Skip to content

Commit dfe593e

Browse files
kareskares
committed
[feat] support Java cipher names on SSLContext#ciphers=
1 parent 17e98b7 commit dfe593e

File tree

3 files changed

+28
-6
lines changed

3 files changed

+28
-6
lines changed

src/main/java/org/jruby/ext/openssl/CipherStrings.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -781,7 +781,7 @@ private static Collection<Def> matchingPattern(
781781
private final static Map<String, Def> Definitions;
782782
//private final static ArrayList<Def> Ciphers;
783783
private final static Map<String, Def> CipherNames;
784-
private final static Map<String, String> SuiteToOSSL;
784+
final static Map<String, String> SuiteToOSSL;
785785

786786
static {
787787
Definitions = new HashMap<String, Def>( 48, 1 );

src/main/java/org/jruby/ext/openssl/SSLContext.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@
8383
import org.jruby.ext.openssl.x509store.X509Object;
8484
import org.jruby.ext.openssl.x509store.X509Utils;
8585

86+
import static org.jruby.ext.openssl.CipherStrings.SuiteToOSSL;
8687
import static org.jruby.ext.openssl.StringHelper.*;
8788
import static org.jruby.ext.openssl.SSL.*;
8889
import static org.jruby.ext.openssl.X509Cert._Certificate;
@@ -569,9 +570,13 @@ else if ( ciphers instanceof RubyArray ) {
569570
StringBuilder cipherStr = new StringBuilder();
570571
String sep = "";
571572
for ( int i = 0; i < ciphs.size(); i++ ) {
572-
IRubyObject elem = ciphs.eltInternal(i);
573+
Object elem = ciphs.eltInternal(i);
573574
if (elem instanceof RubyArray) {
574575
elem = ((RubyArray) elem).eltInternal(0);
576+
} else if (elem instanceof RubyString) {
577+
// NOTE: JOSSL allows to pass in Java cipher names (in an array)
578+
String osslName = SuiteToOSSL.get(((RubyString) elem).asJavaString());
579+
if (osslName != null) elem = osslName;
575580
}
576581
cipherStr.append(sep).append( elem.toString() );
577582
sep = ":";

src/test/ruby/ssl/test_context.rb

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ def test_set_ciphers_by_group_name
177177
context = OpenSSL::SSL::SSLContext.new
178178
context.ciphers = "AES"
179179

180-
actual = context.ciphers.map { |cipher| cipher[0]}
180+
actual = context.ciphers.map { |cipher| cipher[0] }
181181
assert actual.include?("ECDHE-RSA-AES128-SHA")
182182
assert actual.include?("ECDHE-ECDSA-AES128-SHA")
183183
assert actual.include?("AES128-SHA")
@@ -186,26 +186,43 @@ def test_set_ciphers_by_group_name
186186
def test_set_ciphers_by_cipher_name
187187
context = OpenSSL::SSL::SSLContext.new
188188
context.ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"
189-
actual = context.ciphers.map { |cipher| cipher[0]}
189+
actual = context.ciphers.map { |cipher| cipher[0] }
190190
assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
191191
assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384")
192192
end
193193

194194
def test_set_ciphers_by_array_of_names
195195
context = OpenSSL::SSL::SSLContext.new
196196
context.ciphers = ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384"]
197-
actual = context.ciphers.map { |cipher| cipher[0]}
197+
actual = context.ciphers.map { |cipher| cipher[0] }
198198
assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
199199
assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384")
200200
end
201201

202202
def test_set_ciphers_by_array_of_name_version_bits
203203
context = OpenSSL::SSL::SSLContext.new
204204
context.ciphers = [["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1.2", 128, 128]]
205-
actual = context.ciphers.map { |cipher| cipher[0]}
205+
actual = context.ciphers.map { |cipher| cipher[0] }
206206
assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
207207
end
208208

209+
def test_set_ciphers_by_array_supports_setting_java_names
210+
context = OpenSSL::SSL::SSLContext.new
211+
context.ciphers = [
212+
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", # Java name
213+
"ECDHE-ECDSA-AES256-GCM-SHA384", # Ruby name
214+
'TLS_AES_256_GCM_SHA384' # same name in Ruby/Java
215+
]
216+
actual = context.ciphers.map { |cipher| cipher[0] }
217+
assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256"), actual.inspect
218+
assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384"), actual.inspect
219+
assert actual.include?("TLS_AES_256_GCM_SHA384"), actual.inspect
220+
221+
context.ciphers = [ 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' ]
222+
actual = context.ciphers.map { |cipher| cipher[0] }
223+
assert_equal actual, ['ECDHE-RSA-AES256-GCM-SHA384']
224+
end
225+
209226
def test_set_ciphers_empty_array
210227
context = OpenSSL::SSL::SSLContext.new
211228
ex = assert_raise(OpenSSL::SSL::SSLError) do

0 commit comments

Comments
 (0)