summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Kellner <tobias.kellner@iaik.tugraz.at>2015-10-20 17:25:11 +0200
committerTobias Kellner <tobias.kellner@iaik.tugraz.at>2015-10-20 17:27:43 +0200
commit9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568 (patch)
treead79d0ede1ea6ecb9e8edb66cbaf5fda4bd21039
parent8a30b20b156bc402c7e576cbcac268e664fef2e3 (diff)
downloadmocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.tar.gz
mocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.tar.bz2
mocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.zip
Disabling of EC cipher suites not needed anymore
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java43
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java83
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java51
3 files changed, 1 insertions, 176 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index 5285382c..9eaa13b2 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -116,49 +116,6 @@ public class Container {
sslConnector.setPassword(passwd);
sslConnector.setKeyPassword(passwd);
- //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
- String[] RFC4492CipherSuites = new String[] {
- "TLS_ECDH_ECDSA_WITH_NULL_SHA",
- "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
- "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
- "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDH_RSA_WITH_NULL_SHA",
- "TLS_ECDH_RSA_WITH_RC4_128_SHA",
- "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,",
- "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_RSA_WITH_NULL_SHA",
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
- "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDH_anon_WITH_NULL_SHA",
- "TLS_ECDH_anon_WITH_RC4_128_SHA",
- "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
- "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
- };
-
- sslConnector.setExcludeCipherSuites(RFC4492CipherSuites);
-
server.setConnectors(new Connector[]{connector, sslConnector});
webapp = new WebAppContext();
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java
deleted file mode 100644
index a9e96126..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package at.gv.egiz.bku.spring;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-
-public class InternalSSLSocketFactory extends SSLSocketFactory {
-
- private SSLSocketFactory proxy;
- private String[] suites;
-
- public InternalSSLSocketFactory(SSLSocketFactory socketFactory,
- String[] disabledSuites) {
- this.proxy = socketFactory;
- List<String> dSuites = Arrays.asList(disabledSuites);
- List<String> suites = new ArrayList<String>(Arrays.asList(proxy.getDefaultCipherSuites()));
- suites.removeAll(dSuites);
- this.suites = suites.toArray(new String[suites.size()]);
- }
-
- @Override
- public Socket createSocket(Socket s, String host, int port,
- boolean autoClose) throws IOException {
- Socket socket = proxy.createSocket(s, host, port, autoClose);
- setCipherSuites(socket);
- return socket;
- }
-
- @Override
- public String[] getDefaultCipherSuites() {
- return suites;
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return proxy.getSupportedCipherSuites();
- }
-
- @Override
- public Socket createSocket(String host, int port) throws IOException,
- UnknownHostException {
- Socket socket = proxy.createSocket(host, port);
- setCipherSuites(socket);
- return socket;
- }
-
- @Override
- public Socket createSocket(InetAddress host, int port) throws IOException {
- Socket socket = proxy.createSocket(host, port);
- setCipherSuites(socket);
- return socket;
- }
-
- @Override
- public Socket createSocket(String host, int port, InetAddress localHost,
- int localPort) throws IOException, UnknownHostException {
- Socket socket = proxy.createSocket(host, port, localHost,
- localPort);
- setCipherSuites(socket);
- return socket;
- }
-
- @Override
- public Socket createSocket(InetAddress address, int port,
- InetAddress localAddress, int localPort) throws IOException {
- Socket socket = proxy.createSocket(address, port, localAddress,
- localPort);
- setCipherSuites(socket);
- return socket;
- }
-
- private void setCipherSuites(Socket socket) {
- if (socket instanceof SSLSocket)
- ((SSLSocket) socket).setEnabledCipherSuites(suites);
- }
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java
index f49c1c17..a16265c9 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java
@@ -49,47 +49,6 @@ public class SSLSocketFactoryBean implements FactoryBean {
private Configuration configuration;
- //avoid ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
- private final String DEFAULT_DISABLED_CIPHER_SUITES =
- "TLS_ECDH_ECDSA_WITH_NULL_SHA," +
- "TLS_ECDH_ECDSA_WITH_RC4_128_SHA," +
- "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," +
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,"+
- "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," +
- "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384," +
- "TLS_ECDHE_ECDSA_WITH_NULL_SHA," +
- "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA," +
- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," +
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," +
- "TLS_ECDH_RSA_WITH_NULL_SHA," +
- "TLS_ECDH_RSA_WITH_RC4_128_SHA," +
- "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,"+
- "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," +
- "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384," +
- "TLS_ECDHE_RSA_WITH_NULL_SHA," +
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA," +
- "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," +
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,"+
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," +
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," +
- "TLS_ECDH_anon_WITH_NULL_SHA," +
- "TLS_ECDH_anon_WITH_RC4_128_SHA," +
- "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDH_anon_WITH_AES_128_CBC_SHA," +
- "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
-
public static final String SSL_PROTOCOL = "SSL.sslProtocol";
public static final String SSL_DISABLE_ALL_CHECKS = "SSL.disableAllChecks";
@@ -103,12 +62,6 @@ public class SSLSocketFactoryBean implements FactoryBean {
public boolean disableAllSslChecks() {
return configuration.getBoolean(SSL_DISABLE_ALL_CHECKS, false);
}
-
- public String[] getDisabledCipherSuites() {
- String suites = configuration.getString(SSL_DISABLED_CIPHER_SUITES,
- DEFAULT_DISABLED_CIPHER_SUITES);
- return suites.split(",");
- }
}
/**
@@ -148,9 +101,7 @@ public class SSLSocketFactoryBean implements FactoryBean {
SSLContext sslContext = SSLContext.getInstance(configurationFacade.getSslProtocol());
sslContext.init(null, new TrustManager[] {pkiTrustManager}, null);
- SSLSocketFactory ssf = sslContext.getSocketFactory();
-
- return new InternalSSLSocketFactory(ssf, configurationFacade.getDisabledCipherSuites());
+ return sslContext.getSocketFactory();
}
@Override