diff options
Diffstat (limited to 'src/com/isode/stroke/tls/java/JSSEContextFactory.java')
-rw-r--r-- | src/com/isode/stroke/tls/java/JSSEContextFactory.java | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/src/com/isode/stroke/tls/java/JSSEContextFactory.java b/src/com/isode/stroke/tls/java/JSSEContextFactory.java index 0ddb4fd..63b184d 100644 --- a/src/com/isode/stroke/tls/java/JSSEContextFactory.java +++ b/src/com/isode/stroke/tls/java/JSSEContextFactory.java @@ -1,4 +1,4 @@ -/* Copyright (c) 2012, Isode Limited, London, England. +/* Copyright (c) 2012-2013, Isode Limited, London, England. * All rights reserved. * * Acquisition and use of this software and related materials for any @@ -10,12 +10,19 @@ package com.isode.stroke.tls.java; +import java.util.HashSet; +import java.util.Set; + import com.isode.stroke.tls.TLSContext; import com.isode.stroke.tls.TLSContextFactory; /** * Concrete implementation of a TLSContextFactory which uses SSLEngine - * and maybe other stuff? ..tbs... + * + * <p>Ciphersuite names recognised by this class correspond to the standard + * names as described in + * <a href=http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites> + * Oracle's "Java Cryptography Architecture Standard Algorithm Name Documentation"</a>. * */ public class JSSEContextFactory implements TLSContextFactory { @@ -27,7 +34,29 @@ public class JSSEContextFactory implements TLSContextFactory { @Override public TLSContext createTLSContext() { - return new JSSEContext(); + return new JSSEContext(restrictedCipherSuites); } + + private static Set<String> restrictedCipherSuites = null; + + /** + * Restrict which cipher suites are to be enabled for any TLSContexts + * returned by this factory from now on. Any name which is + * not recognised, or not available is ignored: this method cannot be + * used to enable otherwise unavailable ciphersuites. + * + * @param cipherSuites a set of cipher suite names. If this parameter is + * null, then no restriction on cipher suites applies (all suites available + * to the implementation will be enabled). + * + */ + public static void setRestrictedCipherSuites(Set<String> cipherSuites) { + if (cipherSuites == null) { + restrictedCipherSuites = null; + return; + } + + restrictedCipherSuites = new HashSet<String>(cipherSuites); + } } |