org.apache.mina.filter.ssl.SslFilter Java Examples

public static SslFilter getSslFilter(InputStream keyIs, char[] keyPw, InputStream trustIs, char[] trustPw) throws Exception
{
	KeyStore ks = KeyStore.getInstance("JKS");
	ks.load(keyIs, keyPw);
	KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
	kmf.init(ks, keyPw);

	KeyStore ts = KeyStore.getInstance("JKS");
	ts.load(trustIs, trustPw);
	TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
	tmf.init(ts);

	SSLContext ctx = SSLContext.getInstance("TLS"); // "TLSv1.2"
	ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
	return new SslFilter(ctx);
}
 

public void startTLS(boolean clientMode, boolean directTLS) throws Exception {

        final EncryptionArtifactFactory factory = new EncryptionArtifactFactory( configuration );
        final SslFilter filter;
        if ( clientMode )
        {
            filter = factory.createClientModeSslFilter();
        }
        else
        {
            filter = factory.createServerModeSslFilter();
        }

        ioSession.getFilterChain().addBefore(EXECUTOR_FILTER_NAME, TLS_FILTER_NAME, filter);

        if (!directTLS)
        {
            ioSession.setAttribute( SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE );
        }

        if ( !clientMode && !directTLS ) {
            // Indicate the client that the server is ready to negotiate TLS
            deliverRawText( "<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>" );
        }
    }
 

public SSLSession getSslSession ()
{
    final IoSession session = this.session;
    if ( session == null )
    {
        return null;
    }
    final Object sslSession = session.getAttribute ( SslFilter.SSL_SESSION );

    if ( sslSession instanceof SSLSession )
    {
        return (SSLSession)sslSession;
    }
    else
    {
        return null;
    }
}
 

public SSLSession getSslSession ()
{
    final IoSession session = this.session;
    if ( session == null )
    {
        return null;
    }
    final Object sslSession = session.getAttribute ( SslFilter.SSL_SESSION );

    if ( sslSession instanceof SSLSession )
    {
        return (SSLSession)sslSession;
    }
    else
    {
        return null;
    }
}
 

public static IoFilterChainBuilder init( LdapServer server ) throws LdapException
{
    SSLContext sslCtx;
    try
    {
    	sslCtx = server.getSSLContext();
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    List<String> cipherSuites = server.getEnabledCipherSuites();
    if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }
    
    sslFilter.setWantClientAuth( true );
    chain.addLast( "sslFilter", sslFilter );
    return chain;
}
 

/**
 * A utility method that implements the shared functionality of getServerModeSslFilter and getClientModeSslFilter.
 *
 * This method is used to initialize and configure an instance of SslFilter for a particular pre-configured
 * SSLContext and SSLEngine. In most cases, developers will want to use getServerModeSslFilter or
 * getClientModeSslFilter instead of this method.
 *
 * @param sslContext a pre-configured SSL Context instance (cannot be null).
 * @param sslEngine a pre-configured SSL Engine instance (cannot be null).
 * @return A SslFilter instance (never null).
 */
private static SslFilter createSslFilter( SSLContext sslContext, SSLEngine sslEngine ) {
    final SslFilter filter = new SslFilter( sslContext );

    // Copy configuration from the SSL Engine into the filter.
    filter.setUseClientMode( sslEngine.getUseClientMode() );
    filter.setEnabledProtocols( sslEngine.getEnabledProtocols() );
    filter.setEnabledCipherSuites( sslEngine.getEnabledCipherSuites() );

    // Note that the setters for 'need' and 'want' influence each-other. Invoke only one of them!
    if ( sslEngine.getNeedClientAuth() )
    {
        filter.setNeedClientAuth( true );
    }
    else if ( sslEngine.getWantClientAuth() )
    {
        filter.setWantClientAuth( true );
    }
    return filter;
}
 

public SslFilter getSslFilter() throws Exception {
    if (keystoreFile == null || truststoreFile == null) {
        throw new NotActiveException("Keystore or truststore are null");
    }
    SSLContext context = getSslContext();
    if (context == null) {
        throw new NotActiveException("SSLContext is null");
    }
    // create the ssl filter using server mode
    SslFilter sslFilter = new SslFilter(context);
    if (cipherSuites != null) {
        sslFilter.setEnabledCipherSuites(cipherSuites);
    }
    if (protocols != null) {
        if (log.isDebugEnabled()) {
            log.debug("Using these protocols: {}", Arrays.toString(protocols));
        }
        sslFilter.setEnabledProtocols(protocols);
    }
    return sslFilter;
}
 

@Override
public void sessionCreated(IoSession session) {
    session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);

    // We're going to use SSL negotiation notification.
    session.setAttribute(SslFilter.USE_NOTIFICATION);
}
 

/** {@inheritDoc} */
@Override
public void sessionOpened(IoSession session) throws Exception {
    // START OF NATIVE SSL STUFF
    SSLContext sslContext = BogusSslContextFactory.getInstance(false);
    SslFilter sslFilter = new SslFilter(sslContext);
    sslFilter.setUseClientMode(true);
    if (sslFilter != null) {
        session.getFilterChain().addFirst("sslFilter", sslFilter);
    }
    // END OF NATIVE SSL STUFF
    super.sessionOpened(session);
}
 

public TestHttpServer(String key_file, String key_pw) throws Exception
{
	if (key_file != null && key_pw != null)
	{
		SslFilter sf = HttpCodec.getSslFilter(key_file, key_pw);
		sf.setUseClientMode(false);
		getAcceptor().getDefaultIoFilterChainBuilder().addFirst("ssl", sf);
	}
	setCodecFactory(HttpCodec::new);
}
 

@Override
public Certificate[] getPeerCertificates() {
    try {
        SSLSession sslSession = (SSLSession) ioSession.getAttribute(SslFilter.SSL_SESSION);
        if (sslSession != null) {
            return sslSession.getPeerCertificates();
        }
    } catch (SSLPeerUnverifiedException e) {
        if (Log.isTraceEnabled()) {
            // This is perfectly acceptable when mutual authentication is not enforced by Openfire configuration.
            Log.trace( "Peer does not offer certificates in session: " + session, e);
        }
    }
    return new Certificate[0];
}
 

@Override
public Certificate[] getLocalCertificates() {
    SSLSession sslSession = (SSLSession) ioSession.getAttribute(SslFilter.SSL_SESSION);
    if (sslSession != null) {
        return sslSession.getLocalCertificates();
    }
    return new Certificate[0];
}
 

@Override
public void emit() {
	// TODO Auto-generated method stub
	try {
		// ssl 认证
		if (sslEnable) {
			SslFilter sslFilter = new SslFilter(getSslContext());
			acceptor.getFilterChain().addLast("sslFilter", sslFilter);
			logger.warn("ssl authenticate is open");
		}
		LoggingFilter loggingFilter = new LoggingFilter();
		acceptor.getFilterChain().addLast("logger", loggingFilter);
		TextLineCodecFactory textLineCodecFactory = new TextLineCodecFactory(
				Charset.forName(encodiing));
		textLineCodecFactory.setDecoderMaxLineLength(maxLineLength);
		textLineCodecFactory.setEncoderMaxLineLength(maxLineLength);
		acceptor.getFilterChain().addLast("codec",
				new ProtocolCodecFilter(textLineCodecFactory));
		acceptor.setHandler(minaBizHandler);
		acceptor.getSessionConfig().setReadBufferSize(bufSize);
		acceptor.getSessionConfig().setWriteTimeout(10);
		// acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE,
		// 10);//空闲状态
		acceptor.bind(new InetSocketAddress(InetAddress.getByName(host),
				port));
	} catch (Exception e) {
		// TODO Auto-generated catch block
		logger.error(e.getMessage());
		System.exit(1);
	}
}
 

public void startSsl ( final boolean startInactive, final boolean clientMode ) throws Exception
{
    logger.info ( "Starting SSL (startInactive: {})", startInactive );

    final ProtocolConfiguration configuration = ProtocolConfiguration.fromSession ( this.session );

    final SslContextFactory sslFactory = configuration.getSslContextFactory ();

    final SSLContext sslContext = sslFactory.newInstance ();
    if ( startInactive )
    {
        this.session.setAttribute ( SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE );
    }

    final SslFilter filter = new SslFilter ( sslContext );
    filter.setUseClientMode ( clientMode );
    filter.setWantClientAuth ( false );
    filter.setNeedClientAuth ( false );

    if ( logger.isDebugEnabled () )
    {
        logger.debug ( "Enabled protocols:" );
        for ( final String protocol : sslContext.getDefaultSSLParameters ().getProtocols () )
        {
            logger.debug ( "\t" + protocol );
        }
        logger.debug ( "Enabled ciphers:" );
        for ( final String cipher : sslContext.getDefaultSSLParameters ().getCipherSuites () )
        {
            logger.debug ( "\t" + cipher );
        }
    }

    replaceMarker ( "ssl", filter );
}
 

@Before
public void setUp() throws Exception {
    super.setUp();
    handler = new EchoConnectorHandler();
    connectorSSLFilter = new SslFilter(GateSslContextFactory
            .getInstance(false));
    connectorSSLFilter.setUseClientMode(true); // set client mode
}
 

@Override
	public void sessionCreated(IoSession session) throws Exception {
		super.sessionCreated(session);
		if (Config.USE_SSL) {
			try {
				SslFilter sslFilter = new SslFilter(GateSslContextFactory.getInstance(true));
//				sslFilter.setNeedClientAuth(true);
				session.getFilterChain().addFirst("SSL", sslFilter);
			} catch (Exception e) {
				LOGGER.error("创建ssl", e);
				throw new RuntimeException(e);
			}
		}
	}
 

/**
 * Starts this acceptor by binding the socket acceptor. When the acceptor is already started, a warning will be
 * logged and the method invocation is otherwise ignored.
 */
@Override
public synchronized void start()
{
    if ( socketAcceptor != null )
    {
        Log.warn( "Unable to start acceptor (it is already started!)" );
        return;
    }

    try
    {
        // Configure the thread pool that is to be used.
        final int initialSize = ( configuration.getMaxThreadPoolSize() / 4 ) + 1;
        final ExecutorFilter executorFilter = new ExecutorFilter( initialSize, configuration.getMaxThreadPoolSize(), 60, TimeUnit.SECONDS );
        final ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor) executorFilter.getExecutor();
        final ThreadFactory threadFactory = new NamedThreadFactory( name + "-thread-", eventExecutor.getThreadFactory(), true, null );
        eventExecutor.setThreadFactory( threadFactory );

        // Construct a new socket acceptor, and configure it.
        socketAcceptor = buildSocketAcceptor();

        if ( JMXManager.isEnabled() )
        {
            configureJMX( socketAcceptor, name );
        }

        final DefaultIoFilterChainBuilder filterChain = socketAcceptor.getFilterChain();
        filterChain.addFirst( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, executorFilter );

        // Add the XMPP codec filter
        filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter( new XMPPCodecFactory() ) );

        // Kill sessions whose outgoing queues keep growing and fail to send traffic
        filterChain.addAfter( ConnectionManagerImpl.XMPP_CODEC_FILTER_NAME, ConnectionManagerImpl.CAPACITY_FILTER_NAME, new StalledSessionsFilter() );

        // Ports can be configured to start connections in SSL (as opposed to upgrade a non-encrypted socket to an encrypted one, typically using StartTLS)
        if ( configuration.getTlsPolicy() == Connection.TLSPolicy.legacyMode )
        {
            final SslFilter sslFilter = encryptionArtifactFactory.createServerModeSslFilter();
            filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter );
        }

        // Throttle sessions who send data too fast
        if ( configuration.getMaxBufferSize() > 0 )
        {
            socketAcceptor.getSessionConfig().setMaxReadBufferSize( configuration.getMaxBufferSize() );
            Log.debug( "Throttling read buffer for connections to max={} bytes", configuration.getMaxBufferSize() );
        }

        // Start accepting connections
        socketAcceptor.setHandler( connectionHandler );
        socketAcceptor.bind( new InetSocketAddress( configuration.getBindAddress(), configuration.getPort() ) );
    }
    catch ( Exception e )
    {
        System.err.println( "Error starting " + configuration.getPort() + ": " + e.getMessage() );
        Log.error( "Error starting: " + configuration.getPort(), e );
        // Reset for future use.
        if (socketAcceptor != null) {
            try {
                socketAcceptor.unbind();
            } finally {
                socketAcceptor = null;
            }
        }
    }
}
 

@Override
public synchronized void reconfigure( ConnectionConfiguration configuration )
{
    this.configuration = configuration;

    if ( socketAcceptor == null )
    {
        return; // reconfig will occur when acceptor is started.
    }

    final DefaultIoFilterChainBuilder filterChain = socketAcceptor.getFilterChain();

    if ( filterChain.contains( ConnectionManagerImpl.EXECUTOR_FILTER_NAME ) )
    {
        final ExecutorFilter executorFilter = (ExecutorFilter) filterChain.get( ConnectionManagerImpl.EXECUTOR_FILTER_NAME );
        ( (ThreadPoolExecutor) executorFilter.getExecutor()).setCorePoolSize( ( configuration.getMaxThreadPoolSize() / 4 ) + 1 );
        ( (ThreadPoolExecutor) executorFilter.getExecutor()).setMaximumPoolSize( ( configuration.getMaxThreadPoolSize() ) );
    }

    if ( configuration.getTlsPolicy() == Connection.TLSPolicy.legacyMode )
    {
        // add or replace TLS filter (that's used only for 'direct-TLS')
        try
        {
            final SslFilter sslFilter = encryptionArtifactFactory.createServerModeSslFilter();
            if ( filterChain.contains( ConnectionManagerImpl.TLS_FILTER_NAME ) )
            {
                filterChain.replace( ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter );
            }
            else
            {
                filterChain.addAfter( ConnectionManagerImpl.EXECUTOR_FILTER_NAME, ConnectionManagerImpl.TLS_FILTER_NAME, sslFilter );
            }
        }
        catch ( KeyManagementException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e )
        {
            Log.error( "An exception occurred while reloading the TLS configuration.", e );
        }
    }
    else
    {
        // The acceptor is in 'startTLS' mode. Remove TLS filter (that's used only for 'direct-TLS')
        if ( filterChain.contains( ConnectionManagerImpl.TLS_FILTER_NAME ) )
        {
            filterChain.remove( ConnectionManagerImpl.TLS_FILTER_NAME );
        }
    }

    if ( configuration.getMaxBufferSize() > 0 )
    {
        socketAcceptor.getSessionConfig().setMaxReadBufferSize( configuration.getMaxBufferSize() );
        Log.debug( "Throttling read buffer for connections to max={} bytes", configuration.getMaxBufferSize() );
    }
}
 

/**
 * Initialize the LDAPS server.
 *
 * @param ldapServer The LDAP server instance
 * @param transport The TCP transport that contains the SSL configuration
 * @return A IoFilter chain
 * @throws LdapException If we had a pb
 */
public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport ) throws LdapException
{
    SSLContext sslCtx;

    try
    {
    	sslCtx = ldapServer.getSSLContext();
    	
    	//TODO see if this is correct
    	// Initialize the SSLContext to work with our key managers.
        //sslCtx = SSLContext.getInstance( "TLS" );
        //sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
        //    { new NoVerificationTrustManager() }, new SecureRandom() );
    	
    }
    catch ( Exception e )
    {
        throw new LdapException( I18n.err( I18n.ERR_683 ), e );
    }

    DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
    SslFilter sslFilter = new SslFilter( sslCtx );

    // The ciphers
    List<String> cipherSuites = transport.getCipherSuite();

    if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
    {
        sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
    }

    // The protocols
    List<String> enabledProtocols = transport.getEnabledProtocols();

    if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
    {
        sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()] ) );
    }
    else
    {
        // Be sure we disable SSLV3
        sslFilter.setEnabledProtocols( new String[]
            { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } );
    }

    // The remaining SSL parameters
    sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
    sslFilter.setWantClientAuth( transport.isWantClientAuth() );
    
    chain.addLast( "sslFilter", sslFilter );

    return chain;
}
 

/**
 * Adds {@link SslFilter} to the IOConnector or IOSession's filter chain
 * 
 * @throws LdapException If the SSL filter addition failed
 */
private void addSslFilter() throws LdapException
{
    try
    {
        SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
        
        sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom() );

        SslFilter sslFilter = new SslFilter( sslContext );
        sslFilter.setUseClientMode( true );

        // Configure the enabled cipher lists
        String[] enabledCipherSuite = config.getEnabledCipherSuites();

        if ( ( enabledCipherSuite != null ) && ( enabledCipherSuite.length != 0 ) )
        {
            sslFilter.setEnabledCipherSuites( enabledCipherSuite );
        }

        // Be sure we disable SSLV3
        String[] enabledProtocols = config.getEnabledProtocols();

        if ( ( enabledProtocols != null ) && ( enabledProtocols.length != 0 ) )
        {
            sslFilter.setEnabledProtocols( enabledProtocols );
        }
        else
        {
            // Default to TLS
            sslFilter.setEnabledProtocols( new String[]
                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
        }

        // for LDAPS/TLS
        handshakeFuture = new HandshakeFuture();
        
        if ( ( ioSession == null ) || !isConnected() )
        {
            connector.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
        }
        else
        // for StartTLS
        {
            ioSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
            
            boolean isSecured = handshakeFuture.get( timeout, TimeUnit.MILLISECONDS );
            
            if ( !isSecured )
            {
                Throwable cause = ( Throwable ) ioSession.getAttribute( EXCEPTION_KEY );
                throw new LdapTlsHandshakeException( I18n.err( I18n.ERR_04120_TLS_HANDSHAKE_ERROR ), cause );
            }
        }
    }
    catch ( Exception e )
    {
        if ( e instanceof LdapException )
        {
            throw ( LdapException ) e;
        }

        String msg = I18n.err( I18n.ERR_04122_SSL_CONTEXT_INIT_FAILURE );
        LOG.error( msg, e );
        throw new LdapException( msg, e );
    }
}
 

public PressureClientTool(int clientNum, String userNamePrefix, String password, String clusterIp,JTextArea logTextArea) {
        this.clientNum = clientNum;
        this.clusterIp = clusterIp;
        this.userNamePrefix = userNamePrefix;
        initConfigPath();
        ScriptManager.getInstance().init(null);

        //循环初始化客户端
        try {
            for (int i = 0; i < clientNum; i++) {
                PressureClientHandler pressureClientHandler = new PressureClientHandler();
                MinaClientConfig minaClientConfig = getMinaClientConfig();
                String userName = userNamePrefix + userNameNo.incrementAndGet();

                // TCP
                // 添加ssl
                Map<String, IoFilter> filters = new HashMap<>();
                SslFilter sslFilter = new SslFilter(ClientSslContextFactory.getInstance(false));
                sslFilter.setUseClientMode(true);
//		filters.put("ssl", sslFilter);
                SingleMinaTcpClientService service = new SingleMinaTcpClientService(minaClientConfig,
                        new ClientProtocolCodecFactory(), pressureClientHandler, filters);
                pressureClientHandler.setService(service);
                new Thread(service).start();

                // UDP
                MinaClientConfig minaClientConfig2 = new MinaClientConfig();
                MinaClienConnToConfig connTo = new MinaClienConnToConfig();
                connTo.setHost(minaClientConfig.getConnTo().getHost());
                connTo.setPort(8004);
                minaClientConfig2.setConnTo(connTo);
                MinaUdpClient udpClient = new MinaUdpClient(minaClientConfig2, pressureClientHandler,
                        new ClientProtocolCodecFactory());
                new Thread(udpClient).start();

                while (udpClient.getSession() == null) {
                    Thread.sleep(MathUtil.random(500, 3000));
                }
                Player player = new Player();
                player.setUserName(userName);
                player.setPassword(password);
                player.setUdpSession(udpClient.getSession());
                player.setTcpSession(service.getMostIdleIoSession());
                player.setLogTextArea(logTextArea);
                if(player.getTcpSession()==null||player.getUdpSession()==null){
                    LOGGER.warn("用户{}连接服务器失败",userName);
                    logTextArea.append(String.format("用户%s连接服务器失败\n",userName));
                    continue;
                }
                player.loginInit();
                players.put(userName, player);

                new PressureServiceThread(player).start();

            }
        } catch (Exception e) {
            LOGGER.error("PressureClientTool", e);
        }

    }
 

public static SslFilter getSslFilter(String keyFile, String keyPw) throws Exception
{
	byte[] key = Util.readFileData(keyFile);
	char[] pw = keyPw.toCharArray();
	return getSslFilter(new ByteArrayInputStream(key), pw, new ByteArrayInputStream(key), pw);
}
 

/**
 * Creates an Apache MINA SslFilter that is configured to use server mode when handshaking.
 *
 * For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature).
 *
 * Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to
 * create both SSLContext/SSLEngine as well as SslFilter instances.
 *
 * @return An initialized SslFilter instance (never null)
 * @throws KeyManagementException if there was problem manging the ket
 * @throws NoSuchAlgorithmException if the algorithm is not supported
 * @throws KeyStoreException if there was a problem accessing the keystore
 * @throws UnrecoverableKeyException if the key could not be recovered
 */
public SslFilter createServerModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException
{
    final SSLContext sslContext = getSSLContext();
    final SSLEngine sslEngine = createServerModeSSLEngine();

    return createSslFilter( sslContext, sslEngine );
}
 

/**
 * Creates an Apache MINA SslFilter that is configured to use client mode when handshaking.
 *
 * For Openfire, a filter of this mode is typically used when the server tries to connect to another server.
 *
 * Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to
 * create both SSLContext/SSLEngine as well as SslFilter instances.
 *
 * @return An initialized SslFilter instance (never null)
 * @throws KeyManagementException if there was problem manging the ket
 * @throws NoSuchAlgorithmException if the algorithm is not supported
 * @throws KeyStoreException if there was a problem accessing the keystore
 * @throws UnrecoverableKeyException if the key could not be recovered
 */
public SslFilter createClientModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException
{
    final SSLContext sslContext = getSSLContext();
    final SSLEngine sslEngine = createClientModeSSLEngine();

    return createSslFilter( sslContext, sslEngine );
}