@Emmanuel Thank you so much for quick reply. I will soon update my progress after testing.
On Thu, Feb 6, 2014 at 3:21 AM, Emmanuel Lécharny <[email protected]>wrote: > Le 2/5/14 6:57 PM, Rohit Chormale a écrit : > > Hi friends, > > > > I am trying to implement startTLS in apache Mina taking following > reference. > > > http://mina.apache.org/mina-project/apidocs/org/apache/mina/filter/ssl/SslFilter.html > > > > My code is as follows: > > Here is what we do on ApacheDS : > > IoFilterChain chain = session.getIoSession().getFilterChain(); > SslFilter sslFilter = ( SslFilter ) chain.get( "sslFilter" ); > > if ( sslFilter == null ) > { > sslFilter = new SslFilter( sslContext ); > > if( ( cipherSuites != null ) && !cipherSuites.isEmpty() ) > { > sslFilter.setEnabledCipherSuites( cipherSuites.toArray( > new String[cipherSuites.size()] ) ); > } > > chain.addFirst( "sslFilter", sslFilter ); > } > > > with : > > KeyStore keyStore = KeyStore.getInstance( > KeyStore.getDefaultType() ); > FileInputStream fis = null; > > try > { > fis = new FileInputStream( keystoreFile ); > keyStore.load( fis, null ); > } > finally > { > if ( fis != null ) > { > fis.close(); > } > } > > // Set up key manager factory to use our key store > String algorithm = Security.getProperty( > "ssl.KeyManagerFactory.algorithm" ); > > if ( algorithm == null ) > { > algorithm = KeyManagerFactory.getDefaultAlgorithm(); > } > > keyManagerFactory = KeyManagerFactory.getInstance( algorithm ); > > if ( Strings.isEmpty( certificatePassword ) ) > { > keyManagerFactory.init( keyStore, null ); > } > else > { > keyManagerFactory.init( keyStore, > certificatePassword.toCharArray() ); > } > > > sslContext = SSLContext.getInstance( "TLS" ); > > sslContext.init( > ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[] > { new NoVerificationTrustManager() }, new SecureRandom() ); > > > It does the job... > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > >
