com.unboundid.ldap.sdk.unboundidds.extensions

Class ReplaceListenerCertificateExtendedRequest

java.lang.Object

com.unboundid.ldap.sdk.LDAPRequest

com.unboundid.ldap.sdk.ExtendedRequest

com.unboundid.ldap.sdk.unboundidds.extensions.ReplaceListenerCertificateExtendedRequest

All Implemented Interfaces:

ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

@NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class ReplaceListenerCertificateExtendedRequest
extends ExtendedRequest

This class defines an extended request that may be used to request that a Ping Identity Directory Server instance (or related Ping Identity server product) replace its listener certificate. The new certificate data may be contained in a key store file on the server filesystem or included in the extended request itself.

NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This extended request has an OID of 1.3.6.1.4.1.30221.2.6.68 and a value with the following encoding:

   ReplaceListenerCertificateValue ::= SEQUENCE {
     keyStoreContent                         CHOICE {
       keyStoreFile                            [0]  KeyStoreFileSequence,
       keyStoreData                            [1]  KeyStoreDataSequence,
       certificateData                         [2]  CertificateDataSequence,
       ... },
    keyManagerProvider                       [3]  OCTET STRING,
    trustBehavior                            CHOICE {
      trustManagerProvider                     [4] OCTET STRING,
      useJVMDefaultTrustManagerProvider        [5] NULL,
      ... },
    targetCertificateAlias                   [6]  OCTET STRING OPTIONAL,
    reloadHTTPConnectionHandlerCertificates  [7]  BOOLEAN DEFAULT FALSE,
    skipCertificateValidation                [16] BOOLEAN DEFAULT FALSE,
    ... }

   KeyStoreFileSequence ::= SEQUENCE {
     path                    [8]  OCTET STRING,
     keyStorePIN             [9]  OCTET STRING,
     privateKeyPIN           [10] OCTET STRING OPTIONAL,
     keyStoreType            [11] OCTET STRING OPTIONAL,
     sourceCertificateAlias  [12] OCTET STRING OPTIONAL,
     ... }

   KeyStoreDataSequence ::= SEQUENCE {
     keyStoreData            [13] OCTET STRING,
     keyStorePIN             [9]  OCTET STRING,
     privateKeyPIN           [10]  OCTET STRING OPTIONAL,
     keyStoreType            [11] OCTET STRING OPTIONAL,
     sourceCertificateAlias  [12] OCTET STRING OPTIONAL,
     ... }

   CertificateDataSequence ::= SEQUENCE {
     certificateChain  [14] SEQUENCE SIZE (1..MAX) OF OCTET STRING,
     privateKey        [15] OCTET STRING OPTIONAL,
     ... }
 

See Also:

ReplaceListenerCertificateExtendedResult, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	REPLACE_LISTENER_CERT_REQUEST_OID The OID (1.3.6.1.4.1.30221.2.6.68) for the replace listener certificate extended request.

Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest

TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE

Constructor Summary

Constructors

Constructor and Description
ReplaceListenerCertificateExtendedRequest(ExtendedRequest request) Creates a new replace listener certificate extended request that is decoded from the provided generic extended request.
ReplaceListenerCertificateExtendedRequest(ReplaceCertificateKeyStoreContent keyStoreContent, java.lang.String keyManagerProvider, ReplaceCertificateTrustBehavior trustBehavior, java.lang.String targetCertificateAlias, boolean reloadHTTPConnectionHandlerCertificates, boolean skipCertificateValidation, Control... requestControls) Creates a new replace listener certificate extended request with the provided information.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getExtendedRequestName() Retrieves the user-friendly name for the extended request, if available.
java.lang.String	getKeyManagerProvider() Retrieves the name of the file-based key manager provider with information about the key store in which thew new listener certificate should be stored.
ReplaceCertificateKeyStoreContent	getKeyStoreContent() Retrieves an object with information about how the server should obtain the new listener certificate data.
java.lang.String	getTargetCertificateAlias() Retrieves the alias that should be used for the new listener certificate in the target key store, if provided.
ReplaceCertificateTrustBehavior	getTrustBehavior() Retrieves an object with information about how the server should handle updating trust information for the new listener certificate.
ReplaceListenerCertificateExtendedResult	process(LDAPConnection connection, int depth) Sends this extended request to the directory server over the provided connection and returns the associated response.
boolean	reloadHTTPConnectionHandlerCertificates() Indicates whether to trigger a certificate reload in any configured HTTP connection handlers after updating the listener certificate information.
boolean	skipCertificateValidation() Indicates whether the server should skip validation processing for the new certificate chain.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of this request to the provided buffer.

Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest

duplicate, duplicate, encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo

Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest

followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getReferralConnectorInternal, getReferralDepth, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setReferralDepth, setResponseTimeoutMillis, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

REPLACE_LISTENER_CERT_REQUEST_OID

@NotNull
public static final java.lang.String REPLACE_LISTENER_CERT_REQUEST_OID

The OID (1.3.6.1.4.1.30221.2.6.68) for the replace listener certificate extended request.

See Also:

Constant Field Values

Constructor Detail

ReplaceListenerCertificateExtendedRequest

public ReplaceListenerCertificateExtendedRequest(@NotNull
                                         ReplaceCertificateKeyStoreContent keyStoreContent,
                                         @NotNull
                                         java.lang.String keyManagerProvider,
                                         @NotNull
                                         ReplaceCertificateTrustBehavior trustBehavior,
                                         @Nullable
                                         java.lang.String targetCertificateAlias,
                                         boolean reloadHTTPConnectionHandlerCertificates,
                                         boolean skipCertificateValidation,
                                         @Nullable
                                         Control... requestControls)

Creates a new replace listener certificate extended request with the provided information.

Parameters:

keyStoreContent - An object with information about how the server should obtain the new listener certificate data. It must not be null.

keyManagerProvider - The name of the file-based key manager provider with information about the key store in which the new listener certificate should be stored. It must not be null.

trustBehavior - An object with information about how the server should handle updating trust information for the new listener certificate. It must not be null.

targetCertificateAlias - The alias that should be used for the new listener certificate in the target key store. It may be null if the server should use a default alias.

reloadHTTPConnectionHandlerCertificates - Indicates whether to trigger a certificate reload in any configured HTTP connection handlers after updating the listener certificate information. While LDAP and JMX connection handlers will automatically start using the new listener certificate when negotiating new TLS sessions, HTTP connection handlers will only do so if they are explicitly told to reload certificate data. However, there is a chance that this could potentially cause issues with resuming TLS sessions for HTTPS clients that were negotiated before the listener certificate was updated.

skipCertificateValidation - Indicates whether to skip validation for the new certificate chain.

requestControls - The set of controls to include in the extended request. It may be null or empty if no request controls should be included.

ReplaceListenerCertificateExtendedRequest

public ReplaceListenerCertificateExtendedRequest(@NotNull
                                         ExtendedRequest request)
                                          throws LDAPException

Creates a new replace listener certificate extended request that is decoded from the provided generic extended request.

Parameters:

request - The generic extended request to be decoded as a replace listener certificate extended request. It must not be null.

Throws:

LDAPException - If a problem occurs while attempting to decode the provided extended request as a replace listener certificate request.

Method Detail

getKeyStoreContent

@NotNull
public ReplaceCertificateKeyStoreContent getKeyStoreContent()

Retrieves an object with information about how the server should obtain the new listener certificate data.

Returns:

An object with information about how the server should obtain the new listener certificate data.

getKeyManagerProvider

@NotNull
public java.lang.String getKeyManagerProvider()

Retrieves the name of the file-based key manager provider with information about the key store in which thew new listener certificate should be stored.

Returns:

The name of the file-based key manager provider with information about the key store in which the new listener certificate should be stored.

getTrustBehavior

@NotNull
public ReplaceCertificateTrustBehavior getTrustBehavior()

Retrieves an object with information about how the server should handle updating trust information for the new listener certificate.

Returns:

An object with information about how the server should handle updating trust information for the new listener certificate.

getTargetCertificateAlias

@Nullable
public java.lang.String getTargetCertificateAlias()

Retrieves the alias that should be used for the new listener certificate in the target key store, if provided.

Returns:

The alias that should be used for the new listener certificate in the target key store, or null if the server should use a default alias.

reloadHTTPConnectionHandlerCertificates

public boolean reloadHTTPConnectionHandlerCertificates()

Indicates whether to trigger a certificate reload in any configured HTTP connection handlers after updating the listener certificate information. While LDAP and JMX connection handlers will automatically start using the new listener certificate when negotiating new TLS sessions, HTTP connection handlers will only do so if they are explicitly told to reload certificate data. However, there is a chance that this could potentially cause issues with resuming TLS sessions for HTTPS clients that were negotiated before the listener certificate was updated.

Returns:

true if the server should reload certificates in any configured HTTP connection handlers after updating the listener certificates information, or false if not.

skipCertificateValidation

public boolean skipCertificateValidation()

Indicates whether the server should skip validation processing for the new certificate chain.

Returns:

true if the server should skip validation processing for the new certificate chain, or false if not.

process

@NotNull
public ReplaceListenerCertificateExtendedResult process(@NotNull
                                                       LDAPConnection connection,
                                                       int depth)
                                                 throws LDAPException

Sends this extended request to the directory server over the provided connection and returns the associated response.

Overrides:

process in class ExtendedRequest

Parameters:

connection - The connection to use to communicate with the directory server.

depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.

Returns:

An LDAP result object that provides information about the result of the extended operation processing.

Throws:

LDAPException - If a problem occurs while sending the request or reading the response.

getExtendedRequestName

@NotNull
public java.lang.String getExtendedRequestName()

Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.

Overrides:

getExtendedRequestName in class ExtendedRequest

Returns:

The user-friendly name for this extended request, or the OID if no user-friendly name is available.

toString

public void toString(@NotNull
            java.lang.StringBuilder buffer)

Appends a string representation of this request to the provided buffer.

Specified by:

toString in interface ProtocolOp

Specified by:

toString in interface ReadOnlyLDAPRequest

Overrides:

toString in class ExtendedRequest

Parameters:

buffer - The buffer to which to append a string representation of this request.