Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1121 from eclipse/issue-1108 

Issue #1108 - adding SslContextFactory.dump() selection details
This commit is contained in:
Joakim Erdfelt 2016-11-23 08:48:00 -07:00 committed by GitHub
parent a9817d7ac2 3e963df353
commit 526ea55e9b
3 changed files with 224 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -24,6 +24,7 @@ import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
@ -72,6 +73,8 @@ import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
@ -85,7 +88,7 @@ import org.eclipse.jetty.util.security.Password;
* creates SSL context based on these parameters to be
* used by the SSL connectors.
*/
public class SslContextFactory extends AbstractLifeCycle
public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
{
@ -327,7 +330,50 @@ public class SslContextFactory extends AbstractLifeCycle
LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
}
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(_trustAll)).append(System.lineSeparator());
try
{
/* Use a pristine SSLEngine (not one from this SslContextFactory).
* This will allow for proper detection and identification
* of JRE/lib/security/java.security level disabled features
*/
SSLEngine sslEngine = SSLContext.getDefault().createSSLEngine();
List<Object> selections = new ArrayList<>();
// protocols
selections.add(new SslSelectionDump("Protocol",
sslEngine.getSupportedProtocols(),
sslEngine.getEnabledProtocols(),
getExcludeProtocols(),
getIncludeProtocols()));
// ciphers
selections.add(new SslSelectionDump("Cipher Suite",
sslEngine.getSupportedCipherSuites(),
sslEngine.getEnabledCipherSuites(),
getExcludeCipherSuites(),
getIncludeCipherSuites()));
ContainerLifeCycle.dump(out, indent, selections);
}
catch (NoSuchAlgorithmException ignore)
{
LOG.ignore(ignore);
}
}
@Override
protected void doStop() throws Exception
{

174
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java Normal file
View File

@ -0,0 +1,174 @@
//
// ========================================================================
// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util.ssl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
public class SslSelectionDump extends ContainerLifeCycle implements Dumpable
{
private static class CaptionedList extends ArrayList<String> implements Dumpable
{
private final String caption;
public CaptionedList(String caption)
{
this.caption = caption;
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(SslSelectionDump.CaptionedList.this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(caption);
out.append(" (size=").append(Integer.toString(size())).append(")");
out.append(System.lineSeparator());
ContainerLifeCycle.dump(out, indent, this);
}
}
private final String type;
private SslSelectionDump.CaptionedList enabled = new SslSelectionDump.CaptionedList("Enabled");
private SslSelectionDump.CaptionedList disabled = new SslSelectionDump.CaptionedList("Disabled");
public SslSelectionDump(String type,
String[] supportedByJVM,
String[] enabledByJVM,
String[] excludedByConfig,
String[] includedByConfig)
{
this.type = type;
addBean(enabled);
addBean(disabled);
List<String> jvmEnabled = Arrays.asList(enabledByJVM);
List<Pattern> excludedPatterns = Arrays.stream(excludedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
List<Pattern> includedPatterns = Arrays.stream(includedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
Arrays.stream(supportedByJVM)
.sorted(Comparator.naturalOrder())
.forEach((entry) ->
{
boolean isPresent = true;
StringBuilder s = new StringBuilder();
s.append(entry);
if (!jvmEnabled.contains(entry))
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
s.append(" JreDisabled:java.security");
}
for (Pattern pattern : excludedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigExcluded:'").append(pattern.pattern()).append('\'');
}
}
if (!includedPatterns.isEmpty())
{
boolean isIncluded = false;
for (Pattern pattern : includedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
isIncluded = true;
break;
}
}
if (!isIncluded)
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigIncluded:NotSpecified");
}
}
if (isPresent)
{
enabled.add(s.toString());
}
else
{
disabled.add(s.toString());
}
});
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
dumpBeans(out, indent);
}
@Override
protected void dumpThis(Appendable out) throws IOException
{
out.append(type).append(" Selections").append(System.lineSeparator());
}
}

8
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -29,7 +29,6 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
@ -62,11 +61,8 @@ public class SslContextFactoryTest
cf.setKeyManagerPassword("keypwd");
cf.start();
System.err.println(Arrays.asList(cf.getSelectedProtocols()));
for (String cipher : cf.getSelectedCipherSuites())
System.err.println(cipher);
cf.dump(System.out, "");
}
@Test