diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-18 14:56:31 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-26 13:40:57 +0200 |
commit | 6a6f80b206b45fe7fcacb04bfd119dfab33ff25c (patch) | |
tree | 16a4a2835cb74eee4faca6ba781ea9e6f19f771b /jrt | |
parent | f2c3e8dbc888239c88ee8d1ef8fb280f8c3012de (diff) |
Introduce insecure mixed mode + move env var logic to separate class
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index 2ef936ec7ed..c27aba73873 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -2,10 +2,10 @@ package com.yahoo.jrt; -import com.yahoo.security.tls.TransportSecurityOptions; +import com.yahoo.security.tls.TransportSecurityUtils; +import com.yahoo.security.tls.TransportSecurityUtils.MixedMode; import java.nio.channels.SocketChannel; -import java.nio.file.Paths; /** @@ -16,12 +16,22 @@ import java.nio.file.Paths; **/ public interface CryptoEngine { public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer); - static public CryptoEngine createDefault() { // TODO Move this logic to a dedicated factory class - String tlsConfigParameter = System.getenv("VESPA_TLS_CONFIG_FILE"); - if (tlsConfigParameter != null && !tlsConfigParameter.isEmpty()) { - return new TlsCryptoEngine(TransportSecurityOptions.fromJsonFile(Paths.get(tlsConfigParameter))); - } else { + static public CryptoEngine createDefault() { + if (!TransportSecurityUtils.isTransportSecurityEnabled()) { return new NullCryptoEngine(); } + TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(TransportSecurityUtils.getOptions().get()); + if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) { + return tlsCryptoEngine; + } + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode().get(); + switch (mixedMode) { + case PLAINTEXT_CLIENT_MIXED_SERVER: + return new MaybeTlsCryptoEngine(tlsCryptoEngine, false); + case TLS_CLIENT_MIXED_SERVER: + return new MaybeTlsCryptoEngine(tlsCryptoEngine, true); + default: + throw new IllegalArgumentException(mixedMode.toString()); + } } } |