001/*
002 * Copyright 2011-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2011-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2011-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.listener;
037
038
039
040import java.net.InetAddress;
041import javax.net.SocketFactory;
042import javax.net.ServerSocketFactory;
043import javax.net.ssl.SSLSocketFactory;
044import javax.net.ssl.SSLServerSocketFactory;
045
046import com.unboundid.ldap.sdk.LDAPException;
047import com.unboundid.ldap.sdk.ResultCode;
048import com.unboundid.util.Debug;
049import com.unboundid.util.NotMutable;
050import com.unboundid.util.NotNull;
051import com.unboundid.util.Nullable;
052import com.unboundid.util.StaticUtils;
053import com.unboundid.util.ThreadSafety;
054import com.unboundid.util.ThreadSafetyLevel;
055import com.unboundid.util.ssl.SSLUtil;
056import com.unboundid.util.ssl.TrustAllTrustManager;
057
058import static com.unboundid.ldap.listener.ListenerMessages.*;
059
060
061
062/**
063 * This class provides a data structure that can be used to configure a
064 * listener for use in the in-memory directory server.  Each in-memory directory
065 * server instance has the ability to have multiple listeners, and those
066 * listeners may have different settings (e.g., listen on one port for
067 * unencrypted LDAP communication with optional support for StartTLS, and listen
068 * on a separate port for SSL-encrypted communication).  If the server is to
069 * provide support for SSL and/or StartTLS, then the {@link SSLUtil} class can
070 * make it easy to create the necessary socket factories.
071 */
072@NotMutable()
073@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
074public final class InMemoryListenerConfig
075{
076  // Indicates whether the listener should request that the client provide a
077  // certificate.
078  private final boolean requestClientCertificate;
079
080  // Indicates whether the listener should require that the client provide a
081  // certificate.
082  private final boolean requireClientCertificate;
083
084  // The address on which this listener should accept client connections.
085  @Nullable private final InetAddress listenAddress;
086
087  // The port on which this listener should accept client connections.
088  private final int listenPort;
089
090  // The socket factory that should be used for accepting new connections.
091  @Nullable private final ServerSocketFactory serverSocketFactory;
092
093  // The socket factory that should be used for creating client connections.
094  @Nullable private final SocketFactory clientSocketFactory;
095
096  // The socket factory that will be used to add StartTLS encryption to an
097  // existing connection.
098  @Nullable private final SSLSocketFactory startTLSSocketFactory;
099
100  // The used to refer to this listener.
101  @NotNull private final String listenerName;
102
103
104
105  /**
106   * Creates a new in-memory directory server listener configuration with the
107   * provided settings.
108   *
109   * @param  listenerName           The name to assign to this listener.  It
110   *                                must not be {@code null} and must not be the
111   *                                same as the name for any other listener
112   *                                configured in the server.
113   * @param  listenAddress          The address on which the listener should
114   *                                accept connections from clients.  It may be
115   *                                {@code null} to indicate that it should
116   *                                accept connections on all addresses on all
117   *                                interfaces.
118   * @param  listenPort             The port on which the listener should accept
119   *                                connections from clients.  It may be 0 to
120   *                                indicate that the server should
121   *                                automatically choose an available port.
122   * @param  serverSocketFactory    The socket factory that should be used to
123   *                                create sockets when accepting client
124   *                                connections.  It may be {@code null} if the
125   *                                JVM-default server socket factory should be
126   *                                used.
127   * @param  clientSocketFactory    The socket factory that should be used to
128   *                                create client connections to the server.  It
129   *                                may be {@code null} if the JVM-default
130   *                                socket factory should be used.
131   * @param  startTLSSocketFactory  The socket factory that should be used to
132   *                                add StartTLS encryption to existing
133   *                                connections.  It may be {@code null} if
134   *                                StartTLS is not to be supported on this
135   *                                listener, and should be {@code null} if the
136   *                                server socket factory already provides some
137   *                                other form of communication security.
138   *
139   * @throws  LDAPException  If the provided listener name is {@code null} or
140   *                         the configured listen port is out of range.
141   */
142  public InMemoryListenerConfig(@NotNull final String listenerName,
143              @Nullable final InetAddress listenAddress, final int listenPort,
144              @Nullable final ServerSocketFactory serverSocketFactory,
145              @Nullable final SocketFactory clientSocketFactory,
146              @Nullable final SSLSocketFactory startTLSSocketFactory)
147         throws LDAPException
148  {
149    this(listenerName, listenAddress, listenPort, serverSocketFactory,
150         clientSocketFactory, startTLSSocketFactory, false, false);
151  }
152
153
154
155  /**
156   * Creates a new in-memory directory server listener configuration with the
157   * provided settings.
158   *
159   * @param  listenerName              The name to assign to this listener.  It
160   *                                   must not be {@code null} and must not be
161   *                                   the same as the name for any other
162   *                                   listener configured in the server.
163   * @param  listenAddress             The address on which the listener should
164   *                                   accept connections from clients.  It may
165   *                                   be {@code null} to indicate that it
166   *                                   should accept connections on all
167   *                                   addresses on all interfaces.
168   * @param  listenPort                The port on which the listener should
169   *                                   accept connections from clients.  It may
170   *                                   be 0 to indicate that the server should
171   *                                   automatically choose an available port.
172   * @param  serverSocketFactory       The socket factory that should be used to
173   *                                   create sockets when accepting client
174   *                                   connections.  It may be {@code null} if
175   *                                   the JVM-default server socket factory
176   *                                   should be used.
177   * @param  clientSocketFactory       The socket factory that should be used to
178   *                                   create client connections to the server.
179   *                                   It may be {@code null} if the JVM-default
180   *                                   socket factory should be used.
181   * @param  startTLSSocketFactory     The socket factory that should be used to
182   *                                   add StartTLS encryption to existing
183   *                                   connections.  It may be {@code null} if
184   *                                   StartTLS is not to be supported on this
185   *                                   listener, and should be {@code null} if
186   *                                   the server socket factory already
187   *                                   provides some other form of communication
188   *                                   security.
189   * @param  requestClientCertificate  Indicates whether the listener should
190   *                                   request that the client present its own
191   *                                   certificate chain during TLS negotiation.
192   *                                   This will be ignored for non-TLS-based
193   *                                   connections.
194   * @param  requireClientCertificate  Indicates whether the listener should
195   *                                   require that the client present its own
196   *                                   certificate chain during TLS negotiation,
197   *                                   and should fail negotiation if the client
198   *                                   does not present one.  This will be
199   *                                   ignored for non-TLS-based connections or
200   *                                   if {@code requestClientCertificate} is
201   *                                   {@code false}.
202   *
203   * @throws  LDAPException  If the provided listener name is {@code null} or
204   *                         the configured listen port is out of range.
205   */
206  public InMemoryListenerConfig(@NotNull final String listenerName,
207              @Nullable final InetAddress listenAddress, final int listenPort,
208              @Nullable final ServerSocketFactory serverSocketFactory,
209              @Nullable final SocketFactory clientSocketFactory,
210              @Nullable final SSLSocketFactory startTLSSocketFactory,
211              final boolean requestClientCertificate,
212              final boolean requireClientCertificate)
213         throws LDAPException
214  {
215    if ((listenerName == null) || listenerName.isEmpty())
216    {
217      throw new LDAPException(ResultCode.PARAM_ERROR,
218           ERR_LISTENER_CFG_NO_NAME.get());
219    }
220
221    if ((listenPort < 0) || (listenPort > 65_535))
222    {
223      throw new LDAPException(ResultCode.PARAM_ERROR,
224           ERR_LISTENER_CFG_INVALID_PORT.get(listenPort));
225    }
226
227    this.listenerName             = listenerName;
228    this.listenAddress            = listenAddress;
229    this.listenPort               = listenPort;
230    this.serverSocketFactory      = serverSocketFactory;
231    this.clientSocketFactory      = clientSocketFactory;
232    this.startTLSSocketFactory    = startTLSSocketFactory;
233    this.requestClientCertificate = requestClientCertificate;
234    this.requireClientCertificate = requireClientCertificate;
235  }
236
237
238
239  /**
240   * Creates a new listener configuration that will listen for unencrypted LDAP
241   * communication on an automatically-selected port on all available addresses.
242   * It will not support StartTLS.
243   *
244   * @param  listenerName  The name to use for the listener.  It must not be
245   *                       {@code null}.
246   *
247   * @return  The newly-created listener configuration.
248   *
249   * @throws  LDAPException  If the provided name is {@code null}.
250   */
251  @NotNull()
252  public static InMemoryListenerConfig createLDAPConfig(
253                                            @NotNull final String listenerName)
254         throws LDAPException
255  {
256    return new InMemoryListenerConfig(listenerName, null, 0, null, null, null);
257  }
258
259
260
261  /**
262   * Creates a new listener configuration that will listen for unencrypted LDAP
263   * communication on the specified port on all available addresses.  It will
264   * not support StartTLS.
265   *
266   * @param  listenerName  The name to use for the listener.  It must not be
267   *                       {@code null}.
268   * @param  listenPort    The port on which the listener should accept
269   *                       connections from clients.  It may be 0 to indicate
270   *                       that the server should automatically choose an
271   *                       available port.
272   *
273   * @return  The newly-created listener configuration.
274   *
275   * @throws  LDAPException  If the provided listener name is {@code null} or
276   *                         the configured listen port is out of range.
277   */
278  @NotNull()
279  public static InMemoryListenerConfig createLDAPConfig(
280                                            @NotNull final String listenerName,
281                                            final int listenPort)
282         throws LDAPException
283  {
284    return new InMemoryListenerConfig(listenerName, null, listenPort, null,
285         null, null);
286  }
287
288
289
290  /**
291   * Creates a new listener configuration that will listen for unencrypted LDAP
292   * communication, and may optionally support StartTLS.
293   *
294   * @param  listenerName           The name to assign to this listener.  It
295   *                                must not be {@code null} and must not be the
296   *                                same as the name for any other listener
297   *                                configured in the server.
298   * @param  listenAddress          The address on which the listener should
299   *                                accept connections from clients.  It may be
300   *                                {@code null} to indicate that it should
301   *                                accept connections on all addresses on all
302   *                                interfaces.
303   * @param  listenPort             The port on which the listener should accept
304   *                                connections from clients.  It may be 0 to
305   *                                indicate that the server should
306   *                                automatically choose an available port.
307   * @param  startTLSSocketFactory  The socket factory that should be used to
308   *                                add StartTLS encryption to an existing
309   *                                connection.  It may be {@code null} if
310   *                                StartTLS is not to be supported on this
311   *                                listener, and should be {@code null} if the
312   *                                server socket factory already provides some
313   *                                other form of communication security.
314   *
315   * @return  The newly-created listener configuration.
316   *
317   * @throws  LDAPException  If the provided listener name is {@code null} or
318   *                         the configured listen port is out of range.
319   */
320  @NotNull()
321  public static InMemoryListenerConfig createLDAPConfig(
322                     @NotNull final String listenerName,
323                     @Nullable final InetAddress listenAddress,
324                     final int listenPort,
325                     @Nullable final SSLSocketFactory startTLSSocketFactory)
326         throws LDAPException
327  {
328    return createLDAPConfig(listenerName, listenAddress, listenPort,
329         startTLSSocketFactory, false, false);
330  }
331
332
333
334  /**
335   * Creates a new listener configuration that will listen for unencrypted LDAP
336   * communication, and may optionally support StartTLS.
337   *
338   * @param  listenerName              The name to assign to this listener.  It
339   *                                   must not be {@code null} and must not be
340   *                                   the same as the name for any other
341   *                                   listener configured in the server.
342   * @param  listenAddress             The address on which the listener should
343   *                                   accept connections from clients.  It may
344   *                                   be {@code null} to indicate that it
345   *                                   should accept connections on all
346   *                                   addresses on all interfaces.
347   * @param  listenPort                The port on which the listener should
348   *                                   accept connections from clients.  It may
349   *                                   be 0 to indicate that the server should
350   *                                   automatically choose an available port.
351   * @param  startTLSSocketFactory     The socket factory that should be used to
352   *                                   add StartTLS encryption to an existing
353   *                                   connection.  It may be {@code null} if
354   *                                   StartTLS is not to be supported on this
355   *                                   listener, and should be {@code null} if
356   *                                   the server socket factory already
357   *                                   provides some other form of communication
358   *                                   security.
359   * @param  requestClientCertificate  Indicates whether the listener should
360   *                                   request that the client present its own
361   *                                   certificate chain during TLS negotiation.
362   *                                   This will be ignored for non-TLS-based
363   *                                   connections.
364   * @param  requireClientCertificate  Indicates whether the listener should
365   *                                   require that the client present its own
366   *                                   certificate chain during TLS negotiation,
367   *                                   and should fail negotiation if the client
368   *                                   does not present one.  This will be
369   *                                   ignored for non-TLS-based connections or
370   *                                   if {@code requestClientCertificate} is
371   *                                   {@code false}.
372   *
373   * @return  The newly-created listener configuration.
374   *
375   * @throws  LDAPException  If the provided listener name is {@code null} or
376   *                         the configured listen port is out of range.
377   */
378  @NotNull()
379  public static InMemoryListenerConfig createLDAPConfig(
380                     @NotNull final String listenerName,
381                     @Nullable final InetAddress listenAddress,
382                     final int listenPort,
383                     @Nullable final SSLSocketFactory startTLSSocketFactory,
384                     final boolean requestClientCertificate,
385                     final boolean requireClientCertificate)
386         throws LDAPException
387  {
388    return new InMemoryListenerConfig(listenerName, listenAddress, listenPort,
389         null, null, startTLSSocketFactory, requestClientCertificate,
390         requireClientCertificate);
391  }
392
393
394
395  /**
396   * Creates a new listener configuration that will listen for SSL-encrypted
397   * LDAP communication on an automatically-selected port on all available
398   * addresses.
399   *
400   * @param  listenerName         The name to use for the listener.  It must not
401   *                              be {@code null}.
402   * @param  serverSocketFactory  The SSL server socket factory that will be
403   *                              used for accepting SSL-based connections from
404   *                              clients.  It must not be {@code null}.
405   *
406   * @return  The newly-created listener configuration.
407   *
408   * @throws  LDAPException  If the provided name is {@code null}.
409   */
410  @NotNull()
411  public static InMemoryListenerConfig createLDAPSConfig(
412                     @NotNull final String listenerName,
413                     @NotNull final SSLServerSocketFactory serverSocketFactory)
414         throws LDAPException
415  {
416    return createLDAPSConfig(listenerName, null, 0, serverSocketFactory, null);
417  }
418
419
420
421  /**
422   * Creates a new listener configuration that will listen for SSL-encrypted
423   * LDAP communication on the specified port on all available addresses.
424   *
425   * @param  listenerName         The name to use for the listener.  It must not
426   *                              be {@code null}.
427   * @param  listenPort           The port on which the listener should accept
428   *                              connections from clients.  It may be 0 to
429   *                              indicate that the server should
430   *                              automatically choose an available port.
431   * @param  serverSocketFactory  The SSL server socket factory that will be
432   *                              used for accepting SSL-based connections from
433   *                              clients.  It must not be {@code null}.
434   *
435   * @return  The newly-created listener configuration.
436   *
437   * @throws  LDAPException  If the provided name is {@code null}.
438   */
439  @NotNull()
440  public static InMemoryListenerConfig createLDAPSConfig(
441                     @NotNull final String listenerName, final int listenPort,
442                     @NotNull final SSLServerSocketFactory serverSocketFactory)
443         throws LDAPException
444  {
445    return createLDAPSConfig(listenerName, null, listenPort,
446         serverSocketFactory, null);
447  }
448
449
450
451  /**
452   * Creates a new listener configuration that will listen for SSL-encrypted
453   * LDAP communication on an automatically-selected port on all available
454   * addresses.
455   *
456   * @param  listenerName         The name to use for the listener.  It must not
457   *                              be {@code null}.
458   * @param  listenAddress        The address on which the listener should
459   *                              accept connections from clients.  It may be
460   *                              {@code null} to indicate that it should
461   *                              accept connections on all addresses on all
462   *                              interfaces.
463   * @param  listenPort           The port on which the listener should accept
464   *                              connections from clients.  It may be 0 to
465   *                              indicate that the server should
466   *                              automatically choose an available port.
467   * @param  serverSocketFactory  The SSL server socket factory that will be
468   *                              used for accepting SSL-based connections from
469   *                              clients.  It must not be {@code null}.
470   * @param  clientSocketFactory  The SSL socket factory that will be used to
471   *                              create secure connections to the server.  It
472   *                              may be {@code null} if a default "trust all"
473   *                              socket factory should be used.
474   *
475   * @return  The newly-created listener configuration.
476   *
477   * @throws  LDAPException  If the provided name or server socket factory is
478   *          {@code null}, or an error occurs while attempting to create a
479   *          client socket factory.
480   */
481  @NotNull()
482  public static InMemoryListenerConfig createLDAPSConfig(
483                     @NotNull final String listenerName,
484                     @Nullable final InetAddress listenAddress,
485                     final int listenPort,
486                     @NotNull final SSLServerSocketFactory serverSocketFactory,
487                     @Nullable final SSLSocketFactory clientSocketFactory)
488         throws LDAPException
489  {
490    return createLDAPSConfig(listenerName, listenAddress, listenPort,
491         serverSocketFactory, clientSocketFactory, false, false);
492  }
493
494
495
496  /**
497   * Creates a new listener configuration that will listen for SSL-encrypted
498   * LDAP communication on an automatically-selected port on all available
499   * addresses.
500   *
501   * @param  listenerName              The name to use for the listener.  It
502   *                                   must not be {@code null}.
503   * @param  listenAddress             The address on which the listener should
504   *                                   accept connections from clients.  It may
505   *                                   be  {@code null} to indicate that it
506   *                                   should accept connections on all
507   *                                   addresses on all interfaces.
508   * @param  listenPort                The port on which the listener should
509   *                                   accept connections from clients.  It may
510   *                                   be 0 to indicate that the server should
511   *                                   automatically choose an available port.
512   * @param  serverSocketFactory       The SSL server socket factory that will
513   *                                   be used for accepting SSL-based
514   *                                   connections from clients.  It must not be
515   *                                   {@code null}.
516   * @param  clientSocketFactory       The SSL socket factory that will be used
517   *                                   to create secure connections to the
518   *                                   server.  It may be {@code null} if a
519   *                                   default "trust all" socket factory should
520   *                                   be used.
521   * @param  requestClientCertificate  Indicates whether the listener should
522   *                                   request that the client present its own
523   *                                   certificate chain during TLS negotiation.
524   *                                   This will be ignored for non-TLS-based
525   *                                   connections.
526   * @param  requireClientCertificate  Indicates whether the listener should
527   *                                   require that the client present its own
528   *                                   certificate chain during TLS negotiation,
529   *                                   and should fail negotiation if the client
530   *                                   does not present one.  This will be
531   *                                   ignored for non-TLS-based connections or
532   *                                   if {@code requestClientCertificate} is
533   *                                   {@code false}.
534   *
535   * @return  The newly-created listener configuration.
536   *
537   * @throws  LDAPException  If the provided name or server socket factory is
538   *          {@code null}, or an error occurs while attempting to create a
539   *          client socket factory.
540   */
541  @NotNull()
542  public static InMemoryListenerConfig createLDAPSConfig(
543                     @NotNull final String listenerName,
544                     @Nullable final InetAddress listenAddress,
545                     final int listenPort,
546                     @NotNull final SSLServerSocketFactory serverSocketFactory,
547                     @Nullable final SSLSocketFactory clientSocketFactory,
548                     final boolean requestClientCertificate,
549                     final boolean requireClientCertificate)
550         throws LDAPException
551  {
552    if (serverSocketFactory == null)
553    {
554      throw new LDAPException(ResultCode.PARAM_ERROR,
555           ERR_LISTENER_CFG_NO_SSL_SERVER_SOCKET_FACTORY.get());
556    }
557
558    final SSLSocketFactory clientFactory;
559    if (clientSocketFactory == null)
560    {
561      try
562      {
563        final SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
564        clientFactory = sslUtil.createSSLSocketFactory();
565      }
566      catch (final Exception e)
567      {
568        Debug.debugException(e);
569        throw new LDAPException(ResultCode.LOCAL_ERROR,
570             ERR_LISTENER_CFG_COULD_NOT_CREATE_SSL_SOCKET_FACTORY.get(
571                  StaticUtils.getExceptionMessage(e)),
572             e);
573      }
574    }
575    else
576    {
577      clientFactory = clientSocketFactory;
578    }
579
580    return new InMemoryListenerConfig(listenerName, listenAddress, listenPort,
581         serverSocketFactory, clientFactory, null, requestClientCertificate,
582         requireClientCertificate);
583  }
584
585
586
587  /**
588   * Retrieves the name for this listener configuration.
589   *
590   * @return  The name for this listener configuration.
591   */
592  @NotNull()
593  public String getListenerName()
594  {
595    return listenerName;
596  }
597
598
599
600  /**
601   * Retrieves the address on which the listener should accept connections from
602   * clients, if defined.
603   *
604   * @return  The address on which the listener should accept connections from
605   *          clients, or {@code null} if it should accept connections on all
606   *          addresses on all interfaces.
607   */
608  @Nullable()
609  public InetAddress getListenAddress()
610  {
611    return listenAddress;
612  }
613
614
615
616  /**
617   * Retrieves the port on which the listener should accept connections from
618   * clients, if defined.
619   *
620   * @return  The port on which the listener should accept connections from
621   *          clients, or 0 if the listener should automatically select an
622   *          available port.
623   */
624  public int getListenPort()
625  {
626    return listenPort;
627  }
628
629
630
631  /**
632   * Retrieves the socket factory that should be used to create sockets when
633   * accepting client connections, if defined.
634   *
635   * @return  The socket factory that should be used to create sockets when
636   *          accepting client connections, or {@code null} if the JVM-default
637   *          server socket factory should be used.
638   */
639  @Nullable()
640  public ServerSocketFactory getServerSocketFactory()
641  {
642    return serverSocketFactory;
643  }
644
645
646
647  /**
648   * Retrieves the socket factory that should be used to create client
649   * connections to the server, if defined.
650   *
651   * @return  The socket factory that should be used to create client
652   *          connections to the server, or {@code null} if the JVM-default
653   *          socket factory should be used.
654   */
655  @Nullable()
656  public SocketFactory getClientSocketFactory()
657  {
658    return clientSocketFactory;
659  }
660
661
662
663  /**
664   * Retrieves the socket factory that should be used to add StartTLS encryption
665   * to existing connections, if defined.
666   *
667   * @return  The socket factory that should be used to add StartTLS encryption
668   *          to existing connections, or {@code null} if StartTLS should not be
669   *          supported.
670   */
671  @Nullable()
672  public SSLSocketFactory getStartTLSSocketFactory()
673  {
674    return startTLSSocketFactory;
675  }
676
677
678
679  /**
680   * Indicates whether the listener should request that the client present its
681   * own certificate chain during TLS negotiation.  This will be ignored for
682   * non-TLS-based connections.
683   *
684   * @return  {@code true} if the listener should request that the client
685   *          present its own certificate chain during TLS negotiation, or
686   *          {@code false} if not.
687   */
688  public boolean requestClientCertificate()
689  {
690    return requestClientCertificate;
691  }
692
693
694
695  /**
696   * Indicates whether the listener should require that the client present its
697   * own certificate chain during TLS negotiation and should fail negotiation
698   * if no certificate chain was provided.  This will be ignored for
699   * non-TLS-based connections, and it will also be ignored if
700   * {@link #requestClientCertificate} returns false.
701   *
702   * @return  {@code true} if the listener should require that the client
703   *          present its own certificate chain during TLS negotiation, or
704   *          {@code false} if TLS negotiation should continue even if the
705   *          client did not present a certificate chain when requested.
706   */
707  public boolean requireClientCertificate()
708  {
709    return requireClientCertificate;
710  }
711
712
713
714  /**
715   * Retrieves a string representation of this listener configuration.
716   *
717   * @return  A string representation of this listener configuration.
718   */
719  @Override()
720  @NotNull()
721  public String toString()
722  {
723    final StringBuilder buffer = new StringBuilder();
724    toString(buffer);
725    return buffer.toString();
726  }
727
728
729
730  /**
731   * Appends a string representation of this listener configuration to the
732   * provided buffer.
733   *
734   * @param  buffer  The buffer to which the information should be appended.
735   */
736  public void toString(@NotNull final StringBuilder buffer)
737  {
738    buffer.append("InMemoryListenerConfig(name='");
739    buffer.append(listenerName);
740    buffer.append('\'');
741
742    if (listenAddress != null)
743    {
744      buffer.append(", listenAddress='");
745      buffer.append(listenAddress.getHostAddress());
746      buffer.append('\'');
747    }
748
749    buffer.append(", listenPort=");
750    buffer.append(listenPort);
751
752    if (serverSocketFactory != null)
753    {
754      buffer.append(", serverSocketFactoryClass='");
755      buffer.append(serverSocketFactory.getClass().getName());
756      buffer.append('\'');
757    }
758
759    if (clientSocketFactory != null)
760    {
761      buffer.append(", clientSocketFactoryClass='");
762      buffer.append(clientSocketFactory.getClass().getName());
763      buffer.append('\'');
764    }
765
766    if (startTLSSocketFactory != null)
767    {
768      buffer.append(", startTLSSocketFactoryClass='");
769      buffer.append(startTLSSocketFactory.getClass().getName());
770      buffer.append('\'');
771    }
772
773    buffer.append(", requestClientCertificate=");
774    buffer.append(requestClientCertificate);
775    buffer.append(", requireClientCertificate=");
776    buffer.append(requireClientCertificate);
777
778    buffer.append(')');
779  }
780}