svn commit: r1811614 - in /tomcat/trunk: bin/ciphers.sh java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1811614 - in /tomcat/trunk: bin/ciphers.sh java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java

schultz-2
Author: schultz
Date: Mon Oct  9 21:55:29 2017
New Revision: 1811614

URL: http://svn.apache.org/viewvc?rev=1811614&view=rev
Log:
Add main method to OpenSSLCipherConfigurationParser and wrapper script to mimic "openssl ciphers" command.

Added:
    tomcat/trunk/bin/ciphers.sh   (with props)
Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java

Added: tomcat/trunk/bin/ciphers.sh
URL: http://svn.apache.org/viewvc/tomcat/trunk/bin/ciphers.sh?rev=1811614&view=auto
==============================================================================
--- tomcat/trunk/bin/ciphers.sh (added)
+++ tomcat/trunk/bin/ciphers.sh Mon Oct  9 21:55:29 2017
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# -----------------------------------------------------------------------------
+# Script to digest password using the algorithm specified
+# -----------------------------------------------------------------------------
+
+# Better OS/400 detection: see Bugzilla 31132
+os400=false
+case "`uname`" in
+OS400*) os400=true;;
+esac
+
+# resolve links - $0 may be a softlink
+PRG="$0"
+
+while [ -h "$PRG" ] ; do
+  ls=`ls -ld "$PRG"`
+  link=`expr "$ls" : '.*-> \(.*\)$'`
+  if expr "$link" : '/.*' > /dev/null; then
+    PRG="$link"
+  else
+    PRG=`dirname "$PRG"`/"$link"
+  fi
+done
+
+PRGDIR=`dirname "$PRG"`
+EXECUTABLE=tool-wrapper.sh
+
+# Check that target executable exists
+if $os400; then
+  # -x will Only work on the os400 if the files are:
+  # 1. owned by the user
+  # 2. owned by the PRIMARY group of the user
+  # this will not work if the user belongs in secondary groups
+  eval
+else
+  if [ ! -x "$PRGDIR"/"$EXECUTABLE" ]; then
+    echo "Cannot find $PRGDIR/$EXECUTABLE"
+    echo "The file is absent or does not have execute permission"
+    echo "This file is needed to run this program"
+    exit 1
+  fi
+fi
+
+exec "$PRGDIR"/"$EXECUTABLE" org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser "$@"

Propchange: tomcat/trunk/bin/ciphers.sh
------------------------------------------------------------------------------
    svn:executable = *

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1811614&r1=1811613&r2=1811614&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Mon Oct  9 21:55:29 2017
@@ -824,4 +824,77 @@ public class OpenSSLCipherConfigurationP
         }
         return builder.toString().substring(0, builder.length() - 1);
     }
+
+    public static void usage() {
+        System.out.println("Usage: java " + OpenSSLCipherConfigurationParser.class.getName() + " [options] cipherspec");
+        System.out.println();
+        System.out.println("Displays the TLS cipher suites matching the cipherspec.");
+        System.out.println();
+        System.out.println(" --help,");
+        System.out.println(" -h          Print this help message");
+        System.out.println(" --openssl   Show OpenSSL cipher suite names instead of IANA cipher suite names.");
+        System.out.println(" --verbose,");
+        System.out.println(" -v          Provide detailed cipher listing");
+    }
+
+    public static void main(String[] args) throws Exception
+    {
+        boolean verbose = false;
+        boolean useOpenSSLNames = false;
+        int argindex;
+        for(argindex = 0; argindex < args.length; ++argindex)
+        {
+            String arg = args[argindex];
+            if("--verbose".equals(arg) || "-v".equals(arg))
+                verbose = true;
+            else if("--openssl".equals(arg))
+                useOpenSSLNames = true;
+            else if("--help".equals(arg) || "-h".equals(arg)) {
+                usage();
+                System.exit(0);
+            }
+            else if("--".equals(arg)) {
+                ++argindex;
+                break;
+            } else if(arg.startsWith("-")) {
+                System.out.println("Unknown option: " + arg);
+                usage();
+                System.exit(1);
+            } else {
+                // Non-switch argument... probably the cipher spec
+                break;
+            }
+        }
+
+        String cipherSpec;
+        if(argindex < args.length) {
+            cipherSpec = args[argindex];
+        } else {
+            cipherSpec = "DEFAULT";
+        }
+        Set<Cipher> ciphers = parse(cipherSpec);
+        boolean first = true;
+        if(null != ciphers && 0 < ciphers.size()) {
+            for(Cipher cipher : ciphers)
+            {
+                if(first) {
+                    first = false;
+                } else {
+                    if(verbose) {
+                        System.out.println("\t" + cipher.getProtocol() + "\tKx=" + cipher.getKx() + "\tAu=" + cipher.getAu() + "\tEnc=" + cipher.getEnc() + "\tMac=" + cipher.getMac());
+                    }
+                    else
+                        System.out.print(',');
+                }
+                if(useOpenSSLNames)
+                    System.out.print(cipher.getOpenSSLAlias());
+                else
+                    System.out.print(cipher.name());
+            }
+            if(verbose)
+                System.out.println();
+        } else {
+            System.out.println("No ciphers match '" + cipherSpec + "'");
+        }
+    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1811614 - in /tomcat/trunk: bin/ciphers.sh java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java

markt
On 09/10/17 22:55, [hidden email] wrote:
> Author: schultz
> Date: Mon Oct  9 21:55:29 2017
> New Revision: 1811614
>
> URL: http://svn.apache.org/viewvc?rev=1811614&view=rev
> Log:
> Add main method to OpenSSLCipherConfigurationParser and wrapper script to mimic "openssl ciphers" command.

<snip/>

> +# -----------------------------------------------------------------------------
> +# Script to digest password using the algorithm specified
> +# -----------------------------------------------------------------------------

Copy / paste error?

Actually, there is a large amount of duplication between this and other
scripts. Time for some refactoring?

> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1811614&r1=1811613&r2=1811614&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Mon Oct  9 21:55:29 2017
> @@ -824,4 +824,77 @@ public class OpenSSLCipherConfigurationP
>          }
>          return builder.toString().substring(0, builder.length() - 1);
>      }
> +
> +    public static void usage() {
> +        System.out.println("Usage: java " + OpenSSLCipherConfigurationParser.class.getName() + " [options] cipherspec");
> +        System.out.println();
> +        System.out.println("Displays the TLS cipher suites matching the cipherspec.");
> +        System.out.println();
> +        System.out.println(" --help,");
> +        System.out.println(" -h          Print this help message");
> +        System.out.println(" --openssl   Show OpenSSL cipher suite names instead of IANA cipher suite names.");
> +        System.out.println(" --verbose,");
> +        System.out.println(" -v          Provide detailed cipher listing");

Maybe clarify in the text above that Java accepts the IANA names?

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1811614 - in /tomcat/trunk: bin/ciphers.sh java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 10/10/17 4:49 AM, Mark Thomas wrote:

> On 09/10/17 22:55, [hidden email] wrote:
>> Author: schultz Date: Mon Oct  9 21:55:29 2017 New Revision:
>> 1811614
>>
>> URL: http://svn.apache.org/viewvc?rev=1811614&view=rev Log: Add
>> main method to OpenSSLCipherConfigurationParser and wrapper
>> script to mimic "openssl ciphers" command.
>
> <snip/>
>
>> +#
>> ---------------------------------------------------------------------
- --------
>>
>>
+# Script to digest password using the algorithm specified
>> +#
>> ---------------------------------------------------------------------
- --------
>
>>
> Copy / paste error?

Yep, I copied the existing digest.sh script for this purpose and
missed that part. Thanks for the heads-up.

> Actually, there is a large amount of duplication between this and
> other scripts. Time for some refactoring?

Possibly. I wasn't entirely sure the purpose for all of that
boilerplate stuff at the top of the script, so I decided not to touch
it (for now). I'm happy look at opportunities for shared code.

There is a script called tool-wrapper.sh, but that appears to be a
wrapper around a specific piece of Java code. I'll investigate that as
well.

>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLC
ipherConfigurationParser.java
>>
>>
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/ne
t/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1811614&r1=1
811613&r2=1811614&view=diff
>> =====================================================================
=========
>>
>>
- ---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCiph
erConfigurationParser.java
(original)
>> +++
>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLC
ipherConfigurationParser.java

>> Mon Oct  9 21:55:29 2017 @@ -824,4 +824,77 @@ public class
>> OpenSSLCipherConfigurationP } return
>> builder.toString().substring(0, builder.length() - 1); } + +
>> public static void usage() { +        System.out.println("Usage:
>> java " + OpenSSLCipherConfigurationParser.class.getName() + "
>> [options] cipherspec"); +        System.out.println(); +
>> System.out.println("Displays the TLS cipher suites matching the
>> cipherspec."); +        System.out.println(); +
>> System.out.println(" --help,"); +        System.out.println(" -h
>> Print this help message"); +        System.out.println("
>> --openssl   Show OpenSSL cipher suite names instead of IANA
>> cipher suite names."); +        System.out.println("
>> --verbose,"); +        System.out.println(" -v          Provide
>> detailed cipher listing");
>
> Maybe clarify in the text above that Java accepts the IANA names?

+1

I'll make that change as well.

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnfoHkdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgXHg//ZZ+NTOmTb1qZmQMq
p20YAqtew2jceZkny4VBpSjaPeGrzCqrmBsaMlBSd+TeygYjmczkrjEMnGyuRb9k
gTF5g1euAf/WJHJEhiuU+7nGC71v8F3Klp6NnLin0Wp4EzLrPzbwJzVV/LkTbXhy
jGgTM0xK1fWN5GxEg3eY7JrRu96nx7EVaBBVepis+lktMnHT5r27A/FtVysWEQ0d
QL4hx6lAXiHpp1TiTID1qFuMU6VUMoAi8ywB4YAGsO7gr9EjAJljdCRrR1QUshfC
+mP3afV6LcWnYaP+jm1iIIfxlimh9BO3pnVXmNLtj7p8ZH3K6z4fjBRVQWjvXJ1b
VtzMGqF9lIUOwb/II7Y+KskbCX94r8DqQ3+XG89spbk6/LrGMS5g3vWmBQs3TrfR
LBu9LGR76jmvZPweeE7QaHvipmwvPLaMfj9o2IIqfvd6ELf1YFpGEFfqR2OW2m+9
lpr0o2agpMX7u4QCOMXfKINiR3l2SN2y8+IwhE9OsFc+r/K3BHWuDeqjPE8EpcuM
HAtk3ncA0UFoL85eRQumoZQjGVkcoEfvUFl3YbKY6vhF9lGD/I9kqpH7wUUs2Wpr
t6TqXWIiPB1yU+rnWFtsnJoB9K7OBRQucecdBi35pqBpB5GwR+AKu18DUOWds/4P
tUqpY2NkL/XpfgXQvkDvoCSYAmg=
=J68X
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]