Skip to content

Commit 3f7322a

Browse files
committed
refactor: Extract TlsHttpsConfigurator to internal package
1 parent 19fd295 commit 3f7322a

3 files changed

Lines changed: 31 additions & 27 deletions

File tree

docs/superpowers/plans/2026-05-21-owasp-asvs.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
- Create: `src/main/java/com/retailsvc/http/internal/TlsHttpsConfigurator.java`
3838
- Modify: `src/main/java/com/retailsvc/http/OpenApiServer.java` (delete nested class at lines 481–498, adjust imports, add new import)
3939

40-
- [ ] **Step 1: Create the new file**
40+
- [x] **Step 1: Create the new file**
4141

4242
Write `src/main/java/com/retailsvc/http/internal/TlsHttpsConfigurator.java`:
4343

@@ -69,13 +69,13 @@ public final class TlsHttpsConfigurator extends HttpsConfigurator {
6969
}
7070
```
7171

72-
- [ ] **Step 2: Remove the nested class from `OpenApiServer.java`**
72+
- [x] **Step 2: Remove the nested class from `OpenApiServer.java`**
7373

7474
In `src/main/java/com/retailsvc/http/OpenApiServer.java`:
7575

7676
Delete the entire block that currently sits at lines 480–498 (the Javadoc comment plus the `private static final class TlsHttpsConfigurator` body, inclusive of its closing `}`). The final `}` on line 499 (closing the outer `OpenApiServer` class) stays.
7777

78-
- [ ] **Step 3: Adjust imports in `OpenApiServer.java`**
78+
- [x] **Step 3: Adjust imports in `OpenApiServer.java`**
7979

8080
Remove these two imports (currently at lines 27 and 44):
8181

@@ -103,15 +103,15 @@ grep -n "HttpsConfigurator" src/main/java/com/retailsvc/http/OpenApiServer.java
103103

104104
If the only remaining matches are inside the (deleted) line range, also delete the `HttpsConfigurator` import.
105105

106-
- [ ] **Step 4: Run the full test suite**
106+
- [x] **Step 4: Run the full test suite**
107107

108108
```bash
109109
mvn clean verify
110110
```
111111

112112
Expected: BUILD SUCCESS. 432 unit tests pass, 55 integration tests pass — identical counts to the pre-refactor branch. `OpenApiServerHttpsIT#negotiatesTls13` still confirms TLS 1.3 negotiation.
113113

114-
- [ ] **Step 5: Commit**
114+
- [x] **Step 5: Commit**
115115

116116
```bash
117117
git add src/main/java/com/retailsvc/http/internal/TlsHttpsConfigurator.java \

src/main/java/com/retailsvc/http/OpenApiServer.java

Lines changed: 1 addition & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
import com.retailsvc.http.internal.Router;
1616
import com.retailsvc.http.internal.SecurityFilter;
1717
import com.retailsvc.http.internal.TextTypeMapper;
18+
import com.retailsvc.http.internal.TlsHttpsConfigurator;
1819
import com.retailsvc.http.internal.gson.GsonJsonMapper;
1920
import com.retailsvc.http.spec.Operation;
2021
import com.retailsvc.http.spec.Spec;
@@ -23,8 +24,6 @@
2324
import com.retailsvc.http.validate.DefaultValidator;
2425
import com.sun.net.httpserver.HttpContext;
2526
import com.sun.net.httpserver.HttpServer;
26-
import com.sun.net.httpserver.HttpsConfigurator;
27-
import com.sun.net.httpserver.HttpsParameters;
2827
import com.sun.net.httpserver.HttpsServer;
2928
import java.io.IOException;
3029
import java.net.InetAddress;
@@ -41,7 +40,6 @@
4140
import java.util.TreeSet;
4241
import java.util.stream.Collectors;
4342
import javax.net.ssl.SSLContext;
44-
import javax.net.ssl.SSLParameters;
4543
import org.slf4j.Logger;
4644
import org.slf4j.LoggerFactory;
4745

@@ -477,23 +475,4 @@ private static TypeMapper tryLoadGsonMapper() {
477475
return new GsonJsonMapper();
478476
}
479477
}
480-
481-
/**
482-
* Pins HTTPS to TLS 1.2 and 1.3 only, regardless of operator-level {@code java.security}
483-
* overrides, and explicitly leaves client-cert auth off (no mTLS in v1).
484-
*/
485-
private static final class TlsHttpsConfigurator extends HttpsConfigurator {
486-
TlsHttpsConfigurator(SSLContext context) {
487-
super(context);
488-
}
489-
490-
@Override
491-
public void configure(HttpsParameters params) {
492-
SSLParameters sslParams = getSSLContext().getDefaultSSLParameters();
493-
sslParams.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
494-
sslParams.setNeedClientAuth(false);
495-
sslParams.setWantClientAuth(false);
496-
params.setSSLParameters(sslParams);
497-
}
498-
}
499478
}
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
package com.retailsvc.http.internal;
2+
3+
import com.sun.net.httpserver.HttpsConfigurator;
4+
import com.sun.net.httpserver.HttpsParameters;
5+
import javax.net.ssl.SSLContext;
6+
import javax.net.ssl.SSLParameters;
7+
8+
/**
9+
* Pins HTTPS to TLS 1.2 and 1.3 only, regardless of operator-level {@code java.security} overrides,
10+
* and explicitly leaves client-cert auth off (no mTLS in v1).
11+
*/
12+
public final class TlsHttpsConfigurator extends HttpsConfigurator {
13+
public TlsHttpsConfigurator(SSLContext context) {
14+
super(context);
15+
}
16+
17+
@Override
18+
public void configure(HttpsParameters params) {
19+
SSLParameters sslParams = getSSLContext().getDefaultSSLParameters();
20+
sslParams.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
21+
sslParams.setNeedClientAuth(false);
22+
sslParams.setWantClientAuth(false);
23+
params.setSSLParameters(sslParams);
24+
}
25+
}

0 commit comments

Comments
 (0)