The code that converts cipher name into cipher ID and enables the cipher in CryptoUtil.setClientCiphers() has been moved into a separate method.
Pushed to master under trivial rule. -- Endi S. Dewata
>From af7be30e164b1aebbb0e6eaf1fbfc6b9fb46360e Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Sun, 19 Mar 2017 20:16:53 +0100 Subject: [PATCH] Refactored CryptoUtil.setClientCiphers(). The code that converts cipher name into cipher ID and enables the cipher in CryptoUtil.setClientCiphers() has been moved into a separate method. --- .../src/com/netscape/cmsutil/crypto/CryptoUtil.java | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 729d71d63edc84d6681ddd3e5299e877d8ea8250..d708230e3597f0834d0d2e184bd5df2b8efd53f5 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -48,8 +48,8 @@ import java.util.Vector; import org.apache.commons.lang.StringUtils; import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.NoSuchTokenException; +import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.SecretDecoderRing.KeyManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; @@ -105,6 +105,7 @@ import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange; import org.mozilla.jss.util.Base64OutputStream; import org.mozilla.jss.util.Password; +import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; @@ -942,14 +943,18 @@ public class CryptoUtil { unsetSSLCiphers(); for (String cipher : ciphers) { + setSSLCipher(cipher, true); + } + } - Integer cipherID = cipherMap.get(cipher); - if (cipherID == null) { - throw new SocketException("Unsupported cipher: " + cipher); - } + public static void setSSLCipher(String cipher, boolean enabled) throws SocketException { - SSLSocket.setCipherPreferenceDefault(cipherID, true); + Integer cipherID = cipherMap.get(cipher); + if (cipherID == null) { + throw new SocketException("Unsupported cipher: " + cipher); } + + SSLSocket.setCipherPreferenceDefault(cipherID, enabled); } public static void setDefaultSSLCiphers() throws SocketException { -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel