Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged branch 'jetty-9.4.x' into 'master'.

This commit is contained in:
Simone Bordet 2016-09-15 12:18:02 +02:00
parent 92025e31fe 1f4bb58ef4
commit 9835598727
1 changed files with 16 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -77,16 +77,12 @@ import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator; import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Password; import org.eclipse.jetty.util.security.Password;
/** /**
* SslContextFactory is used to configure SSL connectors * SslContextFactory is used to configure SSL connectors
* as well as HttpClient. It holds all SSL parameters and * as well as HttpClient. It holds all SSL parameters and
* creates SSL context based on these parameters to be * creates SSL context based on these parameters to be
* used by the SSL connectors. * used by the SSL connectors.
*/ */
/**
*/
public class SslContextFactory extends AbstractLifeCycle public class SslContextFactory extends AbstractLifeCycle
{ {
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager() public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
@ -105,7 +101,7 @@ public class SslContextFactory extends AbstractLifeCycle
} }
}}; }};
static final Logger LOG = Log.getLogger(SslContextFactory.class); private static final Logger LOG = Log.getLogger(SslContextFactory.class);
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
@ -227,9 +223,6 @@ public class SslContextFactory extends AbstractLifeCycle
protected Factory _factory; protected Factory _factory;
/** /**
* Construct an instance of SslContextFactory * Construct an instance of SslContextFactory
* Default constructor for use in XmlConfiguration files * Default constructor for use in XmlConfiguration files
@ -247,9 +240,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public SslContextFactory(boolean trustAll) public SslContextFactory(boolean trustAll)
{ {
setTrustAll(trustAll); this(trustAll, null);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
} }
/** /**
@ -258,7 +249,16 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public SslContextFactory(String keyStorePath) public SslContextFactory(String keyStorePath)
{ {
setKeyStorePath(keyStorePath); this(false, keyStorePath);
}
private SslContextFactory(boolean trustAll, String keyStorePath)
{
setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
if (keyStorePath != null)
setKeyStorePath(keyStorePath);
} }
public String[] getSelectedProtocols() public String[] getSelectedProtocols()
@ -1105,7 +1105,8 @@ public class SslContextFactory extends AbstractLifeCycle
} }
} }
LOG.debug("managers={} for {}",managers,this); if (LOG.isDebugEnabled())
LOG.debug("managers={} for {}",managers,this);
return managers; return managers;
} }
@ -1192,18 +1193,13 @@ public class SslContextFactory extends AbstractLifeCycle
else else
selected_protocols.addAll(Arrays.asList(enabledProtocols)); selected_protocols.addAll(Arrays.asList(enabledProtocols));
// Remove any excluded protocols // Remove any excluded protocols
selected_protocols.removeAll(_excludeProtocols); selected_protocols.removeAll(_excludeProtocols);
if (selected_protocols.isEmpty()) if (selected_protocols.isEmpty())
LOG.warn("No selected protocols from {}",Arrays.asList(supportedProtocols)); LOG.warn("No selected protocols from {}",Arrays.asList(supportedProtocols));
_selectedProtocols = selected_protocols.toArray(new String[selected_protocols.size()]); _selectedProtocols = selected_protocols.toArray(new String[selected_protocols.size()]);
} }
/** /**
@ -1567,7 +1563,7 @@ public class SslContextFactory extends AbstractLifeCycle
/** /**
* Customize an SslEngine instance with the configuration of this factory, * Customize an SslEngine instance with the configuration of this factory,
* by calling {@link #customize(SSLParameters)} * by calling {@link #customize(SSLParameters)}
* @param sslEngine * @param sslEngine the SSLEngine to customize
*/ */
public void customize(SSLEngine sslEngine) public void customize(SSLEngine sslEngine)
{ {
@ -1587,7 +1583,7 @@ public class SslContextFactory extends AbstractLifeCycle
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm); sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder); sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
if (!_certHosts.isEmpty() || !_certWilds.isEmpty()) if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher())); sslParams.setSNIMatchers(Collections.singletonList(new AliasSNIMatcher()));
if (_selectedCipherSuites!=null) if (_selectedCipherSuites!=null)
sslParams.setCipherSuites(_selectedCipherSuites); sslParams.setCipherSuites(_selectedCipherSuites);
if (_selectedProtocols!=null) if (_selectedProtocols!=null)