org.apache.mina.filter.ssl.SslFilter Java Examples
The following examples show how to use
org.apache.mina.filter.ssl.SslFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpCodec.java From jane with GNU Lesser General Public License v3.0 | 6 votes |
public static SslFilter getSslFilter(InputStream keyIs, char[] keyPw, InputStream trustIs, char[] trustPw) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(keyIs, keyPw); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, keyPw); KeyStore ts = KeyStore.getInstance("JKS"); ts.load(trustIs, trustPw); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); SSLContext ctx = SSLContext.getInstance("TLS"); // "TLSv1.2" ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return new SslFilter(ctx); }
Example #2
Source File: NIOConnection.java From Openfire with Apache License 2.0 | 6 votes |
public void startTLS(boolean clientMode, boolean directTLS) throws Exception { final EncryptionArtifactFactory factory = new EncryptionArtifactFactory( configuration ); final SslFilter filter; if ( clientMode ) { filter = factory.createClientModeSslFilter(); } else { filter = factory.createServerModeSslFilter(); } ioSession.getFilterChain().addBefore(EXECUTOR_FILTER_NAME, TLS_FILTER_NAME, filter); if (!directTLS) { ioSession.setAttribute( SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE ); } if ( !clientMode && !directTLS ) { // Indicate the client that the server is ready to negotiate TLS deliverRawText( "<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>" ); } }
Example #3
Source File: ClientBaseConnection.java From neoscada with Eclipse Public License 1.0 | 6 votes |
public SSLSession getSslSession () { final IoSession session = this.session; if ( session == null ) { return null; } final Object sslSession = session.getAttribute ( SslFilter.SSL_SESSION ); if ( sslSession instanceof SSLSession ) { return (SSLSession)sslSession; } else { return null; } }
Example #4
Source File: ServerConnection.java From neoscada with Eclipse Public License 1.0 | 6 votes |
public SSLSession getSslSession () { final IoSession session = this.session; if ( session == null ) { return null; } final Object sslSession = session.getAttribute ( SslFilter.SSL_SESSION ); if ( sslSession instanceof SSLSession ) { return (SSLSession)sslSession; } else { return null; } }
Example #5
Source File: LdapsInitializer.java From MyVirtualDirectory with Apache License 2.0 | 6 votes |
public static IoFilterChainBuilder init( LdapServer server ) throws LdapException { SSLContext sslCtx; try { sslCtx = server.getSSLContext(); } catch ( Exception e ) { throw new LdapException( I18n.err( I18n.ERR_683 ), e ); } DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder(); SslFilter sslFilter = new SslFilter( sslCtx ); List<String> cipherSuites = server.getEnabledCipherSuites(); if( ( cipherSuites != null ) && !cipherSuites.isEmpty() ) { sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) ); } sslFilter.setWantClientAuth( true ); chain.addLast( "sslFilter", sslFilter ); return chain; }
Example #6
Source File: EncryptionArtifactFactory.java From Openfire with Apache License 2.0 | 6 votes |
/** * A utility method that implements the shared functionality of getServerModeSslFilter and getClientModeSslFilter. * * This method is used to initialize and configure an instance of SslFilter for a particular pre-configured * SSLContext and SSLEngine. In most cases, developers will want to use getServerModeSslFilter or * getClientModeSslFilter instead of this method. * * @param sslContext a pre-configured SSL Context instance (cannot be null). * @param sslEngine a pre-configured SSL Engine instance (cannot be null). * @return A SslFilter instance (never null). */ private static SslFilter createSslFilter( SSLContext sslContext, SSLEngine sslEngine ) { final SslFilter filter = new SslFilter( sslContext ); // Copy configuration from the SSL Engine into the filter. filter.setUseClientMode( sslEngine.getUseClientMode() ); filter.setEnabledProtocols( sslEngine.getEnabledProtocols() ); filter.setEnabledCipherSuites( sslEngine.getEnabledCipherSuites() ); // Note that the setters for 'need' and 'want' influence each-other. Invoke only one of them! if ( sslEngine.getNeedClientAuth() ) { filter.setNeedClientAuth( true ); } else if ( sslEngine.getWantClientAuth() ) { filter.setWantClientAuth( true ); } return filter; }
Example #7
Source File: SecureWebSocketConfiguration.java From red5-websocket with Apache License 2.0 | 6 votes |
public SslFilter getSslFilter() throws Exception { if (keystoreFile == null || truststoreFile == null) { throw new NotActiveException("Keystore or truststore are null"); } SSLContext context = getSslContext(); if (context == null) { throw new NotActiveException("SSLContext is null"); } // create the ssl filter using server mode SslFilter sslFilter = new SslFilter(context); if (cipherSuites != null) { sslFilter.setEnabledCipherSuites(cipherSuites); } if (protocols != null) { if (log.isDebugEnabled()) { log.debug("Using these protocols: {}", Arrays.toString(protocols)); } sslFilter.setEnabledProtocols(protocols); } return sslFilter; }
Example #8
Source File: EchoProtocolHandler.java From game-server with MIT License | 5 votes |
@Override public void sessionCreated(IoSession session) { session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10); // We're going to use SSL negotiation notification. session.setAttribute(SslFilter.USE_NOTIFICATION); }
Example #9
Source File: RTMPSClient.java From red5-client with Apache License 2.0 | 5 votes |
/** {@inheritDoc} */ @Override public void sessionOpened(IoSession session) throws Exception { // START OF NATIVE SSL STUFF SSLContext sslContext = BogusSslContextFactory.getInstance(false); SslFilter sslFilter = new SslFilter(sslContext); sslFilter.setUseClientMode(true); if (sslFilter != null) { session.getFilterChain().addFirst("sslFilter", sslFilter); } // END OF NATIVE SSL STUFF super.sessionOpened(session); }
Example #10
Source File: TestHttpServer.java From jane with GNU Lesser General Public License v3.0 | 5 votes |
public TestHttpServer(String key_file, String key_pw) throws Exception { if (key_file != null && key_pw != null) { SslFilter sf = HttpCodec.getSslFilter(key_file, key_pw); sf.setUseClientMode(false); getAcceptor().getDefaultIoFilterChainBuilder().addFirst("ssl", sf); } setCodecFactory(HttpCodec::new); }
Example #11
Source File: NIOConnection.java From Openfire with Apache License 2.0 | 5 votes |
@Override public Certificate[] getPeerCertificates() { try { SSLSession sslSession = (SSLSession) ioSession.getAttribute(SslFilter.SSL_SESSION); if (sslSession != null) { return sslSession.getPeerCertificates(); } } catch (SSLPeerUnverifiedException e) { if (Log.isTraceEnabled()) { // This is perfectly acceptable when mutual authentication is not enforced by Openfire configuration. Log.trace( "Peer does not offer certificates in session: " + session, e); } } return new Certificate[0]; }
Example #12
Source File: NIOConnection.java From Openfire with Apache License 2.0 | 5 votes |
@Override public Certificate[] getLocalCertificates() { SSLSession sslSession = (SSLSession) ioSession.getAttribute(SslFilter.SSL_SESSION); if (sslSession != null) { return sslSession.getLocalCertificates(); } return new Certificate[0]; }
Example #13
Source File: Tcp.java From jlogstash-input-plugin with Apache License 2.0 | 5 votes |
@Override public void emit() { // TODO Auto-generated method stub try { // ssl 认证 if (sslEnable) { SslFilter sslFilter = new SslFilter(getSslContext()); acceptor.getFilterChain().addLast("sslFilter", sslFilter); logger.warn("ssl authenticate is open"); } LoggingFilter loggingFilter = new LoggingFilter(); acceptor.getFilterChain().addLast("logger", loggingFilter); TextLineCodecFactory textLineCodecFactory = new TextLineCodecFactory( Charset.forName(encodiing)); textLineCodecFactory.setDecoderMaxLineLength(maxLineLength); textLineCodecFactory.setEncoderMaxLineLength(maxLineLength); acceptor.getFilterChain().addLast("codec", new ProtocolCodecFilter(textLineCodecFactory)); acceptor.setHandler(minaBizHandler); acceptor.getSessionConfig().setReadBufferSize(bufSize); acceptor.getSessionConfig().setWriteTimeout(10); // acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, // 10);//空闲状态 acceptor.bind(new InetSocketAddress(InetAddress.getByName(host), port)); } catch (Exception e) { // TODO Auto-generated catch block logger.error(e.getMessage()); System.exit(1); } }
Example #14
Source File: ChainConfigurator.java From neoscada with Eclipse Public License 1.0 | 5 votes |
public void startSsl ( final boolean startInactive, final boolean clientMode ) throws Exception { logger.info ( "Starting SSL (startInactive: {})", startInactive ); final ProtocolConfiguration configuration = ProtocolConfiguration.fromSession ( this.session ); final SslContextFactory sslFactory = configuration.getSslContextFactory (); final SSLContext sslContext = sslFactory.newInstance (); if ( startInactive ) { this.session.setAttribute ( SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE ); } final SslFilter filter = new SslFilter ( sslContext ); filter.setUseClientMode ( clientMode ); filter.setWantClientAuth ( false ); filter.setNeedClientAuth ( false ); if ( logger.isDebugEnabled () ) { logger.debug ( "Enabled protocols:" ); for ( final String protocol : sslContext.getDefaultSSLParameters ().getProtocols () ) { logger.debug ( "\t" + protocol ); } logger.debug ( "Enabled ciphers:" ); for ( final String cipher : sslContext.getDefaultSSLParameters ().getCipherSuites () ) { logger.debug ( "\t" + cipher ); } } replaceMarker ( "ssl", filter ); }
Example #15
Source File: ConnectorTest.java From game-server with MIT License | 5 votes |
@Before public void setUp() throws Exception { super.setUp(); handler = new EchoConnectorHandler(); connectorSSLFilter = new SslFilter(GateSslContextFactory .getInstance(false)); connectorSSLFilter.setUseClientMode(true); // set client mode }
Example #16
Source File: GateTcpUserServerHandler.java From game-server with MIT License | 5 votes |
@Override public void sessionCreated(IoSession session) throws Exception { super.sessionCreated(session); if (Config.USE_SSL) { try { SslFilter sslFilter = new SslFilter(GateSslContextFactory.getInstance(true)); // sslFilter.setNeedClientAuth(true); session.getFilterChain().addFirst("SSL", sslFilter); } catch (Exception e) { LOGGER.error("创建ssl", e); throw new RuntimeException(e); } } }
Example #17
Source File: MINAConnectionAcceptor.java From Openfire with Apache License 2.0 | 4 votes |
/** * Starts this acceptor by binding the socket acceptor. When the acceptor is already started, a warning will be * logged and the method invocation is otherwise ignored. */ @Override public synchronized void start() { if ( socketAcceptor != null ) { Log.warn( "Unable to start acceptor (it is already started!)" ); return; } try { // Configure the thread pool that is to be used. final int initialSize = ( configuration.getMaxThreadPoolSize() / 4 ) + 1; final ExecutorFilter executorFilter = new ExecutorFilter( initialSize, configuration.getMaxThreadPoolSize(), 60, TimeUnit.SECONDS ); final ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor) executorFilter.getExecutor(); final ThreadFactory threadFactory = new NamedThreadFactory( name + "-thread-", eventExecutor.getThreadFactory(), true, null ); eventExecutor.setThreadFactory( threadFactory ); // Construct a new socket acceptor, and configure it. socketAcceptor = buildSocketAcceptor(); if ( JMXManager.isEnabled() ) { configureJMX( socketAcceptor, name ); } final DefaultIoFilterChainBuilder filterChain = socketAcceptor.getFilterChain(); filterChain.addFirst( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, executorFilter ); // Add the XMPP codec filter filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter( new XMPPCodecFactory() ) ); // Kill sessions whose outgoing queues keep growing and fail to send traffic filterChain.addAfter( ConnectionManagerImpl.XMPP_CODEC_FILTER_NAME, ConnectionManagerImpl.CAPACITY_FILTER_NAME, new StalledSessionsFilter() ); // Ports can be configured to start connections in SSL (as opposed to upgrade a non-encrypted socket to an encrypted one, typically using StartTLS) if ( configuration.getTlsPolicy() == Connection.TLSPolicy.legacyMode ) { final SslFilter sslFilter = encryptionArtifactFactory.createServerModeSslFilter(); filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter ); } // Throttle sessions who send data too fast if ( configuration.getMaxBufferSize() > 0 ) { socketAcceptor.getSessionConfig().setMaxReadBufferSize( configuration.getMaxBufferSize() ); Log.debug( "Throttling read buffer for connections to max={} bytes", configuration.getMaxBufferSize() ); } // Start accepting connections socketAcceptor.setHandler( connectionHandler ); socketAcceptor.bind( new InetSocketAddress( configuration.getBindAddress(), configuration.getPort() ) ); } catch ( Exception e ) { System.err.println( "Error starting " + configuration.getPort() + ": " + e.getMessage() ); Log.error( "Error starting: " + configuration.getPort(), e ); // Reset for future use. if (socketAcceptor != null) { try { socketAcceptor.unbind(); } finally { socketAcceptor = null; } } } }
Example #18
Source File: MINAConnectionAcceptor.java From Openfire with Apache License 2.0 | 4 votes |
@Override public synchronized void reconfigure( ConnectionConfiguration configuration ) { this.configuration = configuration; if ( socketAcceptor == null ) { return; // reconfig will occur when acceptor is started. } final DefaultIoFilterChainBuilder filterChain = socketAcceptor.getFilterChain(); if ( filterChain.contains( ConnectionManagerImpl.EXECUTOR_FILTER_NAME ) ) { final ExecutorFilter executorFilter = (ExecutorFilter) filterChain.get( ConnectionManagerImpl.EXECUTOR_FILTER_NAME ); ( (ThreadPoolExecutor) executorFilter.getExecutor()).setCorePoolSize( ( configuration.getMaxThreadPoolSize() / 4 ) + 1 ); ( (ThreadPoolExecutor) executorFilter.getExecutor()).setMaximumPoolSize( ( configuration.getMaxThreadPoolSize() ) ); } if ( configuration.getTlsPolicy() == Connection.TLSPolicy.legacyMode ) { // add or replace TLS filter (that's used only for 'direct-TLS') try { final SslFilter sslFilter = encryptionArtifactFactory.createServerModeSslFilter(); if ( filterChain.contains( ConnectionManagerImpl.TLS_FILTER_NAME ) ) { filterChain.replace( ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter ); } else { filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter ); } } catch ( KeyManagementException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e ) { Log.error( "An exception occurred while reloading the TLS configuration.", e ); } } else { // The acceptor is in 'startTLS' mode. Remove TLS filter (that's used only for 'direct-TLS') if ( filterChain.contains( ConnectionManagerImpl.TLS_FILTER_NAME ) ) { filterChain.remove( ConnectionManagerImpl.TLS_FILTER_NAME ); } } if ( configuration.getMaxBufferSize() > 0 ) { socketAcceptor.getSessionConfig().setMaxReadBufferSize( configuration.getMaxBufferSize() ); Log.debug( "Throttling read buffer for connections to max={} bytes", configuration.getMaxBufferSize() ); } }
Example #19
Source File: LdapsInitializer.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
/** * Initialize the LDAPS server. * * @param ldapServer The LDAP server instance * @param transport The TCP transport that contains the SSL configuration * @return A IoFilter chain * @throws LdapException If we had a pb */ public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException { SSLContext sslCtx; try { sslCtx = ldapServer.getSSLContext(); //TODO see if this is correct // Initialize the SSLContext to work with our key managers. //sslCtx = SSLContext.getInstance( "TLS" ); //sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[] // { new NoVerificationTrustManager() }, new SecureRandom() ); } catch ( Exception e ) { throw new LdapException( I18n.err( I18n.ERR_683 ), e ); } DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder(); SslFilter sslFilter = new SslFilter( sslCtx ); // The ciphers List<String> cipherSuites = transport.getCipherSuite(); if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() ) { sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) ); } // The protocols List<String> enabledProtocols = transport.getEnabledProtocols(); if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() ) { sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) ); } else { // Be sure we disable SSLV3 sslFilter.setEnabledProtocols( new String[] { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } ); } // The remaining SSL parameters sslFilter.setNeedClientAuth( transport.isNeedClientAuth() ); sslFilter.setWantClientAuth( transport.isWantClientAuth() ); chain.addLast( "sslFilter", sslFilter ); return chain; }
Example #20
Source File: LdapNetworkConnection.java From directory-ldap-api with Apache License 2.0 | 4 votes |
/** * Adds {@link SslFilter} to the IOConnector or IOSession's filter chain * * @throws LdapException If the SSL filter addition failed */ private void addSslFilter() throws LdapException { try { SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() ); sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom() ); SslFilter sslFilter = new SslFilter( sslContext ); sslFilter.setUseClientMode( true ); // Configure the enabled cipher lists String[] enabledCipherSuite = config.getEnabledCipherSuites(); if ( ( enabledCipherSuite != null ) && ( enabledCipherSuite.length != 0 ) ) { sslFilter.setEnabledCipherSuites( enabledCipherSuite ); } // Be sure we disable SSLV3 String[] enabledProtocols = config.getEnabledProtocols(); if ( ( enabledProtocols != null ) && ( enabledProtocols.length != 0 ) ) { sslFilter.setEnabledProtocols( enabledProtocols ); } else { // Default to TLS sslFilter.setEnabledProtocols( new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" } ); } // for LDAPS/TLS handshakeFuture = new HandshakeFuture(); if ( ( ioSession == null ) || !isConnected() ) { connector.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter ); } else // for StartTLS { ioSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter ); boolean isSecured = handshakeFuture.get( timeout, TimeUnit.MILLISECONDS ); if ( !isSecured ) { Throwable cause = ( Throwable ) ioSession.getAttribute( EXCEPTION_KEY ); throw new LdapTlsHandshakeException( I18n.err( I18n.ERR_04120_TLS_HANDSHAKE_ERROR ), cause ); } } } catch ( Exception e ) { if ( e instanceof LdapException ) { throw ( LdapException ) e; } String msg = I18n.err( I18n.ERR_04122_SSL_CONTEXT_INIT_FAILURE ); LOG.error( msg, e ); throw new LdapException( msg, e ); } }
Example #21
Source File: PressureClientTool.java From game-server with MIT License | 4 votes |
public PressureClientTool(int clientNum, String userNamePrefix, String password, String clusterIp,JTextArea logTextArea) { this.clientNum = clientNum; this.clusterIp = clusterIp; this.userNamePrefix = userNamePrefix; initConfigPath(); ScriptManager.getInstance().init(null); //循环初始化客户端 try { for (int i = 0; i < clientNum; i++) { PressureClientHandler pressureClientHandler = new PressureClientHandler(); MinaClientConfig minaClientConfig = getMinaClientConfig(); String userName = userNamePrefix + userNameNo.incrementAndGet(); // TCP // 添加ssl Map<String, IoFilter> filters = new HashMap<>(); SslFilter sslFilter = new SslFilter(ClientSslContextFactory.getInstance(false)); sslFilter.setUseClientMode(true); // filters.put("ssl", sslFilter); SingleMinaTcpClientService service = new SingleMinaTcpClientService(minaClientConfig, new ClientProtocolCodecFactory(), pressureClientHandler, filters); pressureClientHandler.setService(service); new Thread(service).start(); // UDP MinaClientConfig minaClientConfig2 = new MinaClientConfig(); MinaClienConnToConfig connTo = new MinaClienConnToConfig(); connTo.setHost(minaClientConfig.getConnTo().getHost()); connTo.setPort(8004); minaClientConfig2.setConnTo(connTo); MinaUdpClient udpClient = new MinaUdpClient(minaClientConfig2, pressureClientHandler, new ClientProtocolCodecFactory()); new Thread(udpClient).start(); while (udpClient.getSession() == null) { Thread.sleep(MathUtil.random(500, 3000)); } Player player = new Player(); player.setUserName(userName); player.setPassword(password); player.setUdpSession(udpClient.getSession()); player.setTcpSession(service.getMostIdleIoSession()); player.setLogTextArea(logTextArea); if(player.getTcpSession()==null||player.getUdpSession()==null){ LOGGER.warn("用户{}连接服务器失败",userName); logTextArea.append(String.format("用户%s连接服务器失败\n",userName)); continue; } player.loginInit(); players.put(userName, player); new PressureServiceThread(player).start(); } } catch (Exception e) { LOGGER.error("PressureClientTool", e); } }
Example #22
Source File: HttpCodec.java From jane with GNU Lesser General Public License v3.0 | 4 votes |
public static SslFilter getSslFilter(String keyFile, String keyPw) throws Exception { byte[] key = Util.readFileData(keyFile); char[] pw = keyPw.toCharArray(); return getSslFilter(new ByteArrayInputStream(key), pw, new ByteArrayInputStream(key), pw); }
Example #23
Source File: EncryptionArtifactFactory.java From Openfire with Apache License 2.0 | 3 votes |
/** * Creates an Apache MINA SslFilter that is configured to use server mode when handshaking. * * For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature). * * Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to * create both SSLContext/SSLEngine as well as SslFilter instances. * * @return An initialized SslFilter instance (never null) * @throws KeyManagementException if there was problem manging the ket * @throws NoSuchAlgorithmException if the algorithm is not supported * @throws KeyStoreException if there was a problem accessing the keystore * @throws UnrecoverableKeyException if the key could not be recovered */ public SslFilter createServerModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { final SSLContext sslContext = getSSLContext(); final SSLEngine sslEngine = createServerModeSSLEngine(); return createSslFilter( sslContext, sslEngine ); }
Example #24
Source File: EncryptionArtifactFactory.java From Openfire with Apache License 2.0 | 3 votes |
/** * Creates an Apache MINA SslFilter that is configured to use client mode when handshaking. * * For Openfire, a filter of this mode is typically used when the server tries to connect to another server. * * Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to * create both SSLContext/SSLEngine as well as SslFilter instances. * * @return An initialized SslFilter instance (never null) * @throws KeyManagementException if there was problem manging the ket * @throws NoSuchAlgorithmException if the algorithm is not supported * @throws KeyStoreException if there was a problem accessing the keystore * @throws UnrecoverableKeyException if the key could not be recovered */ public SslFilter createClientModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { final SSLContext sslContext = getSSLContext(); final SSLEngine sslEngine = createClientModeSSLEngine(); return createSslFilter( sslContext, sslEngine ); }