X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Futil%2Fssl%2FSslContextFactory.java;fp=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Futil%2Fssl%2FSslContextFactory.java;h=edf37897ec7db89ff69793d431297ea49a85df5f;hp=016c81273eb41772b1edbf8a77ca9be11dd36d43;hb=065ca60170f2471227dc25784e1a4c3b7912d367;hpb=ad7a401ad98da5a8a33e60d39789e941aa8ccfc4 diff --git a/lib/jetty/org/eclipse/jetty/util/ssl/SslContextFactory.java b/lib/jetty/org/eclipse/jetty/util/ssl/SslContextFactory.java index 016c8127..edf37897 100644 --- a/lib/jetty/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/lib/jetty/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -1,6 +1,6 @@ // // ======================================================================== -// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. +// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. // ------------------------------------------------------------------------ // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 @@ -116,12 +116,13 @@ public class SslContextFactory extends AbstractLifeCycle private final Set _excludeProtocols = new LinkedHashSet<>(); /** Included protocols. */ - private Set _includeProtocols = null; + private final Set _includeProtocols = new LinkedHashSet<>(); /** Excluded cipher suites. */ private final Set _excludeCipherSuites = new LinkedHashSet<>(); + /** Included cipher suites. */ - private Set _includeCipherSuites = null; + private final Set _includeCipherSuites = new LinkedHashSet<>(); /** Keystore path. */ private String _keyStorePath; @@ -224,6 +225,7 @@ public class SslContextFactory extends AbstractLifeCycle public SslContextFactory(boolean trustAll) { setTrustAll(trustAll); + addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); } /** @@ -251,13 +253,14 @@ public class SslContextFactory extends AbstractLifeCycle if (_trustAll) { - LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!"); + if (LOG.isDebugEnabled()) + LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!"); // Create a trust manager that does not validate certificate chains trust_managers = TRUST_ALL_CERTS; } SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm); - SSLContext context = SSLContext.getInstance(_sslProtocol); + SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider); context.init(null, trust_managers, secureRandom); _context = context; } @@ -298,15 +301,17 @@ public class SslContextFactory extends AbstractLifeCycle TrustManager[] trustManagers = getTrustManagers(trustStore,crls); SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm); - SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol,_sslProvider); + SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider); context.init(keyManagers,trustManagers,secureRandom); _context = context; } SSLEngine engine = newSSLEngine(); - LOG.debug("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols())); if (LOG.isDebugEnabled()) + { + LOG.debug("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols())); LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites())); + } } } @@ -364,7 +369,8 @@ public class SslContextFactory extends AbstractLifeCycle public void setIncludeProtocols(String... protocols) { checkNotStarted(); - _includeProtocols = new LinkedHashSet<>(Arrays.asList(protocols)); + _includeProtocols.clear(); + _includeProtocols.addAll(Arrays.asList(protocols)); } /** @@ -416,7 +422,8 @@ public class SslContextFactory extends AbstractLifeCycle public void setIncludeCipherSuites(String... cipherSuites) { checkNotStarted(); - _includeCipherSuites = new LinkedHashSet<>(Arrays.asList(cipherSuites)); + _includeCipherSuites.clear(); + _includeCipherSuites.addAll(Arrays.asList(cipherSuites)); } /** @@ -1034,7 +1041,7 @@ public class SslContextFactory extends AbstractLifeCycle Set selected_protocols = new LinkedHashSet<>(); // Set the starting protocols - either from the included or enabled list - if (_includeProtocols!=null) + if (!_includeProtocols.isEmpty()) { // Use only the supported included protocols for (String protocol : _includeProtocols) @@ -1064,17 +1071,17 @@ public class SslContextFactory extends AbstractLifeCycle Set selected_ciphers = new CopyOnWriteArraySet<>(); // Set the starting ciphers - either from the included or enabled list - if (_includeCipherSuites!=null) - processIncludeCipherSuites(supportedCipherSuites, selected_ciphers); - else + if (_includeCipherSuites.isEmpty()) selected_ciphers.addAll(Arrays.asList(enabledCipherSuites)); + else + processIncludeCipherSuites(supportedCipherSuites, selected_ciphers); removeExcludedCipherSuites(selected_ciphers); return selected_ciphers.toArray(new String[selected_ciphers.size()]); } - private void processIncludeCipherSuites(String[] supportedCipherSuites, Set selected_ciphers) + protected void processIncludeCipherSuites(String[] supportedCipherSuites, Set selected_ciphers) { for (String cipherSuite : _includeCipherSuites) { @@ -1088,7 +1095,7 @@ public class SslContextFactory extends AbstractLifeCycle } } - private void removeExcludedCipherSuites(Set selected_ciphers) + protected void removeExcludedCipherSuites(Set selected_ciphers) { for (String excludeCipherSuite : _excludeCipherSuites) {