private void configureSSL(LDAPConnectionHandlerCfg config) throws DirectoryException {
protocol = config.isUseSSL() ? "LDAPS" : "LDAP";
if (config.isUseSSL() || config.isAllowStartTLS()) {
sslContext = createSSLContext(config);
sslEngine = createSSLEngine(config, sslContext);
} else {
sslContext = null;
sslEngine = null;
}
}
/** {@inheritDoc} */
@Override
public boolean isConfigurationAcceptable(
ConnectionHandlerCfg configuration, List<LocalizableMessage> unacceptableReasons) {
LDAPConnectionHandlerCfg config = (LDAPConnectionHandlerCfg) configuration;
if (currentConfig == null || (!currentConfig.isEnabled() && config.isEnabled())) {
// Attempt to bind to the listen port on all configured addresses to
// verify whether the connection handler will be able to start.
LocalizableMessage errorMessage =
checkAnyListenAddressInUse(
config.getListenAddress(),
config.getListenPort(),
config.isAllowTCPReuseAddress(),
config.dn());
if (errorMessage != null) {
unacceptableReasons.add(errorMessage);
return false;
}
}
if (config.isEnabled()
// Check that the SSL configuration is valid.
&& (config.isUseSSL() || config.isAllowStartTLS())) {
try {
createSSLEngine(config, createSSLContext(config));
} catch (DirectoryException e) {
logger.traceException(e);
unacceptableReasons.add(e.getMessageObject());
return false;
}
}
return true;
}
private ConnectionHandlerDescriptor getConnectionHandler(
ConnectionHandlerCfg connHandler, String name) throws OpenDsException {
SortedSet<InetAddress> addresses = new TreeSet<InetAddress>(getInetAddressComparator());
int port;
ConnectionHandlerDescriptor.Protocol protocol;
ConnectionHandlerDescriptor.State state =
connHandler.isEnabled()
? ConnectionHandlerDescriptor.State.ENABLED
: ConnectionHandlerDescriptor.State.DISABLED;
if (connHandler instanceof LDAPConnectionHandlerCfg) {
LDAPConnectionHandlerCfg ldap = (LDAPConnectionHandlerCfg) connHandler;
if (ldap.isUseSSL()) {
protocol = ConnectionHandlerDescriptor.Protocol.LDAPS;
} else if (ldap.isAllowStartTLS()) {
protocol = ConnectionHandlerDescriptor.Protocol.LDAP_STARTTLS;
} else {
protocol = ConnectionHandlerDescriptor.Protocol.LDAP;
}
addAll(addresses, ldap.getListenAddress());
port = ldap.getListenPort();
} else if (connHandler instanceof HTTPConnectionHandlerCfg) {
HTTPConnectionHandlerCfg http = (HTTPConnectionHandlerCfg) connHandler;
if (http.isUseSSL()) {
protocol = ConnectionHandlerDescriptor.Protocol.HTTPS;
} else {
protocol = ConnectionHandlerDescriptor.Protocol.HTTP;
}
addAll(addresses, http.getListenAddress());
port = http.getListenPort();
} else if (connHandler instanceof JMXConnectionHandlerCfg) {
JMXConnectionHandlerCfg jmx = (JMXConnectionHandlerCfg) connHandler;
if (jmx.isUseSSL()) {
protocol = ConnectionHandlerDescriptor.Protocol.JMXS;
} else {
protocol = ConnectionHandlerDescriptor.Protocol.JMX;
}
addAll(addresses, jmx.getListenAddress());
port = jmx.getListenPort();
} else if (connHandler instanceof LDIFConnectionHandlerCfg) {
protocol = ConnectionHandlerDescriptor.Protocol.LDIF;
port = -1;
} else if (connHandler instanceof SNMPConnectionHandlerCfg) {
protocol = ConnectionHandlerDescriptor.Protocol.SNMP;
SNMPConnectionHandlerCfg snmp = (SNMPConnectionHandlerCfg) connHandler;
addAll(addresses, snmp.getListenAddress());
port = snmp.getListenPort();
} else {
protocol = ConnectionHandlerDescriptor.Protocol.OTHER;
port = -1;
}
Set<CustomSearchResult> emptySet = Collections.emptySet();
return new ConnectionHandlerDescriptor(addresses, port, protocol, state, name, emptySet);
}
/**
* Indicates whether this connection handler should allow the use of the StartTLS extended
* operation.
*
* @return <CODE>true</CODE> if StartTLS is allowed, or <CODE>false</CODE> if not.
*/
public boolean allowStartTLS() {
return currentConfig.isAllowStartTLS() && !currentConfig.isUseSSL();
}
private void disableAndWarnIfUseSSL(LDAPConnectionHandlerCfg config) {
if (config.isUseSSL()) {
logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
enabled = false;
}
}
/**
* Indicates whether this connection handler should use SSL to communicate with clients.
*
* @return {@code true} if this connection handler should use SSL to communicate with clients, or
* {@code false} if not.
*/
public boolean useSSL() {
return currentConfig.isUseSSL();
}
