/** * Create an SSL server socket at the specified InetSocketAddress. If the type is SSL_MUTUALAUTH * then SSL client authentication is requested. */ private ServerSocket createSSLServerSocket(String type, InetSocketAddress inetSocketAddress) throws IOException { if (inetSocketAddress == null) { throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[] {null})); } int port = inetSocketAddress.getPort(); Integer iport = new Integer(port); SSLInfo sslInfo = (SSLInfo) portToSSLInfo.get(iport); if (sslInfo == null) { throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[] {iport})); } SSLServerSocketFactory ssf = sslInfo.getContext().getServerSocketFactory(); String[] ssl3TlsCiphers = sslInfo.getSsl3TlsCiphers(); String[] ssl2Ciphers = sslInfo.getSsl2Ciphers(); String[] ciphers = null; if (ssl3TlsCiphers != null || ssl2Ciphers != null) { String[] socketCiphers = ssf.getDefaultCipherSuites(); ciphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers); } String cs[] = null; if (_logger.isLoggable(Level.FINE)) { cs = ssf.getSupportedCipherSuites(); for (int i = 0; i < cs.length; ++i) { _logger.log(Level.FINE, "Cipher Suite: " + cs[i]); } } ServerSocket ss = null; try { // bugfix for 6349541 // specify the ip address to bind to, 50 is the default used // by the ssf implementation when only the port is specified ss = ssf.createServerSocket(port, BACKLOG, inetSocketAddress.getAddress()); if (ciphers != null) { ((SSLServerSocket) ss).setEnabledCipherSuites(ciphers); } } catch (IOException e) { _logger.log( Level.SEVERE, "iiop.createsocket_exception", new Object[] {type, String.valueOf(port)}); _logger.log(Level.SEVERE, "", e); throw e; } try { if (type.equals(SSL_MUTUALAUTH)) { _logger.log(Level.FINE, "Setting Mutual auth"); ((SSLServerSocket) ss).setNeedClientAuth(true); } } catch (Exception e) { _logger.log(Level.SEVERE, "iiop.cipher_exception", e); throw new IOException(e.getMessage()); } if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "Created server socket:" + ss); } return ss; }
/** * Create an SSL socket at the specified host and port. * * @param the host * @param the port * @return the socket. */ private Socket createSSLSocket(String host, int port) throws IOException { SSLSocket socket = null; SSLSocketFactory factory = null; try { // get socketfactory+sanity check // clientSslInfo is never null factory = clientSslInfo.getContext().getSocketFactory(); if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "Creating SSL Socket for host:" + host + " port:" + port); } String[] ssl3TlsCiphers = clientSslInfo.getSsl3TlsCiphers(); String[] ssl2Ciphers = clientSslInfo.getSsl2Ciphers(); String[] clientCiphers = null; if (ssl3TlsCiphers != null || ssl2Ciphers != null) { String[] socketCiphers = factory.getDefaultCipherSuites(); clientCiphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers); } socket = (SSLSocket) factory.createSocket(host, port); if (clientCiphers != null) { socket.setEnabledCipherSuites(clientCiphers); } } catch (Exception e) { if (_logger.isLoggable(Level.FINE)) { _logger.log( Level.FINE, "iiop.createsocket_exception", new Object[] {host, String.valueOf(port)}); _logger.log(Level.FINE, "", e); } IOException e2 = new IOException("Error opening SSL socket to host=" + host + " port=" + port); e2.initCause(e); throw e2; } return socket; }