 | @Override |
290 | 290 | protected SimpleDateFormat initialValue() { |
291 | 291 | return new SimpleDateFormat("yyyy"); |
292 | 292 | } |
293 | 293 | }; |
294 | private static ThreadLocal<SimpleDateFormat> timeFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
294 | private ThreadLocal<SimpleDateFormat> timeFormatterLocal = new ThreadLocal<SimpleDateFormat>() { | |
295 | 295 | @Override |
296 | 296 | protected SimpleDateFormat initialValue() { |
297 | 297 | return new SimpleDateFormat("hh:mm:ss"); |
353 | 353 | "hh:mm:ss"); |
354 | 354 | } |
355 | 355 | |
356 | private static ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() { | |
356 | private ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() { | |
357 | 357 | @Override |
358 | 358 | protected Struct initialValue() { |
359 | 359 | return new Struct(); |
414 | 414 | "hh:mm:ss"); |
415 | 415 | } |
416 | 416 | |
417 | private static ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() { | |
417 | private ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() { | |
418 | 418 | @Override |
419 | 419 | protected Struct initialValue() { |
420 | 420 | return new Struct(); |
106 | 106 | } |
107 | 107 | |
108 | 108 | @Test |
109 | public void testRewriteMap07() throws Exception { | |
110 | doTestRewrite("RewriteMap mapa org.apache.catalina.valves.rewrite.TesterRewriteMapA foo bar\n" + | |
111 | "RewriteRule /b/.* /c/${mapa:${mapa:a}}", "/b/a.html", "/c/aaaa"); | |
112 | } | |
113 | ||
114 | @Test | |
115 | public void testRewriteMap08() throws Exception { | |
116 | doTestRewrite("RewriteMap lc int:tolower\n" + | |
117 | "RewriteRule ^(.*) ${lc:$1}", "/C/AaA", "/c/aaa"); | |
118 | } | |
119 | ||
120 | @Test | |
109 | 121 | public void testRewriteServerVar() throws Exception { |
110 | 122 | doTestRewrite("RewriteRule /b/(.*).html$ /c%{SERVLET_PATH}", "/b/x.html", "/c/b/x.html"); |
111 | 123 | } |
604 | 616 | doTestRewrite("RewriteRule !^/c/.* /b/", "/c/d", "/c/d"); |
605 | 617 | } |
606 | 618 | |
619 | @Test | |
620 | public void testMultiLine001() throws Exception { | |
621 | doTestRewrite("RewriteRule /dummy /anotherDummy [L]\nRewriteRule ^/a /c [L]", "/a", "/c"); | |
622 | } | |
623 | ||
624 | @Test | |
625 | public void testMultiLine002() throws Exception { | |
626 | doTestRewrite("RewriteRule /dummy /a\nRewriteRule /a /c [L]", "/dummy", "/c"); | |
627 | } | |
607 | 628 | |
608 | 629 | private void doTestRewrite(String config, String request, String expectedURI) throws Exception { |
609 | 630 | doTestRewrite(config, request, expectedURI, null); |
30 | 30 | |
31 | 31 | @Override |
32 | 32 | public String setParameters(String params) { |
33 | throw new IllegalStateException(); | |
34 | } | |
35 | ||
36 | @Override | |
37 | public void setParameters(String... params) { | |
33 | 38 | // NO-OP |
34 | return null; | |
35 | 39 | } |
36 | 40 | |
37 | 41 | @Override |
146 | 146 | |
147 | 147 | @Test |
148 | 148 | public void testImplicitClose() throws Exception { |
149 | http2Connect(); | |
149 | doTestImplicitClose(5); | |
150 | } | |
151 | ||
152 | ||
153 | // https://bz.apache.org/bugzilla/show_bug.cgi?id=64467 | |
154 | @Test | |
155 | public void testImplicitCloseLargeId() throws Exception { | |
156 | doTestImplicitClose(Integer.MAX_VALUE - 8); | |
157 | } | |
158 | ||
159 | ||
160 | private void doTestImplicitClose(int lastStreamId) throws Exception { | |
161 | ||
162 | long startFirst = System.nanoTime(); | |
163 | http2Connect(); | |
164 | long durationFirst = System.nanoTime() - startFirst; | |
150 | 165 | |
151 | 166 | sendPriority(3, 0, 16); |
152 | sendPriority(5, 0, 16); | |
153 | ||
154 | sendSimpleGetRequest(5); | |
167 | sendPriority(lastStreamId, 0, 16); | |
168 | ||
169 | long startSecond = System.nanoTime(); | |
170 | sendSimpleGetRequest(lastStreamId); | |
155 | 171 | readSimpleGetResponse(); |
156 | Assert.assertEquals(getSimpleResponseTrace(5), output.getTrace()); | |
157 | output.clearTrace(); | |
172 | long durationSecond = System.nanoTime() - startSecond; | |
173 | ||
174 | Assert.assertEquals(getSimpleResponseTrace(lastStreamId), output.getTrace()); | |
175 | output.clearTrace(); | |
176 | ||
177 | // Allow second request to take up to 5 times first request or up to 1 second - whichever is the larger - mainly | |
178 | // to allow for CI systems under load that can exhibit significant timing variation. | |
179 | Assert.assertTrue("First request took [" + durationFirst/1000000 + "ms], second request took [" + | |
180 | durationSecond/1000000 + "ms]", durationSecond < 1000000000 || durationSecond < durationFirst * 3); | |
158 | 181 | |
159 | 182 | // Should trigger an error since stream 3 should have been implicitly |
160 | 183 | // closed. |
161 | 184 | sendSimpleGetRequest(3); |
162 | 185 | |
163 | handleGoAwayResponse(5); | |
186 | handleGoAwayResponse(lastStreamId); | |
164 | 187 | } |
165 | 188 | |
166 | 189 |
0 | /* | |
1 | * Licensed to the Apache Software Foundation (ASF) under one or more | |
2 | * contributor license agreements. See the NOTICE file distributed with | |
3 | * this work for additional information regarding copyright ownership. | |
4 | * The ASF licenses this file to You under the Apache License, Version 2.0 | |
5 | * (the "License"); you may not use this file except in compliance with | |
6 | * the License. You may obtain a copy of the License at | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
15 | */ | |
16 | package org.apache.tomcat.util.net; | |
17 | ||
18 | import java.io.IOException; | |
19 | import java.io.PrintWriter; | |
20 | ||
21 | import javax.servlet.ServletException; | |
22 | ||
23 | import org.junit.Assert; | |
24 | import org.junit.Test; | |
25 | ||
26 | import org.apache.catalina.Container; | |
27 | import org.apache.catalina.connector.Request; | |
28 | import org.apache.catalina.connector.Response; | |
29 | import org.apache.catalina.startup.Tomcat; | |
30 | import org.apache.catalina.startup.TomcatBaseTest; | |
31 | import org.apache.catalina.valves.ValveBase; | |
32 | import org.apache.catalina.valves.rewrite.Resolver; | |
33 | import org.apache.catalina.valves.rewrite.ResolverImpl; | |
34 | import org.apache.tomcat.util.buf.ByteChunk; | |
35 | ||
36 | public class TestResolverSSL extends TomcatBaseTest { | |
37 | ||
38 | @Test | |
39 | public void testSslEnv() throws Exception { | |
40 | Tomcat tomcat = getTomcatInstance(); | |
41 | Container root = tomcat.getHost().findChild(""); | |
42 | root.getPipeline().addValve(new ResolverTestValve()); | |
43 | ||
44 | tomcat.start(); | |
45 | ByteChunk res = getUrl("https://localhost:" + getPort() + "/protected"); | |
46 | // Just look a bit at the result | |
47 | System.out.println(res.toString()); | |
48 | Assert.assertTrue(res.toString().indexOf("OK") > 0); | |
49 | } | |
50 | ||
51 | // List from https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars | |
52 | private static final String[] keys = { | |
53 | "HTTPS", | |
54 | "SSL_PROTOCOL", | |
55 | "SSL_SESSION_ID", | |
56 | "SSL_SESSION_RESUMED", | |
57 | "SSL_SECURE_RENEG", | |
58 | "SSL_CIPHER", | |
59 | "SSL_CIPHER_EXPORT", | |
60 | "SSL_CIPHER_USEKEYSIZE", | |
61 | "SSL_CIPHER_ALGKEYSIZE", | |
62 | "SSL_COMPRESS_METHOD", | |
63 | "SSL_VERSION_INTERFACE", | |
64 | "SSL_VERSION_LIBRARY", | |
65 | "SSL_CLIENT_M_VERSION", | |
66 | "SSL_CLIENT_M_SERIAL", | |
67 | "SSL_CLIENT_S_DN", | |
68 | "SSL_CLIENT_S_DN_CN", // CN component | |
69 | "SSL_CLIENT_S_DN_O", // O component | |
70 | "SSL_CLIENT_S_DN_C", // C component | |
71 | "SSL_CLIENT_SAN_Email_n", // FXIME: n | |
72 | "SSL_CLIENT_SAN_DNS_n", // FXIME: n | |
73 | "SSL_CLIENT_SAN_OTHER_msUPN_n", // FXIME: n | |
74 | "SSL_CLIENT_I_DN", | |
75 | "SSL_CLIENT_I_DN_x509", // FXIME: x509 | |
76 | "SSL_CLIENT_V_START", | |
77 | "SSL_CLIENT_V_END", | |
78 | "SSL_CLIENT_V_REMAIN", | |
79 | "SSL_CLIENT_A_SIG", | |
80 | "SSL_CLIENT_A_KEY", | |
81 | "SSL_CLIENT_CERT", | |
82 | "SSL_CLIENT_CERT_CHAIN_0", | |
83 | "SSL_CLIENT_CERT_RFC4523_CEA", | |
84 | "SSL_CLIENT_VERIFY", | |
85 | "SSL_SERVER_M_VERSION", | |
86 | "SSL_SERVER_M_SERIAL", | |
87 | "SSL_SERVER_S_DN", | |
88 | "SSL_SERVER_SAN_Email_n", // FXIME: n | |
89 | "SSL_SERVER_SAN_DNS_n", // FXIME: n | |
90 | "SSL_SERVER_SAN_OTHER_dnsSRV_n", // FXIME: n | |
91 | "SSL_SERVER_S_DN_CN", // CN component | |
92 | "SSL_SERVER_S_DN_O", // O component | |
93 | "SSL_SERVER_S_DN_C", // C component | |
94 | "SSL_SERVER_I_DN", | |
95 | "SSL_SERVER_I_DN_x509", // FXIME: x509 | |
96 | "SSL_SERVER_V_START", | |
97 | "SSL_SERVER_V_END", | |
98 | "SSL_SERVER_A_SIG", | |
99 | "SSL_SERVER_A_KEY", | |
100 | "SSL_SERVER_CERT", | |
101 | "SSL_SRP_USER", | |
102 | "SSL_SRP_USERINFO", | |
103 | "SSL_TLS_SNI" }; | |
104 | ||
105 | public class ResolverTestValve extends ValveBase { | |
106 | ||
107 | @Override | |
108 | public void invoke(Request request, Response response) | |
109 | throws IOException, ServletException { | |
110 | PrintWriter writer = response.getWriter(); | |
111 | Resolver resolver = new ResolverImpl(request); | |
112 | for (String key : keys) { | |
113 | resolve(key, resolver, writer); | |
114 | } | |
115 | writer.println("OK"); | |
116 | } | |
117 | ||
118 | private void resolve(String key, Resolver resolver, PrintWriter writer) { | |
119 | writer.println("[" + key + "] " + resolver.resolveSsl(key)); | |
120 | } | |
121 | } | |
122 | ||
123 | @Override | |
124 | public void setUp() throws Exception { | |
125 | super.setUp(); | |
126 | ||
127 | Tomcat tomcat = getTomcatInstance(); | |
128 | ||
129 | TesterSupport.configureClientCertContext(tomcat); | |
130 | ||
131 | TesterSupport.configureClientSsl(); | |
132 | } | |
133 | } |
43 | 43 | } |
44 | 44 | |
45 | 45 | |
46 | @Test(expected=java.lang.IllegalArgumentException.class) | |
46 | @Test(expected=javax.websocket.DeploymentException.class) | |
47 | 47 | public void testBasicPrefix() throws Exception { |
48 | 48 | @SuppressWarnings("unused") |
49 | 49 | UriTemplate t = new UriTemplate("/x{a}/y{b}"); |
50 | 50 | } |
51 | 51 | |
52 | 52 | |
53 | @Test(expected=java.lang.IllegalArgumentException.class) | |
53 | @Test(expected=javax.websocket.DeploymentException.class) | |
54 | 54 | public void testPrefixOneOfTwo() throws Exception { |
55 | 55 | UriTemplate t = new UriTemplate("/x{a}/y{b}"); |
56 | 56 | t.match(new UriTemplate("/xfoo")); |
57 | 57 | } |
58 | 58 | |
59 | 59 | |
60 | @Test(expected=java.lang.IllegalArgumentException.class) | |
60 | @Test(expected=javax.websocket.DeploymentException.class) | |
61 | 61 | public void testPrefixTwoOfTwo() throws Exception { |
62 | 62 | UriTemplate t = new UriTemplate("/x{a}/y{b}"); |
63 | 63 | t.match(new UriTemplate("/ybar")); |
64 | 64 | } |
65 | 65 | |
66 | 66 | |
67 | @Test(expected=java.lang.IllegalArgumentException.class) | |
67 | @Test(expected=javax.websocket.DeploymentException.class) | |
68 | 68 | public void testQuote1() throws Exception { |
69 | 69 | UriTemplate t = new UriTemplate("/.{a}"); |
70 | 70 | t.match(new UriTemplate("/yfoo")); |
71 | 71 | } |
72 | 72 | |
73 | 73 | |
74 | @Test(expected=java.lang.IllegalArgumentException.class) | |
74 | @Test(expected=javax.websocket.DeploymentException.class) | |
75 | 75 | public void testQuote2() throws Exception { |
76 | 76 | @SuppressWarnings("unused") |
77 | 77 | UriTemplate t = new UriTemplate("/.{a}"); |
152 | 152 | } |
153 | 153 | |
154 | 154 | |
155 | @Test(expected=java.lang.IllegalArgumentException.class) | |
155 | @Test(expected=javax.websocket.DeploymentException.class) | |
156 | 156 | public void testDuplicate01() throws Exception { |
157 | 157 | @SuppressWarnings("unused") |
158 | 158 | UriTemplate t = new UriTemplate("/{var}/{var}"); |
195 | 195 | } |
196 | 196 | |
197 | 197 | |
198 | @Test(expected=java.lang.IllegalArgumentException.class) | |
198 | @Test(expected=javax.websocket.DeploymentException.class) | |
199 | 199 | public void testEgMailingList04() throws Exception { |
200 | 200 | UriTemplate t = new UriTemplate("/a/{var1}/{var2}"); |
201 | 201 | @SuppressWarnings("unused") |
203 | 203 | } |
204 | 204 | |
205 | 205 | |
206 | @Test(expected=java.lang.IllegalArgumentException.class) | |
206 | @Test(expected=javax.websocket.DeploymentException.class) | |
207 | 207 | public void testEgMailingList05() throws Exception { |
208 | 208 | UriTemplate t = new UriTemplate("/a/{var}/"); |
209 | 209 | @SuppressWarnings("unused") |
210 | 210 | Map<String,String> result = t.match(new UriTemplate("/a/b/")); |
211 | 211 | } |
212 | ||
213 | ||
214 | @Test(expected=javax.websocket.DeploymentException.class) | |
215 | public void testSpecIssue194a() throws Exception { | |
216 | @SuppressWarnings("unused") | |
217 | UriTemplate t = new UriTemplate("/a/../b"); | |
218 | } | |
219 | ||
220 | ||
221 | @Test(expected=javax.websocket.DeploymentException.class) | |
222 | public void testSpecIssue194b() throws Exception { | |
223 | @SuppressWarnings("unused") | |
224 | UriTemplate t = new UriTemplate("/./b"); | |
225 | } | |
226 | ||
227 | ||
228 | @Test(expected=javax.websocket.DeploymentException.class) | |
229 | public void testSpecIssue194c() throws Exception { | |
230 | @SuppressWarnings("unused") | |
231 | UriTemplate t = new UriTemplate("//b"); | |
232 | } | |
212 | 233 | } |
43 | 43 | They eventually become mixed with the numbered issues (i.e., numbered |
44 | 44 | issues do not "pop up" wrt. others). |
45 | 45 | --> |
46 | <section name="Tomcat 9.0.35 (markt)"> | |
46 | <section name="Tomcat 9.0.36 (markt)"> | |
47 | <subsection name="Catalina"> | |
48 | <changelog> | |
49 | <fix> | |
50 | <bug>64432</bug>: Correct a refactoring regression that broke handling | |
51 | of multi-line configuration in the RewriteValve. Patch provided by Jj. | |
52 | (markt) | |
53 | </fix> | |
54 | <fix> | |
55 | Fix use of multiple parameters when defining RewriteMaps. | |
56 | (remm/fschumacher) | |
57 | </fix> | |
58 | <update> | |
59 | Add the special internal rewrite maps for case modification and | |
60 | escaping. (remm/fschumacher) | |
61 | </update> | |
62 | <fix> | |
63 | Correct a regression in an earlier fix that broke the loading of | |
64 | configuration files such as keystores via URIs on Windows. (markt) | |
65 | </fix> | |
66 | <fix> | |
67 | <bug>64470</bug>: The default value of the solidus handling should | |
68 | reflect the associated system property. (remm) | |
69 | </fix> | |
70 | <fix> | |
71 | Implement a few rewrite SSL env that correspond to Servlet request | |
72 | attributes. (remm) | |
73 | </fix> | |
74 | <update> | |
75 | <bug>64442</bug>: Be more flexible with respect to the ordering of | |
76 | groups, roles and users in the <code>tomcat-users.xml</code> file. | |
77 | (fschumacher) | |
78 | </update> | |
79 | <fix> | |
80 | <bug>64493</bug>: Revert possible change of returned protocol | |
81 | attribute value on the <code>Connector</code>. (remm) | |
82 | </fix> | |
83 | </changelog> | |
84 | </subsection> | |
85 | <subsection name="Coyote"> | |
86 | <changelog> | |
87 | <update> | |
88 | Add support for ALPN on recent OpenJDK 8 releases. (remm) | |
89 | </update> | |
90 | <fix> | |
91 | <bug>64467</bug>: Improve performance of closing idle HTTP/2 streams. | |
92 | (markt) | |
93 | </fix> | |
94 | <update> | |
95 | Expose server certificate through the <code>SSLSupport</code> | |
96 | interface. (remm) | |
97 | </update> | |
98 | <add> | |
99 | <bug>64483</bug>: Log a warning if an AJP request is rejected because it | |
100 | contains an unexpected request attribute. (markt) | |
101 | </add> | |
102 | <fix> | |
103 | <bug>64485</bug>: Fix possible resource leak geting last modified from | |
104 | <code>ConfigurationSource.Resource</code>. (remm) | |
105 | </fix> | |
106 | </changelog> | |
107 | </subsection> | |
108 | <subsection name="Jasper"> | |
109 | <changelog> | |
110 | <fix> | |
111 | <bug>64488</bug>: Ensure that the ImportHandler from the Expression | |
112 | Language API is able to load classes from the Java runtime when running | |
113 | under a SecurityManager. Based on a patch by Volodymyr Siedleck. (markt) | |
114 | </fix> | |
115 | </changelog> | |
116 | </subsection> | |
117 | <subsection name="WebSocket"> | |
118 | <changelog> | |
119 | <fix> | |
120 | Consistently throw a <code>DeploymentException</code> when an invalid | |
121 | endpoint path is specified and catch invalid endpoint paths earlier. | |
122 | (markt) | |
123 | </fix> | |
124 | <add> | |
125 | Include the target URL in the log message when a WebSocket connection | |
126 | fails. (markt) | |
127 | </add> | |
128 | </changelog> | |
129 | </subsection> | |
130 | <subsection name="Other"> | |
131 | <changelog> | |
132 | <update> | |
133 | Update the list of known <code>Charset</code>s in the | |
134 | <code>CharsetCache</code> to include <code>ISO-8859-16</code>, added in | |
135 | OpenJDK 15. (markt) | |
136 | </update> | |
137 | <add> | |
138 | Improve the quality and expand the coverage of the French translations | |
139 | provided with Apache Tomcat. (remm) | |
140 | </add> | |
141 | <add> | |
142 | <bug>64430</bug>: Add support for the <code>CATALINA_OUT_CMD</code> | |
143 | environment variable that defines a command to which captured stdout and | |
144 | stderr will be redirected. Patch provided by Harald Dunkel. (markt) | |
145 | </add> | |
146 | <update> | |
147 | Switch from the unsupported Maven Ant Tasks to the supported Maven | |
148 | Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and | |
149 | from there to Maven Central). (markt) | |
150 | </update> | |
151 | <update> | |
152 | Update dependency on bnd to 5.1.0. (markt) | |
153 | </update> | |
154 | </changelog> | |
155 | </subsection> | |
156 | </section> | |
157 | <section name="Tomcat 9.0.35 (markt)" rtext="2020-05-11"> | |
47 | 158 | <subsection name="Catalina"> |
48 | 159 | <changelog> |
49 | 160 | <fix> |
62 | 173 | <add> |
63 | 174 | Log a warning if a <code>CredentialHandler</code> instance is added to |
64 | 175 | an instance of the <code>CombinedRealm</code> (or a sub-class) as the |
65 | <code>CombinedRealm</code> doesn't use a configued | |
176 | <code>CombinedRealm</code> doesn't use a configured | |
66 | 177 | <code>CredentialHandler</code> and it is likely that a configuration |
67 | 178 | error has occurred. (markt) |
68 | 179 | </add> |
328 | 439 | Correct the documentation web application to remove references to the |
329 | 440 | <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code> |
330 | 441 | system property changing how the sequence <code>%5c</code> is |
331 | interpretted in a URI. (markt) | |
442 | interpreted in a URI. (markt) | |
332 | 443 | </fix> |
333 | 444 | </changelog> |
334 | 445 | </subsection> |
355 | 466 | Update the CXF module to Apache CXF 3.3.6. (remm) |
356 | 467 | </update> |
357 | 468 | <fix> |
358 | Depreacted the <code>LOGGING_CONFIG</code> environment variable and | |
469 | Deprecated the <code>LOGGING_CONFIG</code> environment variable and | |
359 | 470 | replace it with the <code>CATALINA_LOGGING_CONFIG</code> environment |
360 | 471 | variable to avoid clashes with other components that use |
361 | 472 | <code>LOGGING_CONFIG</code>. (markt) |
533 | 533 | <attribute name="tomcatAuthentication" required="false"> |
534 | 534 | <p>If set to <code>true</code>, the authentication will be done in Tomcat. |
535 | 535 | Otherwise, the authenticated principal will be propagated from the native |
536 | webserver and used for authorization in Tomcat. Note that this principal | |
537 | will have no roles associated with it. | |
538 | The default value is <code>true</code>. If | |
536 | webserver and used for authorization in Tomcat. </p> | |
537 | <p>The web server must send the user principal (username) as a request | |
538 | <i>attribute</i> named <code>REMOTE_USER</code>.</p> | |
539 | <p>Note that this principal will have no roles associated with it.</p> | |
540 | <p>The default value is <code>true</code>. If | |
539 | 541 | <code>tomcatAuthorization</code> is set to <code>true</code> this |
540 | 542 | attribute has no effect.</p> |
541 | 543 | </attribute> |
34 | 34 | <section name="Introduction"> |
35 | 35 | |
36 | 36 | <p> |
37 | Tomcat supports using the GraalVM 19.3 Native Image tool to produce | |
37 | Tomcat supports using the GraalVM Native Image tool to produce | |
38 | 38 | a native binary including the container. This documentation page |
39 | 39 | describes the build process of such an image. |
40 | 40 | </p> |
244 | 244 | <li> |
245 | 245 | <code>%{SSL:variable}</code>, where <em>variable</em> is the |
246 | 246 | name of an SSL environment |
247 | variable, are not implemented yet. Example: | |
247 | variable, are not implemented, except | |
248 | <code>SSL_PROTOCOL</code>, <code>SSL_SESSION_ID</code>, | |
249 | <code>SSL_CIPHER</code> and <code>SSL_CIPHER_USEKEYSIZE</code>. | |
250 | Example: | |
248 | 251 | <code>%{SSL:SSL_CIPHER_USEKEYSIZE}</code> may expand to |
249 | 252 | <code>128</code>.</li> |
250 | 253 | |
393 | 396 | <subsection name="RewriteMap"> |
394 | 397 | |
395 | 398 | <p>Syntax: <code>RewriteMap name rewriteMapClassName optionalParameters</code></p> |
399 | ||
400 | <p>The <code>rewriteMapClassName</code> value also allows special values: | |
401 | <ul> | |
402 | <li><code>int:toupper</code>: Special map converting passed values to upper case</li> | |
403 | <li><code>int:tolower</code>: Special map converting passed values to lower case</li> | |
404 | <li><code>int:escape</code>: URL escape the passed value</li> | |
405 | <li><code>int:unescape</code>: URL unescape the passed value</li> | |
406 | </ul> | |
407 | </p> | |
396 | 408 | |
397 | 409 | <p>The maps are implemented using an interface that users must implement. Its class |
398 | 410 | name is <code>org.apache.catalina.valves.rewrite.RewriteMap</code>, and its code is:</p> |