1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.ssl;
21
22
23 import java.security.KeyStore;
24 import java.security.SecureRandom;
25 import java.security.Security;
26
27 import javax.naming.NamingException;
28 import javax.net.ssl.KeyManagerFactory;
29 import javax.net.ssl.SSLContext;
30 import javax.net.ssl.TrustManager;
31
32 import org.apache.mina.common.DefaultIoFilterChainBuilder;
33 import org.apache.mina.common.IoFilterChainBuilder;
34 import org.apache.mina.filter.SSLFilter;
35
36
37
38
39
40
41
42
43
44
45 public class LdapsInitializer
46 {
47 public static IoFilterChainBuilder init( KeyStore ks ) throws NamingException
48 {
49 SSLContext sslCtx;
50 try
51 {
52
53 String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm" );
54 if ( algorithm == null )
55 {
56 algorithm = "SunX509";
57 }
58 KeyManagerFactory kmf = KeyManagerFactory.getInstance( algorithm );
59 kmf.init( ks, null );
60
61
62 sslCtx = SSLContext.getInstance( "TLS" );
63 sslCtx.init( kmf.getKeyManagers(), new TrustManager[]
64 { new ServerX509TrustManager() }, new SecureRandom() );
65 }
66 catch ( Exception e )
67 {
68 throw ( NamingException ) new NamingException( "Failed to create a SSL context." ).initCause( e );
69 }
70
71 DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
72 chain.addLast( "sslFilter", new SSLFilter( sslCtx ) );
73 return chain;
74 }
75 }