From 1a666e1bd222e6bfed3dab418029c31a9c098ece Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Wed, 20 May 2015 16:55:22 +0200 Subject: [PATCH] Code cleanups. --- .../jetty/util/ssl/SslContextFactory.java | 114 +++++++++--------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 271669a5d9b..36e7d38b61f 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -110,15 +110,15 @@ public class SslContextFactory extends AbstractLifeCycle /* * @see {@link X509Certificate#getKeyUsage()} */ - private static final int KEY_USAGE__KEY_CERT_SIGN=5; + private static final int KEY_USAGE__KEY_CERT_SIGN=5; /* - * + * * @see {@link X509Certificate#getSubjectAlternativeNames()} */ - private static final int SUBJECT_ALTERNATIVE_NAMES__DNS_NAME=2; + private static final int SUBJECT_ALTERNATIVE_NAMES__DNS_NAME=2; + - public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm")); @@ -141,11 +141,11 @@ public class SslContextFactory extends AbstractLifeCycle /** Excluded cipher suites. */ private final Set _excludeCipherSuites = new LinkedHashSet<>(); - + /** Included cipher suites. */ - private final List _includeCipherSuites = new CopyOnWriteArrayList(); + private final List _includeCipherSuites = new CopyOnWriteArrayList<>(); private boolean _useCipherSuitesOrder=true; - + /** Keystore path. */ private Resource _keyStoreResource; /** Keystore provider name */ @@ -228,10 +228,10 @@ public class SslContextFactory extends AbstractLifeCycle private boolean _renegotiationAllowed = true; protected Factory _factory; - - - - + + + + /** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files @@ -280,7 +280,7 @@ public class SslContextFactory extends AbstractLifeCycle SSLContext context = _setContext; KeyStore keyStore = _setKeyStore; KeyStore trustStore = _setTrustStore; - + if (context == null) { // Is this an empty factory? @@ -335,21 +335,21 @@ public class SslContextFactory extends AbstractLifeCycle _certAliases.clear(); if (keyStore!=null) { - loop: for (String alias : Collections.list(keyStore.aliases())) + for (String alias : Collections.list(keyStore.aliases())) { Certificate certificate = keyStore.getCertificate(alias); if ("X.509".equals(certificate.getType())) { X509Certificate x509 = (X509Certificate)certificate; - + // Exclude certificates with special uses if (x509.getKeyUsage()!=null) { boolean[] b=x509.getKeyUsage(); if (b[KEY_USAGE__KEY_CERT_SIGN]) - continue loop; + continue; } - + // Look for alternative name extensions boolean named=false; Collection> altNames = x509.getSubjectAlternativeNames(); @@ -370,7 +370,7 @@ public class SslContextFactory extends AbstractLifeCycle } } } - + // If no names found, look up the cn from the subject if (!named) { @@ -387,18 +387,18 @@ public class SslContextFactory extends AbstractLifeCycle } } } - } + } } } - + // find wild aliases _certWilds.clear(); for (String name : _certAliases.keySet()) if (name.startsWith("*.")) _certWilds.put(name.substring(1),_certAliases.get(name)); - + LOG.info("x509={} wild={} alias={} for {}",_certAliases,_certWilds,_certAlias,this); - + // Instantiate key and trust managers KeyManager[] keyManagers = getKeyManagers(keyStore); TrustManager[] trustManagers = getTrustManagers(trustStore,crls); @@ -409,7 +409,7 @@ public class SslContextFactory extends AbstractLifeCycle context.init(keyManagers,trustManagers,secureRandom); } } - + _factory = new Factory(keyStore,trustStore,context); SSLEngine engine = newSSLEngine(); if (LOG.isDebugEnabled()) @@ -417,7 +417,7 @@ public class SslContextFactory extends AbstractLifeCycle LOG.debug("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols())); LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites())); } - + } @Override @@ -542,7 +542,7 @@ public class SslContextFactory extends AbstractLifeCycle { _useCipherSuitesOrder = useCipherSuitesOrder; } - + /** * @return The file or URL of the SSL Key store. */ @@ -626,7 +626,7 @@ public class SslContextFactory extends AbstractLifeCycle checkNotStarted(); _certAlias = certAlias; } - + /** * @param trustStorePath * The file name or URL of the trust store location @@ -758,7 +758,7 @@ public class SslContextFactory extends AbstractLifeCycle /** * @param password - * The password for the key store. If null is passed then + * The password for the key store. If null is passed then * the {@link Password#getPassword(String, String, String)} is used to * obtain a password either from the "org.eclipse.jetty.ssl.password" * System property or by prompting for manual entry. @@ -766,7 +766,7 @@ public class SslContextFactory extends AbstractLifeCycle public void setKeyStorePassword(String password) { checkNotStarted(); - + _keyStorePassword = password==null ?Password.getPassword(PASSWORD_PROPERTY,null,null) :new Password(password); @@ -775,7 +775,7 @@ public class SslContextFactory extends AbstractLifeCycle /** * @param password * The password (if any) for the specific key within the key store. - * If null is passed then + * If null is passed then * the {@link Password#getPassword(String, String, String)} is used to * obtain a password either from the "org.eclipse.jetty.ssl.keypassword" * System property or by prompting for manual entry. @@ -790,7 +790,7 @@ public class SslContextFactory extends AbstractLifeCycle /** * @param password - * The password for the trust store. If null is passed then + * The password for the trust store. If null is passed then * the {@link Password#getPassword(String, String, String)} is used to * obtain a password either from the "org.eclipse.jetty.ssl.password" * System property or by prompting for manual entry. @@ -1004,8 +1004,8 @@ public class SslContextFactory extends AbstractLifeCycle /** * Override this method to provide alternate way to load a keystore. - * - * @param resource the resource to load the keystore from + * + * @param resource the resource to load the keystore from * @return the key store instance * @throws Exception if the keystore cannot be loaded */ @@ -1016,8 +1016,8 @@ public class SslContextFactory extends AbstractLifeCycle /** * Override this method to provide alternate way to load a truststore. - * - * @param resource the resource to load the truststore from + * + * @param resource the resource to load the truststore from * @return the key store instance * @throws Exception if the truststore cannot be loaded */ @@ -1061,7 +1061,7 @@ public class SslContextFactory extends AbstractLifeCycle managers[idx] = new AliasedX509ExtendedKeyManager((X509ExtendedKeyManager)managers[idx],_certAlias); } } - + if (_certAliases.isEmpty() || !_certWilds.isEmpty()) { for (int idx = 0; idx < managers.length; idx++) @@ -1074,7 +1074,7 @@ public class SslContextFactory extends AbstractLifeCycle } LOG.debug("managers={} for {}",managers,this); - + return managers; } @@ -1225,7 +1225,7 @@ public class SslContextFactory extends AbstractLifeCycle if (isStarted()) throw new IllegalStateException("Cannot modify configuration when "+getState()); } - + /** * Check if the lifecycle has been started and throw runtime exception */ @@ -1234,7 +1234,7 @@ public class SslContextFactory extends AbstractLifeCycle if (!isStarted()) throw new IllegalStateException("!STARTED: "+this); } - + /** * Check if the lifecycle has been started and throw runtime exception */ @@ -1308,7 +1308,7 @@ public class SslContextFactory extends AbstractLifeCycle { return isStarted()?_factory._keyStore:_setKeyStore; } - + /** Set the trust store. * @param trustStore the trust store to set */ @@ -1336,7 +1336,7 @@ public class SslContextFactory extends AbstractLifeCycle { return _keyStoreResource; } - + /** Set the trust store resource. * @param resource the trust store resource to set */ @@ -1350,7 +1350,7 @@ public class SslContextFactory extends AbstractLifeCycle { return _keyStoreResource; } - + /** * @return true if SSL Session caching is enabled */ @@ -1403,7 +1403,7 @@ public class SslContextFactory extends AbstractLifeCycle public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException { checkIsStarted(); - + SSLServerSocketFactory factory = _factory._context.getServerSocketFactory(); SSLServerSocket socket = @@ -1427,7 +1427,7 @@ public class SslContextFactory extends AbstractLifeCycle public SSLSocket newSslSocket() throws IOException { checkIsStarted(); - + SSLSocketFactory factory = _factory._context.getSocketFactory(); SSLSocket socket = (SSLSocket)factory.createSocket(); @@ -1512,7 +1512,7 @@ public class SslContextFactory extends AbstractLifeCycle { if (LOG.isDebugEnabled()) LOG.debug("Customize {}",sslEngine); - + SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm); sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder); @@ -1520,9 +1520,9 @@ public class SslContextFactory extends AbstractLifeCycle { if (LOG.isDebugEnabled()) LOG.debug("Enable SNI matching {}",sslEngine); - sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher())); + sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher())); } - sslEngine.setSSLParameters(sslParams); + sslEngine.setSSLParameters(sslParams); if (getWantClientAuth()) sslEngine.setWantClientAuth(getWantClientAuth()); @@ -1630,15 +1630,15 @@ public class SslContextFactory extends AbstractLifeCycle _keyStoreResource, _trustStoreResource); } - - + + protected class Factory - { + { final KeyStore _keyStore; final KeyStore _trustStore; final SSLContext _context; - + public Factory(KeyStore keyStore, KeyStore trustStore, SSLContext context) { super(); @@ -1646,7 +1646,7 @@ public class SslContextFactory extends AbstractLifeCycle _trustStore = trustStore; _context = context; } - + @Override public String toString() { @@ -1658,7 +1658,7 @@ public class SslContextFactory extends AbstractLifeCycle { private String _alias; private SNIHostName _name; - + protected AliasSNIMatcher() { super(StandardConstants.SNI_HOST_NAME); @@ -1668,14 +1668,14 @@ public class SslContextFactory extends AbstractLifeCycle public boolean matches(SNIServerName serverName) { LOG.debug("matches={} for {}",serverName,this); - + if (serverName instanceof SNIHostName) { _name=(SNIHostName)serverName; // If we don't have a SNI name, or didn't see any certificate aliases, // just say true as it will either somehow work or fail elsewhere - if (_name==null || _certAliases.size()==0) + if (_certAliases.size()==0) return true; // Try an exact match @@ -1686,14 +1686,14 @@ public class SslContextFactory extends AbstractLifeCycle LOG.debug("matched {}->{}",_name.getAsciiName(),_alias); return true; } - + // Try wild card matches String domain = _name.getAsciiName(); int dot=domain.indexOf('.'); if (dot>=0) { domain=domain.substring(dot); - _alias = _certWilds.get(domain); + _alias = _certWilds.get(domain); if (_alias!=null) { if (LOG.isDebugEnabled()) @@ -1704,7 +1704,7 @@ public class SslContextFactory extends AbstractLifeCycle } if (LOG.isDebugEnabled()) LOG.debug("No match for {}",_name.getAsciiName()); - + // Return true and allow the KeyManager to accept or reject when choosing a certificate. return true; } @@ -1713,7 +1713,7 @@ public class SslContextFactory extends AbstractLifeCycle { return _alias; } - + public String getServerName() { return _name==null?null:_name.getAsciiName();