Le 2/5/14 6:57 PM, Rohit Chormale a écrit :
> Hi friends,
>
> I am trying to implement startTLS in apache Mina taking following reference.
> http://mina.apache.org/mina-project/apidocs/org/apache/mina/filter/ssl/SslFilter.html
>
> My code is as follows:
Here is what we do on ApacheDS :
IoFilterChain chain = session.getIoSession().getFilterChain();
SslFilter sslFilter = ( SslFilter ) chain.get( "sslFilter" );
if ( sslFilter == null )
{
sslFilter = new SslFilter( sslContext );
if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
{
sslFilter.setEnabledCipherSuites( cipherSuites.toArray(
new String[cipherSuites.size()] ) );
}
chain.addFirst( "sslFilter", sslFilter );
}
with :
KeyStore keyStore = KeyStore.getInstance(
KeyStore.getDefaultType() );
FileInputStream fis = null;
try
{
fis = new FileInputStream( keystoreFile );
keyStore.load( fis, null );
}
finally
{
if ( fis != null )
{
fis.close();
}
}
// Set up key manager factory to use our key store
String algorithm = Security.getProperty(
"ssl.KeyManagerFactory.algorithm" );
if ( algorithm == null )
{
algorithm = KeyManagerFactory.getDefaultAlgorithm();
}
keyManagerFactory = KeyManagerFactory.getInstance( algorithm );
if ( Strings.isEmpty( certificatePassword ) )
{
keyManagerFactory.init( keyStore, null );
}
else
{
keyManagerFactory.init( keyStore,
certificatePassword.toCharArray() );
}
sslContext = SSLContext.getInstance( "TLS" );
sslContext.init(
ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
{ new NoVerificationTrustManager() }, new SecureRandom() );
It does the job...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
