private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg newCfg) {
return !equals(newCfg.getListenPort(), initConfig.getListenPort())
|| !Objects.equals(newCfg.getListenAddress(), initConfig.getListenAddress())
|| !equals(newCfg.getMaxRequestSize(), currentConfig.getMaxRequestSize())
|| !equals(newCfg.isAllowTCPReuseAddress(), currentConfig.isAllowTCPReuseAddress())
|| !equals(newCfg.isUseTCPKeepAlive(), currentConfig.isUseTCPKeepAlive())
|| !equals(newCfg.isUseTCPNoDelay(), currentConfig.isUseTCPNoDelay())
|| !equals(
newCfg.getMaxBlockedWriteTimeLimit(), currentConfig.getMaxBlockedWriteTimeLimit())
|| !equals(newCfg.getBufferSize(), currentConfig.getBufferSize())
|| !equals(newCfg.getAcceptBacklog(), currentConfig.getAcceptBacklog())
|| !equals(newCfg.isUseSSL(), currentConfig.isUseSSL())
|| !Objects.equals(
newCfg.getKeyManagerProviderDN(), currentConfig.getKeyManagerProviderDN())
|| !Objects.equals(newCfg.getSSLCertNickname(), currentConfig.getSSLCertNickname())
|| !Objects.equals(
newCfg.getTrustManagerProviderDN(), currentConfig.getTrustManagerProviderDN())
|| !Objects.equals(newCfg.getSSLProtocol(), currentConfig.getSSLProtocol())
|| !Objects.equals(newCfg.getSSLCipherSuite(), currentConfig.getSSLCipherSuite())
|| !Objects.equals(newCfg.getSSLClientAuthPolicy(), currentConfig.getSSLClientAuthPolicy());
}
private SSLEngineConfigurator createSSLEngineConfigurator(HTTPConnectionHandlerCfg config)
throws DirectoryException {
if (!config.isUseSSL()) {
return null;
}
try {
SSLContext sslContext = createSSLContext(config);
SSLEngineConfigurator configurator = new SSLEngineConfigurator(sslContext);
configurator.setClientMode(false);
// configure with defaults from the JVM
final SSLEngine defaults = sslContext.createSSLEngine();
configurator.setEnabledProtocols(defaults.getEnabledProtocols());
configurator.setEnabledCipherSuites(defaults.getEnabledCipherSuites());
final Set<String> protocols = config.getSSLProtocol();
if (!protocols.isEmpty()) {
configurator.setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
}
final Set<String> ciphers = config.getSSLCipherSuite();
if (!ciphers.isEmpty()) {
configurator.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));
}
switch (config.getSSLClientAuthPolicy()) {
case DISABLED:
configurator.setNeedClientAuth(false);
configurator.setWantClientAuth(false);
break;
case REQUIRED:
configurator.setNeedClientAuth(true);
configurator.setWantClientAuth(true);
break;
case OPTIONAL:
default:
configurator.setNeedClientAuth(false);
configurator.setWantClientAuth(true);
break;
}
return configurator;
} catch (Exception e) {
logger.traceException(e);
ResultCode resCode = DirectoryServer.getServerErrorResultCode();
throw new DirectoryException(
resCode, ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e)), e);
}
}
