diff options
8 files changed, 93 insertions, 5 deletions
diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/ca/shared/webapps/ca/META-INF/context.xml +++ b/base/ca/shared/webapps/ca/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java index d1b3dc3f2..20bf85d22 100644 --- a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java +++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java @@ -140,8 +140,13 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { @Override protected void initInternal() throws LifecycleException { log("Initializing authenticators"); + super.initInternal(); + + sslAuthenticator.setAlwaysUseSession(alwaysUseSession); sslAuthenticator.init(); + + fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession); fallbackAuthenticator.init(); } diff --git a/base/common/upgrade/10.0.4/.gitignore b/base/common/upgrade/10.0.4/.gitignore new file mode 100644 index 000000000..5e7d2734c --- /dev/null +++ b/base/common/upgrade/10.0.4/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/kra/shared/webapps/kra/META-INF/context.xml +++ b/base/kra/shared/webapps/kra/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml +++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator new file mode 100755 index 000000000..7aee78089 --- /dev/null +++ b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator @@ -0,0 +1,69 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata <edewata@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2013 Red Hat, Inc. +# All rights reserved. +# + +import os +from lxml import etree + +import pki.server.upgrade + + +class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Enable session in authenticator' + + self.parser = etree.XMLParser(remove_blank_text=True) + + def upgrade_subsystem(self, instance, subsystem): + + context_xml = os.path.join( + instance.base_dir, 'webapps', subsystem.name, 'META-INF', 'context.xml') + self.backup(context_xml) + + document = etree.parse(context_xml, self.parser) + + self.enable_session(document) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + def enable_session(self, document): + + context = document.getroot() + valves = context.findall('Valve') + authenticator = None + + # Find existing authenticator + for valve in valves: + className = valve.get('className') + if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback': + continue + + # Found existing authenticator + authenticator = valve + break + + if authenticator is None: + raise Exception('Missing SSLAuthenticatorWithFallback') + + # Update authenticator's attributes + authenticator.set('alwaysUseSession', 'true') diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/tks/shared/webapps/tks/META-INF/context.xml +++ b/base/tks/shared/webapps/tks/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/tps/shared/webapps/tps/META-INF/context.xml b/base/tps/shared/webapps/tps/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/tps/shared/webapps/tps/META-INF/context.xml +++ b/base/tps/shared/webapps/tps/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> |