Merged branch 'jetty-9.4.x' into 'master'.

This commit is contained in:
Simone Bordet 2016-09-15 12:18:02 +02:00
commit 9835598727
1 changed files with 16 additions and 20 deletions

View File

@ -77,16 +77,12 @@ import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Password;
/**
* SslContextFactory is used to configure SSL connectors
* as well as HttpClient. It holds all SSL parameters and
* creates SSL context based on these parameters to be
* used by the SSL connectors.
*/
/**
*/
public class SslContextFactory extends AbstractLifeCycle
{
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
@ -105,7 +101,7 @@ public class SslContextFactory extends AbstractLifeCycle
}
}};
static final Logger LOG = Log.getLogger(SslContextFactory.class);
private static final Logger LOG = Log.getLogger(SslContextFactory.class);
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
@ -227,9 +223,6 @@ public class SslContextFactory extends AbstractLifeCycle
protected Factory _factory;
/**
* Construct an instance of SslContextFactory
* Default constructor for use in XmlConfiguration files
@ -247,9 +240,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/
public SslContextFactory(boolean trustAll)
{
setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
this(trustAll, null);
}
/**
@ -258,6 +249,15 @@ public class SslContextFactory extends AbstractLifeCycle
*/
public SslContextFactory(String keyStorePath)
{
this(false, keyStorePath);
}
private SslContextFactory(boolean trustAll, String keyStorePath)
{
setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
if (keyStorePath != null)
setKeyStorePath(keyStorePath);
}
@ -1105,6 +1105,7 @@ public class SslContextFactory extends AbstractLifeCycle
}
}
if (LOG.isDebugEnabled())
LOG.debug("managers={} for {}",managers,this);
return managers;
@ -1192,18 +1193,13 @@ public class SslContextFactory extends AbstractLifeCycle
else
selected_protocols.addAll(Arrays.asList(enabledProtocols));
// Remove any excluded protocols
selected_protocols.removeAll(_excludeProtocols);
if (selected_protocols.isEmpty())
LOG.warn("No selected protocols from {}",Arrays.asList(supportedProtocols));
_selectedProtocols = selected_protocols.toArray(new String[selected_protocols.size()]);
}
/**
@ -1567,7 +1563,7 @@ public class SslContextFactory extends AbstractLifeCycle
/**
* Customize an SslEngine instance with the configuration of this factory,
* by calling {@link #customize(SSLParameters)}
* @param sslEngine
* @param sslEngine the SSLEngine to customize
*/
public void customize(SSLEngine sslEngine)
{
@ -1587,7 +1583,7 @@ public class SslContextFactory extends AbstractLifeCycle
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
sslParams.setSNIMatchers(Collections.singletonList(new AliasSNIMatcher()));
if (_selectedCipherSuites!=null)
sslParams.setCipherSuites(_selectedCipherSuites);
if (_selectedProtocols!=null)