diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java index d35fbc37e605b..3825d80165504 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java @@ -22,7 +22,6 @@ import com.google.common.base.Strings; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyStore; @@ -35,7 +34,6 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLException; import javax.net.ssl.TrustManagerFactory; import lombok.Getter; import lombok.extern.slf4j.Slf4j; @@ -66,22 +64,22 @@ public enum Mode { @Getter private final Mode mode; - private String sslProviderString; - private String keyStoreTypeString; - private String keyStorePath; - private String keyStorePassword; - private boolean allowInsecureConnection; - private String trustStoreTypeString; - private String trustStorePath; - private String trustStorePassword; - private boolean needClientAuth; - private Set ciphers; - private Set protocols; + private final String sslProviderString; + private final String keyStoreTypeString; + private final String keyStorePath; + private final String keyStorePassword; + private final boolean allowInsecureConnection; + private final String trustStoreTypeString; + private final String trustStorePath; + private final String trustStorePassword; + private final boolean needClientAuth; + private final Set ciphers; + private final Set protocols; private SSLContext sslContext; - private String protocol = DEFAULT_SSL_PROTOCOL; - private String kmfAlgorithm = DEFAULT_SSL_KEYMANGER_ALGORITHM; - private String tmfAlgorithm = DEFAULT_SSL_TRUSTMANAGER_ALGORITHM; + private final String protocol = DEFAULT_SSL_PROTOCOL; + private final String kmfAlgorithm = DEFAULT_SSL_KEYMANGER_ALGORITHM; + private final String tmfAlgorithm = DEFAULT_SSL_TRUSTMANAGER_ALGORITHM; // only init vars, before using it, need to call createSSLContext to create ssl context. public KeyStoreSSLContext(Mode mode, @@ -109,8 +107,6 @@ public KeyStoreSSLContext(Mode mode, this.trustStorePath = trustStorePath; this.trustStorePassword = trustStorePassword; this.needClientAuth = requireTrustedClientCertOnConnect; - this.ciphers = ciphers; - this.protocols = protocols; if (protocols != null && protocols.size() > 0) { this.protocols = protocols; @@ -189,7 +185,11 @@ public SSLEngine createSSLEngine(String peerHost, int peerPort) { private SSLEngine configureSSLEngine(SSLEngine sslEngine) { sslEngine.setEnabledProtocols(protocols.toArray(new String[0])); - sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites()); + if (this.ciphers == null) { + sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites()); + } else { + sslEngine.setEnabledCipherSuites(this.ciphers.toArray(new String[0])); + } if (this.mode == Mode.SERVER) { sslEngine.setNeedClientAuth(this.needClientAuth); @@ -210,7 +210,7 @@ public static KeyStoreSSLContext createClientKeyStoreSslContext(String sslProvid String trustStorePassword, Set ciphers, Set protocols) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.CLIENT, sslProviderString, keyStoreTypeString, @@ -240,7 +240,7 @@ public static KeyStoreSSLContext createServerKeyStoreSslContext(String sslProvid boolean requireTrustedClientCertOnConnect, Set ciphers, Set protocols) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.SERVER, sslProviderString, keyStoreTypeString, @@ -268,7 +268,7 @@ public static SSLContext createServerSslContext(String sslProviderString, String trustStorePath, String trustStorePassword, boolean requireTrustedClientCertOnConnect) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { return createServerKeyStoreSslContext( sslProviderString, @@ -295,7 +295,7 @@ public static SSLContext createClientSslContext(String sslProviderString, String trustStorePassword, Set ciphers, Set protocol) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.CLIENT, sslProviderString, keyStoreTypeString, @@ -319,7 +319,7 @@ public static SSLContext createClientSslContext(String keyStoreTypeString, String trustStoreTypeString, String trustStorePath, String trustStorePassword) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.CLIENT, null, keyStoreTypeString, @@ -347,7 +347,7 @@ public static SslContextFactory createSslContextFactory(String sslProviderString String trustStorePassword, boolean requireTrustedClientCertOnConnect, long certRefreshInSec) - throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { + throws GeneralSecurityException, IOException { SslContextFactory sslCtxFactory; if (sslProviderString == null) {