aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java44
1 files changed, 36 insertions, 8 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 4f3f921df..84743b8c7 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -28,14 +28,18 @@ import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.lang3.StringUtils;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIException;
/**
@@ -116,8 +120,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -126,8 +130,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort, HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -135,16 +139,40 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
- return this.sslfactory.createSocket(host, port);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port));
}
-
+
/* (non-Javadoc)
* @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
*/
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(socket, host,
- port, autoClose);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(socket, host,
+ port, autoClose));
}
+ /**
+ * Enable only a specific subset of TLS cipher suites
+ * This subset can be set by 'https.cipherSuites' SystemProperty (z.B. -Dhttps.cipherSuites=...)
+ *
+ * @param sslSocket {@link SSLSocket}
+ * @return {@link SSLSocket} with Ciphersuites
+ */
+ private Socket setEnabledSslCiphers(Socket sslSocket) {
+ if (sslSocket instanceof SSLSocket) {
+ String systemProp = System.getProperty("https.cipherSuites");
+ if (MiscUtil.isNotEmpty(systemProp)) {
+ ((SSLSocket) sslSocket).setEnabledCipherSuites(systemProp.split(","));
+
+ }
+
+ try {
+ Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ","));
+ } catch (Exception e) {
+ Logger.error(e);
+ }
+ }
+
+ return sslSocket;
+ }
}