Commit c36cb4c536aa659429f9ded35546ff473622b8a7 - tomcat9

+1

-1

.gitignore less more

36	36	*.asc
37	37	*.jj
38	38	*.tmp
39		maven-ant-tasks-*.jar
	39	maven-resolver-ant-tasks-*.jar
40	40	thumbs.db
41	41	Thumbs.db
42	42	bin/setenv.*

+22

-1

bin/catalina.sh less more

34	34	# CATALINA_OUT (Optional) Full path to a file where stdout and stderr
35	35	# will be redirected.
36	36	# Default is $CATALINA_BASE/logs/catalina.out
	37	#
	38	# CATALINA_OUT_CMD (Optional) Command which will be executed and receive
	39	# as its stdin the stdout and stderr from the Tomcat java
	40	# process. If CATALINA_OUT_CMD is set, the value of
	41	# CATALINA_OUT will be used as a named pipe.
	42	# No default.
	43	# Example (all one line)
	44	# CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400"
37	45	#
38	46	# CATALINA_OPTS (Optional) Java runtime options used when the "start",
39	47	# "run" or "debug" command is executed.

462	470	fi
463	471
464	472	shift
465		touch "$CATALINA_OUT"
	473	if [ -z "$CATALINA_OUT_CMD" ] ; then
	474	touch "$CATALINA_OUT"
	475	else
	476	if [ ! -e "$CATALINA_OUT" ]; then
	477	if ! mkfifo "$CATALINA_OUT"; then
	478	echo "cannot create named pipe $CATALINA_OUT. Start aborted."
	479	exit 1
	480	fi
	481	elif [ ! -p "$CATALINA_OUT" ]; then
	482	echo "$CATALINA_OUT exists and is not a named pipe. Start aborted."
	483	exit 1
	484	fi
	485	$CATALINA_OUT_CMD <"$CATALINA_OUT" &
	486	fi
466	487	if [ "$1" = "-security" ] ; then
467	488	if [ $have_tty -eq 1 ]; then
468	489	echo "Using Security Manager"

+8

-7

build.properties.default less more

24	24	# ----- Version Control Flags -----
25	25	version.major=9
26	26	version.minor=0
27		version.build=35
	27	version.build=36
28	28	version.patch=0
29	29	version.suffix=
30	30

287	287
288	288	# ----- bnd & bndlib, version 4.0.0 or later -----
289	289	# ----- provides OSGI metadata for JARs -----
290		bnd.version=5.0.1
291
292		# checksums for biz.aQute.bnd-5.0.1.jar, biz.aQute.bndlib-5.0.1.jar
	290	bnd.version=5.1.0
	291
	292	# checksums for biz.aQute.bnd-5.1.0.jar
293	293	bnd.checksum.enabled=true
294	294	bnd.checksum.algorithm=MD5\|SHA-1
295		bnd.checksum.value=42cb2f3bbb5556f0182131c6543f1579\|67d8bb4f274e8ecfd8ebfcdeed3b328f7078b13b
296
	295	bnd.checksum.value=477684fd83707666cc84a766b147ed0c\|9069bc1afad9201e3dc2efe62c0d5193777d16ae
	296
	297	# checksums for biz.aQute.bndlib-5.1.0.jar
297	298	bndlib.checksum.enabled=true
298	299	bndlib.checksum.algorithm=MD5\|SHA-1
299		bndlib.checksum.value=9d29031f80e3b94e3578fea75b45c8e6\|aa13aef49a74fe0bd8bbcb016df124bab5d4064e
	300	bndlib.checksum.value=59dfe87f09e3f03be891327a91430182\|30e119e5b3ae63dbb86532490855707b009e1b2e
300	301
301	302	bnd.home=${base.path}/bnd-${bnd.version}
302	303	bnd.jar=${bnd.home}/biz.aQute.bnd-${bnd.version}.jar

+1

-1

build.xml less more

2150	2150	</and>
2151	2151	<filename name="*/.asc" />
2152	2152	<filename name="*/.tmp" />
2153		<filename name="*/maven-ant-tasks-.jar" />
	2153	<filename name="*/maven-resolver-ant-tasks-.jar" />
2154	2154	<filename name="**/thumbs.db" />
2155	2155	<filename name="**/Thumbs.db" />
2156	2156	<filename name="*.launch"/>

+6

-6

conf/tomcat-users.xsd less more

23	23	version="1.0">
24	24	<xs:element name="tomcat-users">
25	25	<xs:complexType>
26		<xs:sequence>
27		<xs:element name="role" minOccurs="0" maxOccurs="unbounded">
	26	<xs:choice minOccurs="0" maxOccurs="unbounded">
	27	<xs:element name="role">
28	28	<xs:complexType>
29	29	<xs:attribute name="rolename" use="required" type="users:entityname" />
30	30	<xs:attribute name="description" type="xs:string" />
31	31	</xs:complexType>
32	32	</xs:element>
33		<xs:element name="group" minOccurs="0" maxOccurs="unbounded">
	33	<xs:element name="group">
34	34	<xs:complexType>
35	35	<xs:attribute name="groupname" use="required" type="users:entityname" />
36	36	<xs:attribute name="description" type="xs:string" />
37	37	<xs:attribute name="roles" type="xs:string" />
38	38	</xs:complexType>
39	39	</xs:element>
40		<xs:element name="user" minOccurs="0" maxOccurs="unbounded">
	40	<xs:element name="user">
41	41	<xs:complexType>
42	42	<xs:attribute name="username" use="required" type="users:entityname" />
43	43	<xs:attribute name="fullname" type="xs:string" />

46	46	<xs:attribute name="groups" type="xs:string" />
47	47	</xs:complexType>
48	48	</xs:element>
49		</xs:sequence>
	49	</xs:choice>
50	50	<xs:attribute name="version" type="xs:string" />
51	51	</xs:complexType>
52	52	</xs:element>

55	55	<xs:minLength value="1"/>
56	56	</xs:restriction>
57	57	</xs:simpleType>
58		</xs:schema>⏎
	58	</xs:schema>

+37

-2

java/javax/el/ImportHandler.java less more

18	18	import java.lang.reflect.Field;
19	19	import java.lang.reflect.Method;
20	20	import java.lang.reflect.Modifier;
	21	import java.security.AccessController;
	22	import java.security.PrivilegedAction;
21	23	import java.util.Collections;
22	24	import java.util.HashMap;
23	25	import java.util.HashSet;

29	31	* @since EL 3.0
30	32	*/
31	33	public class ImportHandler {
	34
	35	private static final boolean IS_SECURITY_ENABLED = (System.getSecurityManager() != null);
32	36
33	37	private static final Map<String,Set<String>> standardPackages = new HashMap<>();
34	38

451	455	* for the case where the class does exist is a lot less than the
452	456	* overhead we save by not calling loadClass().
453	457	*/
454		if (cl.getResource(path) == null) {
455		return null;
	458	if (IS_SECURITY_ENABLED) {
	459	// Webapps don't have read permission for JAVA_HOME (and
	460	// possibly other sources of classes). Only need to know if the
	461	// class exists at this point. Class loading occurs with
	462	// standard SecurityManager policy next.
	463	if (!AccessController.doPrivileged(new PrivilegedResourceExists(cl, path)).booleanValue()) {
	464	return null;
	465	}
	466	} else {
	467	if (cl.getResource(path) == null) {
	468	return null;
	469	}
456	470	}
457	471	} catch (ClassCircularityError cce) {
458	472	// May happen under a security manager. Ignore it and try loading

488	502	*/
489	503	private static class NotFound {
490	504	}
	505
	506
	507	private static class PrivilegedResourceExists implements PrivilegedAction<Boolean> {
	508
	509	private final ClassLoader cl;
	510	private final String name;
	511
	512	public PrivilegedResourceExists(ClassLoader cl, String name) {
	513	this.cl = cl;
	514	this.name = name;
	515	}
	516
	517	@Override
	518	public Boolean run() {
	519	if (cl.getResource(name) == null) {
	520	return Boolean.FALSE;
	521	} else {
	522	return Boolean.TRUE;
	523	}
	524	}
	525	}
491	526	}

+1

-1

java/javax/servlet/jsp/JspApplicationContext.java less more

64	64	* if called after the application's
65	65	* <code>ServletContextListeners</code> have been initialized.
66	66	*/
67		public void addELResolver(ELResolver resolver) throws IllegalStateException;
	67	public void addELResolver(ELResolver resolver);
68	68
69	69	/**
70	70	* <p>

+20

-11

java/org/apache/catalina/connector/Connector.java less more

41	41	import org.apache.tomcat.util.buf.B2CConverter;
42	42	import org.apache.tomcat.util.buf.CharsetUtil;
43	43	import org.apache.tomcat.util.buf.EncodedSolidusHandling;
	44	import org.apache.tomcat.util.buf.UDecoder;
44	45	import org.apache.tomcat.util.net.SSLHostConfig;
45	46	import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
46	47	import org.apache.tomcat.util.res.StringManager;

78	79
79	80
80	81	public Connector(String protocol) {
81		configuredProtocol = protocol;
82	82	boolean apr = AprLifecycleListener.isAprAvailable() &&
83	83	AprLifecycleListener.getUseAprConnector();
84	84	ProtocolHandler p = null;

102	102
103	103	public Connector(ProtocolHandler protocolHandler) {
104	104	protocolHandlerClassName = protocolHandler.getClass().getName();
105		configuredProtocol = protocolHandlerClassName;
106	105	this.protocolHandler = protocolHandler;
107	106	// Default for Connector depends on this system property
108	107	setThrowOnFailure(Boolean.getBoolean("org.apache.catalina.startup.EXIT_ON_INIT_FAILURE"));

136	135	protected boolean enableLookups = false;
137	136
138	137
139		/*
	138	/**
140	139	* Is generation of X-Powered-By response header enabled/disabled?
141	140	*/
142	141	protected boolean xpoweredBy = false;

248	247
249	248
250	249	/**
251		* Name of the protocol that was configured.
252		*/
253		protected final String configuredProtocol;
254
255
256		/**
257	250	* Coyote protocol handler.
258	251	*/
259	252	protected final ProtocolHandler protocolHandler;

265	258	protected Adapter adapter = null;
266	259
267	260
	261	/**
	262	* The URI encoding in use.
	263	*/
268	264	private Charset uriCharset = StandardCharsets.UTF_8;
269	265
270	266
271		private EncodedSolidusHandling encodedSolidusHandling = EncodedSolidusHandling.REJECT;
	267	/**
	268	* The behavior when an encoded solidus (slash) is submitted.
	269	*/
	270	@SuppressWarnings("deprecation")
	271	private EncodedSolidusHandling encodedSolidusHandling =
	272	UDecoder.ALLOW_ENCODED_SLASH ? EncodedSolidusHandling.DECODE : EncodedSolidusHandling.REJECT;
272	273
273	274
274	275	/**

623	624	* @return the Coyote protocol handler in use.
624	625	*/
625	626	public String getProtocol() {
626		return configuredProtocol;
	627	boolean apr = AprLifecycleListener.getUseAprConnector();
	628	if ((!apr && org.apache.coyote.http11.Http11NioProtocol.class.getName().equals(protocolHandlerClassName))
	629	\|\| (apr && org.apache.coyote.http11.Http11AprProtocol.class.getName().equals(protocolHandlerClassName))) {
	630	return "HTTP/1.1";
	631	} else if ((!apr && org.apache.coyote.ajp.AjpNioProtocol.class.getName().equals(protocolHandlerClassName))
	632	\|\| (apr && org.apache.coyote.ajp.AjpAprProtocol.class.getName().equals(protocolHandlerClassName))) {
	633	return "AJP/1.3";
	634	}
	635	return protocolHandlerClassName;
627	636	}
628	637
629	638

+1

-0

java/org/apache/catalina/connector/LocalStrings_fr.properties less more

82	82	request.fragmentInDispatchPath=Le fragment dans le chemin de dispatch [{0}] a été enlevé
83	83	request.illegalWrap=L'enrobeur de la réponse doit enrober la requête obtenue à partir de getRequest()
84	84	request.notAsync=Il est interdit d'appeler cette méthode si la requête actuelle n'est pas en mode asynchrone (isAsyncStarted() a renvoyé false)
	85	request.session.failed=Erreur de chargement de la session [{0}] à cause de [{1}]
85	86
86	87	requestFacade.nullRequest=L'objet requête a été recyclé et n'est plus associé à cette façade
87	88

+1

-1

java/org/apache/catalina/core/ApplicationContext.java less more

185	185	/**
186	186	* Thread local data used during request dispatch.
187	187	*/
188		private static final ThreadLocal<DispatchData> dispatchData = new ThreadLocal<>();
	188	private final ThreadLocal<DispatchData> dispatchData = new ThreadLocal<>();
189	189
190	190
191	191	/**

+2

-8

java/org/apache/catalina/core/ApplicationDispatcher.java less more

736	736	}
737	737
738	738	// Release the filter chain (if any) for this request
739		try {
740		if (filterChain != null)
741		filterChain.release();
742		} catch (Throwable e) {
743		ExceptionUtils.handleThrowable(e);
744		wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters",
745		wrapper.getName()), e);
746		// FIXME: Exception handling needs to be similar to what is in the StandardWrapperValue
	739	if (filterChain != null) {
	740	filterChain.release();
747	741	}
748	742
749	743	// Deallocate the allocated servlet instance

+0

-1

java/org/apache/catalina/core/LocalStrings.properties less more

296	296	standardWrapper.notContext=Parent container of a Wrapper must be a Context
297	297	standardWrapper.notFound=Servlet [{0}] is not available
298	298	standardWrapper.notServlet=Class [{0}] is not a Servlet
299		standardWrapper.releaseFilters=Release filters exception for servlet [{0}]
300	299	standardWrapper.serviceException=Servlet.service() for servlet [{0}] in context with path [{1}] threw exception
301	300	standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in context with path [{1}] threw exception [{2}] with root cause
302	301	standardWrapper.unavailable=Marking servlet [{0}] as unavailable

+0

-1

java/org/apache/catalina/core/LocalStrings_es.properties less more

170	170	standardWrapper.notContext=El contenedor padre para un Arropador (Wrapper) debe de ser un Contexto
171	171	standardWrapper.notFound=No está disponible el Servlet [{0}]
172	172	standardWrapper.notServlet=La Clase [{0}] no es un Servlet
173		standardWrapper.releaseFilters=Excepción de Liberación de filtros para servlet [{0}]
174	173	standardWrapper.serviceException=Servlet.service() para servlet [{0}] lanzó excepción
175	174	standardWrapper.serviceExceptionRoot=El Servlet.service() para el servlet [{0}] en el contexto con ruta [{1}] lanzó la excepción [{2}] con causa raíz
176	175	standardWrapper.unavailable=Marcando el servlet [{0}] como no disponible

+0

-1

java/org/apache/catalina/core/LocalStrings_fr.properties less more

296	296	standardWrapper.notContext=Le conteneur parent d'un enrobeur (wrapper) doit être un contexte
297	297	standardWrapper.notFound=Servlet [{0}] n''est pas disponible.
298	298	standardWrapper.notServlet=La classe [{0}] n''est pas une servlet
299		standardWrapper.releaseFilters=Exception des filtres de sortie (release filters) pour la servlet [{0}]
300	299	standardWrapper.serviceException="Servlet.service()" pour la servlet [{0}] a généré une exception
301	300	standardWrapper.serviceExceptionRoot=Servlet.service() du Servlet [{0}] dans le contexte au chemin [{1}] a retourné une exception [{2}] avec la cause
302	301	standardWrapper.unavailable=La servlet [{0}] est marqué comme indisponible

+0

-1

java/org/apache/catalina/core/LocalStrings_ja.properties less more

296	296	standardWrapper.notContext=Wrapper の親のコンテナはContextでなければいけません
297	297	standardWrapper.notFound=サーブレット [{0}] が利用できません
298	298	standardWrapper.notServlet=クラス [{0}] はServletではありません
299		standardWrapper.releaseFilters=サーブレット [{0}] のフィルタ例外を解除します
300	299	standardWrapper.serviceException=サーブレット [{0}] のServlet.service()が例外を投げました
301	300	standardWrapper.serviceExceptionRoot=パス[{1}]を持つコンテキスト内のサーブレット[{0}]のServlet.service() が例外[{2}]が根本的要因と共に投げられました。
302	301	standardWrapper.unavailable=サーブレット [{0}] を利用不可能にマークします

+0

-1

java/org/apache/catalina/core/LocalStrings_ko.properties less more

296	296	standardWrapper.notContext=Wrapper의 부모 컨테이너는 반드시 컨텍스트여야 합니다.
297	297	standardWrapper.notFound=서블릿 [{0}]은(는) 가용하지 않습니다.
298	298	standardWrapper.notServlet=클래스 [{0}]은(는) 서블릿이 아닙니다,
299		standardWrapper.releaseFilters=서블릿 [{0}]을(를) 위해 필터를 해제하는 중 예외 발생
300	299	standardWrapper.serviceException=경로가 [{1}]인 컨텍스트의 서블릿 [{0}]을(를) 위한 Servlet.service() 호출이 예외를 발생시켰습니다.
301	300	standardWrapper.serviceExceptionRoot=경로 [{1}]의 컨텍스트 내의 서블릿 [{0}]을(를) 위한 Servlet.service() 호출이, 근본 원인(root cause)과 함께, 예외 [{2}]을(를) 발생시켰습니다.
302	301	standardWrapper.unavailable=서블릿 [{0}]을(를) 가용하지 않은 상태로 표시합니다.

+0

-1

java/org/apache/catalina/core/LocalStrings_zh_CN.properties less more

297	297	standardWrapper.notContext=包装的父容器必须是上下文
298	298	standardWrapper.notFound=Servlet [{0}] 不可用
299	299	standardWrapper.notServlet=类{0}不是Servlet
300		standardWrapper.releaseFilters=发布过滤器异常，servlet：[{0}]
301	300	standardWrapper.serviceException=在路径为[{1}]的上下文中，servlet[{0}]的Servlet.service()引发异常
302	301	standardWrapper.serviceExceptionRoot=在路径为{1}的上下文中，Servlet[{0}]的Servlet.service（）引发了具有根本原因的异常{2}
303	302	standardWrapper.unavailable=将servlet[{0}]标记为不可用

+43

-51

java/org/apache/catalina/core/StandardContext.java less more

2803	2803	}
2804	2804	fireContainerEvent("addApplicationListener", listener);
2805	2805
2806		// FIXME - add instance if already started?
2807	2806	}
2808	2807
2809	2808

3017	3016	(servletNames.length == 0) && (urlPatterns.length == 0))
3018	3017	throw new IllegalArgumentException
3019	3018	(sm.getString("standardContext.filterMap.either"));
3020		// FIXME: Older spec revisions may still check this
3021		/*
3022		if ((servletNames.length != 0) && (urlPatterns.length != 0))
3023		throw new IllegalArgumentException
3024		(sm.getString("standardContext.filterMap.either"));
3025		*/
3026	3019	for (String urlPattern : urlPatterns) {
3027	3020	if (!validateURLPattern(urlPattern)) {
3028	3021	throw new IllegalArgumentException

3808	3801	// Inform interested listeners
3809	3802	fireContainerEvent("removeApplicationListener", listener);
3810	3803
3811		// FIXME - behavior if already started?
3812	3804	}
3813	3805
3814	3806

5217	5209	// Reinitializing if something went wrong
5218	5210	if (!ok) {
5219	5211	setState(LifecycleState.FAILED);
	5212	// Send j2ee.object.failed notification
	5213	if (this.getObjectName() != null) {
	5214	Notification notification = new Notification("j2ee.object.failed",
	5215	this.getObjectName(), sequenceNumber.getAndIncrement());
	5216	broadcaster.sendNotification(notification);
	5217	}
5220	5218	} else {
5221	5219	setState(LifecycleState.STARTING);
5222	5220	}

5471	5469
5472	5470	}
5473	5471
5474		/** Destroy needs to clean up the context completely.
	5472	/**
	5473	* Destroy needs to clean up the context completely.
5475	5474	*
5476	5475	* The problem is that undoing all the config in start() and restoring
5477	5476	* a 'fresh' state is impossible. After stop()/destroy()/init()/start()

5479	5478	* read modified web.xml, etc. This can only be done by completely
5480	5479	* removing the context object and remapping a new one, or by cleaning
5481	5480	* up everything.
5482		*
5483		* XXX Should this be done in stop() ?
5484		*
5485	5481	*/
5486	5482	@Override
5487	5483	protected void destroyInternal() throws LifecycleException {

6202	6198	}
6203	6199
6204	6200
6205		/* Remove a JMX notificationListener
	6201	/**
	6202	* Remove a JMX notificationListener
6206	6203	* @see javax.management.NotificationEmitter#removeNotificationListener(javax.management.NotificationListener, javax.management.NotificationFilter, java.lang.Object)
6207	6204	*/
6208	6205	@Override

6213	6210
6214	6211	private MBeanNotificationInfo[] notificationInfo;
6215	6212
6216		/* Get JMX Broadcaster Info
6217		* @TODO use StringManager for international support!
6218		* @TODO This two events we not send j2ee.state.failed and j2ee.attribute.changed!
	6213	/**
	6214	* Get JMX Broadcaster Info
6219	6215	* @see javax.management.NotificationBroadcaster#getNotificationInfo()
6220	6216	*/
6221	6217	@Override
6222	6218	public MBeanNotificationInfo[] getNotificationInfo() {
6223		// FIXME: i18n
6224		if(notificationInfo == null) {
6225		notificationInfo = new MBeanNotificationInfo[]{
6226		new MBeanNotificationInfo(new String[] {
6227		"j2ee.object.created"},
6228		Notification.class.getName(),
6229		"web application is created"
6230		),
6231		new MBeanNotificationInfo(new String[] {
6232		"j2ee.state.starting"},
6233		Notification.class.getName(),
6234		"change web application is starting"
6235		),
6236		new MBeanNotificationInfo(new String[] {
6237		"j2ee.state.running"},
6238		Notification.class.getName(),
6239		"web application is running"
6240		),
6241		new MBeanNotificationInfo(new String[] {
6242		"j2ee.state.stopping"},
6243		Notification.class.getName(),
6244		"web application start to stopped"
6245		),
6246		new MBeanNotificationInfo(new String[] {
6247		"j2ee.object.stopped"},
6248		Notification.class.getName(),
6249		"web application is stopped"
6250		),
6251		new MBeanNotificationInfo(new String[] {
6252		"j2ee.object.deleted"},
6253		Notification.class.getName(),
6254		"web application is deleted"
6255		)
6256		};
6257
	6219	// FIXME: we not send j2ee.attribute.changed
	6220	if (notificationInfo == null) {
	6221	notificationInfo = new MBeanNotificationInfo[] {
	6222	new MBeanNotificationInfo(
	6223	new String[] { "j2ee.object.created" },
	6224	Notification.class.getName(),
	6225	"web application is created"),
	6226	new MBeanNotificationInfo(
	6227	new String[] { "j2ee.state.starting" },
	6228	Notification.class.getName(),
	6229	"change web application is starting"),
	6230	new MBeanNotificationInfo(
	6231	new String[] { "j2ee.state.running" },
	6232	Notification.class.getName(),
	6233	"web application is running"),
	6234	new MBeanNotificationInfo(
	6235	new String[] { "j2ee.state.stopping" },
	6236	Notification.class.getName(),
	6237	"web application start to stopped"),
	6238	new MBeanNotificationInfo(
	6239	new String[] { "j2ee.object.stopped" },
	6240	Notification.class.getName(),
	6241	"web application is stopped"),
	6242	new MBeanNotificationInfo(
	6243	new String[] { "j2ee.object.deleted" },
	6244	Notification.class.getName(),
	6245	"web application is deleted"),
	6246	new MBeanNotificationInfo(
	6247	new String[] { "j2ee.object.failed" },
	6248	Notification.class.getName(),
	6249	"web application failed") };
6258	6250	}
6259	6251
6260	6252	return notificationInfo;

+26

-37

java/org/apache/catalina/core/StandardWrapper.java less more

1694	1694
1695	1695	/**
1696	1696	* Get JMX Broadcaster Info
1697		* FIXME: This two events we not send j2ee.state.failed and j2ee.attribute.changed!
1698	1697	* @see javax.management.NotificationBroadcaster#getNotificationInfo()
1699	1698	*/
1700	1699	@Override
1701	1700	public MBeanNotificationInfo[] getNotificationInfo() {
1702
1703		if(notificationInfo == null) {
1704		notificationInfo = new MBeanNotificationInfo[]{
1705		new MBeanNotificationInfo(new String[] {
1706		"j2ee.object.created"},
1707		Notification.class.getName(),
1708		"servlet is created"
1709		),
1710		new MBeanNotificationInfo(new String[] {
1711		"j2ee.state.starting"},
1712		Notification.class.getName(),
1713		"servlet is starting"
1714		),
1715		new MBeanNotificationInfo(new String[] {
1716		"j2ee.state.running"},
1717		Notification.class.getName(),
1718		"servlet is running"
1719		),
1720		new MBeanNotificationInfo(new String[] {
1721		"j2ee.state.stopped"},
1722		Notification.class.getName(),
1723		"servlet start to stopped"
1724		),
1725		new MBeanNotificationInfo(new String[] {
1726		"j2ee.object.stopped"},
1727		Notification.class.getName(),
1728		"servlet is stopped"
1729		),
1730		new MBeanNotificationInfo(new String[] {
1731		"j2ee.object.deleted"},
1732		Notification.class.getName(),
1733		"servlet is deleted"
1734		)
1735		};
1736		}
1737
	1701	// FIXME: we not send j2ee.state.failed
	1702	// FIXME: we not send j2ee.attribute.changed
	1703	if (notificationInfo == null) {
	1704	notificationInfo = new MBeanNotificationInfo[] {
	1705	new MBeanNotificationInfo(
	1706	new String[] { "j2ee.object.created" },
	1707	Notification.class.getName(), "servlet is created"),
	1708	new MBeanNotificationInfo(
	1709	new String[] { "j2ee.state.starting" },
	1710	Notification.class.getName(),
	1711	"servlet is starting"),
	1712	new MBeanNotificationInfo(
	1713	new String[] { "j2ee.state.running" },
	1714	Notification.class.getName(), "servlet is running"),
	1715	new MBeanNotificationInfo(
	1716	new String[] { "j2ee.state.stopped" },
	1717	Notification.class.getName(),
	1718	"servlet start to stopped"),
	1719	new MBeanNotificationInfo(
	1720	new String[] { "j2ee.object.stopped" },
	1721	Notification.class.getName(), "servlet is stopped"),
	1722	new MBeanNotificationInfo(
	1723	new String[] { "j2ee.object.deleted" },
	1724	Notification.class.getName(),
	1725	"servlet is deleted") };
	1726	}
1738	1727	return notificationInfo;
1739	1728	}
1740	1729

+1

-1

java/org/apache/catalina/ha/tcp/ReplicationValve.java less more

84	84	/**
85	85	* crossContext session container
86	86	*/
87		protected static final ThreadLocal<ArrayList<DeltaSession>> crossContextSessions =
	87	protected final ThreadLocal<ArrayList<DeltaSession>> crossContextSessions =
88	88	new ThreadLocal<>() ;
89	89
90	90	/**

+1

-1

java/org/apache/catalina/session/PersistentManagerBase.java less more

187	187	* Session that is currently getting swapped in to prevent loading it more
188	188	* than once concurrently
189	189	*/
190		private static final ThreadLocal<Session> sessionToSwapIn = new ThreadLocal<>();
	190	private final ThreadLocal<Session> sessionToSwapIn = new ThreadLocal<>();
191	191
192	192
193	193	// ------------------------------------------------------------- Properties

+0

-1

java/org/apache/catalina/session/StandardSessionFacade.java less more

69	69
70	70	@Override
71	71	public ServletContext getServletContext() {
72		// FIXME : Facade this object ?
73	72	return session.getServletContext();
74	73	}
75	74

+12

-8

java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java less more

89	89	}
90	90
91	91	// Try classloader
92		InputStream stream = getClass().getClassLoader().getResourceAsStream(name);
93		if (stream != null) {
94		try {
	92	InputStream stream = null;
	93	try {
	94	stream = getClass().getClassLoader().getResourceAsStream(name);
	95	if (stream != null) {
95	96	return new Resource(stream, getClass().getClassLoader().getResource(name).toURI());
96		} catch (InvalidPathException e) {
97		// Ignore. Some valid file URIs can trigger this.
	97	}
	98	} catch (InvalidPathException e) {
	99	// Ignore. Some valid file URIs can trigger this.
	100	// Stream should be null here but check to be on the safe side.
	101	if (stream != null) {
98	102	stream.close();
99		} catch (URISyntaxException e) {
100		stream.close();
101		throw new IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), e);
102	103	}
	104	} catch (URISyntaxException e) {
	105	stream.close();
	106	throw new IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), e);
103	107	}
104	108
105	109	// Then try URI.

+17

-4

java/org/apache/catalina/users/MemoryUserDatabase.java less more

424	424
425	425	String pathName = getPathname();
426	426	try (ConfigurationSource.Resource resource = ConfigFileLoader.getSource().getResource(pathName)) {
427		this.lastModified = resource.getURI().toURL().openConnection().getLastModified();
	427	lastModified = resource.getLastModified();
428	428
429	429	// Construct a digester to read the XML input file
430	430	Digester digester = new Digester();

735	735	}
736	736	String description = attributes.getValue("description");
737	737	String roles = attributes.getValue("roles");
738		Group group = database.createGroup(groupname, description);
	738	Group group = database.findGroup(groupname);
	739	if (group == null) {
	740	group = database.createGroup(groupname, description);
	741	} else {
	742	if (group.getDescription() == null) {
	743	group.setDescription(description);
	744	}
	745	}
739	746	if (roles != null) {
740	747	while (roles.length() > 0) {
741	748	String rolename = null;

780	787	rolename = attributes.getValue("name");
781	788	}
782	789	String description = attributes.getValue("description");
783		Role role = database.createRole(rolename, description);
784		return role;
	790	Role existingRole = database.findRole(rolename);
	791	if (existingRole == null) {
	792	return database.createRole(rolename, description);
	793	}
	794	if (existingRole.getDescription() == null) {
	795	existingRole.setDescription(description);
	796	}
	797	return existingRole;
785	798	}
786	799
787	800	private final MemoryUserDatabase database;

+122

-0

java/org/apache/catalina/valves/rewrite/InternalRewriteMap.java less more

	0	/*
	1	* Licensed to the Apache Software Foundation (ASF) under one or more
	2	* contributor license agreements. See the NOTICE file distributed with
	3	* this work for additional information regarding copyright ownership.
	4	* The ASF licenses this file to You under the Apache License, Version 2.0
	5	* (the "License"); you may not use this file except in compliance with
	6	* the License. You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
	16	package org.apache.catalina.valves.rewrite;
	17
	18	import java.nio.charset.Charset;
	19	import java.nio.charset.StandardCharsets;
	20	import java.util.Locale;
	21
	22	import org.apache.catalina.util.URLEncoder;
	23	import org.apache.tomcat.util.buf.UDecoder;
	24
	25	public class InternalRewriteMap {
	26
	27	public static RewriteMap toMap(String name) {
	28	if ("toupper".equals(name)) {
	29	return new UpperCase();
	30	} else if ("tolower".equals(name)) {
	31	return new LowerCase();
	32	} else if ("escape".equals(name)) {
	33	return new Escape();
	34	} else if ("unescape".equals(name)) {
	35	return new Unescape();
	36	} else {
	37	return null;
	38	}
	39	}
	40
	41	public static class LowerCase implements RewriteMap {
	42
	43	private Locale locale = Locale.getDefault();
	44
	45	@Override
	46	public String setParameters(String params) {
	47	this.locale = Locale.forLanguageTag(params);
	48	return null;
	49	}
	50
	51	@Override
	52	public String lookup(String key) {
	53	if (key != null) {
	54	return key.toLowerCase(locale);
	55	}
	56	return null;
	57	}
	58
	59	}
	60
	61	public static class UpperCase implements RewriteMap {
	62
	63	private Locale locale = Locale.getDefault();
	64
	65	@Override
	66	public String setParameters(String params) {
	67	this.locale = Locale.forLanguageTag(params);
	68	return null;
	69	}
	70
	71	@Override
	72	public String lookup(String key) {
	73	if (key != null) {
	74	return key.toUpperCase(locale);
	75	}
	76	return null;
	77	}
	78
	79	}
	80
	81	public static class Escape implements RewriteMap {
	82
	83	private Charset charset = StandardCharsets.UTF_8;
	84
	85	@Override
	86	public String setParameters(String params) {
	87	this.charset = Charset.forName(params);
	88	return null;
	89	}
	90
	91	@Override
	92	public String lookup(String key) {
	93	if (key != null) {
	94	return URLEncoder.DEFAULT.encode(key, charset);
	95	}
	96	return null;
	97	}
	98
	99	}
	100
	101	public static class Unescape implements RewriteMap {
	102
	103	private Charset charset = StandardCharsets.UTF_8;
	104
	105	@Override
	106	public String setParameters(String params) {
	107	this.charset = Charset.forName(params);
	108	return null;
	109	}
	110
	111	@Override
	112	public String lookup(String key) {
	113	if (key != null) {
	114	return UDecoder.URLDecode(key, charset);
	115	}
	116	return null;
	117	}
	118
	119	}
	120
	121	}

+4

-0

java/org/apache/catalina/valves/rewrite/LocalStrings.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
	15	quotedStringTokenizer.tokenizeError=Error tokenizing text [{0}] after position [{1}] from mode [{2}]
	16
	17	rewriteMap.tooManyParameters=Too many parameters for this map
	18
15	19	rewriteValve.closeError=Error closing configuration
16	20	rewriteValve.invalidFlags=Invalid flag in [{0}] flags [{1}]
17	21	rewriteValve.invalidLine=Invalid line [{0}]

+6

-2

java/org/apache/catalina/valves/rewrite/QuotedStringTokenizer.java less more

20	20	import java.util.Iterator;
21	21	import java.util.List;
22	22
	23	import org.apache.tomcat.util.res.StringManager;
	24
23	25	public class QuotedStringTokenizer {
	26
	27	protected static final StringManager sm = StringManager.getManager(QuotedStringTokenizer.class);
24	28
25	29	private Iterator<String> tokenIterator;
26	30	private int tokenCount;

69	73	}
70	74	break;
71	75	default:
72		throw new IllegalStateException(
73		"Couldn't tokenize text '" + inputText + "' after position " + pos + " from mode " + currentMode);
	76	throw new IllegalStateException(sm.getString("quotedStringTokenizer.tokenizeError",
	77	inputText, Integer.valueOf(pos), currentMode));
74	78	}
75	79	pos++;
76	80	}

+141

-1

java/org/apache/catalina/valves/rewrite/ResolverImpl.java less more

15	15	*/
16	16	package org.apache.catalina.valves.rewrite;
17	17
	18	import java.io.IOException;
18	19	import java.nio.charset.Charset;
	20	import java.security.cert.CertificateEncodingException;
	21	import java.security.cert.X509Certificate;
19	22	import java.util.Calendar;
	23	import java.util.Set;
	24	import java.util.concurrent.TimeUnit;
20	25
21	26	import org.apache.catalina.WebResource;
22	27	import org.apache.catalina.WebResourceRoot;
23	28	import org.apache.catalina.connector.Request;
	29	import org.apache.tomcat.util.codec.binary.Base64;
24	30	import org.apache.tomcat.util.http.FastHttpDateFormat;
	31	import org.apache.tomcat.util.net.SSLSupport;
	32	import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
	33	import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel;
	34	import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
25	35
26	36	public class ResolverImpl extends Resolver {
27	37

132	142
133	143	@Override
134	144	public String resolveSsl(String key) {
135		// FIXME: Implement SSL environment variables
	145	SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR);
	146	try {
	147	// FIXME SSL_SESSION_RESUMED in SSLHostConfig
	148	// FIXME SSL_SECURE_RENEG in SSLHostConfig
	149	// FIXME SSL_COMPRESS_METHOD in SSLHostConfig
	150	// FIXME SSL_TLS_SNI from handshake
	151	// FIXME SSL_SRP_USER
	152	// FIXME SSL_SRP_USERINFO
	153	if (key.equals("HTTPS")) {
	154	return String.valueOf(sslSupport != null);
	155	} else if (key.equals("SSL_PROTOCOL")) {
	156	return sslSupport.getProtocol();
	157	} else if (key.equals("SSL_SESSION_ID")) {
	158	return sslSupport.getSessionId();
	159	} else if (key.equals("SSL_CIPHER")) {
	160	return sslSupport.getCipherSuite();
	161	} else if (key.equals("SSL_CIPHER_EXPORT")) {
	162	String cipherSuite = sslSupport.getCipherSuite();
	163	Set<Cipher> cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite);
	164	if (cipherList.size() == 1) {
	165	Cipher cipher = cipherList.iterator().next();
	166	if (cipher.getLevel().equals(EncryptionLevel.EXP40)
	167	\|\| cipher.getLevel().equals(EncryptionLevel.EXP56)) {
	168	return "true";
	169	} else {
	170	return "false";
	171	}
	172	}
	173	} else if (key.equals("SSL_CIPHER_ALGKEYSIZE")) {
	174	String cipherSuite = sslSupport.getCipherSuite();
	175	Set<Cipher> cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite);
	176	if (cipherList.size() == 1) {
	177	Cipher cipher = cipherList.iterator().next();
	178	return String.valueOf(cipher.getAlg_bits());
	179	}
	180	} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) {
	181	return sslSupport.getKeySize().toString();
	182	} else if (key.startsWith("SSL_CLIENT_")) {
	183	X509Certificate[] certificates = sslSupport.getPeerCertificateChain();
	184	if (certificates != null && certificates.length > 0) {
	185	key = key.substring("SSL_CLIENT_".length());
	186	String result = resolveSslCertificates(key, certificates);
	187	if (result != null) {
	188	return result;
	189	} else if (key.startsWith("SAN_OTHER_msUPN_")) {
	190	key = key.substring("SAN_OTHER_msUPN_".length());
	191	// FIXME return certificates[0].getSubjectAlternativeNames()
	192	} else if (key.equals("CERT_RFC4523_CEA")) {
	193	// FIXME return certificates[0]
	194	} else if (key.equals("VERIFY")) {
	195	// FIXME return verification state
	196	}
	197	}
	198	} else if (key.startsWith("SSL_SERVER_")) {
	199	X509Certificate[] certificates = sslSupport.getLocalCertificateChain();
	200	if (certificates != null && certificates.length > 0) {
	201	key = key.substring("SSL_SERVER_".length());
	202	String result = resolveSslCertificates(key, certificates);
	203	if (result != null) {
	204	return result;
	205	} else if (key.startsWith("SAN_OTHER_dnsSRV_")) {
	206	key = key.substring("SAN_OTHER_dnsSRV_".length());
	207	// FIXME return certificates[0].getSubjectAlternativeNames()
	208	}
	209	}
	210	}
	211	} catch (IOException e) {
	212	// TLS access error
	213	}
136	214	return null;
	215	}
	216
	217	private String resolveSslCertificates(String key, X509Certificate[] certificates) {
	218	if (key.equals("M_VERSION")) {
	219	return String.valueOf(certificates[0].getVersion());
	220	} else if (key.equals("M_SERIAL")) {
	221	return certificates[0].getSerialNumber().toString();
	222	} else if (key.equals("S_DN")) {
	223	return certificates[0].getSubjectDN().getName();
	224	} else if (key.startsWith("S_DN_")) {
	225	key = key.substring("S_DN_".length());
	226	// FIXME would need access to X500Name from X500Principal
	227	} else if (key.startsWith("SAN_Email_")) {
	228	key = key.substring("SAN_Email_".length());
	229	// FIXME return certificates[0].getSubjectAlternativeNames()
	230	} else if (key.startsWith("SAN_DNS_")) {
	231	key = key.substring("SAN_DNS_".length());
	232	// FIXME return certificates[0].getSubjectAlternativeNames()
	233	} else if (key.equals("I_DN")) {
	234	return certificates[0].getIssuerDN().getName();
	235	} else if (key.startsWith("I_DN_")) {
	236	key = key.substring("I_DN_".length());
	237	// FIXME would need access to X500Name from X500Principal
	238	} else if (key.equals("V_START")) {
	239	return String.valueOf(certificates[0].getNotBefore().getTime());
	240	} else if (key.equals("V_END")) {
	241	return String.valueOf(certificates[0].getNotAfter().getTime());
	242	} else if (key.equals("V_REMAIN")) {
	243	long remain = certificates[0].getNotAfter().getTime() - System.currentTimeMillis();
	244	if (remain < 0) {
	245	remain = 0L;
	246	}
	247	// Return remaining days
	248	return String.valueOf(TimeUnit.MILLISECONDS.toDays(remain));
	249	} else if (key.equals("A_SIG")) {
	250	return certificates[0].getSigAlgName();
	251	} else if (key.equals("A_KEY")) {
	252	return certificates[0].getPublicKey().getAlgorithm();
	253	} else if (key.equals("CERT")) {
	254	try {
	255	return toPEM(certificates[0]);
	256	} catch (CertificateEncodingException e) {
	257	}
	258	} else if (key.startsWith("CERT_CHAIN_")) {
	259	key = key.substring("CERT_CHAIN_".length());
	260	try {
	261	return toPEM(certificates[Integer.parseInt(key)]);
	262	} catch (NumberFormatException \| CertificateEncodingException e) {
	263	// Ignore
	264	}
	265	}
	266	return null;
	267	}
	268
	269	private String toPEM(X509Certificate certificate) throws CertificateEncodingException {
	270	StringBuilder result = new StringBuilder();
	271	result.append("-----BEGIN CERTIFICATE-----");
	272	result.append(System.lineSeparator());
	273	Base64 b64 = new Base64(64);
	274	result.append(b64.encodeAsString(certificate.getEncoded()));
	275	result.append("-----END CERTIFICATE-----");
	276	return result.toString();
137	277	}
138	278
139	279	@Override

+1

-1

java/org/apache/catalina/valves/rewrite/RewriteCond.java less more

27	27
28	28	public static class PatternCondition extends Condition {
29	29	public Pattern pattern;
30		private static ThreadLocal<Matcher> matcher = new ThreadLocal<>();
	30	private ThreadLocal<Matcher> matcher = new ThreadLocal<>();
31	31
32	32	@Override
33	33	public boolean evaluate(String value, Resolver resolver) {

+4

-1

java/org/apache/catalina/valves/rewrite/RewriteMap.java less more

14	14	* limitations under the License.
15	15	*/
16	16	package org.apache.catalina.valves.rewrite;
	17
	18	import org.apache.tomcat.util.res.StringManager;
17	19
18	20	/**
19	21	* Interface for user defined lookup/replacement logic that can be defined in

55	57	return;
56	58	}
57	59	if (params.length > 1) {
58		throw new IllegalArgumentException("Too many parameters for this map");
	60	throw new IllegalArgumentException(
	61	StringManager.getManager(RewriteMap.class).getString("rewriteMap.tooManyParameters"));
59	62	}
60	63	setParameters(params[0]);
61	64	}

+4

-4

java/org/apache/catalina/valves/rewrite/RewriteRule.java less more

25	25
26	26	protected RewriteCond[] conditions = new RewriteCond[0];
27	27
28		protected static ThreadLocal<Pattern> pattern = new ThreadLocal<>();
	28	protected ThreadLocal<Pattern> pattern = new ThreadLocal<>();
29	29	protected Substitution substitution = null;
30	30
31	31	protected String patternString = null;

85	85	* @return <code>null</code> if no rewrite took place
86	86	*/
87	87	public CharSequence evaluate(CharSequence url, Resolver resolver) {
88		Pattern pattern = RewriteRule.pattern.get();
	88	Pattern pattern = this.pattern.get();
89	89	if (pattern == null) {
90	90	// Parse the pattern
91	91	int flags = 0;

93	93	flags \|= Pattern.CASE_INSENSITIVE;
94	94	}
95	95	pattern = Pattern.compile(patternString, flags);
96		RewriteRule.pattern.set(pattern);
	96	this.pattern.set(pattern);
97	97	}
98	98	Matcher matcher = pattern.matcher(url);
99	99	// Use XOR

185	185	protected boolean cookieSecure = false;
186	186	protected boolean cookieHttpOnly = false;
187	187	protected Substitution cookieSubstitution = null;
188		protected static ThreadLocal<String> cookieResult = new ThreadLocal<>();
	188	protected ThreadLocal<String> cookieResult = new ThreadLocal<>();
189	189
190	190	/**
191	191	* This forces a request attribute named VAR to be set to the value VAL,

+25

-12

java/org/apache/catalina/valves/rewrite/RewriteValve.java less more

76	76	/**
77	77	* If rewriting occurs, the whole request will be processed again.
78	78	*/
79		protected static ThreadLocal<Boolean> invoked = new ThreadLocal<>();
	79	protected ThreadLocal<Boolean> invoked = new ThreadLocal<>();
80	80
81	81
82	82	/**

616	616	return rule;
617	617	} else if (token.equals("RewriteMap")) {
618	618	// RewriteMap name rewriteMapClassName whateverOptionalParameterInWhateverFormat
	619	// FIXME: Possibly implement more special maps from https://httpd.apache.org/docs/2.4/rewrite/rewritemap.html
619	620	if (tokenizer.countTokens() < 2) {
620	621	throw new IllegalArgumentException(sm.getString("rewriteValve.invalidLine", line));
621	622	}
622	623	String name = tokenizer.nextToken();
623	624	String rewriteMapClassName = tokenizer.nextToken();
624	625	RewriteMap map = null;
625		try {
626		map = (RewriteMap) (Class.forName(
627		rewriteMapClassName).getConstructor().newInstance());
628		} catch (Exception e) {
629		throw new IllegalArgumentException(sm.getString("rewriteValve.invalidMapClassName", line));
	626	if (rewriteMapClassName.startsWith("int:")) {
	627	map = InternalRewriteMap.toMap(rewriteMapClassName.substring("int:".length()));
	628	} else if (rewriteMapClassName.startsWith("prg:")) {
	629	rewriteMapClassName = rewriteMapClassName.substring("prg:".length());
	630	}
	631	if (map == null) {
	632	try {
	633	map = (RewriteMap) (Class.forName(
	634	rewriteMapClassName).getConstructor().newInstance());
	635	} catch (Exception e) {
	636	throw new IllegalArgumentException(sm.getString("rewriteValve.invalidMapClassName", line));
	637	}
630	638	}
631	639	if (tokenizer.hasMoreTokens()) {
632		map.setParameters(tokenizer.nextToken());
633		}
634		Object[] result = new Object[2];
635		result[0] = name;
636		result[1] = map;
637		return result;
	640	if (tokenizer.countTokens() == 1) {
	641	map.setParameters(tokenizer.nextToken());
	642	} else {
	643	List<String> params = new ArrayList<>();
	644	while (tokenizer.hasMoreTokens()) {
	645	params.add(tokenizer.nextToken());
	646	}
	647	map.setParameters(params.toArray(new String[0]));
	648	}
	649	}
	650	return new Object[] { name, map };
638	651	} else if (token.startsWith("#")) {
639	652	// it's a comment, ignore it
640	653	} else {

+4

-10

java/org/apache/coyote/ajp/AjpProcessor.java less more

27	27	import java.util.Collections;
28	28	import java.util.HashSet;
29	29	import java.util.Set;
30		import java.util.regex.Matcher;
31	30	import java.util.regex.Pattern;
32	31
33	32	import javax.servlet.http.HttpServletResponse;

770	769	// All 'known' attributes will be processed by the previous
771	770	// blocks. Any remaining attribute is an 'arbitrary' one.
772	771	Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal();
773		if (pattern == null) {
	772	if (pattern != null && pattern.matcher(n).matches()) {
	773	request.setAttribute(n, v);
	774	} else {
	775	log.warn(sm.getString("ajpprocessor.unknownAttribute", n));
774	776	response.setStatus(403);
775	777	setErrorState(ErrorState.CLOSE_CLEAN, null);
776		} else {
777		Matcher m = pattern.matcher(n);
778		if (m.matches()) {
779		request.setAttribute(n, v);
780		} else {
781		response.setStatus(403);
782		setErrorState(ErrorState.CLOSE_CLEAN, null);
783		}
784	778	}
785	779	}
786	780	break;

+1

-0

java/org/apache/coyote/ajp/LocalStrings.properties less more

25	25	ajpprocessor.readtimeout=Timeout attempting to read data from the socket
26	26	ajpprocessor.request.prepare=Error preparing request
27	27	ajpprocessor.request.process=Error processing request
	28	ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy
28	29
29	30	ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored
30	31	ajpprotocol.noSecret=The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.

+5

-5

java/org/apache/coyote/http2/Http2UpgradeHandler.java less more

1472	1472	}
1473	1473
1474	1474
1475		private void closeIdleStreams(int newMaxActiveRemoteStreamId) throws Http2Exception {
1476		for (int i = maxActiveRemoteStreamId + 2; i < newMaxActiveRemoteStreamId; i += 2) {
1477		Stream stream = getStream(i, false);
1478		if (stream != null) {
1479		stream.closeIfIdle();
	1475	private void closeIdleStreams(int newMaxActiveRemoteStreamId) {
	1476	for (Entry<Integer,Stream> entry : streams.entrySet()) {
	1477	if (entry.getKey().intValue() > maxActiveRemoteStreamId &&
	1478	entry.getKey().intValue() < newMaxActiveRemoteStreamId) {
	1479	entry.getValue().closeIfIdle();
1480	1480	}
1481	1481	}
1482	1482	maxActiveRemoteStreamId = newMaxActiveRemoteStreamId;

+4

-4

java/org/apache/juli/ClassLoaderLogManager.java less more

111	111	* This prefix is used to allow using prefixes for the properties names
112	112	* of handlers and their subcomponents.
113	113	*/
114		protected static final ThreadLocal<String> prefix = new ThreadLocal<>();
	114	protected final ThreadLocal<String> prefix = new ThreadLocal<>();
115	115
116	116
117	117	/**

276	276	return null;
277	277	}
278	278
279		String prefix = ClassLoaderLogManager.prefix.get();
	279	String prefix = this.prefix.get();
280	280	String result = null;
281	281
282	282	// If a prefix is defined look for a prefixed property first

594	594	}
595	595	}
596	596	try {
597		ClassLoaderLogManager.prefix.set(prefix);
	597	this.prefix.set(prefix);
598	598	Handler handler = (Handler) classLoader.loadClass(
599	599	handlerClassName).getConstructor().newInstance();
600	600	// The specification strongly implies all configuration should be done
601	601	// during the creation of the handler object.
602	602	// This includes setting level, filter, formatter and encoding.
603		ClassLoaderLogManager.prefix.set(null);
	603	this.prefix.set(null);
604	604	info.handlers.put(handlerName, handler);
605	605	if (rootHandlers == null) {
606	606	localRootLogger.addHandler(handler);

+2

-0

java/org/apache/tomcat/util/buf/CharsetCache.java less more

149	149	"ibm-1146", "ibm-1147", "ibm-1148", "ibm-1149", "ibm-29626c", "ibm-858", "ibm-eucjp", "ibm1140", "ibm1141",
150	150	"ibm1142", "ibm1143", "ibm1144", "ibm1145", "ibm1146", "ibm1147", "ibm1148", "ibm1149", "ibm29626c",
151	151	"ibm858", "x-ibm29626c",
	152	// Added from OpenJDK 15 ea24
	153	"iso8859_16",
152	154	// Added from HPE JVM 1.8.0.17-hp-ux
153	155	"cp1051", "cp1386", "cshproman8", "hp-roman8", "ibm-1051", "r8", "roman8", "roman9"
154	156	// If you add and entry to this list, ensure you run

+0

-31

java/org/apache/tomcat/util/compat/Jre9Compat.java less more

30	30	import java.util.jar.JarFile;
31	31	import java.util.zip.ZipFile;
32	32
33		import javax.net.ssl.SSLEngine;
34		import javax.net.ssl.SSLParameters;
35
36	33	import org.apache.juli.logging.Log;
37	34	import org.apache.juli.logging.LogFactory;
38	35	import org.apache.tomcat.util.res.StringManager;

43	40	private static final StringManager sm = StringManager.getManager(Jre9Compat.class);
44	41
45	42	private static final Class<?> inaccessibleObjectExceptionClazz;
46		private static final Method setApplicationProtocolsMethod;
47		private static final Method getApplicationProtocolMethod;
48	43	private static final Method setDefaultUseCachesMethod;
49	44	private static final Method bootMethod;
50	45	private static final Method configurationMethod;

63	58
64	59	static {
65	60	Class<?> c1 = null;
66		Method m2 = null;
67		Method m3 = null;
68	61	Method m4 = null;
69	62	Method m5 = null;
70	63	Method m6 = null;

95	88	Method runtimeVersionMethod = JarFile.class.getMethod("runtimeVersion");
96	89	Method majorMethod = versionClazz.getMethod("major");
97	90
98		m2 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
99		m3 = SSLEngine.class.getMethod("getApplicationProtocol");
100	91	m4 = URLConnection.class.getMethod("setDefaultUseCaches", String.class, boolean.class);
101	92	m5 = moduleLayerClazz.getMethod("boot");
102	93	m6 = moduleLayerClazz.getMethod("configuration");

128	119	}
129	120
130	121	inaccessibleObjectExceptionClazz = c1;
131		setApplicationProtocolsMethod = m2;
132		getApplicationProtocolMethod = m3;
133	122	setDefaultUseCachesMethod = m4;
134	123	bootMethod = m5;
135	124	configurationMethod = m6;

167	156	}
168	157
169	158	return inaccessibleObjectExceptionClazz.isAssignableFrom(t.getClass());
170		}
171
172
173		@Override
174		public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
175		try {
176		setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
177		} catch (IllegalAccessException \| IllegalArgumentException \| InvocationTargetException e) {
178		throw new UnsupportedOperationException(e);
179		}
180		}
181
182
183		@Override
184		public String getApplicationProtocol(SSLEngine sslEngine) {
185		try {
186		return (String) getApplicationProtocolMethod.invoke(sslEngine);
187		} catch (IllegalAccessException \| IllegalArgumentException \| InvocationTargetException e) {
188		throw new UnsupportedOperationException(e);
189		}
190	159	}
191	160
192	161

+39

-2

java/org/apache/tomcat/util/compat/JreCompat.java less more

18	18	import java.io.File;
19	19	import java.io.IOException;
20	20	import java.lang.reflect.AccessibleObject;
	21	import java.lang.reflect.InvocationTargetException;
	22	import java.lang.reflect.Method;
21	23	import java.net.URL;
22	24	import java.net.URLConnection;
23	25	import java.util.Deque;

42	44	private static final boolean jre11Available;
43	45	private static final boolean jre9Available;
44	46	private static final StringManager sm = StringManager.getManager(JreCompat.class);
	47
	48	protected static final Method setApplicationProtocolsMethod;
	49	protected static final Method getApplicationProtocolMethod;
45	50
46	51	static {
47	52	// This is Tomcat 9 with a minimum Java version of Java 8.

60	65	jre9Available = false;
61	66	}
62	67	jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
	68
	69	Method m1 = null;
	70	Method m2 = null;
	71	try {
	72	m1 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
	73	m2 = SSLEngine.class.getMethod("getApplicationProtocol");
	74	} catch (ReflectiveOperationException \| IllegalArgumentException e) {
	75	// Only the newest Java 8 have the ALPN API, so ignore
	76	}
	77	setApplicationProtocolsMethod = m1;
	78	getApplicationProtocolMethod = m2;
63	79	}
64	80
65	81

70	86
71	87	public static boolean isGraalAvailable() {
72	88	return graalAvailable;
	89	}
	90
	91
	92	public static boolean isAlpnSupported() {
	93	return setApplicationProtocolsMethod != null && getApplicationProtocolMethod != null;
73	94	}
74	95
75	96

108	129	* connection
109	130	*/
110	131	public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
111		throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
	132	if (setApplicationProtocolsMethod != null) {
	133	try {
	134	setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
	135	} catch (IllegalAccessException \| IllegalArgumentException \| InvocationTargetException e) {
	136	throw new UnsupportedOperationException(e);
	137	}
	138	} else {
	139	throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
	140	}
112	141	}
113	142
114	143

122	151	* @return The name of the negotiated protocol
123	152	*/
124	153	public String getApplicationProtocol(SSLEngine sslEngine) {
125		throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
	154	if (getApplicationProtocolMethod != null) {
	155	try {
	156	return (String) getApplicationProtocolMethod.invoke(sslEngine);
	157	} catch (IllegalAccessException \| IllegalArgumentException \| InvocationTargetException e) {
	158	throw new UnsupportedOperationException(e);
	159	}
	160	} else {
	161	throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
	162	}
126	163	}
127	164
128	165

+10

-1

java/org/apache/tomcat/util/file/ConfigurationSource.java less more

23	23	import java.net.MalformedURLException;
24	24	import java.net.URI;
25	25	import java.net.URL;
	26	import java.net.URLConnection;
26	27
27	28	/**
28	29	* Abstracts configuration file storage. Allows Tomcat embedding using the regular

91	92	}
92	93	public long getLastModified()
93	94	throws MalformedURLException, IOException {
94		return uri.toURL().openConnection().getLastModified();
	95	URLConnection connection = null;
	96	try {
	97	connection = uri.toURL().openConnection();
	98	return connection.getLastModified();
	99	} finally {
	100	if (connection != null) {
	101	connection.getInputStream().close();
	102	}
	103	}
95	104	}
96	105	@Override
97	106	public void close() throws IOException {

+1

-1

java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java less more

122	122
123	123	SSLParameters sslParameters = engine.getSSLParameters();
124	124	sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
125		if (JreCompat.isJre9Available() && clientRequestedApplicationProtocols != null
	125	if (JreCompat.isAlpnSupported() && clientRequestedApplicationProtocols != null
126	126	&& clientRequestedApplicationProtocols.size() > 0
127	127	&& negotiableProtocols.size() > 0) {
128	128	// Only try to negotiate if both client and server have at least

+12

-5

java/org/apache/tomcat/util/net/LocalStrings.properties less more

134	134	endpoint.warn.noUtilityExecutor=No utility executor was set, creating one
135	135	endpoint.warn.unlockAcceptorFailed=Acceptor thread [{0}] failed to unlock. Forcing hard socket shutdown.
136	136
137		jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
138		jsse.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] due to [{2}]
139		jsse.ssl3=SSLv3 has been explicitly enabled. This protocol is known to be insecure.
140		jsse.tls13.auth=The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is therefore incompatible with optional client authentication
141
142	137	nioBlockingSelector.keyNotRegistered=Key no longer registered
143	138	nioBlockingSelector.possibleLeak=Possible key leak, cancelling key in the finalizer
144	139	nioBlockingSelector.processingError=Error processing selection key operations

157	152	sslHostConfig.certificate.notype=Multiple certificates were specified and at least one is missing the required attribute type
158	153	sslHostConfig.certificateVerificationInvalid=The certificate verification value [{0}] is not recognised
159	154	sslHostConfig.fileNotFound=Configured file [{0}] does not exist
	155	sslHostConfig.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
160	156	sslHostConfig.mismatch=The property [{0}] was set on the SSLHostConfig named [{1}] and is for the [{2}] configuration syntax but the SSLHostConfig is being used with the [{3}] configuration syntax
161	157	sslHostConfig.opensslconf.null=Attempt to set null OpenSSLConf ignored
162	158	sslHostConfig.prefix_missing=The protocol [{0}] was added to the list of protocols on the SSLHostConfig named [{1}]. Check if a +/- prefix is missing.

166	162	sslImplementation.cnfe=Unable to create SSLImplementation for class [{0}]
167	163
168	164	sslUtilBase.active=The [{0}] that are active are : [{1}]
	165	sslUtilBase.alias_no_key_entry=Alias name [{0}] does not identify a key entry
	166	sslUtilBase.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
	167	sslUtilBase.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] due to [{2}]
	168	sslUtilBase.noCertFile=SSLHostConfig attribute certificateFile must be defined when using an SSL connector
	169	sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does not support the certificateRevocationFile configuration option
	170	sslUtilBase.noKeys=No aliases for private keys found in key store
	171	sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support the certificateVerificationDepth configuration option
169	172	sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL engine : [{1}]
170	173	sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL engine and have been skipped: [{1}]
	174	sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to be insecure.
	175	sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is therefore incompatible with optional client authentication
	176	sslUtilBase.trustedCertNotChecked=The validity dates of the trusted certificate with alias [{0}] were not checked as the certificate was of an unknown type
	177	sslUtilBase.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted

+1

-2

java/org/apache/tomcat/util/net/LocalStrings_cs.properties less more

33	33	endpoint.warn.incorrectConnectionCount=Nesprávný počet spojení, více volání metody socket.close pro stejný socket.
34	34	endpoint.warn.noLocalName=Nelze určit lokální jméno serveru pro socket [{0}]
35	35
36		jsse.ssl3=SSLv3 byl explicitně povolen. Tento protokol není bezpečný.
37
38	36	socket.apr.closed=Socket [{0}] přiřazený na spojení byl uzavřen.
39	37	socket.closed=Socket přiřazený k tomuto spojení byl uzavřen.
40	38
41	39	sslHostConfig.fileNotFound=Konfigurační soubor [{0}] neexistuje
42	40
43	41	sslUtilBase.noneSupported=Žádný z uvedených [{0}] není podporován SSL enginem: [{1}]
	42	sslUtilBase.ssl3=SSLv3 byl explicitně povolen. Tento protokol není bezpečný.

+3

-2

java/org/apache/tomcat/util/net/LocalStrings_de.properties less more

37	37	endpoint.warn.incorrectConnectionCount=Falsche Verbindungsanzahl, mehrere socket.close-Aufrufe auf dem gleichen Socket
38	38	endpoint.warn.noLocalName=Lokaler Hostname für Socket [{0}] konnte nicht ermittelt werden
39	39
40		jsse.ssl3=SSLv3 wurde explizit eingeschalten. Dieses Protokoll ist als unsicher bekannt.
41
42	40	socket.apr.closed=Der zu dieser Verbindung gehörende Socket [{0}] wurde geschlossen.
43	41
44	42	sslHostConfig.certificate.notype=Es wurden mehrere Zertifikate angegeben und mindestens einem fehlt ein erforderlicher Attributs Typ
45	43	sslHostConfig.fileNotFound=Die konfigurierte Datei [{0}] existiert nicht.\n
46	44	sslHostConfig.opensslconf.null=Versuch eine null OpenSSLConf zu setzen ignoriert
47	45
	46	sslUtilBase.noVerificationDepth=Der truststoreProvider [{0}] unterstützt nicht die Option certificateVerificationDepth
48	47	sslUtilBase.noneSupported=Keine der spezifizierten [{0}] wird von der SSL Engine unterstützt: [{1}]
	48	sslUtilBase.ssl3=SSLv3 wurde explizit eingeschalten. Dieses Protokoll ist als unsicher bekannt.
	49	sslUtilBase.trustedCertNotValid=Das vertrauenswürdige Zertifikat mit alias [{0}] und DN [{1}] ist auf Grund von [{2}] nicht gültig. Zertifikate die von diesem signiert worden sind WERDEN akzeptiert.

+6

-4

java/org/apache/tomcat/util/net/LocalStrings_es.properties less more

56	56	endpoint.warn.noLocalPort=Uncapaz de determinar el puerto local para el socket [{0}]\n
57	57	endpoint.warn.unlockAcceptorFailed=El hilo aceptador [{0}] falló al desbloquear. Forzando apagado de enchufe (socket).
58	58
59		jsse.invalid_truststore_password=La clave del almacén de confianza suministrada no se pudo usar para desbloquear y/o validar el almacén de confianza. Reintentando acceder el almacén de confianza con una clave nula que se saltará la validación.
60		jsse.keystore_load_failed=No pude cargar almacén de claves de tipo [{0}] con ruta [{1}] debido a [{2}]
61		jsse.ssl3=SSLv3 ha sido explicitamente habilitado. Se conoce que este protocolo es inseguro
62
63	59	sniExtractor.clientHelloTooBig=El ClientHello no fue presentado en un sólo registro TLS por lo cual no se pudo extraer la información SNI
64	60
65	61	socket.apr.closed=El socket [{0}] asociado con esta conexión ha sido cerrado.

67	63
68	64	sslHostConfig.certificate.notype=Se especificaron multiples certificados y al menos uno de ellos no tiene el tipo de atributo requerido
69	65	sslHostConfig.fileNotFound=No existe el archivo configurado [{0}]
	66	sslHostConfig.invalid_truststore_password=La clave del almacén de confianza suministrada no se pudo usar para desbloquear y/o validar el almacén de confianza. Reintentando acceder el almacén de confianza con una clave nula que se saltará la validación.
70	67	sslHostConfig.opensslconf.null=El intento de fijar OpenSSLConf en nulo fue ignorado
71	68
72	69	sslImplementation.cnfe=Incapaz de crear SSLImplementation para la clase [{0}]
73	70
	71	sslUtilBase.alias_no_key_entry=El nombre de Alias [{0}] no identifica una entrada de clave
	72	sslUtilBase.invalidTrustManagerClassName=El trustManagerClassName suministrado [{0}] no implementa javax.net.ssl.TrustManager
	73	sslUtilBase.keystore_load_failed=No pude cargar almacén de claves de tipo [{0}] con ruta [{1}] debido a [{2}]
74	74	sslUtilBase.noneSupported=Ninguno de los [{0}] especificados es soportado por el motor SSL : [{1}]
	75	sslUtilBase.ssl3=SSLv3 ha sido explicitamente habilitado. Se conoce que este protocolo es inseguro
	76	sslUtilBase.trustedCertNotValid=El certificado confiable con alias [{0}] y DN [{1}] no es válido debido a [{2}]. Los certificados firmados por este certificados confiable SERAN aceptados\n

+12

-5

java/org/apache/tomcat/util/net/LocalStrings_fr.properties less more

134	134	endpoint.warn.noUtilityExecutor=Aucun exécuteur utilitaire configuré, un nouveau sera crée
135	135	endpoint.warn.unlockAcceptorFailed=Le thread qui accepte les sockets [{0}] n''a pu être débloqué, arrêt forcé su socket serveur
136	136
137		jsse.invalid_truststore_password=Le mot de passe de la base de confiance n'a pas pu être utilisé pour déverrouiller et ou valider celle ci, nouvel essai en utilisant un mot de passe null pour passer la validation
138		jsse.keystore_load_failed=Impossible de changer la base de clés de type [{0}] avec le chemin [{1}] à cause de [{2}]
139		jsse.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu comme non-sécurisé.
140		jsse.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas l'authentification après la négociation initiale, elle est donc incompatible avec l’authentification optionnelle du client
141
142	137	nioBlockingSelector.keyNotRegistered=La clé n'est plus enregistrée
143	138	nioBlockingSelector.possibleLeak=Une fuite de mémoire sur la clé a pu se produire, la clé est annulée dans le finalizer
144	139	nioBlockingSelector.processingError=Erreur lors du traitement des opérations de sélection des clés

157	152	sslHostConfig.certificate.notype=Plusieurs certificats ont été spécifiés et au moins un n'a pas d'attribut type
158	153	sslHostConfig.certificateVerificationInvalid=La valeur de vérification de certificat [{0}] n''est pas reconnue
159	154	sslHostConfig.fileNotFound=Le fichier [{0}] configuré n''existe pas.
	155	sslHostConfig.invalid_truststore_password=Le mot de passe de la base de confiance n'a pas pu être utilisé pour déverrouiller et ou valider celle ci, nouvel essai en utilisant un mot de passe null pour passer la validation
160	156	sslHostConfig.mismatch=La propriété [{0}] a été fixée sur le SSLHostConfig nommé [{1}] et est pour la syntaxe de configuration [{2}] mais le SSLHostConfig est utilisé avec la syntaxe de configuration [{3}]
161	157	sslHostConfig.opensslconf.null=L'OpenSSLConf nul a été ignoré
162	158	sslHostConfig.prefix_missing=Le protocole [{0}] a été ajouté à la liste des protocoles du SSLHostConfig nommé [{1}], vérifier qu''un préfixe +/- ne manque pas

166	162	sslImplementation.cnfe=Impossible de créer une SSLImplementation avec la class [{0}]
167	163
168	164	sslUtilBase.active=Les [{0}] qui sont actifs sont : [{1}]
	165	sslUtilBase.alias_no_key_entry=Le nom alias [{0}] n''identifie pas une entrée de clé
	166	sslUtilBase.invalidTrustManagerClassName=Le trustManagerClassName fourni [{0}] n''implémente pas javax.net.ssl.TrustManager
	167	sslUtilBase.keystore_load_failed=Impossible de changer la base de clés de type [{0}] avec le chemin [{1}] à cause de [{2}]
	168	sslUtilBase.noCertFile=L'attribut certificateFile de SSLHostConfig doit être défini lorsqu'un connecteur SSL est utilisé
	169	sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne supporte pas d''option de configuration certificateRevocationFile
	170	sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la base de clés
	171	sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas l''option de configuration certificateVerificationDepth
169	172	sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le moteur SSL : [{1}]
170	173	sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le moteur SSL et ont été ignorés : [{1}]
	174	sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu comme non-sécurisé.
	175	sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas l'authentification après la négociation initiale, elle est donc incompatible avec l’authentification optionnelle du client
	176	sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est inconnu
	177	sslUtilBase.trustedCertNotValid=Le certificat de confiance avec l''alias [{0}] et le DN [{1}] n''est pas valide à cause de [{2}], les certificats signés par ce certificat de confiance SERONT acceptés

+12

-5

java/org/apache/tomcat/util/net/LocalStrings_ja.properties less more

134	134	endpoint.warn.noUtilityExecutor=ユーティリティエグゼキュターが構成されていません。新たに作成します。
135	135	endpoint.warn.unlockAcceptorFailed=Acceptor スレッド[{0}]のロックを解除できませんでした。強制的にハードソケットをシャットダウンします。
136	136
137		jsse.invalid_truststore_password=提供されたトラストストアパスワードは、トラストストアのロック解除および検証に使用できませんでした。検証をスキップするnullパスワードでトラストストアにアクセスしようとしました。
138		jsse.keystore_load_failed=[{0}] のキーストア [{1}] の読み込みは [{2}] により失敗しました。
139		jsse.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
140		jsse.tls13.auth=JSSE TLS 1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
141
142	137	nioBlockingSelector.keyNotRegistered=セレクタにキーが登録されていません。
143	138	nioBlockingSelector.possibleLeak=潜在的なキーのリークです。finalizer でキーをキャンセルします。
144	139	nioBlockingSelector.processingError=選択キー操作の処理中のエラー

157	152	sslHostConfig.certificate.notype=指定された複数の証明書の中に、少なくとも1つは必須要素の存在しない証明書が含まれています。
158	153	sslHostConfig.certificateVerificationInvalid=証明書検証値[{0}]が認識されません
159	154	sslHostConfig.fileNotFound=構成ファイル[{0}]は存在しません
	155	sslHostConfig.invalid_truststore_password=提供されたトラストストアパスワードは、トラストストアのロック解除および検証に使用できませんでした。検証をスキップするnullパスワードでトラストストアにアクセスしようとしました。
160	156	sslHostConfig.mismatch=[{0}]プロパティは[{1}]という名前のSSLHostConfigで設定され、[{2}]構成構文用ですが、[{3}]構成構文でSSLHostConfigが使用されています。
161	157	sslHostConfig.opensslconf.null=Null OpenSSLConfを設定しようとしましたが無視されました
162	158	sslHostConfig.prefix_missing=[{1}]というSSLHostConfigのプロトコルのリストにプロトコル[{0}]が追加されました。 +/-接頭辞がないか確認してください。

166	162	sslImplementation.cnfe=クラス [{0}] のインスタンスを SSLImplementation として作成できません。
167	163
168	164	sslUtilBase.active=アクティブな[{0}]は次のとおりです：[{1}]
	165	sslUtilBase.alias_no_key_entry=別名 [{0}] はキーエントリを発見できません
	166	sslUtilBase.invalidTrustManagerClassName=[{0}]が提供するtrustManagerClassNameはjavax.net.ssl.TrustManagerを実装していません。
	167	sslUtilBase.keystore_load_failed=[{0}] のキーストア [{1}] の読み込みは [{2}] により失敗しました。
	168	sslUtilBase.noCertFile=SSLコネクタを使用する場合は、SSLHostConfigのcertificateFile属性を定義する必要があります。
	169	sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定項目 certificateRevocationFile に対応していません。
	170	sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
	171	sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目 certificateVerificationDepth に未対応です。
169	172	sslUtilBase.noneSupported=指定された[{0}]のどれもSSLエンジンでサポートされていません：[{1}]
170	173	sslUtilBase.skipped=指定された[{0}]の一部はSSLエンジンでサポートされておらず、スキップされています：[{1}]
	174	sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
	175	sslUtilBase.tls13.auth=JSSE TLS 1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
	176	sslUtilBase.trustedCertNotChecked=エイリアス[{0}]を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした。
	177	sslUtilBase.trustedCertNotValid=エイリアス[{0}]とDN [{1}]を持つ信頼できる証明書が[{2}]のために無効です。この信頼できる証明書で署名された証明書が受け入れられるでしょう

+12

-5

java/org/apache/tomcat/util/net/LocalStrings_ko.properties less more

134	134	endpoint.warn.noUtilityExecutor=UtilityExecutor가 설정되지 않아, 새로 생성합니다.
135	135	endpoint.warn.unlockAcceptorFailed=Acceptor 쓰레드 [{0}]이(가) 잠금을 풀지 못했습니다. 강제로 소켓을 셧다운합니다.
136	136
137		jsse.invalid_truststore_password=Trust 저장소를 잠금을 풀거나 유효한지 확인하는 용도로, 제공된 Trust 저장소 비밀번호를 사용할 수 없었습니다. 널 비밀번호를 사용하여, 해당 Trust 저장소에 대한 접근을 다시 시도합니다. 이는 유효한지 확인하는 작업을 건너뛸 것입니다.
138		jsse.keystore_load_failed=[{2}](으)로 인하여, 경로 [{1}]에 있고 타입이 [{0}]인 키 저장소를 로드하지 못했습니다.
139		jsse.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
140		jsse.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라, 선택사항인 클라이언트 인증과 호환되지 않습니다.
141
142	137	nioBlockingSelector.keyNotRegistered=키가 더 이상 등록되어 있지 않습니다.
143	138	nioBlockingSelector.possibleLeak=키 누수가 가능한 상황입니다. finalize()에서 키를 취소합니다.
144	139	nioBlockingSelector.processingError=Selection 키 오퍼레이션들을 처리 중 오류 발생

157	152	sslHostConfig.certificate.notype=여러 개의 인증서들이 지정되었는데, 적어도 하나의 인증서에 필수 속성 타입이 없습니다.
158	153	sslHostConfig.certificateVerificationInvalid=인증서 검증 값 [{0}]은(는) 인식되지 않는 값입니다.
159	154	sslHostConfig.fileNotFound=설정된 파일 [{0}]이(가) 존재하지 않습니다.
	155	sslHostConfig.invalid_truststore_password=Trust 저장소를 잠금을 풀거나 유효한지 확인하는 용도로, 제공된 Trust 저장소 비밀번호를 사용할 수 없었습니다. 널 비밀번호를 사용하여, 해당 Trust 저장소에 대한 접근을 다시 시도합니다. 이는 유효한지 확인하는 작업을 건너뛸 것입니다.
160	156	sslHostConfig.mismatch=[{1}](이)라는 이름의 SSLHostConfig에 프로퍼티 [{0}]이(가) 설정되었는데, 이 프로퍼티는 [{2}] 설정 문법을 위한 것이나, 해당 SSLHostConfig은 [{3}] 설정 문법으로 사용되고 있습니다.
161	157	sslHostConfig.opensslconf.null=널인 OpenSSLConf를 설정하려는 시도가 무시되었습니다.
162	158	sslHostConfig.prefix_missing=프로토콜 [{0}]이(가) [{1}](이)라는 이름을 가진 SSLHostConfig의 프로토콜 목록에 추가되어 있습니다. +/- prefix가 누락되었는지 점검하십시오.

166	162	sslImplementation.cnfe=클래스 [{0}]의 SSLImplementation 객체를 생성할 수 없습니다.
167	163
168	164	sslUtilBase.active=활성화 된 [{0}]은(는) 다음과 같습니다: [{1}]
	165	sslUtilBase.alias_no_key_entry=별칭 이름 [{0}]을(를) 사용하여 키 엔트리를 식별해낼 수 없습니다.
	166	sslUtilBase.invalidTrustManagerClassName=trustManagerClassName에 의해 제공된 클래스 [{0}]은(는) javax.net.ssl.TrustManager를 구현하지 않았습니다.
	167	sslUtilBase.keystore_load_failed=[{2}](으)로 인하여, 경로 [{1}]에 있고 타입이 [{0}]인 키 저장소를 로드하지 못했습니다.
	168	sslUtilBase.noCertFile=SSLHostConfig의 속성인 certificateFile은, 반드시 SSL connector를 사용할 때에만 정의되어야 합니다.
	169	sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는) certificateRevocationFile 설정 옵션을 지원하지 않습니다.
	170	sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
	171	sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는) certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
169	172	sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}]
170	173	sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}]
	174	sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
	175	sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라, 선택사항인 클라이언트 인증과 호환되지 않습니다.
	176	sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의 유효일자들이 점검되지 않았습니다.
	177	sslUtilBase.trustedCertNotValid=별칭이 [{0}](이)고 DN이 [{1}]인 해당 신뢰받는 인증서는 [{2}](으)로 인하여 유효하지 않습니다. 이 신뢰되는 인증서에 의해 서명된 인증서들은 받아들여질 것입니다.

+12

-5

java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties less more

134	134	endpoint.warn.noUtilityExecutor=没有公共的executor 被设置时,创建一个.
135	135	endpoint.warn.unlockAcceptorFailed=接收器线程[{0}]解锁失败。强制硬套接字关闭。
136	136
137		jsse.invalid_truststore_password=提供的信任存储密码无法用于解锁和/或验证信任存储。正在重试使用空密码访问信任存储，该密码将跳过验证。
138		jsse.keystore_load_failed=由于{2}，无法加载路径为{1}]的密钥库类型{0}]
139		jsse.ssl3=SSLv3 已显式启用。已知该协议是不安全。
140		jsse.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证，因此与可选的客户端身份验证不兼容
141
142	137	nioBlockingSelector.keyNotRegistered=密钥不再注册
143	138	nioBlockingSelector.possibleLeak=可能的密钥泄漏，正在取消终结器中的密钥
144	139	nioBlockingSelector.processingError=处理选择键操作时出错

157	152	sslHostConfig.certificate.notype=指定了多个证书，并且至少有一个证书缺少必需的属性类型
158	153	sslHostConfig.certificateVerificationInvalid=证书认证值[{0}]未识别
159	154	sslHostConfig.fileNotFound=配置文件 [{0}] 不存在
	155	sslHostConfig.invalid_truststore_password=提供的信任存储密码无法用于解锁和/或验证信任存储。正在重试使用空密码访问信任存储，该密码将跳过验证。
160	156	sslHostConfig.mismatch=属性[{0}]是在名为[{1}]的SSLHostConfig 上设置的，用于[{2}]配置语法，但SSLHostConfig 正与[{3}]配置语法一起使用
161	157	sslHostConfig.opensslconf.null=(:忽略设置空OpenSSLConf 的尝试
162	158	sslHostConfig.prefix_missing=协议[{0}]已添加到名为[{1}]的SSLHostConfig 上的协议列表中。检查是否缺少一个+/-前缀。

166	162	sslImplementation.cnfe=无法为类 [{0}] 创建SSLImplementation
167	163
168	164	sslUtilBase.active=活跃的[{0}]是：[{1}]
	165	sslUtilBase.alias_no_key_entry=别名[{0}]不标识密钥项
	166	sslUtilBase.invalidTrustManagerClassName=提供的trustManagerClassName[{0}]未实现javax.net.ssl.TrustManager
	167	sslUtilBase.keystore_load_failed=由于{2}，无法加载路径为{1}]的密钥库类型{0}]
	168	sslUtilBase.noCertFile=使用SSL连接器时必须定义SSLHostConfig属性certificateFile
	169	sslUtilBase.noCrlSupport=truststoreProvider [{0}]不支持certificateRevocationFile配置选项
	170	sslUtilBase.noKeys=在密钥存储中找不到私钥的别名
	171	sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
169	172	sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]：[{1}]
170	173	sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持，已被跳过：[{1}]
	174	sslUtilBase.ssl3=SSLv3 已显式启用。已知该协议是不安全。
	175	sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证，因此与可选的客户端身份验证不兼容
	176	sslUtilBase.trustedCertNotChecked=未检查别名为{0}的受信任证书的有效日期，因为该证书属于未知类型
	177	sslUtilBase.trustedCertNotValid=由于[{2}]，别名为[{0}]且DN [{1}]的可信证书无效。将接受由此可信证书签署的证书

+1

-1

java/org/apache/tomcat/util/net/SSLHostConfig.java less more

724	724	Throwable cause = ioe.getCause();
725	725	if (cause instanceof UnrecoverableKeyException) {
726	726	// Log a warning we had a password issue
727		log.warn(sm.getString("jsse.invalid_truststore_password"),
	727	log.warn(sm.getString("sslHostConfig.invalid_truststore_password"),
728	728	cause);
729	729	// Re-try
730	730	result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(),

+11

-0

java/org/apache/tomcat/util/net/SSLSupport.java less more

84	84	public X509Certificate[] getPeerCertificateChain() throws IOException;
85	85
86	86	/**
	87	* The server certificate chain (if any) that were sent to the peer.
	88	*
	89	* @return The certificate chain sent with the server
	90	* certificate first, followed by those of any certificate
	91	* authorities
	92	*/
	93	public default X509Certificate[] getLocalCertificateChain() {
	94	return null;
	95	}
	96
	97	/**
87	98	* Get the keysize.
88	99	*
89	100	* What we're supposed to put here is ill-defined by the

+12

-12

java/org/apache/tomcat/util/net/SSLUtilBase.java less more

107	107	List<String> enabledProtocols =
108	108	getEnabled("protocols", getLog(), warnTls13, configuredProtocols, implementedProtocols);
109	109	if (enabledProtocols.contains("SSLv3")) {
110		log.warn(sm.getString("jsse.ssl3"));
	110	log.warn(sm.getString("sslUtilBase.ssl3"));
111	111	}
112	112	this.enabledProtocols = enabledProtocols.toArray(new String[0]);
113	113
114	114	if (enabledProtocols.contains(Constants.SSL_PROTO_TLSv1_3) &&
115	115	sslHostConfig.getCertificateVerification() == CertificateVerification.OPTIONAL &&
116	116	!isTls13RenegAuthAvailable() && warnTls13) {
117		log.warn(sm.getString("jsse.tls13.auth"));
	117	log.warn(sm.getString("sslUtilBase.tls13.auth"));
118	118	}
119	119
120	120	// Calculate the enabled ciphers

221	221	// Re-throw. Caller will catch and log as required
222	222	throw ioe;
223	223	} catch(Exception ex) {
224		String msg = sm.getString("jsse.keystore_load_failed", type, path,
	224	String msg = sm.getString("sslUtilBase.keystore_load_failed", type, path,
225	225	ex.getMessage());
226	226	log.error(msg, ex);
227	227	throw new IOException(msg);

297	297
298	298	if (ks == null) {
299	299	if (certificate.getCertificateFile() == null) {
300		throw new IOException(sm.getString("jsse.noCertFile"));
	300	throw new IOException(sm.getString("sslUtilBase.noCertFile"));
301	301	}
302	302
303	303	PEMFile privateKeyFile = new PEMFile(

322	322	chain.toArray(new Certificate[0]));
323	323	} else {
324	324	if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
325		throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
	325	throw new IOException(sm.getString("sslUtilBase.alias_no_key_entry", keyAlias));
326	326	} else if (keyAlias == null) {
327	327	Enumeration<String> aliases = ks.aliases();
328	328	if (!aliases.hasMoreElements()) {
329		throw new IOException(sm.getString("jsse.noKeys"));
	329	throw new IOException(sm.getString("sslUtilBase.noKeys"));
330	330	}
331	331	while (aliases.hasMoreElements() && keyAlias == null) {
332	332	keyAlias = aliases.nextElement();

335	335	}
336	336	}
337	337	if (keyAlias == null) {
338		throw new IOException(sm.getString("jsse.alias_no_key_entry", (Object) null));
	338	throw new IOException(sm.getString("sslUtilBase.alias_no_key_entry", (Object) null));
339	339	}
340	340	}
341	341

401	401	Class<?> clazz = classLoader.loadClass(className);
402	402	if(!(TrustManager.class.isAssignableFrom(clazz))){
403	403	throw new InstantiationException(sm.getString(
404		"jsse.invalidTrustManagerClassName", className));
	404	"sslUtilBase.invalidTrustManagerClassName", className));
405	405	}
406	406	Object trustManagerObject = clazz.getConstructor().newInstance();
407	407	TrustManager trustManager = (TrustManager) trustManagerObject;

428	428	tmf.init(trustStore);
429	429	tms = tmf.getTrustManagers();
430	430	if (crlf != null && crlf.length() > 0) {
431		throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm));
	431	throw new CRLException(sm.getString("sslUtilBase.noCrlSupport", algorithm));
432	432	}
433	433	// Only warn if the attribute has been explicitly configured
434	434	if (sslHostConfig.isCertificateVerificationDepthConfigured()) {
435		log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm));
	435	log.warn(sm.getString("sslUtilBase.noVerificationDepth", algorithm));
436	436	}
437	437	}
438	438	}

453	453	try {
454	454	((X509Certificate) cert).checkValidity(now);
455	455	} catch (CertificateExpiredException \| CertificateNotYetValidException e) {
456		String msg = sm.getString("jsseUtil.trustedCertNotValid", alias,
	456	String msg = sm.getString("sslUtilBase.trustedCertNotValid", alias,
457	457	((X509Certificate) cert).getSubjectDN(), e.getMessage());
458	458	if (log.isDebugEnabled()) {
459	459	log.debug(msg, e);

463	463	}
464	464	} else {
465	465	if (log.isDebugEnabled()) {
466		log.debug(sm.getString("jsseUtil.trustedCertNotChecked", alias));
	466	log.debug(sm.getString("sslUtilBase.trustedCertNotChecked", alias));
467	467	}
468	468	}
469	469	}

+1

-1

java/org/apache/tomcat/util/net/SecureNio2Channel.java less more

244	244	if (sslEngine instanceof SSLUtil.ProtocolInfo) {
245	245	socketWrapper.setNegotiatedProtocol(
246	246	((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
247		} else if (JreCompat.isJre9Available()) {
	247	} else if (JreCompat.isAlpnSupported()) {
248	248	socketWrapper.setNegotiatedProtocol(
249	249	JreCompat.getInstance().getApplicationProtocol(sslEngine));
250	250	}

+1

-1

java/org/apache/tomcat/util/net/SecureNioChannel.java less more

195	195	if (sslEngine instanceof SSLUtil.ProtocolInfo) {
196	196	socketWrapper.setNegotiatedProtocol(
197	197	((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
198		} else if (JreCompat.isJre9Available()) {
	198	} else if (JreCompat.isAlpnSupported()) {
199	199	socketWrapper.setNegotiatedProtocol(
200	200	JreCompat.getInstance().getApplicationProtocol(sslEngine));
201	201	}

+1

-1

java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java less more

51	51
52	52	@Override
53	53	public boolean isAlpnSupported() {
54		return JreCompat.isJre9Available();
	54	return JreCompat.isAlpnSupported();
55	55	}
56	56	}

+15

-0

java/org/apache/tomcat/util/net/jsse/JSSESupport.java less more

20	20	import java.io.IOException;
21	21	import java.security.cert.Certificate;
22	22	import java.security.cert.CertificateFactory;
	23	import java.security.cert.X509Certificate;
23	24	import java.util.HashMap;
24	25	import java.util.Map;
25	26

86	87	}
87	88
88	89	@Override
	90	public X509Certificate[] getLocalCertificateChain() {
	91	if (session == null) {
	92	return null;
	93	}
	94	return convertCertificates(session.getLocalCertificates());
	95	}
	96
	97	@Override
89	98	public java.security.cert.X509Certificate[] getPeerCertificateChain() throws IOException {
90	99	// Look up the current SSLSession
91	100	if (session == null)

98	107	log.debug(sm.getString("jsseSupport.clientCertError"), t);
99	108	return null;
100	109	}
	110
	111	return convertCertificates(certs);
	112	}
	113
	114
	115	private static java.security.cert.X509Certificate[] convertCertificates(Certificate[] certs) {
101	116	if( certs==null ) return null;
102	117
103	118	java.security.cert.X509Certificate [] x509Certs =

+2

-2

java/org/apache/tomcat/util/net/jsse/JSSEUtil.java less more

121	121	String protocolUpper = protocol.toUpperCase(Locale.ENGLISH);
122	122	if (!"SSLV2HELLO".equals(protocolUpper) && !"SSLV3".equals(protocolUpper)) {
123	123	if (protocolUpper.contains("SSL")) {
124		log.debug(sm.getString("jsse.excludeProtocol", protocol));
	124	log.debug(sm.getString("jsseUtil.excludeProtocol", protocol));
125	125	continue;
126	126	}
127	127	}

129	129	}
130	130
131	131	if (implementedProtocols.size() == 0) {
132		log.warn(sm.getString("jsse.noDefaultProtocols"));
	132	log.warn(sm.getString("jsseUtil.noDefaultProtocols"));
133	133	}
134	134
135	135	String[] implementedCipherSuiteArray = context.getSupportedSSLParameters().getCipherSuites();

+3

-14

java/org/apache/tomcat/util/net/jsse/LocalStrings.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=Alias name [{0}] does not identify a key entry
16		jsse.excludeProtocol=The SSL protocol [{0}] which is supported in this JRE was excluded from the protocols available to Tomcat
17		jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
18		jsse.noCertFile=SSLHostConfig attribute certificateFile must be defined when using an SSL connector
19		jsse.noDefaultProtocols=Unable to determine a default for sslEnabledProtocols. Set an explicit value to ensure the connector can start.
20		jsse.noKeys=No aliases for private keys found in key store
21		jsse.openssl.effectiveCiphers=Ciphers used: [{0}]
22		jsse.openssl.unknownElement=Unknown element in cipher string: [{0}]
23		jsse.pemParseError=Unable to parse the key from [{0}]
24
25	15	jsseSupport.certTranslationError=Error translating certificate [{0}]
26	16	jsseSupport.clientCertError=Error trying to obtain a certificate from the client
27	17
28		jsseUtil.noCrlSupport=The truststoreProvider [{0}] does not support the certificateRevocationFile configuration option
29		jsseUtil.noVerificationDepth=The truststoreProvider [{0}] does not support the certificateVerificationDepth configuration option
30		jsseUtil.trustedCertNotChecked=The validity dates of the trusted certificate with alias [{0}] were not checked as the certificate was of an unknown type
31		jsseUtil.trustedCertNotValid=The trusted certificate with alias [{0}] and DN [{1}] is not valid due to [{2}]. Certificates signed by this trusted certificate WILL be accepted
	18	jsseUtil.excludeProtocol=The SSL protocol [{0}] which is supported in this JRE was excluded from the protocols available to Tomcat
	19	jsseUtil.noDefaultProtocols=Unable to determine a default for sslEnabledProtocols. Set an explicit value to ensure the connector can start.
32	20
33	21	pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java does not provide an API for constructing an RSA private key object from that format
34	22	pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
	23	pemFile.parseError=Unable to parse the key from [{0}]

+1

-1

java/org/apache/tomcat/util/net/jsse/LocalStrings_cs.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.pemParseError=Nelze analyzovat klíč [{0}]
	15	pemFile.parseError=Nelze analyzovat klíč [{0}]

+1

-5

java/org/apache/tomcat/util/net/jsse/LocalStrings_de.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.openssl.effectiveCiphers=Verwendete Ciphers: [{0}]
16		jsse.pemParseError=Der Schlüssel konnte nicht aus [{0}] geparst werden.
17
18	15	jsseSupport.certTranslationError=Fehler beim Übersetzen des Zertifikates [{0}]
19	16	jsseSupport.clientCertError=Fehler beim Versuch ein Zertifikat vom Client zu erhalten.
20	17
21		jsseUtil.noVerificationDepth=Der truststoreProvider [{0}] unterstützt nicht die Option certificateVerificationDepth
22		jsseUtil.trustedCertNotValid=Das vertrauenswürdige Zertifikat mit alias [{0}] und DN [{1}] ist auf Grund von [{2}] nicht gültig. Zertifikate die von diesem signiert worden sind WERDEN akzeptiert.
	18	pemFile.parseError=Der Schlüssel konnte nicht aus [{0}] geparst werden.

+1

-6

java/org/apache/tomcat/util/net/jsse/LocalStrings_es.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=El nombre de Alias [{0}] no identifica una entrada de clave
16		jsse.invalidTrustManagerClassName=El trustManagerClassName suministrado [{0}] no implementa javax.net.ssl.TrustManager
17		jsse.openssl.effectiveCiphers=Cifradores usados: [{0}]
18		jsse.pemParseError=Imposible parsear la clave desde [{0}]
19
20	15	jsseSupport.clientCertError=Error tratando de obtener un certificado desde el cliente
21	16
22		jsseUtil.trustedCertNotValid=El certificado confiable con alias [{0}] y DN [{1}] no es válido debido a [{2}]. Los certificados firmados por este certificados confiable SERAN aceptados\n
	17	pemFile.parseError=Imposible parsear la clave desde [{0}]

+3

-14

java/org/apache/tomcat/util/net/jsse/LocalStrings_fr.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=Le nom alias [{0}] n''identifie pas une entrée de clé
16		jsse.excludeProtocol=Le protocole SSL [{0}] qui est supporté par ce JRE a été exclu des protocoles disponibles dans Tomcat
17		jsse.invalidTrustManagerClassName=Le trustManagerClassName fourni [{0}] n''implémente pas javax.net.ssl.TrustManager
18		jsse.noCertFile=L'attribut certificateFile de SSLHostConfig doit être défini lorsqu'un connecteur SSL est utilisé
19		jsse.noDefaultProtocols=Impossible de déterminer un défaut pour sslEnabledProtocols de [{0}], indiquez une valeur explicite pour permettre le démarrage du connecteur
20		jsse.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la base de clés
21		jsse.openssl.effectiveCiphers=Chiffres utilisés : [{0}]
22		jsse.openssl.unknownElement=Elément inconnu dans la chaîne de chiffres : [{0}]
23		jsse.pemParseError=Impossible de parser la clé de [{0}]
24
25	15	jsseSupport.certTranslationError=Erreur lors de la traduction du certificat [{0}]
26	16	jsseSupport.clientCertError=Echec de l'obtention d'un certificat de la part du client
27	17
28		jsseUtil.noCrlSupport=Le truststoreProvider [{0}] ne supporte pas d''option de configuration certificateRevocationFile
29		jsseUtil.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas l''option de configuration certificateVerificationDepth
30		jsseUtil.trustedCertNotChecked=Les dates de validité du certificat de confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est inconnu
31		jsseUtil.trustedCertNotValid=Le certificat de confiance avec l''alias [{0}] et le DN [{1}] n''est pas valide à cause de [{2}], les certificats signés par ce certificat de confiance SERONT acceptés
	18	jsseUtil.excludeProtocol=Le protocole SSL [{0}] qui est supporté par ce JRE a été exclu des protocoles disponibles dans Tomcat
	19	jsseUtil.noDefaultProtocols=Impossible de déterminer un défaut pour sslEnabledProtocols de [{0}], indiquez une valeur explicite pour permettre le démarrage du connecteur
32	20
33	21	pemFile.noMultiPrimes=Le certificat PKCS#1 est dans un format mutli-prime et Java ne fournit pas d'API pour construire une clé privée RSA à partir de ce format
34	22	pemFile.notValidRFC5915=La fichier de clé fourni ne se conforme pas à la RFC 5915
	23	pemFile.parseError=Impossible de parser la clé de [{0}]

+3

-14

java/org/apache/tomcat/util/net/jsse/LocalStrings_ja.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=別名 [{0}] はキーエントリを発見できません
16		jsse.excludeProtocol=JRE は SSL プロトコル [{0}] に対応しています。しかし Tomcat の利用可能プロトコルからは除外されています。
17		jsse.invalidTrustManagerClassName=[{0}]が提供するtrustManagerClassNameはjavax.net.ssl.TrustManagerを実装していません。
18		jsse.noCertFile=SSLコネクタを使用する場合は、SSLHostConfigのcertificateFile属性を定義する必要があります。
19		jsse.noDefaultProtocols=sslEnableProtocols の既定値を取得できません。コネクターを開始できるよう明示的に値を設定してください。
20		jsse.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
21		jsse.openssl.effectiveCiphers=使用された暗号：[{0}]
22		jsse.openssl.unknownElement=暗号文字列の不明な要素：[{0}]
23		jsse.pemParseError=秘密鍵ファイル [{0}] を解析できませんでした。
24
25	15	jsseSupport.certTranslationError=証明書の翻訳中にエラーが発生しました[{0}]
26	16	jsseSupport.clientCertError=クライアント証明書を取得中のエラー
27	17
28		jsseUtil.noCrlSupport=トラストストアプロバイダー [{0}] は設定項目 certificateRevocationFile に対応していません。
29		jsseUtil.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目 certificateVerificationDepth に未対応です。
30		jsseUtil.trustedCertNotChecked=エイリアス[{0}]を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした。
31		jsseUtil.trustedCertNotValid=エイリアス[{0}]とDN [{1}]を持つ信頼できる証明書が[{2}]のために無効です。この信頼できる証明書で署名された証明書が受け入れられるでしょう
	18	jsseUtil.excludeProtocol=JRE は SSL プロトコル [{0}] に対応しています。しかし Tomcat の利用可能プロトコルからは除外されています。
	19	jsseUtil.noDefaultProtocols=sslEnableProtocols の既定値を取得できません。コネクターを開始できるよう明示的に値を設定してください。
32	20
33	21	pemFile.noMultiPrimes=PKCS#1 証明書は multi-prime RSA フォーマットですが、Java はそのようなフォーマットに対する RSA 秘密鍵を構築する API を提供していません
34	22	pemFile.notValidRFC5915=与えられたキーファイルは RFC 5915 に準拠していません
	23	pemFile.parseError=秘密鍵ファイル [{0}] を解析できませんでした。

+3

-14

java/org/apache/tomcat/util/net/jsse/LocalStrings_ko.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=별칭 이름 [{0}]을(를) 사용하여 키 엔트리를 식별해낼 수 없습니다.
16		jsse.excludeProtocol=이 JRE에서 지원되는 해당 SSL 프로토콜 [{0}]이(가), Tomcat의 가용 프로토콜 목록에서 제외되어 있습니다.
17		jsse.invalidTrustManagerClassName=trustManagerClassName에 의해 제공된 클래스 [{0}]은(는) javax.net.ssl.TrustManager를 구현하지 않았습니다.
18		jsse.noCertFile=SSLHostConfig의 속성인 certificateFile은, 반드시 SSL connector를 사용할 때에만 정의되어야 합니다.
19		jsse.noDefaultProtocols=sslEnabledProtocols의 기본값을 결정할 수 없습니다. Connector가 제대로 시작되는지 보증하려면 명시적으로 값을 설정하십시오.
20		jsse.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
21		jsse.openssl.effectiveCiphers=사용되는 Cipher들: [{0}]
22		jsse.openssl.unknownElement=Cipher 문자열에 알 수 없는 엘리먼트: [{0}]
23		jsse.pemParseError=[{0}](으)로부터 키를 파싱할 수 없습니다.
24
25	15	jsseSupport.certTranslationError=인증서 [{0}]에 대한 인증서 변환을 하는 중 오류 발생
26	16	jsseSupport.clientCertError=클라이언트로부터 인증서를 구하려 시도하는 중 오류 발생
27	17
28		jsseUtil.noCrlSupport=truststoreProvider [{0}]은(는) certificateRevocationFile 설정 옵션을 지원하지 않습니다.
29		jsseUtil.noVerificationDepth=truststoreProvider [{0}]은(는) certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
30		jsseUtil.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의 유효일자들이 점검되지 않았습니다.
31		jsseUtil.trustedCertNotValid=별칭이 [{0}](이)고 DN이 [{1}]인 해당 신뢰받는 인증서는 [{2}](으)로 인하여 유효하지 않습니다. 이 신뢰되는 인증서에 의해 서명된 인증서들은 받아들여질 것입니다.
	18	jsseUtil.excludeProtocol=이 JRE에서 지원되는 해당 SSL 프로토콜 [{0}]이(가), Tomcat의 가용 프로토콜 목록에서 제외되어 있습니다.
	19	jsseUtil.noDefaultProtocols=sslEnabledProtocols의 기본값을 결정할 수 없습니다. Connector가 제대로 시작되는지 보증하려면 명시적으로 값을 설정하십시오.
32	20
33	21	pemFile.noMultiPrimes=해당 PKCS#1 인증서는 multi-prime 포맷으로 되어 있는데, 자바는 해당 포맷으로부터 RSA 개인 키 객체를 생성할 API를 제공하지 않습니다.
34	22	pemFile.notValidRFC5915=제공된 키는 RFC 5915를 따르지 않습니다
	23	pemFile.parseError=[{0}](으)로부터 키를 파싱할 수 없습니다.

+1

-1

java/org/apache/tomcat/util/net/jsse/LocalStrings_pt_BR.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.pemParseError=Impossível parsear a chave de [{0}]
	15	pemFile.parseError=Impossível parsear a chave de [{0}]

+1

-1

java/org/apache/tomcat/util/net/jsse/LocalStrings_ru.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.pemParseError=Невозможно получить ключ из [{0}]
	15	pemFile.parseError=Невозможно получить ключ из [{0}]

+3

-14

java/org/apache/tomcat/util/net/jsse/LocalStrings_zh_CN.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		jsse.alias_no_key_entry=别名[{0}]不标识密钥项
16		jsse.excludeProtocol=此JRE支持的SSL协议[{0}]已从Tomcat可用的协议中排除
17		jsse.invalidTrustManagerClassName=提供的trustManagerClassName[{0}]未实现javax.net.ssl.TrustManager
18		jsse.noCertFile=使用SSL连接器时必须定义SSLHostConfig属性certificateFile
19		jsse.noDefaultProtocols=无法确定sslEnabledProtocols的默认值。设置显式值以确保连接器可以启动。
20		jsse.noKeys=在密钥存储中找不到私钥的别名
21		jsse.openssl.effectiveCiphers=使用的密码：[{0}]
22		jsse.openssl.unknownElement=密码字符串中的未知元素：[{0}]。
23		jsse.pemParseError=无法从 [{0}] 解析 key
24
25	15	jsseSupport.certTranslationError=错误的转换证书[{0}]
26	16	jsseSupport.clientCertError=尝试从客户端获取证书时出错
27	17
28		jsseUtil.noCrlSupport=truststoreProvider [{0}]不支持certificateRevocationFile配置选项
29		jsseUtil.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
30		jsseUtil.trustedCertNotChecked=未检查别名为{0}的受信任证书的有效日期，因为该证书属于未知类型
31		jsseUtil.trustedCertNotValid=由于[{2}]，别名为[{0}]且DN [{1}]的可信证书无效。将接受由此可信证书签署的证书
	18	jsseUtil.excludeProtocol=此JRE支持的SSL协议[{0}]已从Tomcat可用的协议中排除
	19	jsseUtil.noDefaultProtocols=无法确定sslEnabledProtocols的默认值。设置显式值以确保连接器可以启动。
32	20
33	21	pemFile.noMultiPrimes=PKCS#1证书是多素数格式的，Java不提供从该格式构造RSA私钥对象的API
34	22	pemFile.notValidRFC5915=提供的key文件不符合RFC 5915
	23	pemFile.parseError=无法从 [{0}] 解析 key

+1

-1

java/org/apache/tomcat/util/net/jsse/PEMFile.java less more

171	171	keySpec = privateKeyInfo.getKeySpec(cipher);
172	172	}
173	173
174		InvalidKeyException exception = new InvalidKeyException(sm.getString("jsse.pemParseError", filename));
	174	InvalidKeyException exception = new InvalidKeyException(sm.getString("pemFile.parseError", filename));
175	175	if (keyAlgorithm == null) {
176	176	for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
177	177	try {

+1

-1

java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java less more

34	34	public class OpenSSLUtil extends SSLUtilBase {
35	35
36	36	private static final Log log = LogFactory.getLog(OpenSSLUtil.class);
37		private static final StringManager sm = StringManager.getManager(OpenSSLContext.class);
	37	private static final StringManager sm = StringManager.getManager(OpenSSLUtil.class);
38	38
39	39
40	40	public OpenSSLUtil(SSLHostConfigCertificate certificate) {

+1

-1

java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java less more

16	16
17	17	package org.apache.tomcat.util.net.openssl.ciphers;
18	18
19		enum Encryption {
	19	public enum Encryption {
20	20	AES128,
21	21	AES128CCM,
22	22	AES128CCM8,

+1

-1

java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java less more

16	16
17	17	package org.apache.tomcat.util.net.openssl.ciphers;
18	18
19		enum EncryptionLevel {
	19	public enum EncryptionLevel {
20	20	STRONG_NONE,
21	21	EXP40,
22	22	EXP56,

+1

-1

java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java less more

16	16
17	17	package org.apache.tomcat.util.net.openssl.ciphers;
18	18
19		enum KeyExchange {
	19	public enum KeyExchange {
20	20	EECDH /* SSL_kEECDH - ephemeral ECDH */,
21	21	RSA /* SSL_kRSA - RSA key exchange */,
22	22	DHr /* SSL_kDHr - DH cert, RSA CA cert / / no such ciphersuites supported! */,

+2

-1

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		converter.mapping=Cipher suite mapping: [{0}] => [{1}]
	15	opensslCipherConfigurationParser.effectiveCiphers=Ciphers used: [{0}]
	16	opensslCipherConfigurationParser.unknownElement=Unknown element in cipher string: [{0}]

+16

-0

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_de.properties less more

	0	# Licensed to the Apache Software Foundation (ASF) under one or more
	1	# contributor license agreements. See the NOTICE file distributed with
	2	# this work for additional information regarding copyright ownership.
	3	# The ASF licenses this file to You under the Apache License, Version 2.0
	4	# (the "License"); you may not use this file except in compliance with
	5	# the License. You may obtain a copy of the License at
	6	#
	7	# http://www.apache.org/licenses/LICENSE-2.0
	8	#
	9	# Unless required by applicable law or agreed to in writing, software
	10	# distributed under the License is distributed on an "AS IS" BASIS,
	11	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	12	# See the License for the specific language governing permissions and
	13	# limitations under the License.
	14
	15	opensslCipherConfigurationParser.effectiveCiphers=Verwendete Ciphers: [{0}]

+16

-0

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_es.properties less more

	0	# Licensed to the Apache Software Foundation (ASF) under one or more
	1	# contributor license agreements. See the NOTICE file distributed with
	2	# this work for additional information regarding copyright ownership.
	3	# The ASF licenses this file to You under the Apache License, Version 2.0
	4	# (the "License"); you may not use this file except in compliance with
	5	# the License. You may obtain a copy of the License at
	6	#
	7	# http://www.apache.org/licenses/LICENSE-2.0
	8	#
	9	# Unless required by applicable law or agreed to in writing, software
	10	# distributed under the License is distributed on an "AS IS" BASIS,
	11	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	12	# See the License for the specific language governing permissions and
	13	# limitations under the License.
	14
	15	opensslCipherConfigurationParser.effectiveCiphers=Cifradores usados: [{0}]

+2

-1

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_fr.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		converter.mapping=Association de la suite de chiffres : [{0}] => [{1}]
	15	opensslCipherConfigurationParser.effectiveCiphers=Chiffres utilisés : [{0}]
	16	opensslCipherConfigurationParser.unknownElement=Elément inconnu dans la chaîne de chiffres : [{0}]

+2

-1

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_ja.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		converter.mapping=暗号スイートの対応付け: [{0}] => [{1}]
	15	opensslCipherConfigurationParser.effectiveCiphers=使用された暗号：[{0}]
	16	opensslCipherConfigurationParser.unknownElement=暗号文字列の不明な要素：[{0}]

+2

-1

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_ko.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		converter.mapping=Cipher suite 매핑: [{0}] => [{1}]
	15	opensslCipherConfigurationParser.effectiveCiphers=사용되는 Cipher들: [{0}]
	16	opensslCipherConfigurationParser.unknownElement=Cipher 문자열에 알 수 없는 엘리먼트: [{0}]

+2

-1

java/org/apache/tomcat/util/net/openssl/ciphers/LocalStrings_zh_CN.properties less more

12	12	# See the License for the specific language governing permissions and
13	13	# limitations under the License.
14	14
15		converter.mapping=密码套件映射：[{0}]=>[{1}]
	15	opensslCipherConfigurationParser.effectiveCiphers=使用的密码：[{0}]
	16	opensslCipherConfigurationParser.unknownElement=密码字符串中的未知元素：[{0}]。

+1

-1

java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java less more

16	16
17	17	package org.apache.tomcat.util.net.openssl.ciphers;
18	18
19		enum MessageDigest {
	19	public enum MessageDigest {
20	20	MD5,
21	21	SHA1,
22	22	GOST94,

+3

-4

java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java less more

39	39	public class OpenSSLCipherConfigurationParser {
40	40
41	41	private static final Log log = LogFactory.getLog(OpenSSLCipherConfigurationParser.class);
42		private static final StringManager sm =
43		StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
	42	private static final StringManager sm = StringManager.getManager(OpenSSLCipherConfigurationParser.class);
44	43
45	44	private static boolean initialized = false;
46	45

731	730	if (aliases.containsKey(alias)) {
732	731	removedCiphers.addAll(aliases.get(alias));
733	732	} else {
734		log.warn(sm.getString("jsse.openssl.unknownElement", alias));
	733	log.warn(sm.getString("opensslCipherConfigurationParser.unknownElement", alias));
735	734	}
736	735	} else if (element.startsWith(TO_END)) {
737	736	String alias = element.substring(1);

766	765	result.addAll(cipher.getJsseNames());
767	766	}
768	767	if (log.isDebugEnabled()) {
769		log.debug(sm.getString("jsse.openssl.effectiveCiphers", displayResult(ciphers, true, ",")));
	768	log.debug(sm.getString("opensslCipherConfigurationParser.effectiveCiphers", displayResult(ciphers, true, ",")));
770	769	}
771	770	return result;
772	771	}

+1

-1

java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java less more

18	18
19	19	import org.apache.tomcat.util.net.Constants;
20	20
21		enum Protocol {
	21	public enum Protocol {
22	22
23	23	SSLv3(Constants.SSL_PROTO_SSLv3),
24	24	SSLv2(Constants.SSL_PROTO_SSLv2),

+1

-1

java/org/apache/tomcat/websocket/LocalStrings.properties less more

127	127	wsWebSocketContainer.defaultConfiguratorFail=Failed to create the default configurator
128	128	wsWebSocketContainer.endpointCreateFail=Failed to create a local endpoint of type [{0}]
129	129	wsWebSocketContainer.failedAuthentication=Failed to handle HTTP response code [{0}]. Authentication header was not accepted by server.
130		wsWebSocketContainer.httpRequestFailed=The HTTP request to initiate the WebSocket connection failed
	130	wsWebSocketContainer.httpRequestFailed=The HTTP request to initiate the WebSocket connection to [{0}] failed
131	131	wsWebSocketContainer.invalidExtensionParameters=The server responded with extension parameters the client is unable to support
132	132	wsWebSocketContainer.invalidHeader=Unable to parse HTTP header as no colon is present to delimit header name and header value in [{0}]. The header has been skipped.
133	133	wsWebSocketContainer.invalidStatus=The HTTP response from the server [{0}] did not permit the HTTP upgrade to WebSocket

+1

-2

java/org/apache/tomcat/websocket/WsWebSocketContainer.java less more

481	481	success = true;
482	482	} catch (ExecutionException \| InterruptedException \| SSLException \|
483	483	EOFException \| TimeoutException \| URISyntaxException \| AuthenticationException e) {
484		throw new DeploymentException(
485		sm.getString("wsWebSocketContainer.httpRequestFailed"), e);
	484	throw new DeploymentException(sm.getString("wsWebSocketContainer.httpRequestFailed", path), e);
486	485	} finally {
487	486	if (!success) {
488	487	channel.close();

+1

-1

java/org/apache/tomcat/websocket/server/LocalStrings.properties less more

23	23	upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible RSV bit usage
24	24
25	25	uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in the path which is not permitted
26		uriTemplate.emptySegment=The path [{0}] contains one or more empty segments which are is not permitted
	26	uriTemplate.emptySegment=The path [{0}] contains one or more empty segments which is not permitted
27	27	uriTemplate.invalidPath=The path [{0}] is not valid.
28	28	uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path [{1}]
29	29

+5

-4

java/org/apache/tomcat/websocket/server/UriTemplate.java less more

42	42
43	43	public UriTemplate(String path) throws DeploymentException {
44	44
45		if (path == null \|\| path.length() ==0 \|\| !path.startsWith("/")) {
	45	if (path == null \|\| path.length() == 0 \|\| !path.startsWith("/") \|\| path.contains("/../") \|\|
	46	path.contains("/./") \|\| path.contains("//")) {
46	47	throw new DeploymentException(
47	48	sm.getString("uriTemplate.invalidPath", path));
48	49	}

67	68	} else {
68	69	// As per EG discussion, all other empty segments are
69	70	// invalid
70		throw new IllegalArgumentException(sm.getString(
	71	throw new DeploymentException(sm.getString(
71	72	"uriTemplate.emptySegment", path));
72	73	}
73	74	}

80	81	normalized.append(paramCount++);
81	82	normalized.append('}');
82	83	if (!paramNames.add(segment)) {
83		throw new IllegalArgumentException(sm.getString(
	84	throw new DeploymentException(sm.getString(
84	85	"uriTemplate.duplicateParameter", segment));
85	86	}
86	87	} else {
87	88	if (segment.contains("{") \|\| segment.contains("}")) {
88		throw new IllegalArgumentException(sm.getString(
	89	throw new DeploymentException(sm.getString(
89	90	"uriTemplate.invalidSegment", segment, path));
90	91	}
91	92	normalized.append(segment);

+3

-1

res/graal/build-tomcat-native-image.sh less more

13	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	14	# See the License for the specific language governing permissions and
15	15	# limitations under the License.
	16
	17	set -e
16	18
17	19	CURDIR=`pwd`
18	20

52	54	-H:+ReportExceptionStackTraces \
53	55	--allow-incomplete-classpath \
54	56	--no-fallback \
55		-cp ../embed/tomcat-embed-core.jar:../embed/tomcat-embed-websocket.jar:../embed/tomcat-embed-el.jar:tomcat-embedded-sample.jar \
	57	-cp ../embed/tomcat-embed-core.jar:../embed/tomcat-embed-websocket.jar:../embed/tomcat-embed-el.jar:tomcat-embedded-sample.jar:../embed/annotations-api.jar \
56	58	org.apache.catalina.startup.EmbeddedTomcat
57	59
58	60	cd $CURDIR⏎

+6

-6

res/graal/tomcat-embed-websocket/native-image/tomcat-reflection.json less more

0	0	[
1		{ "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "methods" : [{"name": "<init>","parameterTypes":[] }] },
2		{ "name":"org.apache.tomcat.websocket.pojo.PojoEndpointBase", "allDeclaredMethods":true },
3		{ "name":"org.apache.tomcat.websocket.pojo.PojoEndpointServer", "allDeclaredMethods":true },
4		{ "name":"org.apache.tomcat.websocket.server.WsContextListener", "allDeclaredMethods":true },
5		{ "name":"org.apache.tomcat.websocket.server.WsFilter", "allDeclaredMethods":true },
6		{ "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "methods":[{"name":"<init>","parameterTypes":[] }] }
	1	{ "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true },
	2	{ "name":"org.apache.tomcat.websocket.pojo.PojoEndpointBase", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true },
	3	{ "name":"org.apache.tomcat.websocket.pojo.PojoEndpointServer", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true },
	4	{ "name":"org.apache.tomcat.websocket.server.WsContextListener", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true },
	5	{ "name":"org.apache.tomcat.websocket.server.WsFilter", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true },
	6	{ "name":"org.apache.tomcat.websocket.server.WsHttpUpgradeHandler", "allDeclaredConstructors" : true, "allPublicConstructors" : true, "allDeclaredMethods" : true, "allPublicMethods" : true }
7	7	]

+37

-38

res/maven/mvn-pub.xml less more

15	15	limitations under the License.
16	16	-->
17	17	<project name="Tomcat 9.0 Maven Deployment" default="" basedir="."
18		xmlns:artifact="urn:maven-artifact-ant"
	18	xmlns:resolver="antlib:org.apache.maven.resolver.ant"
19	19	xmlns:if="ant:if"
20	20	xmlns:unless="ant:unless">
21		<!--
22		Built for using Maven Ant Tasks (version 2.1.0 is known to work)
23		-->
24	21
25	22	<property file="${basedir}/mvn.properties"/>
26	23	<property file="${basedir}/mvn.properties.default"/>

28	25
29	26	<target name="init-maven">
30	27	<antcall target="downloadfile">
31		<param name="sourcefile" value="${maven-ant-tasks.loc}"/>
32		<param name="destfile" value="${maven-ant-tasks.jar}"/>
33		<param name="destdir" value="${maven-ant-tasks.home}"/>
34		</antcall>
35
36		<typedef resource="org/apache/maven/artifact/ant/antlib.xml"
37		uri="urn:maven-artifact-ant">
	28	<param name="sourcefile" value="${maven-resolver-ant-tasks.loc}"/>
	29	<param name="destfile" value="${maven-resolver-ant-tasks.jar}"/>
	30	<param name="destdir" value="${maven-resolver-ant-tasks.home}"/>
	31	</antcall>
	32
	33	<taskdef resource="org/apache/maven/resolver/ant/antlib.xml"
	34	uri="antlib:org.apache.maven.resolver.ant">
38	35	<classpath>
39		<pathelement location="${maven-ant-tasks.jar}" />
	36	<pathelement location="${maven-resolver-ant-tasks.jar}" />
40	37	</classpath>
41		</typedef>
	38	</taskdef>
42	39	</target>
43	40
44	41	<target name="maven-install" depends="init-maven">

52	49	</filterset>
53	50	</copy>
54	51
55		<artifact:install file="${file}">
	52	<resolver:install file="${file}">
56	53	<pom file="${pom}.tmp"/>
57		</artifact:install>
	54	</resolver:install>
58	55
59	56	<delete file="${pom}.tmp"/>
60	57	</target>

108	105	<param name="file.out" value="${pom}.asc" />
109	106	</antcall>
110	107
111		<artifact:deploy file="${file}">
	108	<resolver:deploy>
	109	<artifact file="${file}" />
112	110	<pom file="${pom}.tmp"/>
113		<remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}">
	111	<remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}">
114	112	<authentication username="${asf.ldap.username}"
115	113	password="${asf.ldap.password}"
116	114	unless:set="maven.auth.useSettings" />
117		</remoteRepository>
118		<attach file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/>
119		<attach file="${src}" classifier="sources" type="jar"/>
120		<attach file="${src}.asc" classifier="sources" type="jar.asc" if:set="gpg.passphrase"/>
121		<attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
122		</artifact:deploy>
	115	</remoterepo>
	116	<artifact file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/>
	117	<artifact file="${src}" classifier="sources" type="jar"/>
	118	<artifact file="${src}.asc" classifier="sources" type="jar.asc" if:set="gpg.passphrase"/>
	119	<artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
	120	</resolver:deploy>
123	121
124	122	<delete file="${pom}.tmp"/>
125	123	<delete file="${pom}.asc"/>

170	168	<param name="file.out" value="${pom}.asc" />
171	169	</antcall>
172	170
173		<artifact:deploy file="${file}">
	171	<resolver:deploy>
	172	<artifact file="${file}" />
174	173	<pom file="${pom}.tmp"/>
175		<remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}">
	174	<remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}">
176	175	<authentication username="${asf.ldap.username}"
177	176	password="${asf.ldap.password}"
178	177	unless:set="maven.auth.useSettings"/>
179		</remoteRepository>
180		<attach file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/>
181		<attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
182		</artifact:deploy>
	178	</remoterepo>
	179	<artifact file="${file}.asc" type="jar.asc" if:set="gpg.passphrase"/>
	180	<artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
	181	</resolver:deploy>
183	182
184	183	<delete file="${pom}.tmp"/>
185	184	<delete file="${pom}.asc"/>

230	229	<param name="file.out" value="${pom}.asc" />
231	230	</antcall>
232	231
233		<artifact:deploy file="${pom}">
	232	<resolver:deploy>
234	233	<pom file="${pom}.tmp"/>
235		<remoteRepository id="${maven.repo.repositoryId}" url="${maven.repo.url}">
	234	<remoterepo id="${maven.repo.repositoryId}" url="${maven.repo.url}">
236	235	<authentication username="${asf.ldap.username}"
237	236	password="${asf.ldap.password}"
238	237	unless:set="maven.auth.useSettings"/>
239		</remoteRepository>
240		<attach file="${file}.zip" type="zip"/>
241		<attach file="${file}.zip.asc" type="zip.asc" if:set="gpg.passphrase"/>
242		<attach file="${file}.tar.gz" type="tar.gz"/>
243		<attach file="${file}.tar.gz.asc" type="tar.gz.asc" if:set="gpg.passphrase"/>
244		<attach file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
245		</artifact:deploy>
	238	</remoterepo>
	239	<artifact file="${file}.zip" type="zip"/>
	240	<artifact file="${file}.zip.asc" type="zip.asc" if:set="gpg.passphrase"/>
	241	<artifact file="${file}.tar.gz" type="tar.gz"/>
	242	<artifact file="${file}.tar.gz.asc" type="tar.gz.asc" if:set="gpg.passphrase"/>
	243	<artifact file="${pom}.asc" type="pom.asc" if:set="gpg.passphrase"/>
	244	</resolver:deploy>
246	245
247	246	<delete file="${pom}.tmp"/>
248	247	<delete file="${pom}.asc"/>

+5

-5

res/maven/mvn.properties.default less more

38	38	maven.asf.release.repo.repositoryId=apache.releases.https
39	39
40	40	# Release version info
41		maven.asf.release.deploy.version=9.0.35
	41	maven.asf.release.deploy.version=9.0.36
42	42
43	43	#Where do we load the libraries from
44	44	tomcat.lib.path=../../output/build/lib

58	58	base.path=${user.home}/tomcat-build-libs
59	59
60	60	# ----- Maven Ant Tasks -----
61		maven-ant-tasks.version=2.1.3
62		maven-ant-tasks.home=${base.path}/maven-ant-tasks-${maven-ant-tasks.version}
63		maven-ant-tasks.loc=https://archive.apache.org/dist/maven/ant-tasks/${maven-ant-tasks.version}/binaries/maven-ant-tasks-${maven-ant-tasks.version}.jar
64		maven-ant-tasks.jar=${maven-ant-tasks.home}/maven-ant-tasks-${maven-ant-tasks.version}.jar
	61	maven-resolver-ant-tasks.version=1.2.0
	62	maven-resolver-ant-tasks.home=${base.path}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}
	63	maven-resolver-ant-tasks.loc=https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/${maven-resolver-ant-tasks.version}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar
	64	maven-resolver-ant-tasks.jar=${maven-resolver-ant-tasks.home}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar

+2

-0

test/org/apache/catalina/startup/EmbeddedTomcat.java less more

34	34	import org.apache.juli.logging.LogFactory;
35	35	import org.apache.tomcat.util.scan.StandardJarScanFilter;
36	36	import org.apache.tomcat.util.scan.StandardJarScanner;
	37	import org.apache.tomcat.websocket.server.WsContextListener;
37	38
38	39	@Ignore
39	40	public class EmbeddedTomcat {

65	66	CounterServlet counterServlet = new CounterServlet();
66	67	Tomcat.addServlet(ctx, "counterServlet", counterServlet);
67	68	ctx.addServletMappingDecoded("/", "counterServlet");
	69	ctx.addApplicationListener(WsContextListener.class.getName());
68	70
69	71	tomcat.start();
70	72	Thread.sleep(60*1000);

+14

-14

test/org/apache/catalina/valves/Benchmarks.java less more

75	75	return "ThreadLocals";
76	76	}
77	77
78		private static ThreadLocal<Long> currentMillisLocal = new ThreadLocal<Long>() {
	78	private ThreadLocal<Long> currentMillisLocal = new ThreadLocal<Long>() {
79	79	@Override
80	80	protected Long initialValue() {
81	81	return Long.valueOf(0);
82	82	}
83	83	};
84	84
85		private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<>();
	85	private ThreadLocal<Date> currentDateLocal = new ThreadLocal<>();
86	86
87	87	@Override
88	88	public void run() {

111	111	long value = 0;
112	112	}
113	113
114		private static ThreadLocal<MutableLong> currentMillisLocal = new ThreadLocal<MutableLong>() {
	114	private ThreadLocal<MutableLong> currentMillisLocal = new ThreadLocal<MutableLong>() {
115	115	@Override
116	116	protected MutableLong initialValue() {
117	117	return new MutableLong();
118	118	}
119	119	};
120	120
121		private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<>();
	121	private ThreadLocal<Date> currentDateLocal = new ThreadLocal<>();
122	122
123	123	@Override
124	124	public void run() {

148	148	public Date currentDate;
149	149	}
150	150
151		private static ThreadLocal<Struct> currentStruct = new ThreadLocal<Struct>() {
	151	private ThreadLocal<Struct> currentStruct = new ThreadLocal<Struct>() {
152	152	@Override
153	153	protected Struct initialValue() {
154	154	return new Struct();

265	265	return "ThreadLocals";
266	266	}
267	267
268		private static ThreadLocal<String> currentDateStringLocal = new ThreadLocal<>();
269
270		private static ThreadLocal<Date> currentDateLocal = new ThreadLocal<Date>() {
	268	private ThreadLocal<String> currentDateStringLocal = new ThreadLocal<>();
	269
	270	private ThreadLocal<Date> currentDateLocal = new ThreadLocal<Date>() {
271	271	@Override
272	272	protected Date initialValue() {
273	273	return new Date();
274	274	}
275	275	};
276		private static ThreadLocal<SimpleDateFormat> dayFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
	276	private ThreadLocal<SimpleDateFormat> dayFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
277	277	@Override
278	278	protected SimpleDateFormat initialValue() {
279	279	return new SimpleDateFormat("dd");
280	280	}
281	281	};
282		private static ThreadLocal<SimpleDateFormat> monthFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
	282	private ThreadLocal<SimpleDateFormat> monthFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
283	283	@Override
284	284	protected SimpleDateFormat initialValue() {
285	285	return new SimpleDateFormat("MM");
286	286	}
287	287	};
288		private static ThreadLocal<SimpleDateFormat> yearFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
	288	private ThreadLocal<SimpleDateFormat> yearFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
289	289	@Override
290	290	protected SimpleDateFormat initialValue() {
291	291	return new SimpleDateFormat("yyyy");
292	292	}
293	293	};
294		private static ThreadLocal<SimpleDateFormat> timeFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
	294	private ThreadLocal<SimpleDateFormat> timeFormatterLocal = new ThreadLocal<SimpleDateFormat>() {
295	295	@Override
296	296	protected SimpleDateFormat initialValue() {
297	297	return new SimpleDateFormat("hh:mm:ss");

353	353	"hh:mm:ss");
354	354	}
355	355
356		private static ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() {
	356	private ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() {
357	357	@Override
358	358	protected Struct initialValue() {
359	359	return new Struct();

414	414	"hh:mm:ss");
415	415	}
416	416
417		private static ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() {
	417	private ThreadLocal<Struct> structLocal = new ThreadLocal<Struct>() {
418	418	@Override
419	419	protected Struct initialValue() {
420	420	return new Struct();

+21

-0

test/org/apache/catalina/valves/rewrite/TestRewriteValve.java less more

106	106	}
107	107
108	108	@Test
	109	public void testRewriteMap07() throws Exception {
	110	doTestRewrite("RewriteMap mapa org.apache.catalina.valves.rewrite.TesterRewriteMapA foo bar\n" +
	111	"RewriteRule /b/.* /c/${mapa:${mapa:a}}", "/b/a.html", "/c/aaaa");
	112	}
	113
	114	@Test
	115	public void testRewriteMap08() throws Exception {
	116	doTestRewrite("RewriteMap lc int:tolower\n" +
	117	"RewriteRule ^(.*) ${lc:$1}", "/C/AaA", "/c/aaa");
	118	}
	119
	120	@Test
109	121	public void testRewriteServerVar() throws Exception {
110	122	doTestRewrite("RewriteRule /b/(.*).html$ /c%{SERVLET_PATH}", "/b/x.html", "/c/b/x.html");
111	123	}

604	616	doTestRewrite("RewriteRule !^/c/.* /b/", "/c/d", "/c/d");
605	617	}
606	618
	619	@Test
	620	public void testMultiLine001() throws Exception {
	621	doTestRewrite("RewriteRule /dummy /anotherDummy [L]\nRewriteRule ^/a /c [L]", "/a", "/c");
	622	}
	623
	624	@Test
	625	public void testMultiLine002() throws Exception {
	626	doTestRewrite("RewriteRule /dummy /a\nRewriteRule /a /c [L]", "/dummy", "/c");
	627	}
607	628
608	629	private void doTestRewrite(String config, String request, String expectedURI) throws Exception {
609	630	doTestRewrite(config, request, expectedURI, null);

+5

-1

test/org/apache/catalina/valves/rewrite/TesterRewriteMapA.java less more

30	30
31	31	@Override
32	32	public String setParameters(String params) {
	33	throw new IllegalStateException();
	34	}
	35
	36	@Override
	37	public void setParameters(String... params) {
33	38	// NO-OP
34		return null;
35	39	}
36	40
37	41	@Override

+30

-7

test/org/apache/coyote/http2/TestHttp2Section_5_1.java less more

146	146
147	147	@Test
148	148	public void testImplicitClose() throws Exception {
149		http2Connect();
	149	doTestImplicitClose(5);
	150	}
	151
	152
	153	// https://bz.apache.org/bugzilla/show_bug.cgi?id=64467
	154	@Test
	155	public void testImplicitCloseLargeId() throws Exception {
	156	doTestImplicitClose(Integer.MAX_VALUE - 8);
	157	}
	158
	159
	160	private void doTestImplicitClose(int lastStreamId) throws Exception {
	161
	162	long startFirst = System.nanoTime();
	163	http2Connect();
	164	long durationFirst = System.nanoTime() - startFirst;
150	165
151	166	sendPriority(3, 0, 16);
152		sendPriority(5, 0, 16);
153
154		sendSimpleGetRequest(5);
	167	sendPriority(lastStreamId, 0, 16);
	168
	169	long startSecond = System.nanoTime();
	170	sendSimpleGetRequest(lastStreamId);
155	171	readSimpleGetResponse();
156		Assert.assertEquals(getSimpleResponseTrace(5), output.getTrace());
157		output.clearTrace();
	172	long durationSecond = System.nanoTime() - startSecond;
	173
	174	Assert.assertEquals(getSimpleResponseTrace(lastStreamId), output.getTrace());
	175	output.clearTrace();
	176
	177	// Allow second request to take up to 5 times first request or up to 1 second - whichever is the larger - mainly
	178	// to allow for CI systems under load that can exhibit significant timing variation.
	179	Assert.assertTrue("First request took [" + durationFirst/1000000 + "ms], second request took [" +
	180	durationSecond/1000000 + "ms]", durationSecond < 1000000000 \|\| durationSecond < durationFirst * 3);
158	181
159	182	// Should trigger an error since stream 3 should have been implicitly
160	183	// closed.
161	184	sendSimpleGetRequest(3);
162	185
163		handleGoAwayResponse(5);
	186	handleGoAwayResponse(lastStreamId);
164	187	}
165	188
166	189

+134

-0

test/org/apache/tomcat/util/net/TestResolverSSL.java less more

	0	/*
	1	* Licensed to the Apache Software Foundation (ASF) under one or more
	2	* contributor license agreements. See the NOTICE file distributed with
	3	* this work for additional information regarding copyright ownership.
	4	* The ASF licenses this file to You under the Apache License, Version 2.0
	5	* (the "License"); you may not use this file except in compliance with
	6	* the License. You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
	16	package org.apache.tomcat.util.net;
	17
	18	import java.io.IOException;
	19	import java.io.PrintWriter;
	20
	21	import javax.servlet.ServletException;
	22
	23	import org.junit.Assert;
	24	import org.junit.Test;
	25
	26	import org.apache.catalina.Container;
	27	import org.apache.catalina.connector.Request;
	28	import org.apache.catalina.connector.Response;
	29	import org.apache.catalina.startup.Tomcat;
	30	import org.apache.catalina.startup.TomcatBaseTest;
	31	import org.apache.catalina.valves.ValveBase;
	32	import org.apache.catalina.valves.rewrite.Resolver;
	33	import org.apache.catalina.valves.rewrite.ResolverImpl;
	34	import org.apache.tomcat.util.buf.ByteChunk;
	35
	36	public class TestResolverSSL extends TomcatBaseTest {
	37
	38	@Test
	39	public void testSslEnv() throws Exception {
	40	Tomcat tomcat = getTomcatInstance();
	41	Container root = tomcat.getHost().findChild("");
	42	root.getPipeline().addValve(new ResolverTestValve());
	43
	44	tomcat.start();
	45	ByteChunk res = getUrl("https://localhost:" + getPort() + "/protected");
	46	// Just look a bit at the result
	47	System.out.println(res.toString());
	48	Assert.assertTrue(res.toString().indexOf("OK") > 0);
	49	}
	50
	51	// List from https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars
	52	private static final String[] keys = {
	53	"HTTPS",
	54	"SSL_PROTOCOL",
	55	"SSL_SESSION_ID",
	56	"SSL_SESSION_RESUMED",
	57	"SSL_SECURE_RENEG",
	58	"SSL_CIPHER",
	59	"SSL_CIPHER_EXPORT",
	60	"SSL_CIPHER_USEKEYSIZE",
	61	"SSL_CIPHER_ALGKEYSIZE",
	62	"SSL_COMPRESS_METHOD",
	63	"SSL_VERSION_INTERFACE",
	64	"SSL_VERSION_LIBRARY",
	65	"SSL_CLIENT_M_VERSION",
	66	"SSL_CLIENT_M_SERIAL",
	67	"SSL_CLIENT_S_DN",
	68	"SSL_CLIENT_S_DN_CN", // CN component
	69	"SSL_CLIENT_S_DN_O", // O component
	70	"SSL_CLIENT_S_DN_C", // C component
	71	"SSL_CLIENT_SAN_Email_n", // FXIME: n
	72	"SSL_CLIENT_SAN_DNS_n", // FXIME: n
	73	"SSL_CLIENT_SAN_OTHER_msUPN_n", // FXIME: n
	74	"SSL_CLIENT_I_DN",
	75	"SSL_CLIENT_I_DN_x509", // FXIME: x509
	76	"SSL_CLIENT_V_START",
	77	"SSL_CLIENT_V_END",
	78	"SSL_CLIENT_V_REMAIN",
	79	"SSL_CLIENT_A_SIG",
	80	"SSL_CLIENT_A_KEY",
	81	"SSL_CLIENT_CERT",
	82	"SSL_CLIENT_CERT_CHAIN_0",
	83	"SSL_CLIENT_CERT_RFC4523_CEA",
	84	"SSL_CLIENT_VERIFY",
	85	"SSL_SERVER_M_VERSION",
	86	"SSL_SERVER_M_SERIAL",
	87	"SSL_SERVER_S_DN",
	88	"SSL_SERVER_SAN_Email_n", // FXIME: n
	89	"SSL_SERVER_SAN_DNS_n", // FXIME: n
	90	"SSL_SERVER_SAN_OTHER_dnsSRV_n", // FXIME: n
	91	"SSL_SERVER_S_DN_CN", // CN component
	92	"SSL_SERVER_S_DN_O", // O component
	93	"SSL_SERVER_S_DN_C", // C component
	94	"SSL_SERVER_I_DN",
	95	"SSL_SERVER_I_DN_x509", // FXIME: x509
	96	"SSL_SERVER_V_START",
	97	"SSL_SERVER_V_END",
	98	"SSL_SERVER_A_SIG",
	99	"SSL_SERVER_A_KEY",
	100	"SSL_SERVER_CERT",
	101	"SSL_SRP_USER",
	102	"SSL_SRP_USERINFO",
	103	"SSL_TLS_SNI" };
	104
	105	public class ResolverTestValve extends ValveBase {
	106
	107	@Override
	108	public void invoke(Request request, Response response)
	109	throws IOException, ServletException {
	110	PrintWriter writer = response.getWriter();
	111	Resolver resolver = new ResolverImpl(request);
	112	for (String key : keys) {
	113	resolve(key, resolver, writer);
	114	}
	115	writer.println("OK");
	116	}
	117
	118	private void resolve(String key, Resolver resolver, PrintWriter writer) {
	119	writer.println("[" + key + "] " + resolver.resolveSsl(key));
	120	}
	121	}
	122
	123	@Override
	124	public void setUp() throws Exception {
	125	super.setUp();
	126
	127	Tomcat tomcat = getTomcatInstance();
	128
	129	TesterSupport.configureClientCertContext(tomcat);
	130
	131	TesterSupport.configureClientSsl();
	132	}
	133	}

+29

-8

test/org/apache/tomcat/websocket/server/TestUriTemplate.java less more

43	43	}
44	44
45	45
46		@Test(expected=java.lang.IllegalArgumentException.class)
	46	@Test(expected=javax.websocket.DeploymentException.class)
47	47	public void testBasicPrefix() throws Exception {
48	48	@SuppressWarnings("unused")
49	49	UriTemplate t = new UriTemplate("/x{a}/y{b}");
50	50	}
51	51
52	52
53		@Test(expected=java.lang.IllegalArgumentException.class)
	53	@Test(expected=javax.websocket.DeploymentException.class)
54	54	public void testPrefixOneOfTwo() throws Exception {
55	55	UriTemplate t = new UriTemplate("/x{a}/y{b}");
56	56	t.match(new UriTemplate("/xfoo"));
57	57	}
58	58
59	59
60		@Test(expected=java.lang.IllegalArgumentException.class)
	60	@Test(expected=javax.websocket.DeploymentException.class)
61	61	public void testPrefixTwoOfTwo() throws Exception {
62	62	UriTemplate t = new UriTemplate("/x{a}/y{b}");
63	63	t.match(new UriTemplate("/ybar"));
64	64	}
65	65
66	66
67		@Test(expected=java.lang.IllegalArgumentException.class)
	67	@Test(expected=javax.websocket.DeploymentException.class)
68	68	public void testQuote1() throws Exception {
69	69	UriTemplate t = new UriTemplate("/.{a}");
70	70	t.match(new UriTemplate("/yfoo"));
71	71	}
72	72
73	73
74		@Test(expected=java.lang.IllegalArgumentException.class)
	74	@Test(expected=javax.websocket.DeploymentException.class)
75	75	public void testQuote2() throws Exception {
76	76	@SuppressWarnings("unused")
77	77	UriTemplate t = new UriTemplate("/.{a}");

152	152	}
153	153
154	154
155		@Test(expected=java.lang.IllegalArgumentException.class)
	155	@Test(expected=javax.websocket.DeploymentException.class)
156	156	public void testDuplicate01() throws Exception {
157	157	@SuppressWarnings("unused")
158	158	UriTemplate t = new UriTemplate("/{var}/{var}");

195	195	}
196	196
197	197
198		@Test(expected=java.lang.IllegalArgumentException.class)
	198	@Test(expected=javax.websocket.DeploymentException.class)
199	199	public void testEgMailingList04() throws Exception {
200	200	UriTemplate t = new UriTemplate("/a/{var1}/{var2}");
201	201	@SuppressWarnings("unused")

203	203	}
204	204
205	205
206		@Test(expected=java.lang.IllegalArgumentException.class)
	206	@Test(expected=javax.websocket.DeploymentException.class)
207	207	public void testEgMailingList05() throws Exception {
208	208	UriTemplate t = new UriTemplate("/a/{var}/");
209	209	@SuppressWarnings("unused")
210	210	Map<String,String> result = t.match(new UriTemplate("/a/b/"));
211	211	}
	212
	213
	214	@Test(expected=javax.websocket.DeploymentException.class)
	215	public void testSpecIssue194a() throws Exception {
	216	@SuppressWarnings("unused")
	217	UriTemplate t = new UriTemplate("/a/../b");
	218	}
	219
	220
	221	@Test(expected=javax.websocket.DeploymentException.class)
	222	public void testSpecIssue194b() throws Exception {
	223	@SuppressWarnings("unused")
	224	UriTemplate t = new UriTemplate("/./b");
	225	}
	226
	227
	228	@Test(expected=javax.websocket.DeploymentException.class)
	229	public void testSpecIssue194c() throws Exception {
	230	@SuppressWarnings("unused")
	231	UriTemplate t = new UriTemplate("//b");
	232	}
212	233	}

+115

-4

webapps/docs/changelog.xml less more

43	43	They eventually become mixed with the numbered issues (i.e., numbered
44	44	issues do not "pop up" wrt. others).
45	45	-->
46		<section name="Tomcat 9.0.35 (markt)">
	46	<section name="Tomcat 9.0.36 (markt)">
	47	<subsection name="Catalina">
	48	<changelog>
	49	<fix>
	50	<bug>64432</bug>: Correct a refactoring regression that broke handling
	51	of multi-line configuration in the RewriteValve. Patch provided by Jj.
	52	(markt)
	53	</fix>
	54	<fix>
	55	Fix use of multiple parameters when defining RewriteMaps.
	56	(remm/fschumacher)
	57	</fix>
	58	<update>
	59	Add the special internal rewrite maps for case modification and
	60	escaping. (remm/fschumacher)
	61	</update>
	62	<fix>
	63	Correct a regression in an earlier fix that broke the loading of
	64	configuration files such as keystores via URIs on Windows. (markt)
	65	</fix>
	66	<fix>
	67	<bug>64470</bug>: The default value of the solidus handling should
	68	reflect the associated system property. (remm)
	69	</fix>
	70	<fix>
	71	Implement a few rewrite SSL env that correspond to Servlet request
	72	attributes. (remm)
	73	</fix>
	74	<update>
	75	<bug>64442</bug>: Be more flexible with respect to the ordering of
	76	groups, roles and users in the <code>tomcat-users.xml</code> file.
	77	(fschumacher)
	78	</update>
	79	<fix>
	80	<bug>64493</bug>: Revert possible change of returned protocol
	81	attribute value on the <code>Connector</code>. (remm)
	82	</fix>
	83	</changelog>
	84	</subsection>
	85	<subsection name="Coyote">
	86	<changelog>
	87	<update>
	88	Add support for ALPN on recent OpenJDK 8 releases. (remm)
	89	</update>
	90	<fix>
	91	<bug>64467</bug>: Improve performance of closing idle HTTP/2 streams.
	92	(markt)
	93	</fix>
	94	<update>
	95	Expose server certificate through the <code>SSLSupport</code>
	96	interface. (remm)
	97	</update>
	98	<add>
	99	<bug>64483</bug>: Log a warning if an AJP request is rejected because it
	100	contains an unexpected request attribute. (markt)
	101	</add>
	102	<fix>
	103	<bug>64485</bug>: Fix possible resource leak geting last modified from
	104	<code>ConfigurationSource.Resource</code>. (remm)
	105	</fix>
	106	</changelog>
	107	</subsection>
	108	<subsection name="Jasper">
	109	<changelog>
	110	<fix>
	111	<bug>64488</bug>: Ensure that the ImportHandler from the Expression
	112	Language API is able to load classes from the Java runtime when running
	113	under a SecurityManager. Based on a patch by Volodymyr Siedleck. (markt)
	114	</fix>
	115	</changelog>
	116	</subsection>
	117	<subsection name="WebSocket">
	118	<changelog>
	119	<fix>
	120	Consistently throw a <code>DeploymentException</code> when an invalid
	121	endpoint path is specified and catch invalid endpoint paths earlier.
	122	(markt)
	123	</fix>
	124	<add>
	125	Include the target URL in the log message when a WebSocket connection
	126	fails. (markt)
	127	</add>
	128	</changelog>
	129	</subsection>
	130	<subsection name="Other">
	131	<changelog>
	132	<update>
	133	Update the list of known <code>Charset</code>s in the
	134	<code>CharsetCache</code> to include <code>ISO-8859-16</code>, added in
	135	OpenJDK 15. (markt)
	136	</update>
	137	<add>
	138	Improve the quality and expand the coverage of the French translations
	139	provided with Apache Tomcat. (remm)
	140	</add>
	141	<add>
	142	<bug>64430</bug>: Add support for the <code>CATALINA_OUT_CMD</code>
	143	environment variable that defines a command to which captured stdout and
	144	stderr will be redirected. Patch provided by Harald Dunkel. (markt)
	145	</add>
	146	<update>
	147	Switch from the unsupported Maven Ant Tasks to the supported Maven
	148	Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and
	149	from there to Maven Central). (markt)
	150	</update>
	151	<update>
	152	Update dependency on bnd to 5.1.0. (markt)
	153	</update>
	154	</changelog>
	155	</subsection>
	156	</section>
	157	<section name="Tomcat 9.0.35 (markt)" rtext="2020-05-11">
47	158	<subsection name="Catalina">
48	159	<changelog>
49	160	<fix>

62	173	<add>
63	174	Log a warning if a <code>CredentialHandler</code> instance is added to
64	175	an instance of the <code>CombinedRealm</code> (or a sub-class) as the
65		<code>CombinedRealm</code> doesn't use a configued
	176	<code>CombinedRealm</code> doesn't use a configured
66	177	<code>CredentialHandler</code> and it is likely that a configuration
67	178	error has occurred. (markt)
68	179	</add>

328	439	Correct the documentation web application to remove references to the
329	440	<code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>
330	441	system property changing how the sequence <code>%5c</code> is
331		interpretted in a URI. (markt)
	442	interpreted in a URI. (markt)
332	443	</fix>
333	444	</changelog>
334	445	</subsection>

355	466	Update the CXF module to Apache CXF 3.3.6. (remm)
356	467	</update>
357	468	<fix>
358		Depreacted the <code>LOGGING_CONFIG</code> environment variable and
	469	Deprecated the <code>LOGGING_CONFIG</code> environment variable and
359	470	replace it with the <code>CATALINA_LOGGING_CONFIG</code> environment
360	471	variable to avoid clashes with other components that use
361	472	<code>LOGGING_CONFIG</code>. (markt)

+5

-3

webapps/docs/config/ajp.xml less more

533	533	<attribute name="tomcatAuthentication" required="false">
534	534	<p>If set to <code>true</code>, the authentication will be done in Tomcat.
535	535	Otherwise, the authenticated principal will be propagated from the native
536		webserver and used for authorization in Tomcat. Note that this principal
537		will have no roles associated with it.
538		The default value is <code>true</code>. If
	536	webserver and used for authorization in Tomcat. </p>
	537	<p>The web server must send the user principal (username) as a request
	538	<i>attribute</i> named <code>REMOTE_USER</code>.</p>
	539	<p>Note that this principal will have no roles associated with it.</p>
	540	<p>The default value is <code>true</code>. If
539	541	<code>tomcatAuthorization</code> is set to <code>true</code> this
540	542	attribute has no effect.</p>
541	543	</attribute>

+1

-1

webapps/docs/graal.xml less more

34	34	<section name="Introduction">
35	35
36	36	<p>
37		Tomcat supports using the GraalVM 19.3 Native Image tool to produce
	37	Tomcat supports using the GraalVM Native Image tool to produce
38	38	a native binary including the container. This documentation page
39	39	describes the build process of such an image.
40	40	</p>

+13

-1

webapps/docs/rewrite.xml less more

244	244	<li>
245	245	<code>%{SSL:variable}</code>, where <em>variable</em> is the
246	246	name of an SSL environment
247		variable, are not implemented yet. Example:
	247	variable, are not implemented, except
	248	<code>SSL_PROTOCOL</code>, <code>SSL_SESSION_ID</code>,
	249	<code>SSL_CIPHER</code> and <code>SSL_CIPHER_USEKEYSIZE</code>.
	250	Example:
248	251	<code>%{SSL:SSL_CIPHER_USEKEYSIZE}</code> may expand to
249	252	<code>128</code>.</li>
250	253

393	396	<subsection name="RewriteMap">
394	397
395	398	<p>Syntax: <code>RewriteMap name rewriteMapClassName optionalParameters</code></p>
	399
	400	<p>The <code>rewriteMapClassName</code> value also allows special values:
	401	<ul>
	402	<li><code>int:toupper</code>: Special map converting passed values to upper case</li>
	403	<li><code>int:tolower</code>: Special map converting passed values to lower case</li>
	404	<li><code>int:escape</code>: URL escape the passed value</li>
	405	<li><code>int:unescape</code>: URL unescape the passed value</li>
	406	</ul>
	407	</p>
396	408
397	409	<p>The maps are implemented using an interface that users must implement. Its class
398	410	name is <code>org.apache.catalina.valves.rewrite.RewriteMap</code>, and its code is:</p>