private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg newCfg) { return !equals(newCfg.getListenPort(), initConfig.getListenPort()) || !Objects.equals(newCfg.getListenAddress(), initConfig.getListenAddress()) || !equals(newCfg.getMaxRequestSize(), currentConfig.getMaxRequestSize()) || !equals(newCfg.isAllowTCPReuseAddress(), currentConfig.isAllowTCPReuseAddress()) || !equals(newCfg.isUseTCPKeepAlive(), currentConfig.isUseTCPKeepAlive()) || !equals(newCfg.isUseTCPNoDelay(), currentConfig.isUseTCPNoDelay()) || !equals( newCfg.getMaxBlockedWriteTimeLimit(), currentConfig.getMaxBlockedWriteTimeLimit()) || !equals(newCfg.getBufferSize(), currentConfig.getBufferSize()) || !equals(newCfg.getAcceptBacklog(), currentConfig.getAcceptBacklog()) || !equals(newCfg.isUseSSL(), currentConfig.isUseSSL()) || !Objects.equals( newCfg.getKeyManagerProviderDN(), currentConfig.getKeyManagerProviderDN()) || !Objects.equals(newCfg.getSSLCertNickname(), currentConfig.getSSLCertNickname()) || !Objects.equals( newCfg.getTrustManagerProviderDN(), currentConfig.getTrustManagerProviderDN()) || !Objects.equals(newCfg.getSSLProtocol(), currentConfig.getSSLProtocol()) || !Objects.equals(newCfg.getSSLCipherSuite(), currentConfig.getSSLCipherSuite()) || !Objects.equals(newCfg.getSSLClientAuthPolicy(), currentConfig.getSSLClientAuthPolicy()); }
private SSLEngineConfigurator createSSLEngineConfigurator(HTTPConnectionHandlerCfg config) throws DirectoryException { if (!config.isUseSSL()) { return null; } try { SSLContext sslContext = createSSLContext(config); SSLEngineConfigurator configurator = new SSLEngineConfigurator(sslContext); configurator.setClientMode(false); // configure with defaults from the JVM final SSLEngine defaults = sslContext.createSSLEngine(); configurator.setEnabledProtocols(defaults.getEnabledProtocols()); configurator.setEnabledCipherSuites(defaults.getEnabledCipherSuites()); final Set<String> protocols = config.getSSLProtocol(); if (!protocols.isEmpty()) { configurator.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); } final Set<String> ciphers = config.getSSLCipherSuite(); if (!ciphers.isEmpty()) { configurator.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); } switch (config.getSSLClientAuthPolicy()) { case DISABLED: configurator.setNeedClientAuth(false); configurator.setWantClientAuth(false); break; case REQUIRED: configurator.setNeedClientAuth(true); configurator.setWantClientAuth(true); break; case OPTIONAL: default: configurator.setNeedClientAuth(false); configurator.setWantClientAuth(true); break; } return configurator; } catch (Exception e) { logger.traceException(e); ResultCode resCode = DirectoryServer.getServerErrorResultCode(); throw new DirectoryException( resCode, ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e)), e); } }