Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1108 - adding SslContextFactory.dump() selection details 

+ Protocol selection details
+ Cipher Suites selection details

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2016-11-22 11:26:53 -07:00
parent d361786e43
commit 1672904d84
3 changed files with 194 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -72,6 +72,8 @@ import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle; import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger; import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.resource.Resource;
@ -85,7 +87,7 @@ import org.eclipse.jetty.util.security.Password;
* creates SSL context based on these parameters to be * creates SSL context based on these parameters to be
* used by the SSL connectors. * used by the SSL connectors.
*/ */
public class SslContextFactory extends AbstractLifeCycle public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{ {
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager() public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
{ {
@ -327,7 +329,39 @@ public class SslContextFactory extends AbstractLifeCycle
LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites())); LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
} }
} }
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(_trustAll)).append(System.lineSeparator());
SSLEngine sslEngine = newSSLEngine();
List<Object> selections = new ArrayList<>();
// protocols
selections.add(new SslSelectionDump("Protocol",
sslEngine.getSupportedProtocols(),
sslEngine.getEnabledProtocols(),
getExcludeProtocols(),
getIncludeProtocols()));
// ciphers
selections.add(new SslSelectionDump("Cipher Suite",
sslEngine.getSupportedCipherSuites(),
sslEngine.getEnabledCipherSuites(),
getExcludeCipherSuites(),
getIncludeCipherSuites()));
ContainerLifeCycle.dump(out, indent, selections);
}
@Override @Override
protected void doStop() throws Exception protected void doStop() throws Exception
{ {

156
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java Normal file
View File

@ -0,0 +1,156 @@
package org.eclipse.jetty.util.ssl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
public class SslSelectionDump extends ContainerLifeCycle implements Dumpable
{
private static class CaptionedList extends ArrayList<String> implements Dumpable
{
private final String caption;
public CaptionedList(String caption)
{
this.caption = caption;
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(SslSelectionDump.CaptionedList.this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(caption);
out.append(" (size=").append(Integer.toString(size())).append(")");
out.append(System.lineSeparator());
ContainerLifeCycle.dump(out, indent, this);
}
}
private final String type;
private SslSelectionDump.CaptionedList enabled = new SslSelectionDump.CaptionedList("Enabled");
private SslSelectionDump.CaptionedList disabled = new SslSelectionDump.CaptionedList("Disabled");
public SslSelectionDump(String type,
String[] supportedByJVM,
String[] enabledByJVM,
String[] excludedByConfig,
String[] includedByConfig)
{
this.type = type;
addBean(enabled);
addBean(disabled);
List<String> jvmEnabled = Arrays.asList(enabledByJVM);
List<Pattern> excludedPatterns = Arrays.stream(excludedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
List<Pattern> includedPatterns = Arrays.stream(includedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
Arrays.stream(supportedByJVM)
.sorted(Comparator.naturalOrder())
.forEach((entry) ->
{
boolean isPresent = true;
StringBuilder s = new StringBuilder();
s.append(entry);
if (!jvmEnabled.contains(entry))
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
s.append(" JreDisabled:java.security");
}
for (Pattern pattern : excludedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigExcluded:'").append(pattern.pattern()).append('\'');
}
}
if (!includedPatterns.isEmpty())
{
boolean isIncluded = false;
for (Pattern pattern : includedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
isIncluded = true;
break;
}
}
if (!isIncluded)
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigIncluded:NotSpecified");
}
}
if (isPresent)
{
enabled.add(s.toString());
}
else
{
disabled.add(s.toString());
}
});
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
dumpBeans(out, indent);
}
@Override
protected void dumpThis(Appendable out) throws IOException
{
out.append(type).append(" Selections").append(System.lineSeparator());
}
}

8
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -29,7 +29,6 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
@ -62,11 +61,8 @@ public class SslContextFactoryTest
cf.setKeyManagerPassword("keypwd"); cf.setKeyManagerPassword("keypwd");
cf.start(); cf.start();
System.err.println(Arrays.asList(cf.getSelectedProtocols())); cf.dump(System.out, "");
for (String cipher : cf.getSelectedCipherSuites())
System.err.println(cipher);
} }
@Test @Test