diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2022-05-30 15:26:41 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2022-05-30 16:20:56 +0200 |
commit | e9319078a33a4cfa2925c8cc0afc05e2dcb84465 (patch) | |
tree | 2d16a09fb121591da8247a65eb1c4c8d0b840f09 /container-core/src | |
parent | 326fdc2edcddd10ff2b70b39345b01d97819e7c6 (diff) |
Use default SSL context if non provided
Diffstat (limited to 'container-core/src')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/SslProvider.java (renamed from container-core/src/main/java/com/yahoo/jdisc/http/SslConfigurer.java) | 0 | ||||
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java | 20 |
2 files changed, 16 insertions, 4 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/SslConfigurer.java b/container-core/src/main/java/com/yahoo/jdisc/http/SslProvider.java index bbdba395910..bbdba395910 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/SslConfigurer.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/SslProvider.java diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java index 07c599aa229..e7c9e4f0bee 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java @@ -4,6 +4,8 @@ package com.yahoo.jdisc.http.ssl.impl; import org.eclipse.jetty.util.ssl.SslContextFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; +import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.List; @@ -12,14 +14,14 @@ import java.util.List; */ class SslContextFactoryUtils { - static void setEnabledCipherSuites(SslContextFactory factory, SSLContext sslContext, List<String> enabledCiphers) { - String[] supportedCiphers = sslContext.getSupportedSSLParameters().getCipherSuites(); + static void setEnabledCipherSuites(SslContextFactory factory, SSLContext sslContextOrNull, List<String> enabledCiphers) { + String[] supportedCiphers = supportedSslParams(sslContextOrNull).getCipherSuites(); factory.setIncludeCipherSuites(enabledCiphers.toArray(String[]::new)); factory.setExcludeCipherSuites(createExclusionList(enabledCiphers, supportedCiphers)); } - static void setEnabledProtocols(SslContextFactory factory, SSLContext sslContext, List<String> enabledProtocols) { - String[] supportedProtocols = sslContext.getSupportedSSLParameters().getProtocols(); + static void setEnabledProtocols(SslContextFactory factory, SSLContext sslContextOrNull, List<String> enabledProtocols) { + String[] supportedProtocols = supportedSslParams(sslContextOrNull).getProtocols(); factory.setIncludeProtocols(enabledProtocols.toArray(String[]::new)); factory.setExcludeProtocols(createExclusionList(enabledProtocols, supportedProtocols)); } @@ -29,4 +31,14 @@ class SslContextFactoryUtils { .filter(supportedValue -> !enabledValues.contains(supportedValue)) .toArray(String[]::new); } + + private static SSLParameters supportedSslParams(SSLContext ctx) { + try { + return ctx != null + ? ctx.getSupportedSSLParameters() + : SSLContext.getDefault().getSupportedSSLParameters(); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException(e); + } + } } |