com.unboundid.ldap.sdk.StartTLSPostConnectProcessor Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unboundid-ldapsdk Show documentation
Show all versions of unboundid-ldapsdk Show documentation
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use
Java API for communicating with LDAP directory servers and performing
related tasks like reading and writing LDIF, encoding and decoding data
using base64 and ASN.1 BER, and performing secure communication. This
package contains the Standard Edition of the LDAP SDK, which is a
complete, general-purpose library for communicating with LDAPv3 directory
servers.
/*
* Copyright 2007-2022 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright 2007-2022 Ping Identity Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2007-2022 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.ldap.sdk;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
/**
* This class provides an implementation of a post-connect processor that can
* be used to perform StartTLS negotiation on an LDAP connection that is
* intended to be used in a connection pool.
*
* Example
* The following example demonstrates the use of the StartTLS post-connect
* processor to create an LDAP connection pool whose connections are secured
* using StartTLS. See the Javadoc documentation for the
* {@link com.unboundid.util.ssl.SSLUtil} class for a more complete explanation
* of the process for establishin secure connections.
*
* // Configure an SSLUtil instance and use it to obtain an SSLContext.
* SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
* SSLContext sslContext = sslUtil.createSSLContext();
*
* // Establish an insecure connection to the directory server.
* LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
* connectionOptions.setSSLSocketVerifier(
* new HostNameSSLSocketVerifier(true));
* LDAPConnection connection =
* new LDAPConnection(connectionOptions, serverAddress, nonSSLPort);
*
* // Use the StartTLS extended operation to secure the connection.
* ExtendedResult startTLSResult = connection.processExtendedOperation(
* new StartTLSExtendedRequest(sslContext));
*
* // Create a connection pool that will secure its connections with StartTLS.
* BindResult bindResult = connection.bind(
* "uid=john.doe,ou=People,dc=example,dc=com", "password");
* StartTLSPostConnectProcessor startTLSProcessor =
* new StartTLSPostConnectProcessor(sslContext);
* LDAPConnectionPool pool =
* new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
*
* // Verify that we can use the pool to communicate with the directory server.
* RootDSE rootDSE = pool.getRootDSE();
*
* // Close the connection pool.
* pool.close();
*
*/
@NotMutable()
@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public final class StartTLSPostConnectProcessor
implements PostConnectProcessor
{
// The SSL context to use to perform the negotiation.
@Nullable private final SSLContext sslContext;
// The SSL socket factory to create the secure connection.
@Nullable private final SSLSocketFactory sslSocketFactory;
/**
* Creates a new instance of this StartTLS post-connect processor that will
* use the provided SSL context.
*
* @param sslContext The SSL context to use to perform the StartTLS
* negotiation. It must not be {@code null}.
*/
public StartTLSPostConnectProcessor(@NotNull final SSLContext sslContext)
{
Validator.ensureNotNull(sslContext);
this.sslContext = sslContext;
sslSocketFactory = null;
}
/**
* Creates a new instance of this StartTLS post-connect processor that will
* use the provided SSL context.
*
* @param sslSocketFactory The SSL socket factory to use to create the
* TLS-secured socket. It must not be {@code null}.
*/
public StartTLSPostConnectProcessor(
@NotNull final SSLSocketFactory sslSocketFactory)
{
Validator.ensureNotNull(sslSocketFactory);
this.sslSocketFactory = sslSocketFactory;
sslContext = null;
}
/**
* {@inheritDoc}
*/
@Override()
public void processPreAuthenticatedConnection(
@NotNull final LDAPConnection connection)
throws LDAPException
{
final StartTLSExtendedRequest startTLSRequest;
if (sslContext == null)
{
startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory);
}
else
{
startTLSRequest = new StartTLSExtendedRequest(sslContext);
}
// Since the StartTLS processing will occur during the course of
// establishing the connection for use in the pool, set the connect timeout
// for the operation to be equal to the connect timeout from the connection
// options.
final LDAPConnectionOptions opts = connection.getConnectionOptions();
startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
final ExtendedResult r =
connection.processExtendedOperation(startTLSRequest);
if (! r.getResultCode().equals(ResultCode.SUCCESS))
{
throw new LDAPExtendedOperationException(r);
}
}
/**
* {@inheritDoc}
*/
@Override()
public void processPostAuthenticatedConnection(
@NotNull final LDAPConnection connection)
throws LDAPException
{
// No implementation is required for this post-connect processor.
}
}