Lines 45-50
Link Here
|
45 |
import java.util.Collection; |
45 |
import java.util.Collection; |
46 |
import java.util.HashSet; |
46 |
import java.util.HashSet; |
47 |
import java.util.List; |
47 |
import java.util.List; |
|
|
48 |
import java.util.Locale; |
48 |
import java.util.Set; |
49 |
import java.util.Set; |
49 |
|
50 |
|
50 |
import javax.net.ssl.CertPathTrustManagerParameters; |
51 |
import javax.net.ssl.CertPathTrustManagerParameters; |
Lines 174-188
Link Here
|
174 |
|
175 |
|
175 |
// Filter out all the SSL protocols (SSLv2 and SSLv3) from the defaults |
176 |
// Filter out all the SSL protocols (SSLv2 and SSLv3) from the defaults |
176 |
// since they are no longer considered secure |
177 |
// since they are no longer considered secure |
177 |
List<String> filteredProtocols = new ArrayList<String>(); |
178 |
defaultServerProtocols = filterInsecureProtocols(socket.getEnabledProtocols()); |
178 |
for (String protocol : socket.getEnabledProtocols()) { |
179 |
|
179 |
if (protocol.contains("SSL")) { |
|
|
180 |
log.debug(sm.getString("jsse.excludeDefaultProtocol", protocol)); |
181 |
continue; |
182 |
} |
183 |
filteredProtocols.add(protocol); |
184 |
} |
185 |
defaultServerProtocols = filteredProtocols.toArray(new String[filteredProtocols.size()]); |
186 |
if (defaultServerProtocols.length == 0) { |
180 |
if (defaultServerProtocols.length == 0) { |
187 |
log.warn(sm.getString("jsse.noDefaultProtocols")); |
181 |
log.warn(sm.getString("jsse.noDefaultProtocols")); |
188 |
} |
182 |
} |
Lines 482-488
Link Here
|
482 |
// Certificate encoding algorithm (e.g., SunX509) |
476 |
// Certificate encoding algorithm (e.g., SunX509) |
483 |
String algorithm = (String) attributes.get("algorithm"); |
477 |
String algorithm = (String) attributes.get("algorithm"); |
484 |
if (algorithm == null) { |
478 |
if (algorithm == null) { |
485 |
algorithm = KeyManagerFactory.getDefaultAlgorithm();; |
479 |
algorithm = KeyManagerFactory.getDefaultAlgorithm(); |
486 |
} |
480 |
} |
487 |
|
481 |
|
488 |
String keystoreType = (String) attributes.get("keystoreType"); |
482 |
String keystoreType = (String) attributes.get("keystoreType"); |
Lines 663-669
Link Here
|
663 |
if("PKIX".equalsIgnoreCase(algorithm)) { |
657 |
if("PKIX".equalsIgnoreCase(algorithm)) { |
664 |
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, |
658 |
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, |
665 |
new X509CertSelector()); |
659 |
new X509CertSelector()); |
666 |
Collection crls = getCRLs(crlf); |
660 |
Collection<? extends CRL> crls = getCRLs(crlf); |
667 |
CertStoreParameters csp = new CollectionCertStoreParameters(crls); |
661 |
CertStoreParameters csp = new CollectionCertStoreParameters(crls); |
668 |
CertStore store = CertStore.getInstance("Collection", csp); |
662 |
CertStore store = CertStore.getInstance("Collection", csp); |
669 |
xparams.addCertStore(store); |
663 |
xparams.addCertStore(store); |
Lines 856-862
Link Here
|
856 |
} |
850 |
} |
857 |
|
851 |
|
858 |
|
852 |
|
859 |
public static String[] filterInsecureProcotols(String[] protocols) { |
853 |
public static String[] filterInsecureProtocols(String[] protocols) { |
860 |
if (protocols == null) { |
854 |
if (protocols == null) { |
861 |
return null; |
855 |
return null; |
862 |
} |
856 |
} |
Lines 863-869
Link Here
|
863 |
|
857 |
|
864 |
List<String> result = new ArrayList<String>(protocols.length); |
858 |
List<String> result = new ArrayList<String>(protocols.length); |
865 |
for (String protocol : protocols) { |
859 |
for (String protocol : protocols) { |
866 |
if (protocol == null || protocol.contains("SSL")) { |
860 |
if (protocol == null || protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) { |
867 |
log.debug(sm.getString("jsse.excludeDefaultProtocol", protocol)); |
861 |
log.debug(sm.getString("jsse.excludeDefaultProtocol", protocol)); |
868 |
} else { |
862 |
} else { |
869 |
result.add(protocol); |
863 |
result.add(protocol); |