예제 #1
0
 private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg newCfg) {
   return !equals(newCfg.getListenPort(), initConfig.getListenPort())
       || !Objects.equals(newCfg.getListenAddress(), initConfig.getListenAddress())
       || !equals(newCfg.getMaxRequestSize(), currentConfig.getMaxRequestSize())
       || !equals(newCfg.isAllowTCPReuseAddress(), currentConfig.isAllowTCPReuseAddress())
       || !equals(newCfg.isUseTCPKeepAlive(), currentConfig.isUseTCPKeepAlive())
       || !equals(newCfg.isUseTCPNoDelay(), currentConfig.isUseTCPNoDelay())
       || !equals(
           newCfg.getMaxBlockedWriteTimeLimit(), currentConfig.getMaxBlockedWriteTimeLimit())
       || !equals(newCfg.getBufferSize(), currentConfig.getBufferSize())
       || !equals(newCfg.getAcceptBacklog(), currentConfig.getAcceptBacklog())
       || !equals(newCfg.isUseSSL(), currentConfig.isUseSSL())
       || !Objects.equals(
           newCfg.getKeyManagerProviderDN(), currentConfig.getKeyManagerProviderDN())
       || !Objects.equals(newCfg.getSSLCertNickname(), currentConfig.getSSLCertNickname())
       || !Objects.equals(
           newCfg.getTrustManagerProviderDN(), currentConfig.getTrustManagerProviderDN())
       || !Objects.equals(newCfg.getSSLProtocol(), currentConfig.getSSLProtocol())
       || !Objects.equals(newCfg.getSSLCipherSuite(), currentConfig.getSSLCipherSuite())
       || !Objects.equals(newCfg.getSSLClientAuthPolicy(), currentConfig.getSSLClientAuthPolicy());
 }
예제 #2
0
  private SSLEngineConfigurator createSSLEngineConfigurator(HTTPConnectionHandlerCfg config)
      throws DirectoryException {
    if (!config.isUseSSL()) {
      return null;
    }

    try {
      SSLContext sslContext = createSSLContext(config);
      SSLEngineConfigurator configurator = new SSLEngineConfigurator(sslContext);
      configurator.setClientMode(false);

      // configure with defaults from the JVM
      final SSLEngine defaults = sslContext.createSSLEngine();
      configurator.setEnabledProtocols(defaults.getEnabledProtocols());
      configurator.setEnabledCipherSuites(defaults.getEnabledCipherSuites());

      final Set<String> protocols = config.getSSLProtocol();
      if (!protocols.isEmpty()) {
        configurator.setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
      }

      final Set<String> ciphers = config.getSSLCipherSuite();
      if (!ciphers.isEmpty()) {
        configurator.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));
      }

      switch (config.getSSLClientAuthPolicy()) {
        case DISABLED:
          configurator.setNeedClientAuth(false);
          configurator.setWantClientAuth(false);
          break;
        case REQUIRED:
          configurator.setNeedClientAuth(true);
          configurator.setWantClientAuth(true);
          break;
        case OPTIONAL:
        default:
          configurator.setNeedClientAuth(false);
          configurator.setWantClientAuth(true);
          break;
      }

      return configurator;
    } catch (Exception e) {
      logger.traceException(e);
      ResultCode resCode = DirectoryServer.getServerErrorResultCode();
      throw new DirectoryException(
          resCode, ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e)), e);
    }
  }