Java Code Examples for org.apache.mina.filter.ssl.SslFilter#setEnabledProtocols()
The following examples show how to use
org.apache.mina.filter.ssl.SslFilter#setEnabledProtocols() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SecureWebSocketConfiguration.java From red5-websocket with Apache License 2.0 | 6 votes |
|
public SslFilter getSslFilter() throws Exception {
if (keystoreFile == null || truststoreFile == null) {
throw new NotActiveException("Keystore or truststore are null");
}
SSLContext context = getSslContext();
if (context == null) {
throw new NotActiveException("SSLContext is null");
}
// create the ssl filter using server mode
SslFilter sslFilter = new SslFilter(context);
if (cipherSuites != null) {
sslFilter.setEnabledCipherSuites(cipherSuites);
}
if (protocols != null) {
if (log.isDebugEnabled()) {
log.debug("Using these protocols: {}", Arrays.toString(protocols));
}
sslFilter.setEnabledProtocols(protocols);
}
return sslFilter;
}
Example 2
| Source File: EncryptionArtifactFactory.java From Openfire with Apache License 2.0 | 6 votes |
|
/**
* A utility method that implements the shared functionality of getServerModeSslFilter and getClientModeSslFilter.
*
* This method is used to initialize and configure an instance of SslFilter for a particular pre-configured
* SSLContext and SSLEngine. In most cases, developers will want to use getServerModeSslFilter or
* getClientModeSslFilter instead of this method.
*
* @param sslContext a pre-configured SSL Context instance (cannot be null).
* @param sslEngine a pre-configured SSL Engine instance (cannot be null).
* @return A SslFilter instance (never null).
*/
private static SslFilter createSslFilter( SSLContext sslContext, SSLEngine sslEngine ) {
final SslFilter filter = new SslFilter( sslContext );
// Copy configuration from the SSL Engine into the filter.
filter.setUseClientMode( sslEngine.getUseClientMode() );
filter.setEnabledProtocols( sslEngine.getEnabledProtocols() );
filter.setEnabledCipherSuites( sslEngine.getEnabledCipherSuites() );
// Note that the setters for 'need' and 'want' influence each-other. Invoke only one of them!
if ( sslEngine.getNeedClientAuth() )
{
filter.setNeedClientAuth( true );
}
else if ( sslEngine.getWantClientAuth() )
{
filter.setWantClientAuth( true );
}
return filter;
}
Example 3
| Source File: LdapNetworkConnection.java From directory-ldap-api with Apache License 2.0 | 4 votes |
|
/**
* Adds {@link SslFilter} to the IOConnector or IOSession's filter chain
*
* @throws LdapException If the SSL filter addition failed
*/
private void addSslFilter() throws LdapException
{
try
{
SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom() );
SslFilter sslFilter = new SslFilter( sslContext );
sslFilter.setUseClientMode( true );
// Configure the enabled cipher lists
String[] enabledCipherSuite = config.getEnabledCipherSuites();
if ( ( enabledCipherSuite != null ) && ( enabledCipherSuite.length != 0 ) )
{
sslFilter.setEnabledCipherSuites( enabledCipherSuite );
}
// Be sure we disable SSLV3
String[] enabledProtocols = config.getEnabledProtocols();
if ( ( enabledProtocols != null ) && ( enabledProtocols.length != 0 ) )
{
sslFilter.setEnabledProtocols( enabledProtocols );
}
else
{
// Default to TLS
sslFilter.setEnabledProtocols( new String[]
{ "TLSv1", "TLSv1.1", "TLSv1.2" } );
}
// for LDAPS/TLS
handshakeFuture = new HandshakeFuture();
if ( ( ioSession == null ) || !isConnected() )
{
connector.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
}
else
// for StartTLS
{
ioSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
boolean isSecured = handshakeFuture.get( timeout, TimeUnit.MILLISECONDS );
if ( !isSecured )
{
Throwable cause = ( Throwable ) ioSession.getAttribute( EXCEPTION_KEY );
throw new LdapTlsHandshakeException( I18n.err( I18n.ERR_04120_TLS_HANDSHAKE_ERROR ), cause );
}
}
}
catch ( Exception e )
{
if ( e instanceof LdapException )
{
throw ( LdapException ) e;
}
String msg = I18n.err( I18n.ERR_04122_SSL_CONTEXT_INIT_FAILURE );
LOG.error( msg, e );
throw new LdapException( msg, e );
}
}
Example 4
| Source File: LdapsInitializer.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* Initialize the LDAPS server.
*
* @param ldapServer The LDAP server instance
* @param transport The TCP transport that contains the SSL configuration
* @return A IoFilter chain
* @throws LdapException If we had a pb
*/
public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
{
SSLContext sslCtx;
try
{
sslCtx = ldapServer.getSSLContext();
//TODO see if this is correct
// Initialize the SSLContext to work with our key managers.
//sslCtx = SSLContext.getInstance( "TLS" );
//sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
// { new NoVerificationTrustManager() }, new SecureRandom() );
}
catch ( Exception e )
{
throw new LdapException( I18n.err( I18n.ERR_683 ), e );
}
DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
SslFilter sslFilter = new SslFilter( sslCtx );
// The ciphers
List<String> cipherSuites = transport.getCipherSuite();
if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
{
sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
}
// The protocols
List<String> enabledProtocols = transport.getEnabledProtocols();
if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
{
sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
}
else
{
// Be sure we disable SSLV3
sslFilter.setEnabledProtocols( new String[]
{ "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } );
}
// The remaining SSL parameters
sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
sslFilter.setWantClientAuth( transport.isWantClientAuth() );
chain.addLast( "sslFilter", sslFilter );
return chain;
}
