Java Code Examples for org.apache.mina.filter.ssl.SslFilter#setWantClientAuth()

The following examples show how to use org.apache.mina.filter.ssl.SslFilter#setWantClientAuth() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LdapsInitializer.java    From MyVirtualDirectory with Apache License 2.0 6 votes vote down vote up 
public static IoFilterChainBuilder init( LdapServer server ) throws LdapException
{
    SSLContext sslCtx;
    try
    {
    	sslCtx = server.getSSLContext();
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    List<String> cipherSuites = server.getEnabledCipherSuites();
    if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }
    
    sslFilter.setWantClientAuth( true );
    chain.addLast( "sslFilter", sslFilter );
    return chain;
}
Example 2
Source File: EncryptionArtifactFactory.java    From Openfire with Apache License 2.0 6 votes vote down vote up 
/**
 * A utility method that implements the shared functionality of getServerModeSslFilter and getClientModeSslFilter.
 *
 * This method is used to initialize and configure an instance of SslFilter for a particular pre-configured
 * SSLContext and SSLEngine. In most cases, developers will want to use getServerModeSslFilter or
 * getClientModeSslFilter instead of this method.
 *
 * @param sslContext a pre-configured SSL Context instance (cannot be null).
 * @param sslEngine a pre-configured SSL Engine instance (cannot be null).
 * @return A SslFilter instance (never null).
 */
private static SslFilter createSslFilter( SSLContext sslContext, SSLEngine sslEngine ) {
    final SslFilter filter = new SslFilter( sslContext );

    // Copy configuration from the SSL Engine into the filter.
    filter.setUseClientMode( sslEngine.getUseClientMode() );
    filter.setEnabledProtocols( sslEngine.getEnabledProtocols() );
    filter.setEnabledCipherSuites( sslEngine.getEnabledCipherSuites() );

    // Note that the setters for 'need' and 'want' influence each-other. Invoke only one of them!
    if ( sslEngine.getNeedClientAuth() )
    {
        filter.setNeedClientAuth( true );
    }
    else if ( sslEngine.getWantClientAuth() )
    {
        filter.setWantClientAuth( true );
    }
    return filter;
}
Example 3
Source File: ChainConfigurator.java    From neoscada with Eclipse Public License 1.0 5 votes vote down vote up 
public void startSsl ( final boolean startInactive, final boolean clientMode ) throws Exception
{
    logger.info ( "Starting SSL (startInactive: {})", startInactive );

    final ProtocolConfiguration configuration = ProtocolConfiguration.fromSession ( this.session );

    final SslContextFactory sslFactory = configuration.getSslContextFactory ();

    final SSLContext sslContext = sslFactory.newInstance ();
    if ( startInactive )
    {
        this.session.setAttribute ( SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE );
    }

    final SslFilter filter = new SslFilter ( sslContext );
    filter.setUseClientMode ( clientMode );
    filter.setWantClientAuth ( false );
    filter.setNeedClientAuth ( false );

    if ( logger.isDebugEnabled () )
    {
        logger.debug ( "Enabled protocols:" );
        for ( final String protocol : sslContext.getDefaultSSLParameters ().getProtocols () )
        {
            logger.debug ( "\t" + protocol );
        }
        logger.debug ( "Enabled ciphers:" );
        for ( final String cipher : sslContext.getDefaultSSLParameters ().getCipherSuites () )
        {
            logger.debug ( "\t" + cipher );
        }
    }

    replaceMarker ( "ssl", filter );
}
Example 4
Source File: LdapsInitializer.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up 
/**
 * Initialize the LDAPS server.
 *
 * @param ldapServer The LDAP server instance
 * @param transport The TCP transport that contains the SSL configuration
 * @return A IoFilter chain
 * @throws LdapException If we had a pb
 */
public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
{
    SSLContext sslCtx;

    try
    {
    	sslCtx = ldapServer.getSSLContext();
    	
    	//TODO see if this is correct
    	// Initialize the SSLContext to work with our key managers.
        //sslCtx = SSLContext.getInstance( "TLS" );
        //sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
        //    { new NoVerificationTrustManager() }, new SecureRandom() );
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    // The ciphers
    List<String> cipherSuites = transport.getCipherSuite();

    if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }

    // The protocols
    List<String> enabledProtocols = transport.getEnabledProtocols();

    if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
    {
        sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
    }
    else
    {
        // Be sure we disable SSLV3
        sslFilter.setEnabledProtocols( new String[]
            { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } );
    }

    // The remaining SSL parameters
    sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
    sslFilter.setWantClientAuth( transport.isWantClientAuth() );
    
    chain.addLast( "sslFilter", sslFilter );

    return chain;
}