diff options
Diffstat (limited to 'jdisc_http_service')
2 files changed, 18 insertions, 38 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java deleted file mode 100644 index a0172668cbb..00000000000 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/SslContextFactoryUtils.java +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.ssl.impl; - -import org.eclipse.jetty.util.ssl.SslContextFactory; - -import javax.net.ssl.SSLContext; -import java.util.Arrays; -import java.util.List; - -/** - * @author bjorncs - */ -class SslContextFactoryUtils { - - static void setEnabledCipherSuites(SslContextFactory factory, SSLContext sslContext, List<String> enabledCiphers) { - String[] supportedCiphers = sslContext.getSupportedSSLParameters().getCipherSuites(); - factory.setIncludeCipherSuites(enabledCiphers.toArray(String[]::new)); - factory.setExcludeCipherSuites(createExclusionList(enabledCiphers, supportedCiphers)); - } - - static void setEnabledProtocols(SslContextFactory factory, SSLContext sslContext, List<String> enabledProtocols) { - String[] supportedProtocols = sslContext.getSupportedSSLParameters().getProtocols(); - factory.setIncludeProtocols(enabledProtocols.toArray(String[]::new)); - factory.setExcludeProtocols(createExclusionList(enabledProtocols, supportedProtocols)); - } - - private static String[] createExclusionList(List<String> enabledValues, String[] supportedValues) { - return Arrays.stream(supportedValues) - .filter(supportedValue -> !enabledValues.contains(supportedValue)) - .toArray(String[]::new); - } -} diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java index 93d4f1dca3f..e8ae13e48be 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java @@ -8,10 +8,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLParameters; -import java.util.List; - -import static com.yahoo.jdisc.http.ssl.impl.SslContextFactoryUtils.setEnabledCipherSuites; -import static com.yahoo.jdisc.http.ssl.impl.SslContextFactoryUtils.setEnabledProtocols; +import java.util.Arrays; /** * A {@link SslContextFactoryProvider} that creates {@link SslContextFactory} instances from {@link TlsContext} instances. @@ -34,9 +31,24 @@ public abstract class TlsContextBasedProvider extends AbstractComponent implemen sslContextFactory.setNeedClientAuth(parameters.getNeedClientAuth()); sslContextFactory.setWantClientAuth(parameters.getWantClientAuth()); - setEnabledProtocols(sslContextFactory, sslContext, List.of(parameters.getProtocols())); - setEnabledCipherSuites(sslContextFactory, sslContext, List.of(parameters.getCipherSuites())); + String[] enabledProtocols = parameters.getProtocols(); + sslContextFactory.setIncludeProtocols(enabledProtocols); + String[] supportedProtocols = sslContext.getSupportedSSLParameters().getProtocols(); + sslContextFactory.setExcludeProtocols(createExclusionList(enabledProtocols, supportedProtocols)); + String[] enabledCiphers = parameters.getCipherSuites(); + String[] supportedCiphers = sslContext.getSupportedSSLParameters().getCipherSuites(); + sslContextFactory.setIncludeCipherSuites(enabledCiphers); + sslContextFactory.setExcludeCipherSuites(createExclusionList(enabledCiphers, supportedCiphers)); return sslContextFactory; } + + private static String[] createExclusionList(String[] enabledValues, String[] supportedValues) { + return Arrays.stream(supportedValues) + .filter(supportedValue -> + Arrays.stream(enabledValues) + .noneMatch(enabledValue -> enabledValue.equals(supportedValue))) + .toArray(String[]::new); + } + } |