org.apache.mina.core.filterchain.IoFilterChainBuilder Java Examples

public static IoFilterChainBuilder init( LdapServer server ) throws LdapException
{
    SSLContext sslCtx;
    try
    {
    	sslCtx = server.getSSLContext();
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    List<String> cipherSuites = server.getEnabledCipherSuites();
    if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }
    
    sslFilter.setWantClientAuth( true );
    chain.addLast( "sslFilter", sslFilter );
    return chain;
}
 

/**
 * Process a new session :
 * - initialize it
 * - create its chain
 * - fire the CREATED listeners if any
 *
 * @param session The session to create
 * @return true if the session has been registered
 */
private boolean addNow(S session) {
    boolean registered = false;

    try {
        init(session);
        registered = true;

        // Build the filter chain of this session.
        IoFilterChainBuilder chainBuilder = session.getService().getFilterChainBuilder();
        chainBuilder.buildFilterChain(session.getFilterChain());

        // DefaultIoFilterChain.CONNECT_FUTURE is cleared inside here
        // in AbstractIoFilterChain.fireSessionOpened().
        // Propagate the SESSION_CREATED event up to the chain
        IoServiceListenerSupport listeners = ((AbstractIoService) session.getService()).getListeners();
        listeners.fireSessionCreated(session);
    } catch (Throwable e) {
        ExceptionMonitor.getInstance().exceptionCaught(e);

        try {
            destroy(session);
        } catch (Exception e1) {
            ExceptionMonitor.getInstance().exceptionCaught(e1);
        } finally {
            registered = false;
        }
    }

    return registered;
}
 

/**
 * reloads the SSL context by replacing the existing SslFilter
 * with a new SslFilter after reloading the keystore.
 * 
 * Note: should be called to reload the keystore after changing the digital certificate.
 */
public void reloadSslContext() throws Exception
{
    if ( !started )
    {
        return;
    }

    LOG.info( "reloading SSL context..." );

    loadKeyStore();

    String sslFilterName = "sslFilter";
    for ( IoFilterChainBuilder chainBuilder : chainBuilders )
    {
        DefaultIoFilterChainBuilder dfcb = ( ( DefaultIoFilterChainBuilder ) chainBuilder );
        if ( dfcb.contains( sslFilterName ) )
        {
            DefaultIoFilterChainBuilder newChain = ( DefaultIoFilterChainBuilder ) LdapsInitializer
                .init( this );
            dfcb.replace( sslFilterName, newChain.get( sslFilterName ) );
            newChain = null;
        }
    }

    StartTlsHandler handler = ( StartTlsHandler ) getExtendedOperationHandler( StartTlsHandler.EXTENSION_OID );
    if ( handler != null )
    {
        handler.setLdapServer( this );
    }

    LOG.info( "reloaded SSL context successfully" );
}
 

/**
 * {@inheritDoc}
 */
public final IoFilterChainBuilder getFilterChainBuilder() {
    return filterChainBuilder;
}
 

private void startNetwork( Transport transport, IoFilterChainBuilder chainBuilder ) throws Exception
{
    if ( transport.getBackLog() < 0 )
    {
        // Set the backlog to the default value when it's below 0
        transport.setBackLog( 50 );
    }

    chainBuilders.add( chainBuilder );

    try
    {
        SocketAcceptor acceptor = getSocketAcceptor( transport );

        // Now, configure the acceptor
        // Disable the disconnection of the clients on unbind
        acceptor.setCloseOnDeactivation( false );

        // No Nagle's algorithm
        acceptor.getSessionConfig().setTcpNoDelay( true );

        // Inject the chain
        acceptor.setFilterChainBuilder( chainBuilder );

        // Inject the protocol handler
        acceptor.setHandler( getHandler() );

        ( ( AbstractSocketSessionConfig ) acceptor.getSessionConfig() ).setReadBufferSize( 64 * 1024 );
        ( ( AbstractSocketSessionConfig ) acceptor.getSessionConfig() ).setSendBufferSize( 64 * 1024 );

        // Bind to the configured address
        acceptor.bind();

        // We are done !
        started = true;

        if ( LOG.isInfoEnabled() )
        {
            LOG.info( "Successful bind of an LDAP Service (" + transport.getPort() + ") is completed." );
        }
    }
    catch ( IOException e )
    {
        String msg = I18n.err( I18n.ERR_171, transport.getPort() );
        LdapConfigurationException lce = new LdapConfigurationException( msg );
        lce.setCause( e );
        LOG.error( msg, e );
        throw lce;
    }
}
 

private void startNetwork( Transport transport, IoFilterChainBuilder chainBuilder ) throws Exception
{
    if ( transport.getBackLog() < 0 )
    {
        // Set the backlog to the default value when it's below 0
        transport.setBackLog( 50 );
    }

    chainBuilders.add( chainBuilder );

    try
    {
        SocketAcceptor acceptor = getSocketAcceptor( transport );

        // Now, configure the acceptor
        // Disable the disconnection of the clients on unbind
        acceptor.setCloseOnDeactivation( false );

        // No Nagle's algorithm
        acceptor.getSessionConfig().setTcpNoDelay( true );

        // Inject the chain
        acceptor.setFilterChainBuilder( chainBuilder );

        // Inject the protocol handler
        acceptor.setHandler( getHandler() );

        ( ( AbstractSocketSessionConfig ) acceptor.getSessionConfig() ).setReadBufferSize( 64 * 1024 );
        ( ( AbstractSocketSessionConfig ) acceptor.getSessionConfig() ).setSendBufferSize( 64 * 1024 );

        // Bind to the configured address
        acceptor.bind();

        // We are done !
        started = true;

        if ( LOG.isInfoEnabled() )
        {
            LOG.info( "Successful bind of an LDAP Service (" + transport.getPort() + ") is completed." );
        }
    }
    catch ( IOException e )
    {
        String msg = I18n.err( I18n.ERR_171, transport.getPort() );
        LdapConfigurationException lce = new LdapConfigurationException( msg );
        lce.setCause( e );
        LOG.error( msg, e );
        throw lce;
    }
}
 

/**
 * Initialize the LDAPS server.
 *
 * @param ldapServer The LDAP server instance
 * @param transport The TCP transport that contains the SSL configuration
 * @return A IoFilter chain
 * @throws LdapException If we had a pb
 */
public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
{
    SSLContext sslCtx;

    try
    {
    	sslCtx = ldapServer.getSSLContext();
    	
    	//TODO see if this is correct
    	// Initialize the SSLContext to work with our key managers.
        //sslCtx = SSLContext.getInstance( "TLS" );
        //sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
        //    { new NoVerificationTrustManager() }, new SecureRandom() );
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    // The ciphers
    List<String> cipherSuites = transport.getCipherSuite();

    if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }

    // The protocols
    List<String> enabledProtocols = transport.getEnabledProtocols();

    if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
    {
        sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
    }
    else
    {
        // Be sure we disable SSLV3
        sslFilter.setEnabledProtocols( new String[]
            { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } );
    }

    // The remaining SSL parameters
    sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
    sslFilter.setWantClientAuth( transport.isWantClientAuth() );
    
    chain.addLast( "sslFilter", sslFilter );

    return chain;
}
 

@Override
public final IoFilterChainBuilder getFilterChainBuilder() {
	return filterChainBuilder;
}
 

@Override
public final void setFilterChainBuilder(IoFilterChainBuilder builder) {
	filterChainBuilder = (builder != null ? builder : new DefaultIoFilterChainBuilder());
}
 

/**
 * Returns the {@link IoFilterChainBuilder} which will build the
 * {@link IoFilterChain} of all {@link IoSession}s which is created
 * by this service.
 * The default value is an empty {@link DefaultIoFilterChainBuilder}.
 */
IoFilterChainBuilder getFilterChainBuilder();
 

/**
 * Sets the {@link IoFilterChainBuilder} which will build the
 * {@link IoFilterChain} of all {@link IoSession}s which is created
 * by this service.
 * If you specify <tt>null</tt> this property will be set to
 * an empty {@link DefaultIoFilterChainBuilder}.
 */
void setFilterChainBuilder(IoFilterChainBuilder builder);
 

/**
 * @return the {@link IoFilterChainBuilder} which will build the {@link IoFilterChain} of
 * all {@link IoSession}s which is created by this service.
 * The default value is an empty {@link DefaultIoFilterChainBuilder}.
 */
IoFilterChainBuilder getFilterChainBuilder();
 

/**
 * Sets the {@link IoFilterChainBuilder} which will build the {@link IoFilterChain} of
 * all {@link IoSession}s which is created by this service.
 * If you specify <tt>null</tt> this property will be set to an empty {@link DefaultIoFilterChainBuilder}.
 *
 * @param builder The filter chain builder to use
 */
void setFilterChainBuilder(IoFilterChainBuilder builder);