From 45690fbc42773415ef034419ed3f27d2974b78e1 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 21 Nov 2012 23:24:40 +0000
Subject: [PATCH] Fix OPENDJ-649: Add supportedTLSCiphers and supportedTLSProtocols to RootDSE and system monitor

---
 opends/src/server/org/opends/server/monitors/SystemInfoMonitorProvider.java |   46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/monitors/SystemInfoMonitorProvider.java b/opends/src/server/org/opends/server/monitors/SystemInfoMonitorProvider.java
index 3b10f4b..4761647 100644
--- a/opends/src/server/org/opends/server/monitors/SystemInfoMonitorProvider.java
+++ b/opends/src/server/org/opends/server/monitors/SystemInfoMonitorProvider.java
@@ -23,19 +23,27 @@
  *
  *
  *      Copyright 2006-2010 Sun Microsystems, Inc.
+ *      Portions copyright 2012 ForgeRock AS.
  */
 package org.opends.server.monitors;
 
 
 
 import static org.opends.server.loggers.debug.DebugLogger.*;
+import static org.opends.server.util.ServerConstants.*;
 
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
 import java.net.InetAddress;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
+
 import org.opends.server.admin.std.server.SystemInfoMonitorProviderCfg;
 import org.opends.server.api.MonitorProvider;
 import org.opends.server.config.ConfigException;
@@ -184,6 +192,44 @@
       attrs.add(createAttribute("jvmArguments", argList.toString()));
     }
 
+    // Get the list of supported SSL protocols and ciphers.
+    Collection<String> supportedTlsProtocols;
+    Collection<String> supportedTlsCiphers;
+    try
+    {
+      final SSLContext context = SSLContext.getDefault();
+      final SSLParameters parameters = context.getSupportedSSLParameters();
+      supportedTlsProtocols = Arrays.asList(parameters.getProtocols());
+      supportedTlsCiphers = Arrays.asList(parameters.getCipherSuites());
+    }
+    catch (Exception e)
+    {
+      // A default SSL context should always be available.
+      supportedTlsProtocols = Collections.emptyList();
+      supportedTlsCiphers = Collections.emptyList();
+    }
+
+
+    // Add the "supportedTLSProtocols" attribute.
+    AttributeType supportedTLSProtocolsAttrType = DirectoryServer
+        .getDefaultAttributeType(ATTR_SUPPORTED_TLS_PROTOCOLS);
+    AttributeBuilder builder = new AttributeBuilder(
+        supportedTLSProtocolsAttrType);
+    for (String value : supportedTlsProtocols)
+    {
+      builder.add(value);
+    }
+    attrs.add(builder.toAttribute());
+
+    // Add the "supportedTLSCiphers" attribute.
+    AttributeType supportedTLSCiphersAttrType = DirectoryServer
+        .getDefaultAttributeType(ATTR_SUPPORTED_TLS_CIPHERS);
+    builder = new AttributeBuilder(supportedTLSCiphersAttrType);
+    for (String value : supportedTlsCiphers)
+    {
+      builder.add(value);
+    }
+    attrs.add(builder.toAttribute());
 
     return attrs;
   }

--
Gitblit v1.10.0