com.unboundid.ldap.sdk.extensions

Class StartTLSExtendedRequest

java.lang.Object

com.unboundid.ldap.sdk.LDAPRequest

com.unboundid.ldap.sdk.ExtendedRequest

com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest

All Implemented Interfaces:

ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

@NotMutable
 @ThreadSafety(level=NOT_THREADSAFE)
public final class StartTLSExtendedRequest
extends ExtendedRequest

This class provides an implementation of the LDAP StartTLS extended request as defined in RFC 4511 section 4.14. It may be used to establish a secure communication channel over an otherwise unencrypted connection.

Note that when using the StartTLS extended operation, you should establish a connection to the server's unencrypted LDAP port rather than its secure port. Then, you can use the StartTLS extended request in order to secure that connection.

Example

The following example attempts to use the StartTLS extended request in order to secure communication on a previously insecure connection. In this case, it will use the SSLUtil class in conjunction with the TrustStoreTrustManager class to ensure that only certificates from trusted authorities will be accepted.

 // Create an SSLContext that will be used to perform the cryptographic
 // processing.
 SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
 SSLContext sslContext = sslUtil.createSSLContext();

  // Create and process the extended request to secure a connection.
 StartTLSExtendedRequest startTLSRequest =
      new StartTLSExtendedRequest(sslContext);
 ExtendedResult startTLSResult;
 try
 {
   startTLSResult = connection.processExtendedOperation(startTLSRequest);
   // This doesn't necessarily mean that the operation was successful, since
   // some kinds of extended operations return non-success results under
   // normal conditions.
 }
 catch (LDAPException le)
 {
   // For an extended operation, this generally means that a problem was
   // encountered while trying to send the request or read the result.
   startTLSResult = new ExtendedResult(le);
 }

 // Make sure that we can use the connection to interact with the server.
 RootDSE rootDSE = connection.getRootDSE();
 

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	STARTTLS_REQUEST_OID The OID (1.3.6.1.4.1.1466.20037) for the StartTLS extended request.

Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest

TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE

Constructor Summary

Constructors

Constructor and Description
StartTLSExtendedRequest() Creates a new StartTLS extended request using a default SSL context.
StartTLSExtendedRequest(Control[] controls) Creates a new StartTLS extended request using a default SSL context.
StartTLSExtendedRequest(ExtendedRequest extendedRequest) Creates a new StartTLS extended request from the provided generic extended request.
StartTLSExtendedRequest(javax.net.ssl.SSLContext sslContext) Creates a new StartTLS extended request using the provided SSL context.
StartTLSExtendedRequest(javax.net.ssl.SSLContext sslContext, Control[] controls) Creates a new StartTLS extended request.
StartTLSExtendedRequest(javax.net.ssl.SSLSocketFactory sslSocketFactory) Creates a new StartTLS extended request using the provided SSL socket factory.
StartTLSExtendedRequest(javax.net.ssl.SSLSocketFactory sslSocketFactory, Control[] controls) Creates a new StartTLS extended request.

Method Summary

Modifier and Type	Method and Description
StartTLSExtendedRequest	duplicate() Creates a new instance of this LDAP request that may be modified without impacting this request.
StartTLSExtendedRequest	duplicate(Control[] controls) Creates a new instance of this LDAP request that may be modified without impacting this request.
java.lang.String	getExtendedRequestName() Retrieves the user-friendly name for the extended request, if available.
javax.net.ssl.SSLSocketFactory	getSSLSocketFactory() Retrieves the SSL socket factory that this extended request will use for performing TLS negotiation.
ExtendedResult	process(LDAPConnection connection, int depth) Sends this StartTLS request to the server and performs the necessary client-side security processing if the operation is processed successfully.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of this request to the provided buffer.

Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest

encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo

Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest

followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getReferralConnectorInternal, getReferralDepth, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setReferralDepth, setResponseTimeoutMillis, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

STARTTLS_REQUEST_OID

@NotNull
public static final java.lang.String STARTTLS_REQUEST_OID

The OID (1.3.6.1.4.1.1466.20037) for the StartTLS extended request.

See Also:

Constant Field Values

Constructor Detail

StartTLSExtendedRequest

public StartTLSExtendedRequest()
                        throws LDAPException

Creates a new StartTLS extended request using a default SSL context.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL context.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@Nullable
                               Control[] controls)
                        throws LDAPException

Creates a new StartTLS extended request using a default SSL context.

Parameters:

controls - The set of controls to include in the request.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL context.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@Nullable
                               javax.net.ssl.SSLContext sslContext)
                        throws LDAPException

Creates a new StartTLS extended request using the provided SSL context.

Parameters:

sslContext - The SSL context to use to perform the negotiation. It may be null to indicate that a default SSL context should be used. If an SSL context is provided, then it must already be initialized.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL context.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@Nullable
                               javax.net.ssl.SSLSocketFactory sslSocketFactory)
                        throws LDAPException

Creates a new StartTLS extended request using the provided SSL socket factory.

Parameters:

sslSocketFactory - The SSL socket factory to use to convert an insecure connection into a secure connection. It may be null to indicate that a default SSL socket factory should be used.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL socket factory.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@Nullable
                               javax.net.ssl.SSLContext sslContext,
                               @Nullable
                               Control[] controls)
                        throws LDAPException

Creates a new StartTLS extended request.

Parameters:

sslContext - The SSL context to use to perform the negotiation. It may be null to indicate that a default SSL context should be used. If an SSL context is provided, then it must already be initialized.

controls - The set of controls to include in the request.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL context.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@Nullable
                               javax.net.ssl.SSLSocketFactory sslSocketFactory,
                               @Nullable
                               Control[] controls)
                        throws LDAPException

Creates a new StartTLS extended request.

Parameters:

sslSocketFactory - The SSL socket factory to use to convert an insecure connection into a secure connection. It may be null to indicate that a default SSL socket factory should be used.

controls - The set of controls to include in the request.

Throws:

LDAPException - If a problem occurs while trying to initialize a default SSL context.

StartTLSExtendedRequest

public StartTLSExtendedRequest(@NotNull
                               ExtendedRequest extendedRequest)
                        throws LDAPException

Creates a new StartTLS extended request from the provided generic extended request.

Parameters:

extendedRequest - The generic extended request to use to create this StartTLS extended request.

Throws:

LDAPException - If a problem occurs while decoding the request.

Method Detail

getSSLSocketFactory

@NotNull
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory()

Retrieves the SSL socket factory that this extended request will use for performing TLS negotiation.

Returns:

The SSL socket factor that this extended request will use for performing TLS negotiation.

process

@NotNull
public ExtendedResult process(@NotNull
                                       LDAPConnection connection,
                                       int depth)
                                throws LDAPException

Sends this StartTLS request to the server and performs the necessary client-side security processing if the operation is processed successfully. That this method is guaranteed to throw an LDAPException if the server returns a non-success result.

Overrides:

process in class ExtendedRequest

Parameters:

connection - The connection to use to communicate with the directory server.

depth - The current referral depth for this request. It should always be zero for the initial request, and should only be incremented when following referrals.

Returns:

The extended result received from the server if StartTLS processing was completed successfully.

Throws:

LDAPException - If the server returned a non-success result, or if a problem was encountered while performing client-side security processing.

duplicate

@NotNull
public StartTLSExtendedRequest duplicate()

Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

duplicate

@NotNull
public StartTLSExtendedRequest duplicate(@Nullable
                                                  Control[] controls)

Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Parameters:

controls - The set of controls to include in the duplicate request.

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

getExtendedRequestName

@NotNull
public java.lang.String getExtendedRequestName()

Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.

Overrides:

getExtendedRequestName in class ExtendedRequest

Returns:

The user-friendly name for this extended request, or the OID if no user-friendly name is available.

toString

public void toString(@NotNull
                     java.lang.StringBuilder buffer)

Appends a string representation of this request to the provided buffer.

Specified by:

toString in interface ProtocolOp

Specified by:

toString in interface ReadOnlyLDAPRequest

Overrides:

toString in class ExtendedRequest

Parameters:

buffer - The buffer to which to append a string representation of this request.