Java Code Examples for org.apache.mina.filter.ssl.SslFilter#setEnabledProtocols()

The following examples show how to use org.apache.mina.filter.ssl.SslFilter#setEnabledProtocols() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecureWebSocketConfiguration.java    From red5-websocket with Apache License 2.0 6 votes vote down vote up
public SslFilter getSslFilter() throws Exception {
    if (keystoreFile == null || truststoreFile == null) {
        throw new NotActiveException("Keystore or truststore are null");
    }
    SSLContext context = getSslContext();
    if (context == null) {
        throw new NotActiveException("SSLContext is null");
    }
    // create the ssl filter using server mode
    SslFilter sslFilter = new SslFilter(context);
    if (cipherSuites != null) {
        sslFilter.setEnabledCipherSuites(cipherSuites);
    }
    if (protocols != null) {
        if (log.isDebugEnabled()) {
            log.debug("Using these protocols: {}", Arrays.toString(protocols));
        }
        sslFilter.setEnabledProtocols(protocols);
    }
    return sslFilter;
}
 
Example 2
Source File: EncryptionArtifactFactory.java    From Openfire with Apache License 2.0 6 votes vote down vote up
/**
 * A utility method that implements the shared functionality of getServerModeSslFilter and getClientModeSslFilter.
 *
 * This method is used to initialize and configure an instance of SslFilter for a particular pre-configured
 * SSLContext and SSLEngine. In most cases, developers will want to use getServerModeSslFilter or
 * getClientModeSslFilter instead of this method.
 *
 * @param sslContext a pre-configured SSL Context instance (cannot be null).
 * @param sslEngine a pre-configured SSL Engine instance (cannot be null).
 * @return A SslFilter instance (never null).
 */
private static SslFilter createSslFilter( SSLContext sslContext, SSLEngine sslEngine ) {
    final SslFilter filter = new SslFilter( sslContext );

    // Copy configuration from the SSL Engine into the filter.
    filter.setUseClientMode( sslEngine.getUseClientMode() );
    filter.setEnabledProtocols( sslEngine.getEnabledProtocols() );
    filter.setEnabledCipherSuites( sslEngine.getEnabledCipherSuites() );

    // Note that the setters for 'need' and 'want' influence each-other. Invoke only one of them!
    if ( sslEngine.getNeedClientAuth() )
    {
        filter.setNeedClientAuth( true );
    }
    else if ( sslEngine.getWantClientAuth() )
    {
        filter.setWantClientAuth( true );
    }
    return filter;
}
 
Example 3
Source File: LdapNetworkConnection.java    From directory-ldap-api with Apache License 2.0 4 votes vote down vote up
/**
 * Adds {@link SslFilter} to the IOConnector or IOSession's filter chain
 * 
 * @throws LdapException If the SSL filter addition failed
 */
private void addSslFilter() throws LdapException
{
    try
    {
        SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
        
        sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom() );

        SslFilter sslFilter = new SslFilter( sslContext );
        sslFilter.setUseClientMode( true );

        // Configure the enabled cipher lists
        String[] enabledCipherSuite = config.getEnabledCipherSuites();

        if ( ( enabledCipherSuite != null ) && ( enabledCipherSuite.length != 0 ) )
        {
            sslFilter.setEnabledCipherSuites( enabledCipherSuite );
        }

        // Be sure we disable SSLV3
        String[] enabledProtocols = config.getEnabledProtocols();

        if ( ( enabledProtocols != null ) && ( enabledProtocols.length != 0 ) )
        {
            sslFilter.setEnabledProtocols( enabledProtocols );
        }
        else
        {
            // Default to TLS
            sslFilter.setEnabledProtocols( new String[]
                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
        }

        // for LDAPS/TLS
        handshakeFuture = new HandshakeFuture();
        
        if ( ( ioSession == null ) || !isConnected() )
        {
            connector.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
        }
        else
        // for StartTLS
        {
            ioSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
            
            boolean isSecured = handshakeFuture.get( timeout, TimeUnit.MILLISECONDS );
            
            if ( !isSecured )
            {
                Throwable cause = ( Throwable ) ioSession.getAttribute( EXCEPTION_KEY );
                throw new LdapTlsHandshakeException( I18n.err( I18n.ERR_04120_TLS_HANDSHAKE_ERROR ), cause );
            }
        }
    }
    catch ( Exception e )
    {
        if ( e instanceof LdapException )
        {
            throw ( LdapException ) e;
        }

        String msg = I18n.err( I18n.ERR_04122_SSL_CONTEXT_INIT_FAILURE );
        LOG.error( msg, e );
        throw new LdapException( msg, e );
    }
}
 
Example 4
Source File: LdapsInitializer.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up
/**
 * Initialize the LDAPS server.
 *
 * @param ldapServer The LDAP server instance
 * @param transport The TCP transport that contains the SSL configuration
 * @return A IoFilter chain
 * @throws LdapException If we had a pb
 */
public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
{
    SSLContext sslCtx;

    try
    {
    	sslCtx = ldapServer.getSSLContext();
    	
    	//TODO see if this is correct
    	// Initialize the SSLContext to work with our key managers.
        //sslCtx = SSLContext.getInstance( "TLS" );
        //sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
        //    { new NoVerificationTrustManager() }, new SecureRandom() );
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    // The ciphers
    List<String> cipherSuites = transport.getCipherSuite();

    if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }

    // The protocols
    List<String> enabledProtocols = transport.getEnabledProtocols();

    if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
    {
        sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
    }
    else
    {
        // Be sure we disable SSLV3
        sslFilter.setEnabledProtocols( new String[]
            { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } );
    }

    // The remaining SSL parameters
    sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
    sslFilter.setWantClientAuth( transport.isWantClientAuth() );
    
    chain.addLast( "sslFilter", sslFilter );

    return chain;
}