316382: support a more strict SSL option with certificates
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/sandbox/trunk@2781 7e9141cc-0065-0410-87d8-b60c137991c4
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslExtendedKeyManager.java b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509ExtendedKeyManager.java
similarity index 95%
rename from jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslExtendedKeyManager.java
rename to jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509ExtendedKeyManager.java
index 5fb5756..7bc2590 100644
--- a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslExtendedKeyManager.java
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509ExtendedKeyManager.java
@@ -30,13 +30,13 @@
/**
* KeyManager to select a key with desired alias
*/
-public class SslExtendedKeyManager extends X509ExtendedKeyManager
+public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager
{
private String _keyAlias;
private X509KeyManager _keyManager;
/* ------------------------------------------------------------ */
- public SslExtendedKeyManager(String keyAlias, X509KeyManager keyManager) throws Exception
+ public AliasedX509ExtendedKeyManager(String keyAlias, X509KeyManager keyManager) throws Exception
{
_keyAlias = keyAlias;
_keyManager = keyManager;
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslKeyManager.java b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509KeyManager.java
similarity index 95%
rename from jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslKeyManager.java
rename to jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509KeyManager.java
index 4bba69f..48d04bc 100644
--- a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslKeyManager.java
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/AliasedX509KeyManager.java
@@ -28,13 +28,13 @@
/**
* KeyManager to select a key with desired alias
*/
-public class SslKeyManager implements X509KeyManager
+public class AliasedX509KeyManager implements X509KeyManager
{
private String _keyAlias;
private X509KeyManager _keyManager;
/* ------------------------------------------------------------ */
- public SslKeyManager(String keyAlias, X509KeyManager keyManager) throws Exception
+ public AliasedX509KeyManager(String keyAlias, X509KeyManager keyManager) throws Exception
{
_keyAlias = keyAlias;
_keyManager = keyManager;
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslConnector.java b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslConnector.java
new file mode 100644
index 0000000..8a1ba0e
--- /dev/null
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslConnector.java
@@ -0,0 +1,323 @@
+package org.eclipse.jetty.exssl;
+
+import java.io.File;
+import java.security.SecureRandom;
+import java.security.Security;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.eclipse.jetty.io.SslContextFactory;
+import org.eclipse.jetty.server.Connector;
+
+
+/* ------------------------------------------------------------ */
+/** The interface for SSL connectors and their configuration methods.
+ *
+ */
+public interface SslConnector extends Connector
+{
+ @Deprecated
+ public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
+ @Deprecated
+ public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
+
+ /** Default value for the keystore location path. @deprecated */
+ @Deprecated
+ public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
+
+ /** String name of key password property. @deprecated */
+ @Deprecated
+ public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
+
+ /** String name of keystore password property. @deprecated */
+ @Deprecated
+ public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The array of Ciphersuite names to exclude from
+ * {@link SSLEngine#setEnabledCipherSuites(String[])}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String[] getExcludeCipherSuites();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param cipherSuites The array of Ciphersuite names to exclude from
+ * {@link SSLEngine#setEnabledCipherSuites(String[])}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setExcludeCipherSuites(String[] cipherSuites);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The array of Ciphersuite names to include in
+ * {@link SSLEngine#setEnabledCipherSuites(String[])}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String[] getIncludeCipherSuites();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param cipherSuites The array of Ciphersuite names to include in
+ * {@link SSLEngine#setEnabledCipherSuites(String[])}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setIncludeCipherSuites(String[] cipherSuites);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param password The password for the key store
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setPassword(String password);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param password The password for the trust store
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setTrustPassword(String password);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param password The password (if any) for the specific key within
+ * the key store
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setKeyPassword(String password);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getProtocol();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setProtocol(String protocol);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param keystore The file or URL of the SSL Key store.
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setKeystore(String keystore);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The file or URL of the SSL Key store.
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getKeystore();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The type of the key store (default "JKS")
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getKeystoreType();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return True if SSL needs client authentication.
+ * @see SSLEngine#getNeedClientAuth()
+ * @deprecated
+ */
+ @Deprecated
+ public abstract boolean getNeedClientAuth();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return True if SSL wants client authentication.
+ * @see SSLEngine#getWantClientAuth()
+ * @deprecated
+ */
+ @Deprecated
+ public abstract boolean getWantClientAuth();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param needClientAuth True if SSL needs client authentication.
+ * @see SSLEngine#getNeedClientAuth()
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setNeedClientAuth(boolean needClientAuth);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param wantClientAuth True if SSL wants client authentication.
+ * @see SSLEngine#getWantClientAuth()
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setWantClientAuth(boolean wantClientAuth);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param keystoreType The type of the key store (default "JKS")
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setKeystoreType(String keystoreType);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The SSL provider name, which if set is passed to
+ * {@link SSLContext#getInstance(String, String)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getProvider();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The algorithm name, which if set is passed to
+ * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
+ * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getSecureRandomAlgorithm();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getSslKeyManagerFactoryAlgorithm();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getSslTrustManagerFactoryAlgorithm();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The file name or URL of the trust store location
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getTruststore();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The type of the trust store (default "JKS")
+ * @deprecated
+ */
+ @Deprecated
+ public abstract String getTruststoreType();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param provider The SSL provider name, which if set is passed to
+ * {@link SSLContext#getInstance(String, String)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setProvider(String provider);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param algorithm The algorithm name, which if set is passed to
+ * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
+ * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setSecureRandomAlgorithm(String algorithm);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param algorithm The algorithm name (default "SunX509") used by
+ * the {@link KeyManagerFactory}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param truststore The file name or URL of the trust store location
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setTruststore(String truststore);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param truststoreType The type of the trust store (default "JKS")
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setTruststoreType(String truststoreType);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param sslContext Set a preconfigured SSLContext
+ * @deprecated
+ */
+ @Deprecated
+ public abstract void setSslContext(SSLContext sslContext);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The SSLContext
+ * @deprecated
+ */
+ @Deprecated
+ public abstract SSLContext getSslContext();
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return True if SSL re-negotiation is allowed (default false)
+ * @deprecated
+ */
+ @Deprecated
+ public boolean isAllowRenegotiate();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
+ * a vulnerability in SSL/TLS with re-negotiation. If your JVM
+ * does not have CVE-2009-3555 fixed, then re-negotiation should
+ * not be allowed.
+ * @param allowRenegotiate true if re-negotiation is allowed (default false)
+ * @deprecated
+ */
+ @Deprecated
+ public void setAllowRenegotiate(boolean allowRenegotiate);
+}
\ No newline at end of file
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSelectChannelConnector.java b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSelectChannelConnector.java
index 7b9af6b..42deeae 100644
--- a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSelectChannelConnector.java
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSelectChannelConnector.java
@@ -60,7 +60,7 @@
/* ------------------------------------------------------------ */
public SslSelectChannelConnector()
{
- this(new SslContextFactory().setKeystore(SslContextFactory.DEFAULT_KEYSTORE_PATH));
+ this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
}
/* ------------------------------------------------------------ */
@@ -112,7 +112,9 @@
/* ------------------------------------------------------------ */
/**
* @return True if SSL re-negotiation is allowed (default false)
+ * @deprecated
*/
+ @Deprecated
public boolean isAllowRenegotiate()
{
return _sslContextFactory.isAllowRenegotiate();
@@ -125,7 +127,9 @@
* does not have CVE-2009-3555 fixed, then re-negotiation should
* not be allowed.
* @param allowRenegotiate true if re-negotiation is allowed (default false)
+ * @deprecated
*/
+ @Deprecated
public void setAllowRenegotiate(boolean allowRenegotiate)
{
_sslContextFactory.setAllowRenegotiate(allowRenegotiate);
@@ -134,7 +138,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
+ * @deprecated
*/
+ @Deprecated
public String[] getExcludeCipherSuites()
{
return _sslContextFactory.getExcludeCipherSuites();
@@ -143,7 +149,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
+ * @deprecated
*/
+ @Deprecated
public void setExcludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setExcludeCipherSuites(cipherSuites);
@@ -152,7 +160,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
+ * @deprecated
*/
+ @Deprecated
public String[] getIncludeCipherSuites()
{
return _sslContextFactory.getIncludeCipherSuites();
@@ -161,7 +171,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
+ * @deprecated
*/
+ @Deprecated
public void setIncludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setIncludeCipherSuites(cipherSuites);
@@ -170,7 +182,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setPassword(String password)
{
_sslContextFactory.setKeystorePassword(password);
@@ -179,7 +193,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setTrustPassword(String password)
{
_sslContextFactory.setTruststorePassword(password);
@@ -188,7 +204,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setKeyPassword(String password)
{
_sslContextFactory.setKeyManagerPassword(password);
@@ -199,7 +217,9 @@
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
+ * @deprecated
*/
+ @Deprecated
public String getAlgorithm()
{
throw new UnsupportedOperationException();
@@ -210,7 +230,9 @@
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
+ * @deprecated
*/
+ @Deprecated
public void setAlgorithm(String algorithm)
{
throw new UnsupportedOperationException();
@@ -219,7 +241,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol()
+ * @deprecated
*/
+ @Deprecated
public String getProtocol()
{
return _sslContextFactory.getProtocol();
@@ -228,7 +252,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setProtocol(String protocol)
{
_sslContextFactory.setProtocol(protocol);
@@ -237,7 +263,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setKeystore(String keystore)
{
_sslContextFactory.setKeystore(keystore);
@@ -246,7 +274,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore()
+ * @deprecated
*/
+ @Deprecated
public String getKeystore()
{
return _sslContextFactory.getKeystore();
@@ -255,7 +285,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType()
+ * @deprecated
*/
+ @Deprecated
public String getKeystoreType()
{
return _sslContextFactory.getKeystoreType();
@@ -264,7 +296,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth()
+ * @deprecated
*/
+ @Deprecated
public boolean getNeedClientAuth()
{
return _sslContextFactory.getNeedClientAuth();
@@ -273,7 +307,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth()
+ * @deprecated
*/
+ @Deprecated
public boolean getWantClientAuth()
{
return _sslContextFactory.getWantClientAuth();
@@ -282,7 +318,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean)
+ * @deprecated
*/
+ @Deprecated
public void setNeedClientAuth(boolean needClientAuth)
{
_sslContextFactory.setNeedClientAuth(needClientAuth);
@@ -291,7 +329,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean)
+ * @deprecated
*/
+ @Deprecated
public void setWantClientAuth(boolean wantClientAuth)
{
_sslContextFactory.setWantClientAuth(wantClientAuth);
@@ -300,7 +340,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setKeystoreType(String keystoreType)
{
_sslContextFactory.setKeystoreType(keystoreType);
@@ -309,7 +351,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getProvider()
+ * @deprecated
*/
+ @Deprecated
public String getProvider()
{
return _sslContextFactory.getProvider();
@@ -318,7 +362,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm()
+ * @deprecated
*/
+ @Deprecated
public String getSecureRandomAlgorithm()
{
return _sslContextFactory.getSecureRandomAlgorithm();
@@ -327,7 +373,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm()
+ * @deprecated
*/
+ @Deprecated
public String getSslKeyManagerFactoryAlgorithm()
{
return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
@@ -336,7 +384,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm()
+ * @deprecated
*/
+ @Deprecated
public String getSslTrustManagerFactoryAlgorithm()
{
return _sslContextFactory.getTrustManagerFactoryAlgorithm();
@@ -345,7 +395,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore()
+ * @deprecated
*/
+ @Deprecated
public String getTruststore()
{
return _sslContextFactory.getTruststore();
@@ -354,7 +406,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType()
+ * @deprecated
*/
+ @Deprecated
public String getTruststoreType()
{
return _sslContextFactory.getTruststoreType();
@@ -363,7 +417,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setProvider(String provider)
{
_sslContextFactory.setProvider(provider);
@@ -372,7 +428,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setSecureRandomAlgorithm(String algorithm)
{
_sslContextFactory.setSecureRandomAlgorithm(algorithm);
@@ -381,7 +439,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
@@ -390,7 +450,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setSslTrustManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
@@ -399,7 +461,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setTruststore(String truststore)
{
_sslContextFactory.setTruststore(truststore);
@@ -408,7 +472,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String)
+ * @deprecated
*/
+ @Deprecated
public void setTruststoreType(String truststoreType)
{
_sslContextFactory.setTruststoreType(truststoreType);
@@ -417,7 +483,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
+ * @deprecated
*/
+ @Deprecated
public void setSslContext(SSLContext sslContext)
{
_sslContextFactory.setSslContext(sslContext);
@@ -426,7 +494,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
+ * @deprecated
*/
+ @Deprecated
public SSLContext getSslContext()
{
return _sslContextFactory.getSslContext();
@@ -493,7 +563,7 @@
if (_sslContextFactory.getWantClientAuth())
engine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
- if (_sslContextFactory.getWantClientAuth())
+ if (_sslContextFactory.getNeedClientAuth())
engine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
engine.setEnabledCipherSuites(
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSocketConnector.java b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSocketConnector.java
index a27929e..6cc75b9 100644
--- a/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSocketConnector.java
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslSocketConnector.java
@@ -52,6 +52,34 @@
*
*
*/
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
+
+/* ------------------------------------------------------------ */
+/**
+ */
public class SslSocketConnector extends SocketConnector implements SslConnector
{
private final SslContextFactory _sslContextFactory;
@@ -63,7 +91,7 @@
*/
public SslSocketConnector()
{
- this(new SslContextFactory().setKeystore(SslContextFactory.DEFAULT_KEYSTORE_PATH));
+ this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
}
public SslSocketConnector(SslContextFactory sslContextFactory)
@@ -148,76 +176,141 @@
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
+ * @deprecated
+ */
+ @Deprecated
public String[] getExcludeCipherSuites() {
return _sslContextFactory.getExcludeCipherSuites();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getIncludeCipherSuites()
+ * @deprecated
+ */
+ @Deprecated
public String[] getIncludeCipherSuites()
{
return _sslContextFactory.getIncludeCipherSuites();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore()
+ * @deprecated
+ */
+ @Deprecated
public String getKeystore()
{
return _sslContextFactory.getKeystore();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType()
+ * @deprecated
+ */
+ @Deprecated
public String getKeystoreType()
{
return _sslContextFactory.getKeystoreType();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth()
+ * @deprecated
+ */
+ @Deprecated
public boolean getNeedClientAuth()
{
return _sslContextFactory.getNeedClientAuth();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol()
+ * @deprecated
+ */
+ @Deprecated
public String getProtocol()
{
return _sslContextFactory.getProtocol();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider()
+ * @deprecated
+ */
+ @Deprecated
public String getProvider() {
return _sslContextFactory.getProvider();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm()
+ * @deprecated
+ */
+ @Deprecated
public String getSecureRandomAlgorithm()
{
return _sslContextFactory.getSecureRandomAlgorithm();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm()
+ * @deprecated
+ */
+ @Deprecated
public String getSslKeyManagerFactoryAlgorithm()
{
return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm()
+ * @deprecated
+ */
+ @Deprecated
public String getSslTrustManagerFactoryAlgorithm()
{
return _sslContextFactory.getTrustManagerFactoryAlgorithm();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore()
+ * @deprecated
+ */
+ @Deprecated
public String getTruststore()
{
return _sslContextFactory.getTruststore();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType()
+ * @deprecated
+ */
+ @Deprecated
public String getTruststoreType()
{
return _sslContextFactory.getTruststoreType();
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth()
+ * @deprecated
+ */
+ @Deprecated
public boolean getWantClientAuth()
{
return _sslContextFactory.getWantClientAuth();
@@ -298,21 +391,33 @@
}
/* ------------------------------------------------------------ */
- /**
- *
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
+ * @deprecated
*/
+ @Deprecated
public void setExcludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setExcludeCipherSuites(cipherSuites);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setIncludeCipherSuites(java.lang.String[])
+ * @deprecated
+ */
+ @Deprecated
public void setIncludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setIncludeCipherSuites(cipherSuites);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setKeyPassword(String password)
{
_sslContextFactory.setKeyManagerPassword(password);
@@ -321,13 +426,20 @@
/* ------------------------------------------------------------ */
/**
* @param keystore The resource path to the keystore, or null for built in keystores.
+ * @deprecated
*/
+ @Deprecated
public void setKeystore(String keystore)
{
_sslContextFactory.setKeystore(keystore);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setKeystoreType(String keystoreType)
{
_sslContextFactory.setKeystoreType(keystoreType);
@@ -338,65 +450,118 @@
* Set the value of the needClientAuth property
*
* @param needClientAuth true iff we require client certificate authentication.
+ * @deprecated
*/
+ @Deprecated
public void setNeedClientAuth(boolean needClientAuth)
{
_sslContextFactory.setNeedClientAuth(needClientAuth);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setPassword(String password)
{
_sslContextFactory.setKeystorePassword(password);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setTrustPassword(String password)
{
_sslContextFactory.setTruststorePassword(password);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setProtocol(String protocol)
{
_sslContextFactory.setProtocol(protocol);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setProvider(String provider) {
_sslContextFactory.setProvider(provider);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setSecureRandomAlgorithm(String algorithm)
{
_sslContextFactory.setSecureRandomAlgorithm(algorithm);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
}
/* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setSslTrustManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
}
-
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setTruststore(String truststore)
{
_sslContextFactory.setTruststore(truststore);
}
-
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String)
+ * @deprecated
+ */
+ @Deprecated
public void setTruststoreType(String truststoreType)
{
_sslContextFactory.setTruststoreType(truststoreType);
}
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
+ * @deprecated
+ */
+ @Deprecated
public void setSslContext(SSLContext sslContext)
{
_sslContextFactory.setSslContext(sslContext);
@@ -405,7 +570,9 @@
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
+ * @deprecated
*/
+ @Deprecated
public SSLContext getSslContext()
{
return _sslContextFactory.getSslContext();
@@ -418,7 +585,9 @@
*
* @param wantClientAuth true if we want client certificate authentication.
* @see SSLServerSocket#setWantClientAuth
+ * @deprecated
*/
+ @Deprecated
public void setWantClientAuth(boolean wantClientAuth)
{
_sslContextFactory.setWantClientAuth(wantClientAuth);
@@ -511,7 +680,9 @@
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
+ * @deprecated
*/
+ @Deprecated
public String getAlgorithm()
{
throw new UnsupportedOperationException();
@@ -522,7 +693,9 @@
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
+ * @deprecated
*/
+ @Deprecated
public void setAlgorithm(String algorithm)
{
throw new UnsupportedOperationException();
diff --git a/jetty-exssl/src/main/java/org/eclipse/jetty/io/SslContextFactory.java b/jetty-exssl/src/main/java/org/eclipse/jetty/io/SslContextFactory.java
index 4092637..e7b0a03 100644
--- a/jetty-exssl/src/main/java/org/eclipse/jetty/io/SslContextFactory.java
+++ b/jetty-exssl/src/main/java/org/eclipse/jetty/io/SslContextFactory.java
@@ -34,7 +34,9 @@
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
@@ -46,7 +48,7 @@
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
-import org.eclipse.jetty.exssl.SslExtendedKeyManager;
+import org.eclipse.jetty.exssl.AliasedX509ExtendedKeyManager;
import org.eclipse.jetty.http.security.Password;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.resource.Resource;
@@ -73,9 +75,9 @@
public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
/** Excluded cipher suites. */
- private String _excludeCipherSuites[] = null;
+ private Set<String> _excludeCipherSuites = null;
/** Included cipher suites. */
- private String _includeCipherSuites[] = null;
+ private Set<String> _includeCipherSuites = null;
/** Keystore path. */
private String _keystorePath;
@@ -133,6 +135,13 @@
/** SSL context */
private SSLContext _context;
+
+ public SslContextFactory() {}
+
+ public SslContextFactory(String keystorePath)
+ {
+ _keystorePath = keystorePath;
+ }
/* ------------------------------------------------------------ */
/**
@@ -141,7 +150,7 @@
*/
public String[] getExcludeCipherSuites()
{
- return _excludeCipherSuites;
+ return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]);
}
/* ------------------------------------------------------------ */
@@ -150,11 +159,9 @@
* The array of cipher suite names to exclude from
* {@link SSLEngine#setEnabledCipherSuites(String[])}
*/
- public SslContextFactory setExcludeCipherSuites(String[] cipherSuites)
+ public void setExcludeCipherSuites(String[] cipherSuites)
{
- _excludeCipherSuites = cipherSuites;
-
- return this;
+ _excludeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
}
/* ------------------------------------------------------------ */
@@ -164,7 +171,7 @@
*/
public String[] getIncludeCipherSuites()
{
- return _includeCipherSuites;
+ return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]);
}
/* ------------------------------------------------------------ */
@@ -173,11 +180,9 @@
* The array of cipher suite names to include in
* {@link SSLEngine#setEnabledCipherSuites(String[])}
*/
- public SslContextFactory setIncludeCipherSuites(String[] cipherSuites)
+ public void setIncludeCipherSuites(String[] cipherSuites)
{
- _includeCipherSuites = cipherSuites;
-
- return this;
+ _includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
}
/* ------------------------------------------------------------ */
@@ -194,11 +199,9 @@
* @param keystore
* The file or URL of the SSL Key store.
*/
- public SslContextFactory setKeystore(String keystore)
+ public void setKeystore(String keystore)
{
_keystorePath = keystore;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -215,11 +218,9 @@
* @param keystoreProvider
* The provider of the key store
*/
- public SslContextFactory setKeystoreProvider(String keystoreProvider)
+ public void setKeystoreProvider(String keystoreProvider)
{
_keystoreProvider = keystoreProvider;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -236,11 +237,9 @@
* @param keystoreType
* The type of the key store (default "JKS")
*/
- public SslContextFactory setKeystoreType(String keystoreType)
+ public void setKeystoreType(String keystoreType)
{
_keystoreType = keystoreType;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -258,11 +257,9 @@
/** Set the _keystoreInputStream.
* @param _keystoreInputStream the _keystoreInputStream to set
*/
- public SslContextFactory setKeystoreInputStream(InputStream keystoreInputStream)
+ public void setKeystoreInputStream(InputStream keystoreInputStream)
{
_keystoreInputStream = keystoreInputStream;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -279,11 +276,9 @@
* @param certAlias
* Alias of SSL certificate for the connector
*/
- public SslContextFactory setCertAlias(String certAlias)
+ public void setCertAlias(String certAlias)
{
_certAlias = certAlias;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -300,11 +295,9 @@
* @param truststore
* The file name or URL of the trust store location
*/
- public SslContextFactory setTruststore(String truststore)
+ public void setTruststore(String truststore)
{
_truststorePath = truststore;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -321,11 +314,9 @@
* @param truststoreProvider
* The provider of the trust store
*/
- public SslContextFactory setTruststoreProvider(String truststoreProvider)
+ public void setTruststoreProvider(String truststoreProvider)
{
_truststoreProvider = truststoreProvider;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -342,11 +333,9 @@
* @param truststoreType
* The type of the trust store (default "JKS")
*/
- public SslContextFactory setTruststoreType(String truststoreType)
+ public void setTruststoreType(String truststoreType)
{
_truststoreType = truststoreType;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -364,11 +353,9 @@
/** Set the _truststoreInputStream.
* @param _truststoreInputStream the _truststoreInputStream to set
*/
- public SslContextFactory setTruststoreInputStream(InputStream truststoreInputStream)
+ public void setTruststoreInputStream(InputStream truststoreInputStream)
{
_truststoreInputStream = truststoreInputStream;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -387,11 +374,9 @@
* True if SSL needs client authentication.
* @see SSLEngine#getNeedClientAuth()
*/
- public SslContextFactory setNeedClientAuth(boolean needClientAuth)
+ public void setNeedClientAuth(boolean needClientAuth)
{
_needClientAuth = needClientAuth;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -410,11 +395,9 @@
* True if SSL wants client authentication.
* @see SSLEngine#getWantClientAuth()
*/
- public SslContextFactory setWantClientAuth(boolean wantClientAuth)
+ public void setWantClientAuth(boolean wantClientAuth)
{
_wantClientAuth = wantClientAuth;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -431,11 +414,9 @@
* @param validateServerCert
* true if SSL certificate has to be validated
*/
- public SslContextFactory setValidateCerts(boolean validateCerts)
+ public void setValidateCerts(boolean validateCerts)
{
_validateCerts = validateCerts;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -456,11 +437,9 @@
* @param allowRenegotiate
* true if re-negotiation is allowed (default false)
*/
- public SslContextFactory setAllowRenegotiate(boolean allowRenegotiate)
+ public void setAllowRenegotiate(boolean allowRenegotiate)
{
_allowRenegotiate = allowRenegotiate;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -468,11 +447,9 @@
* @param password
* The password for the key store
*/
- public SslContextFactory setKeystorePassword(String password)
+ public void setKeystorePassword(String password)
{
_keystorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -480,11 +457,9 @@
* @param password
* The password (if any) for the specific key within the key store
*/
- public SslContextFactory setKeyManagerPassword(String password)
+ public void setKeyManagerPassword(String password)
{
_keymanagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -492,11 +467,9 @@
* @param password
* The password for the trust store
*/
- public SslContextFactory setTruststorePassword(String password)
+ public void setTruststorePassword(String password)
{
_truststorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -515,11 +488,9 @@
* The SSL provider name, which if set is passed to
* {@link SSLContext#getInstance(String, String)}
*/
- public SslContextFactory setProvider(String provider)
+ public void setProvider(String provider)
{
_sslProvider = provider;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -538,11 +509,9 @@
* The SSL protocol (default "TLS") passed to
* {@link SSLContext#getInstance(String, String)}
*/
- public SslContextFactory setProtocol(String protocol)
+ public void setProtocol(String protocol)
{
_sslProtocol = protocol;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -563,11 +532,9 @@
* {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
* {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
*/
- public SslContextFactory setSecureRandomAlgorithm(String algorithm)
+ public void setSecureRandomAlgorithm(String algorithm)
{
_secureRandomAlgorithm = algorithm;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -584,11 +551,9 @@
* @param algorithm
* The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
*/
- public SslContextFactory setSslKeyManagerFactoryAlgorithm(String algorithm)
+ public void setSslKeyManagerFactoryAlgorithm(String algorithm)
{
_keyManagerFactoryAlgorithm = algorithm;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -605,11 +570,9 @@
* @param algorithm
* The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
*/
- public SslContextFactory setTrustManagerFactoryAlgorithm(String algorithm)
+ public void setTrustManagerFactoryAlgorithm(String algorithm)
{
_trustManagerFactoryAlgorithm = algorithm;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -626,11 +589,9 @@
* @param crlPath
* Path to file that contains Certificate Revocation List
*/
- public SslContextFactory setCrlPath(String crlPath)
+ public void setCrlPath(String crlPath)
{
_crlPath = crlPath;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -649,11 +610,9 @@
* maximum number of intermediate certificates in
* the certification path (-1 for unlimited)
*/
- public SslContextFactory setMaxCertPathLength(int maxCertPathLength)
+ public void setMaxCertPathLength(int maxCertPathLength)
{
_maxCertPathLength = maxCertPathLength;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -680,11 +639,9 @@
* @param sslContext
* Set a preconfigured SSLContext
*/
- public SslContextFactory setSslContext(SSLContext sslContext)
+ public void setSslContext(SSLContext sslContext)
{
_context = sslContext;
-
- return this;
}
/* ------------------------------------------------------------ */
@@ -718,7 +675,7 @@
_truststoreInputStream == null && _truststorePath == null )
{
// Create a trust manager that does not validate certificate chains
- TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
+ TrustManager trustAllCerts = new X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
@@ -732,10 +689,10 @@
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
- }};
+ };
sslContext = SSLContext.getInstance(_sslProtocol);
- sslContext.init(null, trustAllCerts, null);
+ sslContext.init(null, new TrustManager[]{trustAllCerts}, null);
}
else
{
@@ -799,7 +756,7 @@
{
if (managers[idx] instanceof X509KeyManager)
{
- managers[idx] = new SslExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
+ managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
}
}
}
@@ -955,22 +912,21 @@
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
- List<String> selectedCipherSuites = null;
+ Set<String> selectedCipherSuites = null;
if (enabledCipherSuites != null)
{
- selectedCipherSuites = new ArrayList<String>(Arrays.asList(enabledCipherSuites));
+ selectedCipherSuites = new HashSet<String>(Arrays.asList(enabledCipherSuites));
}
else
{
- selectedCipherSuites = new ArrayList<String>();
+ selectedCipherSuites = new HashSet<String>();
}
- if ((supportedCipherSuites != null && supportedCipherSuites.length > 0) && (_includeCipherSuites != null && _includeCipherSuites.length > 0))
+ if ((supportedCipherSuites != null && supportedCipherSuites.length > 0) && (_includeCipherSuites != null && _includeCipherSuites.size() > 0))
{
- List<String> supportedCSList = Arrays.asList(supportedCipherSuites);
- List<String> includedCSList = Arrays.asList(_includeCipherSuites);
+ Set<String> supportedCSList = new HashSet<String>(Arrays.asList(supportedCipherSuites));
- for (String cipherName : includedCSList)
+ for (String cipherName : _includeCipherSuites)
{
if ((!selectedCipherSuites.contains(cipherName)) && supportedCSList.contains(cipherName))
{
@@ -979,10 +935,9 @@
}
}
- if (_excludeCipherSuites != null && _excludeCipherSuites.length > 0)
+ if (_excludeCipherSuites != null && _excludeCipherSuites.size() > 0)
{
- List<String> excludedCSList = Arrays.asList(_excludeCipherSuites);
- for (String cipherName : excludedCSList)
+ for (String cipherName : _excludeCipherSuites)
{
if (selectedCipherSuites.contains(cipherName))
{
@@ -991,6 +946,6 @@
}
}
- return selectedCipherSuites.toArray(new String[0]);
+ return selectedCipherSuites.toArray(new String[selectedCipherSuites.size()]);
}
}