diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java index 67466179634..bc124b4fe2d 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java @@ -8,6 +8,9 @@ import java.io.IOException; import java.io.UncheckedIOException; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; import java.util.Objects; import java.util.Optional; @@ -16,6 +19,7 @@ import java.util.Optional; * * @author bjorncs */ +// TODO Add builder public class TransportSecurityOptions { private static final ObjectMapper mapper = new ObjectMapper(); @@ -23,15 +27,25 @@ public class TransportSecurityOptions { private final Path privateKeyFile; private final Path certificatesFile; private final Path caCertificatesFile; + private final List<String> acceptedCiphers; public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile) { this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile)); } public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile) { + this(privateKeyFile, certificatesFile, caCertificatesFile, Collections.emptyList()); + } + + public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile, List<String> acceptedCiphers) { + this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile), acceptedCiphers); + } + + public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile, List<String> acceptedCiphers) { this.privateKeyFile = privateKeyFile; this.certificatesFile = certificatesFile; this.caCertificatesFile = caCertificatesFile; + this.acceptedCiphers = acceptedCiphers; } public Path getPrivateKeyFile() { @@ -46,6 +60,10 @@ public class TransportSecurityOptions { return caCertificatesFile; } + public List<String> getAcceptedCiphers() { + return acceptedCiphers; + } + public static TransportSecurityOptions fromJsonFile(Path file) { try { return fromJsonNode(mapper.readTree(file.toFile())); @@ -63,15 +81,30 @@ public class TransportSecurityOptions { } private static TransportSecurityOptions fromJsonNode(JsonNode root) { - JsonNode filesNode = getField(root, "files"); - String privateKeyFile = getField(filesNode, "private-key").asText(); - String certificatesFile = getField(filesNode, "certificates").asText(); - String caCertificatesFile = getField(filesNode, "ca-certificates").asText(); - return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile); + JsonNode filesNode = getFieldOrThrow(root, "files"); + List<String> acceptedCiphers = getField(root, "accepted-ciphers") + .map(TransportSecurityOptions::toCipherList) + .orElse(Collections.emptyList()); + String privateKeyFile = getFieldOrThrow(filesNode, "private-key").asText(); + String certificatesFile = getFieldOrThrow(filesNode, "certificates").asText(); + String caCertificatesFile = getFieldOrThrow(filesNode, "ca-certificates").asText(); + return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers); + } + + private static List<String> toCipherList(JsonNode ciphersNode) { + List<String> ciphers = new ArrayList<>(); + for (JsonNode cipherNode : ciphersNode) { + ciphers.add(cipherNode.asText()); + } + return ciphers; + } + + private static Optional<JsonNode> getField(JsonNode root, String fieldName) { + return Optional.ofNullable(root.get(fieldName)); } - private static JsonNode getField(JsonNode root, String fieldName) { - return Optional.ofNullable(root.get(fieldName)) + private static JsonNode getFieldOrThrow(JsonNode root, String fieldName) { + return getField(root, fieldName) .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName))); } @@ -81,6 +114,7 @@ public class TransportSecurityOptions { "privateKeyFile=" + privateKeyFile + ", certificatesFile=" + certificatesFile + ", caCertificatesFile=" + caCertificatesFile + + ", acceptedCiphers=" + acceptedCiphers + '}'; } @@ -91,11 +125,12 @@ public class TransportSecurityOptions { TransportSecurityOptions that = (TransportSecurityOptions) o; return Objects.equals(privateKeyFile, that.privateKeyFile) && Objects.equals(certificatesFile, that.certificatesFile) && - Objects.equals(caCertificatesFile, that.caCertificatesFile); + Objects.equals(caCertificatesFile, that.caCertificatesFile) && + Objects.equals(acceptedCiphers, that.acceptedCiphers); } @Override public int hashCode() { - return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile); + return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers); } }
\ No newline at end of file |