/**
* Create an SSL server socket at the specified InetSocketAddress. If the type is SSL_MUTUALAUTH
* then SSL client authentication is requested.
*/
private ServerSocket createSSLServerSocket(String type, InetSocketAddress inetSocketAddress)
throws IOException {
if (inetSocketAddress == null) {
throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[] {null}));
}
int port = inetSocketAddress.getPort();
Integer iport = new Integer(port);
SSLInfo sslInfo = (SSLInfo) portToSSLInfo.get(iport);
if (sslInfo == null) {
throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[] {iport}));
}
SSLServerSocketFactory ssf = sslInfo.getContext().getServerSocketFactory();
String[] ssl3TlsCiphers = sslInfo.getSsl3TlsCiphers();
String[] ssl2Ciphers = sslInfo.getSsl2Ciphers();
String[] ciphers = null;
if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
String[] socketCiphers = ssf.getDefaultCipherSuites();
ciphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers);
}
String cs[] = null;
if (_logger.isLoggable(Level.FINE)) {
cs = ssf.getSupportedCipherSuites();
for (int i = 0; i < cs.length; ++i) {
_logger.log(Level.FINE, "Cipher Suite: " + cs[i]);
}
}
ServerSocket ss = null;
try {
// bugfix for 6349541
// specify the ip address to bind to, 50 is the default used
// by the ssf implementation when only the port is specified
ss = ssf.createServerSocket(port, BACKLOG, inetSocketAddress.getAddress());
if (ciphers != null) {
((SSLServerSocket) ss).setEnabledCipherSuites(ciphers);
}
} catch (IOException e) {
_logger.log(
Level.SEVERE, "iiop.createsocket_exception", new Object[] {type, String.valueOf(port)});
_logger.log(Level.SEVERE, "", e);
throw e;
}
try {
if (type.equals(SSL_MUTUALAUTH)) {
_logger.log(Level.FINE, "Setting Mutual auth");
((SSLServerSocket) ss).setNeedClientAuth(true);
}
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.cipher_exception", e);
throw new IOException(e.getMessage());
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Created server socket:" + ss);
}
return ss;
}
public boolean authorize(
SSLInfo info, Ice.StringHolder reason, java.util.Map<String, String> __ctx)
throws IceInternal.LocalExceptionWrapper {
IceInternal.Outgoing __og =
__handler.getOutgoing("authorize", Ice.OperationMode.Nonmutating, __ctx);
try {
try {
IceInternal.BasicStream __os = __og.os();
info.__write(__os);
} catch (Ice.LocalException __ex) {
__og.abort(__ex);
}
boolean __ok = __og.invoke();
try {
if (!__ok) {
try {
__og.throwUserException();
} catch (Ice.UserException __ex) {
throw new Ice.UnknownUserException(__ex.ice_name());
}
}
IceInternal.BasicStream __is = __og.is();
__is.startReadEncaps();
reason.value = __is.readString();
boolean __ret;
__ret = __is.readBool();
__is.endReadEncaps();
return __ret;
} catch (Ice.LocalException __ex) {
throw new IceInternal.LocalExceptionWrapper(__ex, false);
}
} finally {
__handler.reclaimOutgoing(__og);
}
}
/**
* Create an SSL socket at the specified host and port.
*
* @param the host
* @param the port
* @return the socket.
*/
private Socket createSSLSocket(String host, int port) throws IOException {
SSLSocket socket = null;
SSLSocketFactory factory = null;
try {
// get socketfactory+sanity check
// clientSslInfo is never null
factory = clientSslInfo.getContext().getSocketFactory();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Creating SSL Socket for host:" + host + " port:" + port);
}
String[] ssl3TlsCiphers = clientSslInfo.getSsl3TlsCiphers();
String[] ssl2Ciphers = clientSslInfo.getSsl2Ciphers();
String[] clientCiphers = null;
if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
String[] socketCiphers = factory.getDefaultCipherSuites();
clientCiphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers);
}
socket = (SSLSocket) factory.createSocket(host, port);
if (clientCiphers != null) {
socket.setEnabledCipherSuites(clientCiphers);
}
} catch (Exception e) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(
Level.FINE, "iiop.createsocket_exception", new Object[] {host, String.valueOf(port)});
_logger.log(Level.FINE, "", e);
}
IOException e2 =
new IOException("Error opening SSL socket to host=" + host + " port=" + port);
e2.initCause(e);
throw e2;
}
return socket;
}
