1 files changed, 44 insertions, 9 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java
index 67466179634..bc124b4fe2d 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java
@@ -8,6 +8,9 @@ import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 
@@ -16,6 +19,7 @@ import java.util.Optional;
  *
  * @author bjorncs
  */
+// TODO Add builder
 public class TransportSecurityOptions {
 
     private static final ObjectMapper mapper = new ObjectMapper();
@@ -23,15 +27,25 @@ public class TransportSecurityOptions {
     private final Path privateKeyFile;
     private final Path certificatesFile;
     private final Path caCertificatesFile;
+    private final List<String> acceptedCiphers;
 
     public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile) {
         this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile));
     }
 
     public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile) {
+        this(privateKeyFile, certificatesFile, caCertificatesFile, Collections.emptyList());
+    }
+
+    public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile, List<String> acceptedCiphers) {
+        this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile), acceptedCiphers);
+    }
+
+    public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile, List<String> acceptedCiphers) {
         this.privateKeyFile = privateKeyFile;
         this.certificatesFile = certificatesFile;
         this.caCertificatesFile = caCertificatesFile;
+        this.acceptedCiphers = acceptedCiphers;
     }
 
     public Path getPrivateKeyFile() {
@@ -46,6 +60,10 @@ public class TransportSecurityOptions {
         return caCertificatesFile;
     }
 
+    public List<String> getAcceptedCiphers() {
+        return acceptedCiphers;
+    }
+
     public static TransportSecurityOptions fromJsonFile(Path file) {
         try {
             return fromJsonNode(mapper.readTree(file.toFile()));
@@ -63,15 +81,30 @@ public class TransportSecurityOptions {
     }
 
     private static TransportSecurityOptions fromJsonNode(JsonNode root) {
-        JsonNode filesNode = getField(root, "files");
-        String privateKeyFile = getField(filesNode, "private-key").asText();
-        String certificatesFile = getField(filesNode, "certificates").asText();
-        String caCertificatesFile = getField(filesNode, "ca-certificates").asText();
-        return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile);
+        JsonNode filesNode = getFieldOrThrow(root, "files");
+        List<String> acceptedCiphers = getField(root, "accepted-ciphers")
+                .map(TransportSecurityOptions::toCipherList)
+                .orElse(Collections.emptyList());
+        String privateKeyFile = getFieldOrThrow(filesNode, "private-key").asText();
+        String certificatesFile = getFieldOrThrow(filesNode, "certificates").asText();
+        String caCertificatesFile = getFieldOrThrow(filesNode, "ca-certificates").asText();
+        return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers);
+    }
+
+    private static List<String> toCipherList(JsonNode ciphersNode) {
+        List<String> ciphers = new ArrayList<>();
+        for (JsonNode cipherNode : ciphersNode) {
+            ciphers.add(cipherNode.asText());
+        }
+        return ciphers;
+    }
+
+    private static Optional<JsonNode> getField(JsonNode root, String fieldName) {
+        return Optional.ofNullable(root.get(fieldName));
     }
 
-    private static JsonNode getField(JsonNode root, String fieldName) {
-        return Optional.ofNullable(root.get(fieldName))
+    private static JsonNode getFieldOrThrow(JsonNode root, String fieldName) {
+        return getField(root, fieldName)
                 .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName)));
     }
 
@@ -81,6 +114,7 @@ public class TransportSecurityOptions {
                 "privateKeyFile=" + privateKeyFile +
                 ", certificatesFile=" + certificatesFile +
                 ", caCertificatesFile=" + caCertificatesFile +
+                ", acceptedCiphers=" + acceptedCiphers +
                 '}';
     }
 
@@ -91,11 +125,12 @@ public class TransportSecurityOptions {
         TransportSecurityOptions that = (TransportSecurityOptions) o;
         return Objects.equals(privateKeyFile, that.privateKeyFile) &&
                 Objects.equals(certificatesFile, that.certificatesFile) &&
-                Objects.equals(caCertificatesFile, that.caCertificatesFile);
+                Objects.equals(caCertificatesFile, that.caCertificatesFile) &&
+                Objects.equals(acceptedCiphers, that.acceptedCiphers);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile);
+        return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers);
     }
 }
\ No newline at end of file