private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg newCfg) {
return !equals(newCfg.getListenPort(), initConfig.getListenPort())
|| !Objects.equals(newCfg.getListenAddress(), initConfig.getListenAddress())
|| !equals(newCfg.getMaxRequestSize(), currentConfig.getMaxRequestSize())
|| !equals(newCfg.isAllowTCPReuseAddress(), currentConfig.isAllowTCPReuseAddress())
|| !equals(newCfg.isUseTCPKeepAlive(), currentConfig.isUseTCPKeepAlive())
|| !equals(newCfg.isUseTCPNoDelay(), currentConfig.isUseTCPNoDelay())
|| !equals(
newCfg.getMaxBlockedWriteTimeLimit(), currentConfig.getMaxBlockedWriteTimeLimit())
|| !equals(newCfg.getBufferSize(), currentConfig.getBufferSize())
|| !equals(newCfg.getAcceptBacklog(), currentConfig.getAcceptBacklog())
|| !equals(newCfg.isUseSSL(), currentConfig.isUseSSL())
|| !Objects.equals(
newCfg.getKeyManagerProviderDN(), currentConfig.getKeyManagerProviderDN())
|| !Objects.equals(newCfg.getSSLCertNickname(), currentConfig.getSSLCertNickname())
|| !Objects.equals(
newCfg.getTrustManagerProviderDN(), currentConfig.getTrustManagerProviderDN())
|| !Objects.equals(newCfg.getSSLProtocol(), currentConfig.getSSLProtocol())
|| !Objects.equals(newCfg.getSSLCipherSuite(), currentConfig.getSSLCipherSuite())
|| !Objects.equals(newCfg.getSSLClientAuthPolicy(), currentConfig.getSSLClientAuthPolicy());
}
private SSLContext createSSLContext(HTTPConnectionHandlerCfg config) throws Exception {
if (!config.isUseSSL()) {
return null;
}
DN keyMgrDN = config.getKeyManagerProviderDN();
KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
if (keyManagerProvider == null) {
logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
keyManagerProvider = new NullKeyManagerProvider();
enabled = false;
} else if (!keyManagerProvider.containsAtLeastOneKey()) {
logger.error(ERR_INVALID_KEYSTORE, friendlyName);
logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
enabled = false;
}
final SortedSet<String> aliases = new TreeSet<>(config.getSSLCertNickname());
final KeyManager[] keyManagers;
if (aliases.isEmpty()) {
keyManagers = keyManagerProvider.getKeyManagers();
} else {
final Iterator<String> it = aliases.iterator();
while (it.hasNext()) {
if (!keyManagerProvider.containsKeyWithAlias(it.next())) {
logger.error(ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, aliases, friendlyName);
it.remove();
}
}
if (aliases.isEmpty()) {
logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
enabled = false;
}
keyManagers =
SelectableCertificateKeyManager.wrap(keyManagerProvider.getKeyManagers(), aliases);
}
DN trustMgrDN = config.getTrustManagerProviderDN();
TrustManagerProvider<?> trustManagerProvider =
DirectoryServer.getTrustManagerProvider(trustMgrDN);
if (trustManagerProvider == null) {
trustManagerProvider = new NullTrustManagerProvider();
}
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
return sslContext;
}