001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.ldap.handlers.ssl; 021 022 023 import java.security.KeyStore; 024 import java.security.SecureRandom; 025 import java.security.Security; 026 027 import javax.naming.NamingException; 028 import javax.net.ssl.KeyManagerFactory; 029 import javax.net.ssl.SSLContext; 030 import javax.net.ssl.TrustManager; 031 032 import org.apache.directory.server.i18n.I18n; 033 import org.apache.directory.shared.ldap.util.StringTools; 034 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder; 035 import org.apache.mina.core.filterchain.IoFilterChainBuilder; 036 import org.apache.mina.filter.ssl.SslFilter; 037 038 039 /** 040 * Loads the certificate file for LDAPS support and creates the appropriate 041 * MINA filter chain. 042 * 043 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 044 * @version $Rev:687105 $, $Date:2008-08-19 19:40:48 +0200 (Tue, 19 Aug 2008) $ 045 * 046 */ 047 public class LdapsInitializer 048 { 049 public static IoFilterChainBuilder init( KeyStore ks, String certificatePassord ) throws NamingException 050 { 051 SSLContext sslCtx; 052 try 053 { 054 // Set up key manager factory to use our key store 055 String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm" ); 056 057 if ( algorithm == null ) 058 { 059 algorithm = KeyManagerFactory.getDefaultAlgorithm(); 060 } 061 062 KeyManagerFactory kmf = KeyManagerFactory.getInstance( algorithm ); 063 064 if ( StringTools.isEmpty( certificatePassord ) ) 065 { 066 kmf.init( ks, null ); 067 } 068 else 069 { 070 kmf.init( ks, certificatePassord.toCharArray() ); 071 } 072 073 // Initialize the SSLContext to work with our key managers. 074 sslCtx = SSLContext.getInstance( "TLS" ); 075 sslCtx.init( kmf.getKeyManagers(), new TrustManager[] 076 { new ServerX509TrustManager() }, new SecureRandom() ); 077 } 078 catch ( Exception e ) 079 { 080 throw ( NamingException ) new NamingException( I18n.err( I18n.ERR_683 ) ).initCause( e ); 081 } 082 083 DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder(); 084 chain.addLast( "sslFilter", new SslFilter( sslCtx ) ); 085 return chain; 086 } 087 }