diff options
| author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2019-12-09 13:32:36 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-09 13:32:36 +0100 |
| commit | aad5fd4af6fb147a007aa476937977c040d7c8bb (patch) | |
| tree | 5c8eb8707873fa8cc61971595ff1056c804dd63b /jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl | |
| parent | a398c6d8d3cd280e863c77f4f872a59428122ff9 (diff) | |
Revert "Allow config of ssl cipher suites and protocol version"
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl')
2 files changed, 38 insertions, 2 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java index 90848f1dfd4..b2e7ba1be67 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java @@ -70,12 +70,12 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro List<String> protocols = !sslConfig.enabledProtocols().isEmpty() ? sslConfig.enabledProtocols() - : new ArrayList<>(TlsContext.getAllowedProtocols(sslContext)); + : new ArrayList<>(TlsContext.ALLOWED_PROTOCOLS); setEnabledProtocols(factory, sslContext, protocols); List<String> ciphers = !sslConfig.enabledCipherSuites().isEmpty() ? sslConfig.enabledCipherSuites() - : new ArrayList<>(TlsContext.getAllowedCipherSuites(sslContext)); + : new ArrayList<>(TlsContext.ALLOWED_CIPHER_SUITES); setEnabledCipherSuites(factory, sslContext, ciphers); return factory; diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java new file mode 100644 index 00000000000..4d3bb4a280a --- /dev/null +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java @@ -0,0 +1,36 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.ssl.impl; + +import org.eclipse.jetty.util.resource.Resource; +import org.eclipse.jetty.util.security.CertificateUtils; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +import java.security.KeyStore; +import java.util.Objects; + +/** + * A modified {@link SslContextFactory} that allows passwordless truststore in combination with password protected keystore. + * + * @author bjorncs + */ +class JDiscSslContextFactory extends SslContextFactory.Server { + + private String trustStorePassword; + + @Override + public void setTrustStorePassword(String password) { + super.setTrustStorePassword(password); + this.trustStorePassword = password; + } + + + // Overriden to stop Jetty from using the keystore password if no truststore password is specified. + @Override + protected KeyStore loadTrustStore(Resource resource) throws Exception { + return CertificateUtils.getKeyStore( + resource != null ? resource : getKeyStoreResource(), + Objects.toString(getTrustStoreType(), getKeyStoreType()), + Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()), + trustStorePassword); + } +} |