diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-11-25 17:02:12 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-11-25 17:39:36 +0100 |
commit | f470e9913311bbca1d62f11c1d2d1f13193bca61 (patch) | |
tree | c9f79732609b071d7536a74bb1192b1bb0f1c55c /security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java | |
parent | 3f1c5a2c64cd24fd85f5af58b9a7bdd89dca80c5 (diff) |
Add helper methods in TlsContext to determine allowed ciphers/protocols
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java | 32 |
1 files changed, 11 insertions, 21 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java index 572461c6cdd..f4a89da988a 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java @@ -10,7 +10,6 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; import java.util.Set; import java.util.logging.Level; @@ -55,32 +54,23 @@ public class DefaultTlsContext implements TlsContext { } private static String[] getAllowedCiphers(SSLContext sslContext, Set<String> acceptedCiphers) { - String[] supportedCipherSuites = sslContext.getSupportedSSLParameters().getCipherSuites(); - String[] validCipherSuites = Arrays.stream(supportedCipherSuites) - .filter(suite -> ALLOWED_CIPHER_SUITES.contains(suite) && acceptedCiphers.contains(suite)) + Set<String> supportedCiphers = TlsContext.getAllowedCipherSuites(sslContext); + String[] allowedCiphers = supportedCiphers.stream() + .filter(acceptedCiphers::contains) .toArray(String[]::new); - if (validCipherSuites.length == 0) { + if (allowedCiphers.length == 0) { throw new IllegalStateException( - String.format("None of the allowed cipher suites are supported " + - "(allowed-cipher-suites=%s, supported-cipher-suites=%s, accepted-cipher-suites=%s)", - ALLOWED_CIPHER_SUITES, List.of(supportedCipherSuites), acceptedCiphers)); + String.format("None of the accepted ciphers are supported (supported=%s, accepted=%s)", + supportedCiphers, acceptedCiphers)); } - log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", List.of(validCipherSuites))); - return validCipherSuites; + log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", List.of(allowedCiphers))); + return allowedCiphers; } private static String[] getAllowedProtocols(SSLContext sslContext) { - String[] supportedProtocols = sslContext.getSupportedSSLParameters().getProtocols(); - String[] validProtocols = Arrays.stream(supportedProtocols) - .filter(ALLOWED_PROTOCOLS::contains) - .toArray(String[]::new); - if (validProtocols.length == 0) { - throw new IllegalArgumentException( - String.format("None of the allowed protocols are supported (allowed-protocols=%s, supported-protocols=%s)", - ALLOWED_PROTOCOLS, List.of(supportedProtocols))); - } - log.log(Level.FINE, () -> String.format("Allowed protocols that are supported: %s", List.of(validProtocols))); - return validProtocols; + Set<String> allowedProtocols = TlsContext.getAllowedProtocols(sslContext); + log.log(Level.FINE, () -> String.format("Allowed protocols that are supported: %s", List.of(allowedProtocols))); + return allowedProtocols.toArray(String[]::new); } @Override |