Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Wilkins2015-05-13 22:32:12 +0000
committerGreg Wilkins2015-05-13 22:32:12 +0000
commite5fac304b4af5d50d03d837e731acd46c880c0ca (patch)
tree29c5253491a4644d9d7dd45d6ee355c7ae89036a
parent1b2ee5e57616162afc320409f59ef65fd189f31e (diff)
downloadorg.eclipse.jetty.project-e5fac304b4af5d50d03d837e731acd46c880c0ca.tar.gz
org.eclipse.jetty.project-e5fac304b4af5d50d03d837e731acd46c880c0ca.tar.xz
org.eclipse.jetty.project-e5fac304b4af5d50d03d837e731acd46c880c0ca.zip
467276 NPE protection in SslContextFactory
Also-by: P.Ottlinger<phil@edojo.org>
-rw-r--r--jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java24
-rw-r--r--jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java10
2 files changed, 24 insertions, 10 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 378d1841c0..cf2e2a7c6f 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -44,6 +44,7 @@ import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -115,12 +116,13 @@ public class SslContextFactory extends AbstractLifeCycle
private final Set<String> _excludeProtocols = new LinkedHashSet<>();
/** Included protocols. */
- private Set<String> _includeProtocols = null;
+ private final Set<String> _includeProtocols = new LinkedHashSet<>();
/** Excluded cipher suites. */
private final Set<String> _excludeCipherSuites = new LinkedHashSet<>();
+
/** Included cipher suites. */
- private Set<String> _includeCipherSuites = null;
+ private final Set<String> _includeCipherSuites = new LinkedHashSet<>();
/** Keystore path. */
private String _keyStorePath;
@@ -367,7 +369,8 @@ public class SslContextFactory extends AbstractLifeCycle
public void setIncludeProtocols(String... protocols)
{
checkNotStarted();
- _includeProtocols = new LinkedHashSet<>(Arrays.asList(protocols));
+ _includeProtocols.clear();
+ _includeProtocols.addAll(Arrays.asList(protocols));
}
/**
@@ -419,7 +422,8 @@ public class SslContextFactory extends AbstractLifeCycle
public void setIncludeCipherSuites(String... cipherSuites)
{
checkNotStarted();
- _includeCipherSuites = new LinkedHashSet<>(Arrays.asList(cipherSuites));
+ _includeCipherSuites.clear();
+ _includeCipherSuites.addAll(Arrays.asList(cipherSuites));
}
/**
@@ -1037,7 +1041,7 @@ public class SslContextFactory extends AbstractLifeCycle
Set<String> selected_protocols = new LinkedHashSet<>();
// Set the starting protocols - either from the included or enabled list
- if (_includeProtocols!=null)
+ if (!_includeProtocols.isEmpty())
{
// Use only the supported included protocols
for (String protocol : _includeProtocols)
@@ -1067,17 +1071,17 @@ public class SslContextFactory extends AbstractLifeCycle
Set<String> selected_ciphers = new CopyOnWriteArraySet<>();
// Set the starting ciphers - either from the included or enabled list
- if (_includeCipherSuites!=null)
- processIncludeCipherSuites(supportedCipherSuites, selected_ciphers);
- else
+ if (_includeCipherSuites.isEmpty())
selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
+ else
+ processIncludeCipherSuites(supportedCipherSuites, selected_ciphers);
removeExcludedCipherSuites(selected_ciphers);
return selected_ciphers.toArray(new String[selected_ciphers.size()]);
}
- private void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
+ protected void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
{
for (String cipherSuite : _includeCipherSuites)
{
@@ -1091,7 +1095,7 @@ public class SslContextFactory extends AbstractLifeCycle
}
}
- private void removeExcludedCipherSuites(Set<String> selected_ciphers)
+ protected void removeExcludedCipherSuites(Set<String> selected_ciphers)
{
for (String excludeCipherSuite : _excludeCipherSuites)
{
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
index 1571c653bf..a59a4b33cd 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -21,6 +21,7 @@ package org.eclipse.jetty.util.ssl;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
@@ -240,6 +241,15 @@ public class SslContextFactoryTest
assertSelectedMatchesIncluded(includeProtocol, selectedProtocol);
}
+ @Test
+ public void testProtocolAndCipherSettingsAreNPESafe()
+ {
+ assertNotNull(cf.getExcludeProtocols());
+ assertNotNull(cf.getIncludeProtocols());
+ assertNotNull(cf.getExcludeCipherSuites());
+ assertNotNull(cf.getIncludeCipherSuites());
+ }
+
private void assertSelectedMatchesIncluded(String[] includeStrings, String[] selectedStrings)
{
assertThat(includeStrings.length + " strings are selected", selectedStrings.length, is(includeStrings.length));

Back to the top