Cleaned up CryptoUtil.setClientCiphers().

The CryptoUtil.setClientCiphers() has been reformatted to simplify future refactoring.
author: Endi S. Dewata <edewata@redhat.com> 2017-03-17 05:11:42 +0100
committer: Endi S. Dewata <edewata@redhat.com> 2017-03-17 16:21:14 +0100
commit: 3eb6742e8d376277d0f3e163dab36359071ea5a6 (patch)
tree: d8b9e356740ccacd1bb9f2462dd2ff14b168e68d /base/util
parent: 4d6e6d05d5270a0e81ae12e2583cae9c49667c88 (diff)
download: pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.gz
pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.xz
pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.zip
1 files changed, 23 insertions, 19 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index f7395308d..8bf4c27af 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -956,30 +956,34 @@ public class CryptoUtil {
         }
     }
 
-    public static void setClientCiphers()
-            throws SocketException {
+    public static void setClientCiphers() throws SocketException {
+
         int ciphers[] = SSLSocket.getImplementedCipherSuites();
-        for (int j = 0; ciphers != null && j < ciphers.length; j++) {
-            boolean enabled = SSLSocket.getCipherPreferenceDefault(ciphers[j]);
+        if (ciphers == null) return;
+
+        for (int cipher : ciphers) {
+
+            boolean enabled = SSLSocket.getCipherPreferenceDefault(cipher);
             //System.out.println("CryptoUtil: cipher '0x" +
             //    Integer.toHexString(ciphers[j]) + "'" + " enabled? " +
             //    enabled);
+
             // make sure SSLv2 ciphers are not enabled
-            if ((ciphers[j] & 0xfff0) ==0xff00) {
-                if (enabled) {
-                    //System.out.println("CryptoUtil: disabling SSL2 NSS Cipher '0x" +
-                    //    Integer.toHexString(ciphers[j]) + "'");
-                    SSLSocket.setCipherPreferenceDefault(ciphers[j], false);
-                }
-            } else {
-                /*
-                 * unlike RSA ciphers, ECC ciphers are not enabled by default
-                 */
-                if ((!enabled) && clientECCipherList.contains(ciphers[j])) {
-                  //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" +
-                  //    Integer.toHexString(ciphers[j]) + "'");
-                  SSLSocket.setCipherPreferenceDefault(ciphers[j], true);
-                }
+            if ((cipher & 0xfff0) == 0xff00) {
+
+                if (!enabled) continue;
+
+                //System.out.println("CryptoUtil: disabling SSLv2 NSS Cipher '0x" +
+                //    Integer.toHexString(ciphers[j]) + "'");
+                SSLSocket.setCipherPreferenceDefault(cipher, false);
+                continue;
+            }
+
+            // unlike RSA ciphers, ECC ciphers are not enabled by default
+            if (!enabled && clientECCipherList.contains(cipher)) {
+                //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" +
+                //    Integer.toHexString(ciphers[j]) + "'");
+                SSLSocket.setCipherPreferenceDefault(cipher, true);
             }
         }
     }
author	Endi S. Dewata <edewata@redhat.com>	2017-03-17 05:11:42 +0100
committer	Endi S. Dewata <edewata@redhat.com>	2017-03-17 16:21:14 +0100
commit	3eb6742e8d376277d0f3e163dab36359071ea5a6 (patch)
tree	d8b9e356740ccacd1bb9f2462dd2ff14b168e68d /base/util
parent	4d6e6d05d5270a0e81ae12e2583cae9c49667c88 (diff)
download	pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.gz pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.xz pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.zip