001 /* 002 * Copyright 2007-2014 UnboundID Corp. 003 * All Rights Reserved. 004 */ 005 /* 006 * Copyright (C) 2008-2014 UnboundID Corp. 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021 package com.unboundid.ldap.sdk; 022 023 024 025 import javax.net.ssl.SSLContext; 026 027 import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest; 028 029 import static com.unboundid.util.Validator.*; 030 031 032 033 /** 034 * This class provides an implementation of a post-connect processor that can 035 * be used to perform StartTLS negotiation on an LDAP connection that is 036 * intended to be used in a connection pool. 037 * <BR><BR> 038 * <H2>Example</H2> 039 * The following example demonstrates the use of the StartTLS post-connect 040 * processor to create an LDAP connection pool whose connections are secured 041 * using StartTLS: 042 * <PRE> 043 * // Configure an SSLUtil instance and use it to obtain an SSLContext. 044 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath)); 045 * SSLContext sslContext = sslUtil.createSSLContext(); 046 * 047 * // Establish an insecure connection to the directory server. 048 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort); 049 * 050 * // Use the StartTLS extended operation to secure the connection. 051 * ExtendedResult startTLSResult = connection.processExtendedOperation( 052 * new StartTLSExtendedRequest(sslContext)); 053 * 054 * // Create a connection pool that will secure its connections with StartTLS. 055 * BindResult bindResult = connection.bind( 056 * "uid=john.doe,ou=People,dc=example,dc=com", "password"); 057 * StartTLSPostConnectProcessor startTLSProcessor = 058 * new StartTLSPostConnectProcessor(sslContext); 059 * LDAPConnectionPool pool = 060 * new LDAPConnectionPool(connection, 1, 10, startTLSProcessor); 061 * 062 * // Verify that we can use the pool to communicate with the directory server. 063 * RootDSE rootDSE = pool.getRootDSE(); 064 * 065 * // Close the connection pool. 066 * pool.close(); 067 * </PRE> 068 */ 069 public final class StartTLSPostConnectProcessor 070 implements PostConnectProcessor 071 { 072 // The SSL context to use to perform the negotiation. 073 private final SSLContext sslContext; 074 075 076 077 /** 078 * Creates a new instance of this StartTLS post-connect processor that will 079 * use the provided SSL context. 080 * 081 * @param sslContext The SSL context to use to perform the StartTLS 082 * negotiation. It must not be {@code null}. 083 */ 084 public StartTLSPostConnectProcessor(final SSLContext sslContext) 085 { 086 ensureNotNull(sslContext); 087 088 this.sslContext = sslContext; 089 } 090 091 092 093 /** 094 * {@inheritDoc} 095 */ 096 public void processPreAuthenticatedConnection(final LDAPConnection connection) 097 throws LDAPException 098 { 099 final StartTLSExtendedRequest startTLSRequest = 100 new StartTLSExtendedRequest(sslContext); 101 102 // Since the StartTLS processing will occur during the course of 103 // establishing the connection for use in the pool, set the connect timeout 104 // for the operation to be equal to the connect timeout from the connection 105 // options. 106 final LDAPConnectionOptions opts = connection.getConnectionOptions(); 107 startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis()); 108 109 final ExtendedResult r = 110 connection.processExtendedOperation(startTLSRequest); 111 if (! r.getResultCode().equals(ResultCode.SUCCESS)) 112 { 113 throw new LDAPException(r); 114 } 115 } 116 117 118 119 /** 120 * {@inheritDoc} 121 */ 122 public void processPostAuthenticatedConnection( 123 final LDAPConnection connection) 124 throws LDAPException 125 { 126 // No implementation is required for this post-connect processor. 127 } 128 }