/**
* serveralias/clientalias cannot be set at the same time. this method encapsulates the common
* code for both the client side and server side to create a SSLContext it is called once for each
* serveralias and once for each clientalias
*/
private SSLInfo init(
String alias,
boolean ssl2Enabled,
String ssl2Ciphers,
boolean ssl3Enabled,
String ssl3TlsCiphers,
boolean tlsEnabled)
throws Exception {
String protocol;
if (tlsEnabled) {
protocol = TLS;
} else if (ssl3Enabled) {
protocol = SSL3;
} else if (ssl2Enabled) {
protocol = SSL2;
} else { // default
protocol = "SSL";
}
String[] ssl3TlsCipherArr = null;
if (tlsEnabled || ssl3Enabled) {
ssl3TlsCipherArr = getEnabledCipherSuites(ssl3TlsCiphers, false, ssl3Enabled, tlsEnabled);
}
String[] ssl2CipherArr = null;
if (ssl2Enabled) {
ssl2CipherArr = getEnabledCipherSuites(ssl2Ciphers, true, false, false);
}
SSLContext ctx = SSLContext.getInstance(protocol);
if (alias != null && !SSLUtils.isTokenKeyAlias(alias)) {
throw new IllegalStateException(
getFormatMessage("iiop.cannot_find_keyalias", new Object[] {alias}));
}
KeyManager[] mgrs = SSLUtils.getKeyManagers();
if (alias != null && mgrs != null && mgrs.length > 0) {
KeyManager[] newMgrs = new KeyManager[mgrs.length];
for (int i = 0; i < mgrs.length; i++) {
if (_logger.isLoggable(Level.FINE)) {
StringBuffer msg = new StringBuffer("Setting J2EEKeyManager for ");
msg.append(" alias : " + alias);
_logger.log(Level.FINE, msg.toString());
}
newMgrs[i] = new J2EEKeyManager((X509KeyManager) mgrs[i], alias);
}
mgrs = newMgrs;
}
ctx.init(mgrs, SSLUtils.getTrustManagers(), sr);
return new SSLInfo(ctx, ssl3TlsCipherArr, ssl2CipherArr);
}
/** Constructs an <code>IIOPSSLSocketFactory</code> */
public IIOPSSLSocketFactory() {
try {
if (Switch.getSwitch().getContainerType() == Switch.EJBWEB_CONTAINER) {
ConfigContext configContext = ApplicationServer.getServerContext().getConfigContext();
IiopService iiopBean = ServerBeansFactory.getIiopServiceBean(configContext);
IiopListener[] iiopListeners = iiopBean.getIiopListener();
int listenersLength = (iiopListeners != null) ? iiopListeners.length : 0;
for (int i = 0; i < listenersLength; i++) {
Ssl ssl = iiopListeners[i].getSsl();
SSLInfo sslInfo = null;
if (iiopListeners[i].isSecurityEnabled()) {
if (ssl != null) {
sslInfo =
init(
ssl.getCertNickname(),
ssl.isSsl2Enabled(),
ssl.getSsl2Ciphers(),
ssl.isSsl3Enabled(),
ssl.getSsl3TlsCiphers(),
ssl.isTlsEnabled());
} else {
sslInfo = getDefaultSslInfo();
}
portToSSLInfo.put(new Integer(iiopListeners[i].getPort()), sslInfo);
}
}
if (iiopBean.getSslClientConfig() != null && iiopBean.getSslClientConfig().isEnabled()) {
Ssl outboundSsl = iiopBean.getSslClientConfig().getSsl();
if (outboundSsl != null) {
clientSslInfo =
init(
outboundSsl.getCertNickname(),
outboundSsl.isSsl2Enabled(),
outboundSsl.getSsl2Ciphers(),
outboundSsl.isSsl3Enabled(),
outboundSsl.getSsl3TlsCiphers(),
outboundSsl.isTlsEnabled());
}
}
if (clientSslInfo == null) {
clientSslInfo = getDefaultSslInfo();
}
} else {
com.sun.enterprise.config.clientbeans.Ssl clientSsl = SSLUtils.getAppclientSsl();
if (clientSsl != null) {
clientSslInfo =
init(
clientSsl.getCertNickname(),
clientSsl.isSsl2Enabled(),
clientSsl.getSsl2Ciphers(),
clientSsl.isSsl3Enabled(),
clientSsl.getSsl3TlsCiphers(),
clientSsl.isTlsEnabled());
} else { // include case keystore, truststore jvm option
clientSslInfo = getDefaultSslInfo();
}
}
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.init_exception", e);
throw new IllegalStateException(e.toString());
}
}
