diff options
author | gjoranv <gv@verizonmedia.com> | 2021-03-25 01:21:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-25 01:21:57 +0100 |
commit | b8efc4785db0d3fef303b22e30e6f23e85ea4e51 (patch) | |
tree | c78641c028428abb907baf03fac6eb163873d38a /container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java | |
parent | 17978ed4bc296f2bd27e00b35244a6b1da66f40d (diff) | |
parent | 0176ecaec7b8beecacc0c27597b5f92d7db520f4 (diff) |
Merge pull request #17140 from vespa-engine/gjoranv/merge-http-into-core_rebased
Gjoranv/merge http into core (rebased)
Diffstat (limited to 'container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java new file mode 100644 index 00000000000..93d4f1dca3f --- /dev/null +++ b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java @@ -0,0 +1,42 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.ssl.impl; + +import com.yahoo.component.AbstractComponent; +import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider; +import com.yahoo.security.tls.TlsContext; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; +import java.util.List; + +import static com.yahoo.jdisc.http.ssl.impl.SslContextFactoryUtils.setEnabledCipherSuites; +import static com.yahoo.jdisc.http.ssl.impl.SslContextFactoryUtils.setEnabledProtocols; + +/** + * A {@link SslContextFactoryProvider} that creates {@link SslContextFactory} instances from {@link TlsContext} instances. + * + * @author bjorncs + */ +public abstract class TlsContextBasedProvider extends AbstractComponent implements SslContextFactoryProvider { + + protected abstract TlsContext getTlsContext(String containerId, int port); + + @Override + public final SslContextFactory getInstance(String containerId, int port) { + TlsContext tlsContext = getTlsContext(containerId, port); + SSLContext sslContext = tlsContext.context(); + SSLParameters parameters = tlsContext.parameters(); + + SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); + sslContextFactory.setSslContext(sslContext); + + sslContextFactory.setNeedClientAuth(parameters.getNeedClientAuth()); + sslContextFactory.setWantClientAuth(parameters.getWantClientAuth()); + + setEnabledProtocols(sslContextFactory, sslContext, List.of(parameters.getProtocols())); + setEnabledCipherSuites(sslContextFactory, sslContext, List.of(parameters.getCipherSuites())); + + return sslContextFactory; + } +} |