From 40ae4fefc7e4c7cbf6f7e9d15b5e93fb497c993f Mon Sep 17 00:00:00 2001
From: Stephane Landelle <slandelle@gatling.io>
Date: Mon, 5 Feb 2018 12:58:34 +0100
Subject: [PATCH] Introduce an alternative IdentityCipherSuiteFilter that
 defaults to supportedCiphers, close #7655

Motivation:

Sometimes, it would be convenient to be able to easily enable all
supported cipher suites, regardless of security.

Currently, the only way it to retrieve all supported ciphers and pass
them explicitly.

Modification:

Introduce a new IdentityCipherSuiteFilter singleton that defaults to
supportedCiphers instead of defaultCiphers when ciphers are null.

Result:

Convenient way to enabled all supported cipher suites.
---
 .../ssl/IdentityCipherSuiteFilter.java        | 23 ++++++++--
 .../ssl/IdentityCipherSuiteFilterTest.java    | 46 +++++++++++++++++++
 2 files changed, 65 insertions(+), 4 deletions(-)
 create mode 100644 handler/src/test/java/io/netty/handler/ssl/IdentityCipherSuiteFilterTest.java

diff --git a/handler/src/main/java/io/netty/handler/ssl/IdentityCipherSuiteFilter.java b/handler/src/main/java/io/netty/handler/ssl/IdentityCipherSuiteFilter.java
index c9ebfb0da2..cfd5bb7b2a 100644
--- a/handler/src/main/java/io/netty/handler/ssl/IdentityCipherSuiteFilter.java
+++ b/handler/src/main/java/io/netty/handler/ssl/IdentityCipherSuiteFilter.java
@@ -23,15 +23,31 @@ import java.util.Set;
  * This class will not do any filtering of ciphers suites.
  */
 public final class IdentityCipherSuiteFilter implements CipherSuiteFilter {
-    public static final IdentityCipherSuiteFilter INSTANCE = new IdentityCipherSuiteFilter();
 
-    private IdentityCipherSuiteFilter() { }
+    /**
+     * Defaults to default ciphers when provided ciphers are null
+     */
+    public static final IdentityCipherSuiteFilter INSTANCE = new IdentityCipherSuiteFilter(true);
+
+    /**
+     * Defaults to supported ciphers when provided ciphers are null
+     */
+    public static final IdentityCipherSuiteFilter INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS =
+            new IdentityCipherSuiteFilter(false);
+
+    private final boolean defaultToDefaultCiphers;
+
+    private IdentityCipherSuiteFilter(boolean defaultToDefaultCiphers) {
+        this.defaultToDefaultCiphers = defaultToDefaultCiphers;
+    }
 
     @Override
     public String[] filterCipherSuites(Iterable<String> ciphers, List<String> defaultCiphers,
             Set<String> supportedCiphers) {
         if (ciphers == null) {
-            return defaultCiphers.toArray(new String[defaultCiphers.size()]);
+            return defaultToDefaultCiphers ?
+                    defaultCiphers.toArray(new String[defaultCiphers.size()]) :
+                    supportedCiphers.toArray(new String[supportedCiphers.size()]);
         } else {
             List<String> newCiphers = new ArrayList<String>(supportedCiphers.size());
             for (String c : ciphers) {
@@ -43,5 +59,4 @@ public final class IdentityCipherSuiteFilter implements CipherSuiteFilter {
             return newCiphers.toArray(new String[newCiphers.size()]);
         }
     }
-
 }
diff --git a/handler/src/test/java/io/netty/handler/ssl/IdentityCipherSuiteFilterTest.java b/handler/src/test/java/io/netty/handler/ssl/IdentityCipherSuiteFilterTest.java
new file mode 100644
index 0000000000..fd2dad8dc8
--- /dev/null
+++ b/handler/src/test/java/io/netty/handler/ssl/IdentityCipherSuiteFilterTest.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package io.netty.handler.ssl;
+
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.assertArrayEquals;
+
+public class IdentityCipherSuiteFilterTest {
+
+    @Test
+    public void regularInstanceDefaultsToDefaultCiphers() {
+        List<String> defaultCiphers = Arrays.asList("FOO", "BAR");
+        Set<String> supportedCiphers = new HashSet<String>(Arrays.asList("BAZ", "QIX"));
+        String[] filtered = IdentityCipherSuiteFilter.INSTANCE
+                .filterCipherSuites(null, defaultCiphers, supportedCiphers);
+        assertArrayEquals(defaultCiphers.toArray(), filtered);
+    }
+
+    @Test
+    public void alternativeInstanceDefaultsToSupportedCiphers() {
+        List<String> defaultCiphers = Arrays.asList("FOO", "BAR");
+        Set<String> supportedCiphers = new HashSet<String>(Arrays.asList("BAZ", "QIX"));
+        String[] filtered = IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS
+                .filterCipherSuites(null, defaultCiphers, supportedCiphers);
+        assertArrayEquals(supportedCiphers.toArray(), filtered);
+    }
+}