Hi,
I have ported the following tomcat changes to
JSSESocketFactory.java and LocalStrings.properties.
1. Log exceptions change when one cannot load truststore.
The 2nd reverts the 1st. So, we only apply the change in the 3rd.
http://svn.apache.org/viewvc?rev=656124&view=rev
http://svn.apache.org/viewvc?rev=656738&view=rev
http://svn.apache.org/viewvc?rev=656738&view=rev
2. change for PKCS11 and cleanup
http://svn.apache.org/viewvc?rev=657439&view=rev
Thanks.
Shing Wai Chan
Encl: the svn diff
/export/grizzly/src/trunk/modules/http-utils/src/main/java/com/sun/grizzly/util/net/jsse
> svn diff .
Index: JSSESocketFactory.java
===================================================================
--- JSSESocketFactory.java (revision 1231)
+++ JSSESocketFactory.java (working copy)
@@ -40,6 +40,7 @@
package com.sun.grizzly.util.net.jsse;
import com.sun.grizzly.util.LoggerUtils;
+import com.sun.grizzly.util.res.StringManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -78,6 +79,9 @@
public abstract class JSSESocketFactory
extends com.sun.grizzly.util.net.ServerSocketFactory
{
+ private static StringManager sm =
+ StringManager.getManager("com.sun.grizzly.util.net.jsse.res");
+
// defaults
static String defaultProtocol = "TLS";
static String defaultAlgorithm = "SunX509";
@@ -252,6 +256,7 @@
* Gets the SSL server's truststore.
*/
protected KeyStore getTrustStore() throws IOException {
+ KeyStore ts = null;
String truststore = (String)attributes.get("truststore");
if (logger.isLoggable(Level.FINE)) {
@@ -269,7 +274,11 @@
truststorePassword = getKeystorePassword();
}
- return getStore(truststoreType, truststore, truststorePassword);
+ if (truststore != null && truststorePassword != null) {
+ ts = getStore(truststoreType, truststore, truststorePassword);
+ }
+
+ return ts;
}
/*
@@ -282,24 +291,32 @@
InputStream istream = null;
try {
ks = KeyStore.getInstance(type);
- File keyStoreFile = new File(path);
- if (!keyStoreFile.isAbsolute()) {
- keyStoreFile = new
File(System.getProperty("catalina.base"),
- path);
+ if (!("PKCS11".equalsIgnoreCase(type) ||
+ "".equalsIgnoreCase(path))) {
+ File keyStoreFile = new File(path);
+ if (!keyStoreFile.isAbsolute()) {
+ keyStoreFile = new
File(System.getProperty("catalina.base"),
+ path);
+ }
+ istream = new FileInputStream(keyStoreFile);
}
- istream = new FileInputStream(keyStoreFile);
ks.load(istream, pass.toCharArray());
- istream.close();
- istream = null;
} catch (FileNotFoundException fnfe) {
+ logger.log(Level.SEVERE,
+ sm.getString("jsse.keystore_load_failed", type, path,
+ fnfe.getMessage()), fnfe);
throw fnfe;
} catch (IOException ioe) {
+ logger.log(Level.SEVERE,
+ sm.getString("jsse.keystore_load_failed", type, path,
+ ioe.getMessage()), ioe);
throw ioe;
} catch(Exception ex) {
- ex.printStackTrace();
- throw new IOException("Exception trying to load keystore " +
- path + ": " + ex.getMessage() );
+ String msg = sm.getString("jsse.keystore_load_failed",
type, path,
+ ex.getMessage());
+ logger.log(Level.SEVERE, msg, ex);
+ throw new IOException(msg);
} finally {
if (istream != null) {
try {
Index: res/LocalStrings.properties
===================================================================
--- res/LocalStrings.properties (revision 1231)
+++ res/LocalStrings.properties (working copy)
@@ -2,3 +2,4 @@
# Message IDs reserved for this file: PWC5330-PWC5539
#
jsse.alias_no_key_entry=PWC5330: Alias name {0} does not identify a key
entry
+jsse.keystore_load_failed=Failed to load keystore type {0} with path
{1} due to {2}