github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 16:24:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

findbugs correction

Browse Source
This commit is contained in:
Jeremy Long
2016-07-24 08:07:39 -04:00
parent 5f76843c4a
commit f0a3482eda
1 changed files with 45 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java
View File

@@ -25,6 +25,7 @@ import org.slf4j.LoggerFactory;
* The following code was copied from * The following code was copied from
* http://stackoverflow.com/questions/1037590/which-cipher-suites-to-enable-for-ssl-socket/23365536#23365536 * http://stackoverflow.com/questions/1037590/which-cipher-suites-to-enable-for-ssl-socket/23365536#23365536
* *
* @author <a href="http://stackoverflow.com/users/608639/jww">jww</a>
*/ */
public class SSLSocketFactoryEx extends SSLSocketFactory { public class SSLSocketFactoryEx extends SSLSocketFactory {
@@ -77,7 +78,7 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public String[] getDefaultCipherSuites() { public String[] getDefaultCipherSuites() {
return m_ciphers; return Arrays.copyOf(ciphers, ciphers.length);
} }
/** /**
@@ -87,7 +88,7 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public String[] getSupportedCipherSuites() { public String[] getSupportedCipherSuites() {
return m_ciphers; return Arrays.copyOf(ciphers, ciphers.length);
} }
/** /**
@@ -96,7 +97,7 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* @return the default protocols * @return the default protocols
*/ */
public String[] getDefaultProtocols() { public String[] getDefaultProtocols() {
return m_protocols; return Arrays.copyOf(protocols, protocols.length);
} }
/** /**
@@ -105,7 +106,7 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* @return the supported protocols * @return the supported protocols
*/ */
public String[] getSupportedProtocols() { public String[] getSupportedProtocols() {
return m_protocols; return Arrays.copyOf(protocols, protocols.length);
} }
/** /**
@@ -120,11 +121,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
SSLSocket ss = (SSLSocket) factory.createSocket(s, host, port, autoClose); final SSLSocket ss = (SSLSocket) factory.createSocket(s, host, port, autoClose);
ss.setEnabledProtocols(m_protocols); ss.setEnabledProtocols(protocols);
ss.setEnabledCipherSuites(m_ciphers); ss.setEnabledCipherSuites(ciphers);
return ss; return ss;
} }
@@ -141,11 +142,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
SSLSocket ss = (SSLSocket) factory.createSocket(address, port, localAddress, localPort); final SSLSocket ss = (SSLSocket) factory.createSocket(address, port, localAddress, localPort);
ss.setEnabledProtocols(m_protocols); ss.setEnabledProtocols(protocols);
ss.setEnabledCipherSuites(m_ciphers); ss.setEnabledCipherSuites(ciphers);
return ss; return ss;
} }
@@ -162,11 +163,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
SSLSocket ss = (SSLSocket) factory.createSocket(host, port, localHost, localPort); final SSLSocket ss = (SSLSocket) factory.createSocket(host, port, localHost, localPort);
ss.setEnabledProtocols(m_protocols); ss.setEnabledProtocols(protocols);
ss.setEnabledCipherSuites(m_ciphers); ss.setEnabledCipherSuites(ciphers);
return ss; return ss;
} }
@@ -181,11 +182,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public Socket createSocket(InetAddress host, int port) throws IOException { public Socket createSocket(InetAddress host, int port) throws IOException {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
SSLSocket ss = (SSLSocket) factory.createSocket(host, port); final SSLSocket ss = (SSLSocket) factory.createSocket(host, port);
ss.setEnabledProtocols(m_protocols); ss.setEnabledProtocols(protocols);
ss.setEnabledCipherSuites(m_ciphers); ss.setEnabledCipherSuites(ciphers);
return ss; return ss;
} }
@@ -200,11 +201,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
@Override @Override
public Socket createSocket(String host, int port) throws IOException { public Socket createSocket(String host, int port) throws IOException {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
SSLSocket ss = (SSLSocket) factory.createSocket(host, port); final SSLSocket ss = (SSLSocket) factory.createSocket(host, port);
ss.setEnabledProtocols(m_protocols); ss.setEnabledProtocols(protocols);
ss.setEnabledCipherSuites(m_ciphers); ss.setEnabledCipherSuites(ciphers);
return ss; return ss;
} }
@@ -221,11 +222,11 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
private void initSSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random) private void initSSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random)
throws NoSuchAlgorithmException, KeyManagementException { throws NoSuchAlgorithmException, KeyManagementException {
m_ctx = SSLContext.getInstance("TLS"); sslCtxt = SSLContext.getInstance("TLS");
m_ctx.init(km, tm, random); sslCtxt.init(km, tm, random);
m_protocols = getProtocolList(); protocols = getProtocolList();
m_ciphers = getCipherList(); ciphers = getCipherList();
} }
/** /**
@@ -238,10 +239,10 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/ */
private void initSSLSocketFactoryEx(SSLContext ctx) private void initSSLSocketFactoryEx(SSLContext ctx)
throws NoSuchAlgorithmException, KeyManagementException { throws NoSuchAlgorithmException, KeyManagementException {
m_ctx = ctx; sslCtxt = ctx;
m_protocols = getProtocolList(); protocols = getProtocolList();
m_ciphers = getCipherList(); ciphers = getCipherList();
} }
/** /**
@@ -250,13 +251,13 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* @return the protocol list * @return the protocol list
*/ */
protected String[] getProtocolList() { protected String[] getProtocolList() {
String[] preferredProtocols = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; final String[] preferredProtocols = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] availableProtocols = null; String[] availableProtocols = null;
SSLSocket socket = null; SSLSocket socket = null;
try { try {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
socket = (SSLSocket) factory.createSocket(); socket = (SSLSocket) factory.createSocket();
availableProtocols = socket.getSupportedProtocols(); availableProtocols = socket.getSupportedProtocols();
@@ -274,9 +275,9 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
} }
} }
List<String> aa = new ArrayList<String>(); final List<String> aa = new ArrayList<String>();
for (String preferredProtocol : preferredProtocols) { for (String preferredProtocol : preferredProtocols) {
int idx = Arrays.binarySearch(availableProtocols, preferredProtocol); final int idx = Arrays.binarySearch(availableProtocols, preferredProtocol);
if (idx >= 0) { if (idx >= 0) {
aa.add(preferredProtocol); aa.add(preferredProtocol);
} }
@@ -291,7 +292,7 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* @return the cipher list * @return the cipher list
*/ */
protected String[] getCipherList() { protected String[] getCipherList() {
String[] preferredCiphers = { final String[] preferredCiphers = {
// *_CHACHA20_POLY1305 are 3x to 4x faster than existing cipher suites. // *_CHACHA20_POLY1305 are 3x to 4x faster than existing cipher suites.
// http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html // http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html
// Use them if available. Normative names can be found at (TLS spec depends on IPSec spec): // Use them if available. Normative names can be found at (TLS spec depends on IPSec spec):
@@ -332,13 +333,12 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
"TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA",};
};
String[] availableCiphers; String[] availableCiphers;
try { try {
SSLSocketFactory factory = m_ctx.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
availableCiphers = factory.getSupportedCipherSuites(); availableCiphers = factory.getSupportedCipherSuites();
Arrays.sort(availableCiphers); Arrays.sort(availableCiphers);
} catch (Exception e) { } catch (Exception e) {
@@ -352,13 +352,12 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV" "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",};
};
} }
List<String> aa = new ArrayList<String>(); final List<String> aa = new ArrayList<String>();
for (String preferredCipher : preferredCiphers) { for (String preferredCipher : preferredCiphers) {
int idx = Arrays.binarySearch(availableCiphers, preferredCipher); final int idx = Arrays.binarySearch(availableCiphers, preferredCipher);
if (idx >= 0) { if (idx >= 0) {
aa.add(preferredCipher); aa.add(preferredCipher);
} }
@@ -372,13 +371,13 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
/** /**
* The SSL context. * The SSL context.
*/ */
private SSLContext m_ctx; private SSLContext sslCtxt;
/** /**
* The cipher suites. * The cipher suites.
*/ */
private String[] m_ciphers; private String[] ciphers;
/** /**
* The protocols. * The protocols.
*/ */
private String[] m_protocols; private String[] protocols;
} }