@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class ReplaceListenerCertificateExtendedRequest extends ExtendedRequest
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only
supported for use against Ping Identity, UnboundID, and
Nokia/Alcatel-Lucent 8661 server products. These classes provide support
for proprietary functionality or for external specifications that are not
considered stable or mature enough to be guaranteed to work in an
interoperable way with other types of LDAP servers.
ReplaceListenerCertificateValue ::= SEQUENCE { keyStoreContent CHOICE { keyStoreFile [0] KeyStoreFileSequence, keyStoreData [1] KeyStoreDataSequence, certificateData [2] CertificateDataSequence, ... }, keyManagerProvider [3] OCTET STRING, trustBehavior CHOICE { trustManagerProvider [4] OCTET STRING, useJVMDefaultTrustManagerProvider [5] NULL, ... }, targetCertificateAlias [6] OCTET STRING OPTIONAL, reloadHTTPConnectionHandlerCertificates [7] BOOLEAN DEFAULT FALSE, skipCertificateValidation [16] BOOLEAN DEFAULT FALSE, ... } KeyStoreFileSequence ::= SEQUENCE { path [8] OCTET STRING, keyStorePIN [9] OCTET STRING, privateKeyPIN [10] OCTET STRING OPTIONAL, keyStoreType [11] OCTET STRING OPTIONAL, sourceCertificateAlias [12] OCTET STRING OPTIONAL, ... } KeyStoreDataSequence ::= SEQUENCE { keyStoreData [13] OCTET STRING, keyStorePIN [9] OCTET STRING, privateKeyPIN [10] OCTET STRING OPTIONAL, keyStoreType [11] OCTET STRING OPTIONAL, sourceCertificateAlias [12] OCTET STRING OPTIONAL, ... } CertificateDataSequence ::= SEQUENCE { certificateChain [14] SEQUENCE SIZE (1..MAX) OF OCTET STRING, privateKey [15] OCTET STRING OPTIONAL, ... }
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
REPLACE_LISTENER_CERT_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.68) for the replace listener certificate
extended request.
|
TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE
Constructor and Description |
---|
ReplaceListenerCertificateExtendedRequest(ExtendedRequest request)
Creates a new replace listener certificate extended request that is decoded
from the provided generic extended request.
|
ReplaceListenerCertificateExtendedRequest(ReplaceCertificateKeyStoreContent keyStoreContent,
java.lang.String keyManagerProvider,
ReplaceCertificateTrustBehavior trustBehavior,
java.lang.String targetCertificateAlias,
boolean reloadHTTPConnectionHandlerCertificates,
boolean skipCertificateValidation,
Control... requestControls)
Creates a new replace listener certificate extended request with the
provided information.
|
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available.
|
java.lang.String |
getKeyManagerProvider()
Retrieves the name of the file-based key manager provider with information
about the key store in which thew new listener certificate should be
stored.
|
ReplaceCertificateKeyStoreContent |
getKeyStoreContent()
Retrieves an object with information about how the server should obtain the
new listener certificate data.
|
java.lang.String |
getTargetCertificateAlias()
Retrieves the alias that should be used for the new listener certificate in
the target key store, if provided.
|
ReplaceCertificateTrustBehavior |
getTrustBehavior()
Retrieves an object with information about how the server should handle
updating trust information for the new listener certificate.
|
ReplaceListenerCertificateExtendedResult |
process(LDAPConnection connection,
int depth)
Sends this extended request to the directory server over the provided
connection and returns the associated response.
|
boolean |
reloadHTTPConnectionHandlerCertificates()
Indicates whether to trigger a certificate reload in any configured HTTP
connection handlers after updating the listener certificate information.
|
boolean |
skipCertificateValidation()
Indicates whether the server should skip validation processing for the
new certificate chain.
|
void |
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.
|
duplicate, duplicate, encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setResponseTimeoutMillis, toString
@NotNull public static final java.lang.String REPLACE_LISTENER_CERT_REQUEST_OID
public ReplaceListenerCertificateExtendedRequest(@NotNull ReplaceCertificateKeyStoreContent keyStoreContent, @NotNull java.lang.String keyManagerProvider, @NotNull ReplaceCertificateTrustBehavior trustBehavior, @Nullable java.lang.String targetCertificateAlias, boolean reloadHTTPConnectionHandlerCertificates, boolean skipCertificateValidation, @Nullable Control... requestControls)
keyStoreContent
- An object with information about how the server should obtain
the new listener certificate data. It must not be
null
.keyManagerProvider
- The name of the file-based key manager provider with
information about the key store in which the new listener
certificate should be stored. It must not be null
.trustBehavior
- An object with information about how the server should handle
updating trust information for the new listener certificate.
It must not be null
.targetCertificateAlias
- The alias that should be used for the new listener certificate
in the target key store. It may be null
if the server
should use a default alias.reloadHTTPConnectionHandlerCertificates
- Indicates whether to trigger a certificate reload in any
configured HTTP connection handlers after updating the
listener certificate information. While LDAP and JMX
connection handlers will automatically start using the new
listener certificate when negotiating new TLS sessions, HTTP
connection handlers will only do so if they are explicitly
told to reload certificate data. However, there is a chance
that this could potentially cause issues with resuming TLS
sessions for HTTPS clients that were negotiated before the
listener certificate was updated.skipCertificateValidation
- Indicates whether to skip validation for the new certificate
chain.requestControls
- The set of controls to include in the extended request. It
may be null
or empty if no request controls should be
included.public ReplaceListenerCertificateExtendedRequest(@NotNull ExtendedRequest request) throws LDAPException
request
- The generic extended request to be decoded as a replace
listener certificate extended request. It must not be
null
.LDAPException
- If a problem occurs while attempting to decode the
provided extended request as a replace listener
certificate request.@NotNull public ReplaceCertificateKeyStoreContent getKeyStoreContent()
@NotNull public java.lang.String getKeyManagerProvider()
@NotNull public ReplaceCertificateTrustBehavior getTrustBehavior()
@Nullable public java.lang.String getTargetCertificateAlias()
null
if the server should use a
default alias.public boolean reloadHTTPConnectionHandlerCertificates()
true
if the server should reload certificates in any
configured HTTP connection handlers after updating the listener
certificates information, or false
if not.public boolean skipCertificateValidation()
true
if the server should skip validation processing for
the new certificate chain, or false
if not.@NotNull public ReplaceListenerCertificateExtendedResult process(@NotNull LDAPConnection connection, int depth) throws LDAPException
process
in class ExtendedRequest
connection
- The connection to use to communicate with the directory
server.depth
- The current referral depth for this request. It should
always be one for the initial request, and should only
be incremented when following referrals.LDAPException
- If a problem occurs while sending the request or
reading the response.@NotNull public java.lang.String getExtendedRequestName()
getExtendedRequestName
in class ExtendedRequest
public void toString(@NotNull java.lang.StringBuilder buffer)
toString
in interface ProtocolOp
toString
in interface ReadOnlyLDAPRequest
toString
in class ExtendedRequest
buffer
- The buffer to which to append a string representation of
this request.