Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged branch 'jetty-9.4.x' into 'master'.

This commit is contained in:
Simone Bordet 2017-10-05 23:02:50 +02:00
parent e9d813552b cebe2a7c4e
commit b1ba04ee0e
1 changed files with 52 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -44,6 +44,7 @@ import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.regex.Matcher;
@ -72,6 +73,8 @@ import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
@ -88,6 +91,7 @@ import org.eclipse.jetty.util.security.Password;
* creates SSL context based on these parameters to be
* used by the SSL connectors.
*/
@ManagedObject
public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
@ -396,11 +400,13 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
_certWilds.clear();
}
@ManagedAttribute(value = "The selected TLS protocol versions", readonly = true)
public String[] getSelectedProtocols()
{
return Arrays.copyOf(_selectedProtocols, _selectedProtocols.length);
}
@ManagedAttribute(value = "The selected cipher suites", readonly = true)
public String[] getSelectedCipherSuites()
{
return Arrays.copyOf(_selectedCipherSuites, _selectedCipherSuites.length);
@ -432,6 +438,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The array of protocol names to exclude from
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
@ManagedAttribute("The excluded TLS protocols")
public String[] getExcludeProtocols()
{
return _excludeProtocols.toArray(new String[0]);
@ -459,6 +466,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The array of protocol names to include in
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
@ManagedAttribute("The included TLS protocols")
public String[] getIncludeProtocols()
{
return _includeProtocols.toArray(new String[0]);
@ -478,6 +486,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The array of cipher suite names to exclude from
* {@link SSLEngine#setEnabledCipherSuites(String[])}
*/
@ManagedAttribute("The excluded cipher suites")
public String[] getExcludeCipherSuites()
{
return _excludeCipherSuites.toArray(new String[0]);
@ -507,6 +516,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The array of cipher suite names to include in
* {@link SSLEngine#setEnabledCipherSuites(String[])}
*/
@ManagedAttribute("The included cipher suites")
public String[] getIncludeCipherSuites()
{
return _includeCipherSuites.toArray(new String[0]);
@ -524,6 +534,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
_includeCipherSuites.addAll(Arrays.asList(cipherSuites));
}
@ManagedAttribute("Whether to respect the cipher suites order")
public boolean isUseCipherSuitesOrder()
{
return _useCipherSuitesOrder;
@ -537,9 +548,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The file or URL of the SSL Key store.
*/
@ManagedAttribute("The keyStore path")
public String getKeyStorePath()
{
return _keyStoreResource.toString();
return Objects.toString(_keyStoreResource, null);
}
/**
@ -560,6 +572,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The provider of the key store
*/
@ManagedAttribute("The keyStore provider name")
public String getKeyStoreProvider()
{
return _keyStoreProvider;
@ -576,6 +589,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The type of the key store (default "JKS")
*/
@ManagedAttribute("The keyStore type")
public String getKeyStoreType()
{
return (_keyStoreType);
@ -592,6 +606,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return Alias of SSL certificate for the connector
*/
@ManagedAttribute("The certificate alias")
public String getCertAlias()
{
return _certAlias;
@ -611,6 +626,12 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
_certAlias = certAlias;
}
@ManagedAttribute("The trustStore path")
public String getTrustStorePath()
{
return Objects.toString(_trustStoreResource, null);
}
/**
* @param trustStorePath The file name or URL of the trust store location
*/
@ -629,6 +650,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The provider of the trust store
*/
@ManagedAttribute("The trustStore provider name")
public String getTrustStoreProvider()
{
return _trustStoreProvider;
@ -645,6 +667,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The type of the trust store (default "JKS")
*/
@ManagedAttribute("The trustStore type")
public String getTrustStoreType()
{
return _trustStoreType;
@ -662,6 +685,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return True if SSL needs client authentication.
* @see SSLEngine#getNeedClientAuth()
*/
@ManagedAttribute("Whether client authentication is needed")
public boolean getNeedClientAuth()
{
return _needClientAuth;
@ -680,6 +704,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return True if SSL wants client authentication.
* @see SSLEngine#getWantClientAuth()
*/
@ManagedAttribute("Whether client authentication is wanted")
public boolean getWantClientAuth()
{
return _wantClientAuth;
@ -697,6 +722,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return true if SSL certificate has to be validated
*/
@ManagedAttribute("Whether certificates are validated")
public boolean isValidateCerts()
{
return _validateCerts;
@ -713,6 +739,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return true if SSL certificates of the peer have to be validated
*/
@ManagedAttribute("Whether peer certificates are validated")
public boolean isValidatePeerCerts()
{
return _validatePeerCerts;
@ -764,6 +791,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The SSL provider name, which if set is passed to
* {@link SSLContext#getInstance(String, String)}
*/
@ManagedAttribute("The provider name")
public String getProvider()
{
return _sslProvider;
@ -782,6 +810,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return The SSL protocol (default "TLS") passed to
* {@link SSLContext#getInstance(String, String)}
*/
@ManagedAttribute("The TLS protocol")
public String getProtocol()
{
return _sslProtocol;
@ -801,6 +830,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
* {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
*/
@ManagedAttribute("The SecureRandom algorithm")
public String getSecureRandomAlgorithm()
{
return _secureRandomAlgorithm;
@ -819,6 +849,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
*/
@ManagedAttribute("The KeyManagerFactory algorithm")
public String getKeyManagerFactoryAlgorithm()
{
return _keyManagerFactoryAlgorithm;
@ -835,6 +866,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
*/
@ManagedAttribute("The TrustManagerFactory algorithm")
public String getTrustManagerFactoryAlgorithm()
{
return _trustManagerFactoryAlgorithm;
@ -843,6 +875,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return True if all certificates should be trusted if there is no KeyStore or TrustStore
*/
@ManagedAttribute("Whether certificates should be trusted even if they are invalid")
public boolean isTrustAll()
{
return _trustAll;
@ -870,6 +903,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return whether TLS renegotiation is allowed (true by default)
*/
@ManagedAttribute("Whether renegotiation is allowed")
public boolean isRenegotiationAllowed()
{
return _renegotiationAllowed;
@ -884,9 +918,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
}
/**
* @return The number of renegotions allowed for this connection. When the limit
* @return The number of renegotiations allowed for this connection. When the limit
* is 0 renegotiation will be denied. If the limit is less than 0 then no limit is applied.
*/
@ManagedAttribute("The max number of renegotiations allowed")
public int getRenegotiationLimit()
{
return _renegotiationLimit;
@ -905,6 +940,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return Path to file that contains Certificate Revocation List
*/
@ManagedAttribute("The path to the certificate revocation list file")
public String getCrlPath()
{
return _crlPath;
@ -922,6 +958,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* @return Maximum number of intermediate certificates in
* the certification path (-1 for unlimited)
*/
@ManagedAttribute("The maximum number of intermediate certificates")
public int getMaxCertPathLength()
{
return _maxCertPathLength;
@ -961,6 +998,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return the endpoint identification algorithm
*/
@ManagedAttribute("The endpoint identification algorithm")
public String getEndpointIdentificationAlgorithm()
{
return _endpointIdentificationAlgorithm;
@ -995,7 +1033,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
*/
protected KeyStore loadKeyStore(Resource resource) throws Exception
{
String storePassword = _keyStorePassword == null ? null : _keyStorePassword.toString();
String storePassword = Objects.toString(_keyStorePassword, null);
return CertificateUtils.getKeyStore(resource, getKeyStoreType(), getKeyStoreProvider(), storePassword);
}
@ -1010,7 +1048,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
String type = getTrustStoreType();
String provider = getTrustStoreProvider();
String passwd = _trustStorePassword == null ? null : _trustStorePassword.toString();
String passwd = Objects.toString(_trustStorePassword, null);
if (resource == null || resource.equals(_keyStoreResource))
{
resource = _keyStoreResource;
@ -1019,7 +1057,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
if (provider == null)
provider = _keyStoreProvider;
if (passwd == null)
passwd = _keyStorePassword == null ? null : _keyStorePassword.toString();
passwd = Objects.toString(_keyStorePassword, null);
}
return CertificateUtils.getKeyStore(resource, type, provider, passwd);
}
@ -1208,7 +1246,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
if (LOG.isDebugEnabled())
LOG.debug("Sorting selected ciphers with {}", comparator);
Collections.sort(selected_ciphers, comparator);
selected_ciphers.sort(comparator);
}
_selectedCipherSuites = selected_ciphers.toArray(new String[0]);
@ -1262,6 +1300,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return true if CRL Distribution Points support is enabled
*/
@ManagedAttribute("Whether certificate revocation list distribution points is enabled")
public boolean isEnableCRLDP()
{
return _enableCRLDP;
@ -1280,6 +1319,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return true if On-Line Certificate Status Protocol support is enabled
*/
@ManagedAttribute("Whether online certificate status protocol support is enabled")
public boolean isEnableOCSP()
{
return _enableOCSP;
@ -1298,6 +1338,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return Location of the OCSP Responder
*/
@ManagedAttribute("The online certificate status protocol URL")
public String getOcspResponderURL()
{
return _ocspResponderURL;
@ -1388,6 +1429,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return true if SSL Session caching is enabled
*/
@ManagedAttribute("Whether TLS session caching is enabled")
public boolean isSessionCachingEnabled()
{
return _sessionCachingEnabled;
@ -1414,6 +1456,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
*
* @return SSL session cache size
*/
@ManagedAttribute("The maximum TLS session cache size")
public int getSslSessionCacheSize()
{
return _sslSessionCacheSize;
@ -1437,6 +1480,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
*
* @return SSL session timeout
*/
@ManagedAttribute("The TLS session cache timeout, in seconds")
public int getSslSessionTimeout()
{
return _sslSessionTimeout;
@ -1697,9 +1741,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
@Override
public String toString()
{
return String.format("%s@%x(%s,%s)",
return String.format("%s@%x[provider=%s,keyStore=%s,trusStore=%s)",
getClass().getSimpleName(),
hashCode(),
_sslProvider,
_keyStoreResource,
_trustStoreResource);
}