From ef527194ff38866e1dcaf94c1831a6f026aecf6d Mon Sep 17 00:00:00 2001
From: mchyzer <mchyzer@isc.upenn.edu>
Date: Sat, 4 Jan 2025 15:26:02 -0500
Subject: [PATCH] upgrade tomcat

---
 container_files/tomcat/conf/createPatches.txt    |  2 +-
 container_files/tomcat/conf/server.xml.grouper   |  8 +++++---
 .../tomcat/conf/server.xml.grouper.patch         | 16 ++++++++--------
 container_files/tomcat/conf/server.xml.original  |  8 +++++---
 4 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/container_files/tomcat/conf/createPatches.txt b/container_files/tomcat/conf/createPatches.txt
index 564d3d3..74a6258 100644
--- a/container_files/tomcat/conf/createPatches.txt
+++ b/container_files/tomcat/conf/createPatches.txt
@@ -1,2 +1,2 @@
-# note: get the server.xml into the original, make sure it ends with newline if the file does
+# note: get the server.xml into the original, adjust server.xml.grouper, make sure it ends with newline if the file does
 diff -u server.xml.original server.xml.grouper > server.xml.grouper.patch
diff --git a/container_files/tomcat/conf/server.xml.grouper b/container_files/tomcat/conf/server.xml.grouper
index 3417a8b..9e781cf 100644
--- a/container_files/tomcat/conf/server.xml.grouper
+++ b/container_files/tomcat/conf/server.xml.grouper
@@ -24,8 +24,10 @@
   <!-- Security listener. Documentation at /docs/config/listeners.html
   <Listener className="org.apache.catalina.security.SecurityListener" />
   -->
-  <!-- APR library loader. Documentation at /docs/apr.html -->
-  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- APR connector and OpenSSL support using Tomcat Native -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" />
+  <!-- OpenSSL support using FFM API from Java 22 -->
+  <!-- <Listener className="org.apache.catalina.core.OpenSSLLifecycleListener" /> -->
   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -95,7 +97,7 @@
                >
         <SSLHostConfig>
             <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
-                         type="RSA" />
+                         certificateKeystorePassword="changeit" type="RSA" />
         </SSLHostConfig>
     </Connector>
     -->
diff --git a/container_files/tomcat/conf/server.xml.grouper.patch b/container_files/tomcat/conf/server.xml.grouper.patch
index 9caaa75..5e928a5 100644
--- a/container_files/tomcat/conf/server.xml.grouper.patch
+++ b/container_files/tomcat/conf/server.xml.grouper.patch
@@ -1,6 +1,6 @@
---- server.xml.original	2023-08-21 10:59:20.000000000 -0400
-+++ server.xml.grouper	2024-03-17 13:17:51.000000000 -0400
-@@ -66,11 +66,12 @@
+--- server.xml.original	2025-01-04 15:19:50
++++ server.xml.grouper	2025-01-04 15:22:01
+@@ -68,11 +68,12 @@
           APR (HTTP/AJP) Connector: /docs/apr.html
           Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
      -->
@@ -15,7 +15,7 @@
      <!-- A "Connector" using the shared thread pool-->
      <!--
      <Connector executor="tomcatThreadPool"
-@@ -98,6 +99,7 @@
+@@ -100,6 +101,7 @@
          </SSLHostConfig>
      </Connector>
      -->
@@ -23,7 +23,7 @@
      <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
           This connector uses the APR/native implementation which always uses
           OpenSSL for TLS.
-@@ -128,7 +130,8 @@
+@@ -130,7 +132,8 @@
                 maxParameterCount="1000"
                 />
      -->
@@ -33,16 +33,16 @@
      <!-- An Engine represents the entry point (within Catalina) that processes
           every request.  The Engine implementation for Tomcat stand alone
           analyzes the HTTP headers included with the request, and passes them
-@@ -166,13 +169,16 @@
+@@ -168,13 +171,16 @@
          <!--
          <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
          -->
 +        <!--GROUPER_TOMCAT_REMOTE_CIDR_VALVE-->
-+
+ 
 +        <!--GROUPER_TOMCAT_REMOTE_IP_VALVE-->
 +
 +        <!--GROUPER_TOMCAT_REWRITE_VALVE-->
- 
++
          <!-- Access log processes all example.
               Documentation at: /docs/config/valve.html
               Note: The pattern used is equivalent to using pattern="common" -->
diff --git a/container_files/tomcat/conf/server.xml.original b/container_files/tomcat/conf/server.xml.original
index c18d1f6..1be01d5 100644
--- a/container_files/tomcat/conf/server.xml.original
+++ b/container_files/tomcat/conf/server.xml.original
@@ -24,8 +24,10 @@
   <!-- Security listener. Documentation at /docs/config/listeners.html
   <Listener className="org.apache.catalina.security.SecurityListener" />
   -->
-  <!-- APR library loader. Documentation at /docs/apr.html -->
-  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- APR connector and OpenSSL support using Tomcat Native -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" />
+  <!-- OpenSSL support using FFM API from Java 22 -->
+  <!-- <Listener className="org.apache.catalina.core.OpenSSLLifecycleListener" /> -->
   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -94,7 +96,7 @@
                >
         <SSLHostConfig>
             <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
-                         type="RSA" />
+                         certificateKeystorePassword="changeit" type="RSA" />
         </SSLHostConfig>
     </Connector>
     -->