diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 02:01:20 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 16:17:03 +0100 |
commit | 4d6e6d05d5270a0e81ae12e2583cae9c49667c88 (patch) | |
tree | 474a48ab4a679ed6e55a5c2f8ccd4fb6c8e01cab /base/util | |
parent | 9c0fb168900913a8249745a0185af1859c715571 (diff) | |
download | pki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.tar.gz pki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.tar.xz pki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.zip |
Removed duplicate code to configure SSL version ranges.
The duplicate code for configuring default SSL version ranges has
been merged into reusable methods in CryptoUtil.
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index de1ac442c..f7395308d 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -99,6 +99,8 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; import org.mozilla.jss.ssl.SSLSocket; +import org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant; +import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange; import org.mozilla.jss.util.Base64OutputStream; import org.mozilla.jss.util.Password; @@ -135,6 +137,19 @@ import netscape.security.x509.X509Key; @SuppressWarnings("serial") public class CryptoUtil { + public static enum SSLVersion { + SSL_3_0(SSLVersionRange.ssl3), + TLS_1_0(SSLVersionRange.tls1_0), + TLS_1_1(SSLVersionRange.tls1_1), + TLS_1_2(SSLVersionRange.tls1_2); + + public int value; + + SSLVersion(int value) { + this.value = value; + } + } + public final static String INTERNAL_TOKEN_NAME = "internal"; public final static String INTERNAL_TOKEN_FULL_NAME = "Internal Key Storage Token"; @@ -700,6 +715,15 @@ public class CryptoUtil { return pair; } + public static void setSSLStreamVersionRange(SSLVersion min, SSLVersion max) throws SocketException { + SSLVersionRange range = new SSLVersionRange(min.value, max.value); + SSLSocket.setSSLVersionRangeDefault(SSLProtocolVariant.STREAM, range); + } + + public static void setSSLDatagramVersionRange(SSLVersion min, SSLVersion max) throws SocketException { + SSLVersionRange range = new SSLVersionRange(min.value, max.value); + SSLSocket.setSSLVersionRangeDefault(SSLProtocolVariant.DATA_GRAM, range); + } private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>(); static { |