summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-03-17 02:01:20 +0100
committerEndi S. Dewata <edewata@redhat.com>2017-03-17 16:17:03 +0100
commit4d6e6d05d5270a0e81ae12e2583cae9c49667c88 (patch)
tree474a48ab4a679ed6e55a5c2f8ccd4fb6c8e01cab /base
parent9c0fb168900913a8249745a0185af1859c715571 (diff)
downloadpki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.tar.gz
pki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.tar.xz
pki-4d6e6d05d5270a0e81ae12e2583cae9c49667c88.zip
Removed duplicate code to configure SSL version ranges.
The duplicate code for configuring default SSL version ranges has been merged into reusable methods in CryptoUtil.
Diffstat (limited to 'base')
-rw-r--r--base/common/src/com/netscape/certsrv/client/PKIConnection.java27
-rw-r--r--base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java75
-rw-r--r--base/java-tools/src/com/netscape/cmstools/HttpClient.java24
-rw-r--r--base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java24
4 files changed, 75 insertions, 75 deletions
diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
index 301c4c69b..2c979eac2 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -84,7 +84,7 @@ import org.mozilla.jss.ssl.SSLSocket;
import com.netscape.certsrv.base.PKIException;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
+import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
public class PKIConnection {
@@ -332,24 +332,8 @@ public class PKIConnection {
localAddr = localAddress.getAddress();
}
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
- stream_range);
-
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
- datagram_range);
-
+ CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
+ CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
CryptoUtil.setClientCiphers();
SSLSocket socket;
@@ -364,8 +348,9 @@ public class PKIConnection {
} else {
socket = new SSLSocket(sock, hostName, callback, null);
}
-// setSSLVersionRange needs to be exposed in jss
-// socket.setSSLVersionRange(org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0, org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+
+ // SSLSocket.setSSLVersionRange() needs to be exposed in JSS
+ // socket.setSSLVersionRange(SSLVersionRange.tls1_0, SSLVersionRange.tls1_2);
String certNickname = config.getCertNickname();
if (certNickname != null) {
diff --git a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
index 6908ed992..8678b5378 100644
--- a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
+++ b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
@@ -17,24 +17,45 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.admin.certsrv.connection;
-import java.util.*;
-import java.net.*;
-import java.io.*;
+import java.awt.Container;
+import java.awt.GridBagConstraints;
+import java.awt.GridBagLayout;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.net.SocketException;
+import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import com.netscape.admin.certsrv.*;
-import com.netscape.certsrv.common.*;
-import com.netscape.management.client.util.Debug;
-import com.netscape.management.client.util.*;
-import org.mozilla.jss.ssl.*;
-import org.mozilla.jss.*;
-import org.mozilla.jss.util.*;
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.pkcs11.*;
-import javax.swing.*;
-import java.awt.*;
-
+import java.util.Enumeration;
+import java.util.ResourceBundle;
+import java.util.Vector;
+
+import javax.swing.JComboBox;
+import javax.swing.JFrame;
+import javax.swing.JLabel;
+
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.InternalCertificate;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.util.Password;
+import org.mozilla.jss.util.PasswordCallback;
+import org.mozilla.jss.util.PasswordCallbackInfo;
+
+import com.netscape.admin.certsrv.CMSAdminResources;
import com.netscape.cmsutil.crypto.CryptoUtil;
+import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
+import com.netscape.management.client.util.AbstractDialog;
+import com.netscape.management.client.util.Debug;
+import com.netscape.management.client.util.GridBagUtil;
+import com.netscape.management.client.util.MultilineLabel;
+import com.netscape.management.client.util.SingleBytePasswordField;
+import com.netscape.management.client.util.UtilConsoleGlobals;
/**
* JSSConnection deals with establishing a connection to
@@ -98,24 +119,8 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac
} catch (Exception e) {
}
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
- stream_range);
-
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
- datagram_range);
-
+ CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
+ CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
CryptoUtil.setClientCiphers();
s = new SSLSocket(host, port, null, 0, this, this);
@@ -509,8 +514,8 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac
private boolean endOfHeader(byte[] hdr, int available) {
if (available == 2) {
- int c1 = (int)hdr[0];
- int c2 = (int)hdr[1];
+ int c1 = hdr[0];
+ int c2 = hdr[1];
//System.out.println("C1= " + c1);
//System.out.println("C2= " + c2);
diff --git a/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/base/java-tools/src/com/netscape/cmstools/HttpClient.java
index 6a008bf2c..aa3bd1743 100644
--- a/base/java-tools/src/com/netscape/cmstools/HttpClient.java
+++ b/base/java-tools/src/com/netscape/cmstools/HttpClient.java
@@ -41,6 +41,7 @@ import org.mozilla.jss.ssl.SSLSocket;
import org.mozilla.jss.util.Password;
import com.netscape.cmsutil.crypto.CryptoUtil;
+import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
import com.netscape.cmsutil.util.Utils;
/**
@@ -122,29 +123,14 @@ public class HttpClient {
token.login(pass);
SSLHandshakeCompletedListener listener = new ClientHandshakeCB(this);
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
- stream_range);
-
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range =
- new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1,
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
-
- SSLSocket.setSSLVersionRangeDefault(
- org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
- datagram_range);
+ CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
+ CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
CryptoUtil.setClientCiphers();
sslSocket = new SSLSocket(_host, _port);
- // setSSLVersionRange needs to be exposed in jss
- // sslSocket.setSSLVersionRange(org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0, org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+ // SSLSocket.setSSLVersionRange() needs to be exposed in JSS
+ // sslSocket.setSSLVersionRange(SSLVersionRange.tls1_0, SSLVersionRange.tls1_2);
sslSocket.addHandshakeCompletedListener(listener);
CryptoToken tt = cm.getThreadToken();
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index de1ac442c..f7395308d 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -99,6 +99,8 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Name;
import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant;
+import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange;
import org.mozilla.jss.util.Base64OutputStream;
import org.mozilla.jss.util.Password;
@@ -135,6 +137,19 @@ import netscape.security.x509.X509Key;
@SuppressWarnings("serial")
public class CryptoUtil {
+ public static enum SSLVersion {
+ SSL_3_0(SSLVersionRange.ssl3),
+ TLS_1_0(SSLVersionRange.tls1_0),
+ TLS_1_1(SSLVersionRange.tls1_1),
+ TLS_1_2(SSLVersionRange.tls1_2);
+
+ public int value;
+
+ SSLVersion(int value) {
+ this.value = value;
+ }
+ }
+
public final static String INTERNAL_TOKEN_NAME = "internal";
public final static String INTERNAL_TOKEN_FULL_NAME = "Internal Key Storage Token";
@@ -700,6 +715,15 @@ public class CryptoUtil {
return pair;
}
+ public static void setSSLStreamVersionRange(SSLVersion min, SSLVersion max) throws SocketException {
+ SSLVersionRange range = new SSLVersionRange(min.value, max.value);
+ SSLSocket.setSSLVersionRangeDefault(SSLProtocolVariant.STREAM, range);
+ }
+
+ public static void setSSLDatagramVersionRange(SSLVersion min, SSLVersion max) throws SocketException {
+ SSLVersionRange range = new SSLVersionRange(min.value, max.value);
+ SSLSocket.setSSLVersionRangeDefault(SSLProtocolVariant.DATA_GRAM, range);
+ }
private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
static {
generated by cgit (git 2.34.1) at 2024-09-26 20:17:44 +0000