1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.ssl;
21
22
23 import java.security.SecureRandom;
24 import java.util.List;
25
26 import javax.net.ssl.SSLContext;
27 import javax.net.ssl.TrustManager;
28
29 import org.apache.directory.api.ldap.model.exception.LdapException;
30 import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
31 import org.apache.directory.server.i18n.I18n;
32 import org.apache.directory.server.ldap.LdapServer;
33 import org.apache.directory.server.protocol.shared.transport.TcpTransport;
34 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
35 import org.apache.mina.core.filterchain.IoFilterChainBuilder;
36 import org.apache.mina.filter.ssl.SslFilter;
37
38
39
40
41
42
43
44
45
46 public final class LdapsInitializer
47 {
48 private LdapsInitializer()
49 {
50 }
51
52
53
54
55
56
57
58
59
60
61 public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
62 {
63 SSLContext sslCtx;
64
65 try
66 {
67
68 sslCtx = SSLContext.getInstance( "TLS" );
69 sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
70 { new NoVerificationTrustManager() }, new SecureRandom() );
71 }
72 catch ( Exception e )
73 {
74 throw new LdapException( I18n.err( I18n.ERR_683 ), e );
75 }
76
77 DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
78 SslFilter sslFilter = new SslFilter( sslCtx );
79
80
81 List<String> cipherSuites = transport.getCipherSuite();
82
83 if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
84 {
85 sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
86 }
87
88
89 List<String> enabledProtocols = transport.getEnabledProtocols();
90
91 if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
92 {
93 sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
94 }
95 else
96 {
97
98 sslFilter.setEnabledProtocols( new String[]
99 { "TLSv1", "TLSv1.1", "TLSv1.2" } );
100 }
101
102
103 sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
104 sslFilter.setWantClientAuth( transport.isWantClientAuth() );
105
106 chain.addLast( "sslFilter", sslFilter );
107
108 return chain;
109 }
110 }