FELIX-4376 Allow configuring included and excluded SSL Cipher Suites
for the Jetty server.
Applying slightly modified patch by Dominique Pfister (thanks)
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1556619 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
index 049c8df..9a84ded 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
@@ -108,6 +108,13 @@
/** Felix specific property to set the list of path exclusions for Web Application Bundles */
public static final String FELIX_HTTP_PATH_EXCLUSIONS = "org.apache.felix.http.path_exclusions";
+ /** Felix specific property to configure the excluded cipher suites */
+ public static final String FELIX_JETTY_EXCLUDED_SUITES = "org.apache.felix.https.jetty.cipersuites.excluded";
+
+ /** Felix specific property to configure the included cipher suites */
+ public static final String FELIX_JETTY_INCLUDED_SUITES = "org.apache.felix.https.jetty.cipersuites.included";
+
+
private static String validateContextPath(String ctxPath)
{
// undefined, empty, or root context path
@@ -173,6 +180,11 @@
return validateContextPath(getProperty(FELIX_HTTP_CONTEXT_PATH, null));
}
+ public String[] getExcludedCipherSuites()
+ {
+ return getStringArrayProperty(FELIX_JETTY_EXCLUDED_SUITES, null);
+ }
+
public String getHost()
{
return getProperty(FELIX_HOST, null);
@@ -193,6 +205,11 @@
return getIntProperty(HTTP_TIMEOUT, 60000);
}
+ public String[] getIncludedCipherSuites()
+ {
+ return getStringArrayProperty(FELIX_JETTY_INCLUDED_SUITES, null);
+ }
+
/**
* Returns the named generic configuration property from the
* configuration or the bundle context. If neither property is defined
@@ -330,7 +347,7 @@
/**
* Updates this configuration with the given dictionary.
- *
+ *
* @param props the dictionary with the new configuration values, can be <code>null</code> to reset this configuration to its defaults.
* @return <code>true</code> if the configuration was updated due to a changed value, or <code>false</code> if no change was found.
*/
@@ -341,7 +358,7 @@
props = new Properties();
}
- // FELIX-4312 Check whether there's something changed in our configuration...
+ // FELIX-4312 Check whether there's something changed in our configuration...
Dictionary currentConfig = this.config;
if (currentConfig == null || !props.equals(currentConfig))
{
@@ -381,7 +398,7 @@
* <dd>[,9000) | 1 < port < 9000</dd>
* <dd>[8000,) | 8000 <= port < 65534</dd>
* </dl>
- *
+ *
* @param portProp
* The port property value to parse.
* @return The port determined to be usable. -1 if failed to find a port.
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
index 3841d0f..9eb56fd 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
@@ -369,6 +369,16 @@
{
connector.setNeedClientAuth(true);
}
+
+ if (this.config.getExcludedCipherSuites() != null)
+ {
+ connector.setExcludeCipherSuites(this.config.getExcludedCipherSuites());
+ }
+
+ if (this.config.getIncludedCipherSuites() != null)
+ {
+ connector.setIncludeCipherSuites(this.config.getIncludedCipherSuites());
+ }
}
private void configureConnector(final Connector connector, int port)
diff --git a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
index 3df364d..f96743c 100644
--- a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
+++ b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -128,4 +128,12 @@
org.apache.felix.http.path_exclusions.description = Contains a list of \
context path prefixes. If a Web Application Bundle is started with a \
context path matching any of these prefixes, it will not be deployed \
- in the servlet container.
\ No newline at end of file
+ in the servlet container.
+
+org.apache.felix.https.jetty.cipersuites.excluded.name = Excluded cipher suites
+org.apache.felix.https.jetty.cipersuites.excluded.description = List of cipher \
+ suites that should be excluded. Default is none.
+
+org.apache.felix.https.jetty.cipersuites.included.name = Included cipher suites
+org.apache.felix.https.jetty.cipersuites.included.description = List of cipher \
+ suites that should be included. Default is none.
diff --git a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
index 227a9f6..ec8e243 100644
--- a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -45,6 +45,8 @@
<AD id="org.apache.felix.http.jetty.responseBufferSize" type="Integer" default="24576" name="%org.apache.felix.http.jetty.responseBufferSize.name" description="%org.apache.felix.http.jetty.responseBufferSize.description"/>
<AD id="org.apache.felix.http.debug" type="Boolean" default="false" name="%org.apache.felix.http.debug.name" description="%org.apache.felix.http.debug.description"/>
<AD id="org.apache.felix.http.path_exclusions" type="String" default="/system" cardinality="2147483647" name="%org.apache.felix.http.path_exclusions.name" description="%org.apache.felix.http.path_exclusions.description"/>
+ <AD id="org.apache.felix.https.jetty.cipersuites.excluded" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.excluded.name" description="%org.apache.felix.https.jetty.cipersuites.excluded.description"/>
+ <AD id="org.apache.felix.https.jetty.cipersuites.included" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.included.name" description="%org.apache.felix.https.jetty.cipersuites.included.description"/>
</OCD>
<Designate pid="org.apache.felix.http">
<Object ocdref="org.apache.felix.http"/>