当前位置: 首页>>代码示例>>Java>>正文

Java SSLFilter.setWantClientAuth方法代码示例

本文整理汇总了Java中org.apache.mina.filter.SSLFilter.setWantClientAuth方法的典型用法代码示例。如果您正苦于以下问题:Java SSLFilter.setWantClientAuth方法的具体用法?Java SSLFilter.setWantClientAuth怎么用?Java SSLFilter.setWantClientAuth使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.apache.mina.filter.SSLFilter的用法示例。


在下文中一共展示了SSLFilter.setWantClientAuth方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: createClientSSLListeners

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
private void createClientSSLListeners() {
    // Start clients SSL unless it's been disabled.
    if (isClientSSLListenerEnabled()) {
        int port = getClientSSLListenerPort();
        String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm");
        if ("".equals(algorithm) || algorithm == null) {
            algorithm = "TLS";
        }
        try {
            // Create SocketAcceptor with correct number of processors
            sslSocketAcceptor = buildSocketAcceptor();
            // Customize Executor that will be used by processors to process incoming stanzas
            int eventThreads = JiveGlobals.getIntProperty("xmpp.client_ssl.processing.threads", 16);
            ExecutorFilter executorFilter = new ExecutorFilter();
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            final ThreadFactory originalThreadFactory = eventExecutor.getThreadFactory();
            ThreadFactory newThreadFactory = new ThreadFactory()
            {
                private final AtomicInteger threadId = new AtomicInteger( 0 );

                public Thread newThread( Runnable runnable )
                {
                    Thread t = originalThreadFactory.newThread( runnable );
                    t.setName("Old SSL executor thread - " + threadId.incrementAndGet() );
                    t.setDaemon( true );
                    return t;
                }
            };
            eventExecutor.setThreadFactory( newThreadFactory );
            eventExecutor.setCorePoolSize(eventThreads + 1);
            eventExecutor.setMaximumPoolSize(eventThreads + 1);
            eventExecutor.setKeepAliveTime(60, TimeUnit.SECONDS);

            sslSocketAcceptor.getDefaultConfig().setThreadModel(ThreadModel.MANUAL);
            // Add the XMPP codec filter
            sslSocketAcceptor.getFilterChain().addFirst("xmpp", new ProtocolCodecFilter(new XMPPCodecFactory()));
            sslSocketAcceptor.getFilterChain().addFirst("threadModel", executorFilter);
            // Kill sessions whose outgoing queues keep growing and fail to send traffic
            sslSocketAcceptor.getFilterChain().addAfter("xmpp", "outCap", new StalledSessionsFilter());

            // Add the SSL filter now since sockets are "borned" encrypted in the old ssl method
            SSLContext sslContext = SSLContext.getInstance(algorithm);
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(SSLConfig.getKeyStore(), SSLConfig.getKeyPassword().toCharArray());
            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustFactory.init(SSLConfig.getc2sTrustStore());

            sslContext.init(keyFactory.getKeyManagers(),
                    trustFactory.getTrustManagers(),
                    new java.security.SecureRandom());

            SSLFilter sslFilter = new SSLFilter(sslContext);
            if (JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("needed")) {
                sslFilter.setNeedClientAuth(true);
            }
            else if(JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("wanted")) {
                sslFilter.setWantClientAuth(true);
            }
            sslSocketAcceptor.getFilterChain().addFirst("tls", sslFilter);

        }
        catch (Exception e) {
            System.err.println("Error starting SSL XMPP listener on port " + port + ": " +
                    e.getMessage());
            Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
        }
    }
}
开发者ID:coodeer,项目名称:g3server,代码行数:69,代码来源:ConnectionManagerImpl.java

示例2: startTLS

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
public void startTLS(boolean clientMode, String remoteServer, ClientAuth authentication) throws Exception {
    boolean c2s = (remoteServer == null);
    KeyStore ksKeys = SSLConfig.getKeyStore();
    String keypass = SSLConfig.getKeyPassword();

    KeyStore ksTrust = (c2s ? SSLConfig.getc2sTrustStore() : SSLConfig.gets2sTrustStore() );
    String trustpass = (c2s ? SSLConfig.getc2sTrustPassword() : SSLConfig.gets2sTrustPassword() );
    if (c2s)  Log.debug("NIOConnection: startTLS: using c2s");
    else Log.debug("NIOConnection: startTLS: using s2s");
    // KeyManager's decide which key material to use.
    KeyManager[] km = SSLJiveKeyManagerFactory.getKeyManagers(ksKeys, keypass);

    // TrustManager's decide whether to allow connections.
    TrustManager[] tm = SSLJiveTrustManagerFactory.getTrustManagers(ksTrust, trustpass);

    if (clientMode || authentication == ClientAuth.needed || authentication == ClientAuth.wanted) {
        // We might need to verify a certificate from our peer, so get different TrustManager[]'s
        if(c2s) {
            // Check if we can trust certificates presented by the client
            tm = new TrustManager[]{new ClientTrustManager(ksTrust)};
        } else {
            // Check if we can trust certificates presented by the server
            tm = new TrustManager[]{new ServerTrustManager(remoteServer, ksTrust, this)};
        }
    }

    SSLContext tlsContext = SSLContext.getInstance("TLS");

    tlsContext.init(km, tm, null);

    SSLFilter filter = new SSLFilter(tlsContext);
    filter.setUseClientMode(clientMode);
    if (authentication == ClientAuth.needed) {
        filter.setNeedClientAuth(true);
    }
    else if (authentication == ClientAuth.wanted) {
        // Just indicate that we would like to authenticate the client but if client
        // certificates are self-signed or have no certificate chain then we are still
        // good
        filter.setWantClientAuth(true);
    }
    // TODO Temporary workaround (placing SSLFilter before ExecutorFilter) to avoid deadlock. Waiting for
    // MINA devs feedback
    ioSession.getFilterChain().addBefore("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    //ioSession.getFilterChain().addAfter("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    ioSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
    if (!clientMode) {
        // Indicate the client that the server is ready to negotiate TLS
        deliverRawText("<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
    }
}
开发者ID:coodeer,项目名称:g3server,代码行数:52,代码来源:NIOConnection.java

示例3: startTLS

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
public void startTLS(boolean clientMode, String remoteServer) throws Exception {
    KeyStore ksKeys = SSLConfig.getKeyStore();
    String keypass = SSLConfig.getKeyPassword();

    KeyStore ksTrust = SSLConfig.getTrustStore();
    String trustpass = SSLConfig.getTrustPassword();

    // KeyManager's decide which key material to use.
    KeyManager[] km = SSLJiveKeyManagerFactory.getKeyManagers(ksKeys, keypass);

    // TrustManager's decide whether to allow connections.
    TrustManager[] tm = SSLJiveTrustManagerFactory.getTrustManagers(ksTrust, trustpass);
    // TODO Set proper value when s2s is supported
    boolean needClientAuth = false;
    if (clientMode || needClientAuth) {
        // Check if we can trust certificates presented by the server
        tm = new TrustManager[]{new ServerTrustManager(remoteServer, ksTrust)};
    }

    String algorithm = JiveGlobals.getXMLProperty("xmpp.socket.ssl.algorithm", "TLS");
    SSLContext tlsContext = SSLContext.getInstance(algorithm);

    tlsContext.init(km, tm, null);

    SSLFilter filter = new SSLFilter(tlsContext);
    filter.setUseClientMode(clientMode);
    if (needClientAuth) {
        // Only REQUIRE client authentication if we are fully verifying certificates
        if (JiveGlobals.getBooleanProperty("xmpp.server.certificate.verify", true) &&
                JiveGlobals.getBooleanProperty("xmpp.server.certificate.verify.chain", true) &&
                !JiveGlobals
                        .getBooleanProperty("xmpp.server.certificate.accept-selfsigned", false))
        {
            filter.setNeedClientAuth(true);
        }
        else {
            // Just indicate that we would like to authenticate the client but if client
            // certificates are self-signed or have no certificate chain then we are still
            // good
            filter.setWantClientAuth(true);
        }
    }

    ioSession.getFilterChain().addAfter("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    ioSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
    if (!clientMode) {
        // Indicate the client that the server is ready to negotiate TLS
        deliverRawText("<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
    }
}
开发者ID:igniterealtime,项目名称:Openfire-connectionmanager,代码行数:51,代码来源:NIOConnection.java

示例4: createClientSSLListeners

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
private void createClientSSLListeners() {
    // Start clients SSL unless it's been disabled.
    if (isClientSSLListenerEnabled()) {
        int port = getClientSSLListenerPort();
        String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
        try {
            // Create SocketAcceptor with correct number of processors
            sslSocketAcceptor = buildSocketAcceptor("client_ssl");
            // Customize Executor that will be used by processors to process incoming stanzas
            int eventThreads = JiveGlobals.getIntProperty("xmpp.client_ssl.processing.threads", 16);
            ExecutorFilter executorFilter = new ExecutorFilter();
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            final ThreadFactory originalThreadFactory = eventExecutor.getThreadFactory();
            ThreadFactory newThreadFactory = new ThreadFactory()
            {
                private final AtomicInteger threadId = new AtomicInteger( 0 );

                public Thread newThread( Runnable runnable )
                {
                    Thread t = originalThreadFactory.newThread( runnable );
                    t.setName("Old SSL executor thread - " + threadId.incrementAndGet() );
                    t.setDaemon( true );
                    return t;
                }
            };
            eventExecutor.setThreadFactory( newThreadFactory );
            eventExecutor.setCorePoolSize(eventThreads + 1);
            eventExecutor.setMaximumPoolSize(eventThreads + 1);
            eventExecutor.setKeepAliveTime(60, TimeUnit.SECONDS);

            sslSocketAcceptor.getDefaultConfig().setThreadModel(ThreadModel.MANUAL);
            // Add the XMPP codec filter
            sslSocketAcceptor.getFilterChain().addFirst("xmpp", new ProtocolCodecFilter(new XMPPCodecFactory()));
            sslSocketAcceptor.getFilterChain().addFirst("threadModel", executorFilter);
            // Kill sessions whose outgoing queues keep growing and fail to send traffic
            sslSocketAcceptor.getFilterChain().addAfter("xmpp", "outCap", new StalledSessionsFilter());

            // Add the SSL filter now since sockets are "borned" encrypted in the old ssl method
            SSLContext sslContext = SSLContext.getInstance(algorithm);
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(SSLConfig.getKeyStore(), SSLConfig.getKeyPassword().toCharArray());
            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustFactory.init(SSLConfig.getc2sTrustStore());

            sslContext.init(keyFactory.getKeyManagers(),
                    trustFactory.getTrustManagers(),
                    new java.security.SecureRandom());

            SSLFilter sslFilter = new SSLFilter(sslContext);
            if (JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("needed")) {
                sslFilter.setNeedClientAuth(true);
            }
            else if(JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("wanted")) {
                sslFilter.setWantClientAuth(true);
            }
            sslSocketAcceptor.getFilterChain().addFirst("tls", sslFilter);

        }
        catch (Exception e) {
            System.err.println("Error starting SSL XMPP listener on port " + port + ": " +
                    e.getMessage());
            Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
        }
    }
}
开发者ID:idwanglu2010,项目名称:openfire,代码行数:66,代码来源:ConnectionManagerImpl.java

示例5: startTLS

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
public void startTLS(boolean clientMode, String remoteServer, ClientAuth authentication) throws Exception {
    boolean c2s = (remoteServer == null);
    KeyStore ksKeys = SSLConfig.getKeyStore();
    String keypass = SSLConfig.getKeyPassword();

    KeyStore ksTrust = (c2s ? SSLConfig.getc2sTrustStore() : SSLConfig.gets2sTrustStore() );
    String trustpass = (c2s ? SSLConfig.getc2sTrustPassword() : SSLConfig.gets2sTrustPassword() );
    if (c2s)  Log.debug("NIOConnection: startTLS: using c2s");
    else Log.debug("NIOConnection: startTLS: using s2s");
    // KeyManager's decide which key material to use.
    KeyManager[] km = SSLJiveKeyManagerFactory.getKeyManagers(ksKeys, keypass);

    // TrustManager's decide whether to allow connections.
    TrustManager[] tm = SSLJiveTrustManagerFactory.getTrustManagers(ksTrust, trustpass);

    if (clientMode || authentication == ClientAuth.needed || authentication == ClientAuth.wanted) {
        // We might need to verify a certificate from our peer, so get different TrustManager[]'s
        if(c2s) {
            // Check if we can trust certificates presented by the client
            tm = new TrustManager[]{new ClientTrustManager(ksTrust)};
        } else {
            // Check if we can trust certificates presented by the server
            tm = new TrustManager[]{new ServerTrustManager(remoteServer, ksTrust, this)};
        }
    }

    String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
    SSLContext tlsContext = SSLContext.getInstance(algorithm);

    tlsContext.init(km, tm, null);

    SSLFilter filter = new SSLFilter(tlsContext);
    filter.setUseClientMode(clientMode);
    if (authentication == ClientAuth.needed) {
        filter.setNeedClientAuth(true);
    }
    else if (authentication == ClientAuth.wanted) {
        // Just indicate that we would like to authenticate the client but if client
        // certificates are self-signed or have no certificate chain then we are still
        // good
        filter.setWantClientAuth(true);
    }
    // TODO Temporary workaround (placing SSLFilter before ExecutorFilter) to avoid deadlock. Waiting for
    // MINA devs feedback
    ioSession.getFilterChain().addBefore("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    //ioSession.getFilterChain().addAfter("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    ioSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
    if (!clientMode) {
        // Indicate the client that the server is ready to negotiate TLS
        deliverRawText("<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
    }
}
开发者ID:idwanglu2010,项目名称:openfire,代码行数:53,代码来源:NIOConnection.java

示例6: createClientSSLListeners

import org.apache.mina.filter.SSLFilter; //导入方法依赖的package包/类
private void createClientSSLListeners() {
    // Start clients SSL unless it's been disabled.
    if (isClientSSLListenerEnabled()) {
        int port = getClientSSLListenerPort();
        String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
        try {
            // Create SocketAcceptor with correct number of processors
            sslSocketAcceptor = buildSocketAcceptor();
            // Customize Executor that will be used by processors to process incoming stanzas
            int eventThreads = JiveGlobals.getIntProperty("xmpp.client_ssl.processing.threads", 16);
            ExecutorFilter executorFilter = new ExecutorFilter();
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            final ThreadFactory originalThreadFactory = eventExecutor.getThreadFactory();
            ThreadFactory newThreadFactory = new ThreadFactory()
            {
                private final AtomicInteger threadId = new AtomicInteger( 0 );

                public Thread newThread( Runnable runnable )
                {
                    Thread t = originalThreadFactory.newThread( runnable );
                    t.setName("Old SSL executor thread - " + threadId.incrementAndGet() );
                    t.setDaemon( true );
                    return t;
                }
            };
            eventExecutor.setThreadFactory( newThreadFactory );
            eventExecutor.setCorePoolSize(eventThreads + 1);
            eventExecutor.setMaximumPoolSize(eventThreads + 1);
            eventExecutor.setKeepAliveTime(60, TimeUnit.SECONDS);

            sslSocketAcceptor.getDefaultConfig().setThreadModel(ThreadModel.MANUAL);
            // Add the XMPP codec filter
            sslSocketAcceptor.getFilterChain().addFirst("xmpp", new ProtocolCodecFilter(new XMPPCodecFactory()));
            sslSocketAcceptor.getFilterChain().addFirst("threadModel", executorFilter);
            // Kill sessions whose outgoing queues keep growing and fail to send traffic
            sslSocketAcceptor.getFilterChain().addAfter("xmpp", "outCap", new StalledSessionsFilter());

            // Add the SSL filter now since sockets are "borned" encrypted in the old ssl method
            SSLContext sslContext = SSLContext.getInstance(algorithm);
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(SSLConfig.getKeyStore(), SSLConfig.getKeyPassword().toCharArray());
            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustFactory.init(SSLConfig.getc2sTrustStore());

            sslContext.init(keyFactory.getKeyManagers(),
                    trustFactory.getTrustManagers(),
                    new java.security.SecureRandom());

            SSLFilter sslFilter = new SSLFilter(sslContext);
            if (JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("needed")) {
                sslFilter.setNeedClientAuth(true);
            }
            else if(JiveGlobals.getProperty("xmpp.client.cert.policy","disabled").equals("wanted")) {
                sslFilter.setWantClientAuth(true);
            }
            sslSocketAcceptor.getFilterChain().addFirst("tls", sslFilter);

        }
        catch (Exception e) {
            System.err.println("Error starting SSL XMPP listener on port " + port + ": " +
                    e.getMessage());
            Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
        }
    }
}
开发者ID:surevine,项目名称:openfire-bespoke,代码行数:66,代码来源:ConnectionManagerImpl.java


注:本文中的org.apache.mina.filter.SSLFilter.setWantClientAuth方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。