/**
* Serves the incoming connections.
*
* @throws IOException
* @throws DirectoryException
*/
private void serveIncomingConnections() throws IOException, DirectoryException {
int selectorState = selector.select();
// We can't rely on return value of select to determine if any keys
// are ready.
// see http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4850373
for (Iterator<SelectionKey> iterator = selector.selectedKeys().iterator();
iterator.hasNext(); ) {
SelectionKey key = iterator.next();
iterator.remove();
if (key.isAcceptable()) {
// Accept the new client connection.
ServerSocketChannel serverChannel = (ServerSocketChannel) key.channel();
SocketChannel clientChannel = serverChannel.accept();
if (clientChannel != null) {
acceptConnection(clientChannel);
}
}
if (selectorState == 0 && enabled && !shutdownRequested && logger.isTraceEnabled()) {
// Selected keys was non empty but select() returned 0.
// Log warning and hope it blocks on the next select() call.
logger.trace(
"Selector.select() returned 0. "
+ "Selected Keys: %d, Interest Ops: %d, Ready Ops: %d ",
selector.selectedKeys().size(), key.interestOps(), key.readyOps());
}
}
}
private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException {
try {
DN keyMgrDN = config.getKeyManagerProviderDN();
KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
if (keyManagerProvider == null) {
logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
disableAndWarnIfUseSSL(config);
keyManagerProvider = new NullKeyManagerProvider();
// The SSL connection is unusable without a key manager provider
} else if (!keyManagerProvider.containsAtLeastOneKey()) {
logger.error(ERR_INVALID_KEYSTORE, friendlyName);
disableAndWarnIfUseSSL(config);
}
final SortedSet<String> aliases = new TreeSet<>(config.getSSLCertNickname());
final KeyManager[] keyManagers;
if (aliases.isEmpty()) {
keyManagers = keyManagerProvider.getKeyManagers();
} else {
final Iterator<String> it = aliases.iterator();
while (it.hasNext()) {
if (!keyManagerProvider.containsKeyWithAlias(it.next())) {
logger.error(ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, aliases, friendlyName);
it.remove();
}
}
if (aliases.isEmpty()) {
disableAndWarnIfUseSSL(config);
}
keyManagers =
SelectableCertificateKeyManager.wrap(
keyManagerProvider.getKeyManagers(), aliases, friendlyName);
}
DN trustMgrDN = config.getTrustManagerProviderDN();
TrustManagerProvider<?> trustManagerProvider =
DirectoryServer.getTrustManagerProvider(trustMgrDN);
if (trustManagerProvider == null) {
trustManagerProvider = new NullTrustManagerProvider();
}
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
return sslContext;
} catch (Exception e) {
logger.traceException(e);
ResultCode resCode = DirectoryServer.getServerErrorResultCode();
LocalizableMessage message =
ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e));
throw new DirectoryException(resCode, message, e);
}
}