001    /*
002     * Copyright 2007-2015 UnboundID Corp.
003     * All Rights Reserved.
004     */
005    /*
006     * Copyright (C) 2008-2015 UnboundID Corp.
007     *
008     * This program is free software; you can redistribute it and/or modify
009     * it under the terms of the GNU General Public License (GPLv2 only)
010     * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011     * as published by the Free Software Foundation.
012     *
013     * This program is distributed in the hope that it will be useful,
014     * but WITHOUT ANY WARRANTY; without even the implied warranty of
015     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016     * GNU General Public License for more details.
017     *
018     * You should have received a copy of the GNU General Public License
019     * along with this program; if not, see <http://www.gnu.org/licenses>.
020     */
021    package com.unboundid.ldap.sdk;
022    
023    
024    
025    import javax.net.ssl.SSLContext;
026    import javax.net.ssl.SSLSocketFactory;
027    
028    import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
029    
030    import static com.unboundid.util.Validator.*;
031    
032    
033    
034    /**
035     * This class provides an implementation of a post-connect processor that can
036     * be used to perform StartTLS negotiation on an LDAP connection that is
037     * intended to be used in a connection pool.
038     * <BR><BR>
039     * <H2>Example</H2>
040     * The following example demonstrates the use of the StartTLS post-connect
041     * processor to create an LDAP connection pool whose connections are secured
042     * using StartTLS:
043     * <PRE>
044     * // Configure an SSLUtil instance and use it to obtain an SSLContext.
045     * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
046     * SSLContext sslContext = sslUtil.createSSLContext();
047     *
048     * // Establish an insecure connection to the directory server.
049     * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort);
050     *
051     * // Use the StartTLS extended operation to secure the connection.
052     * ExtendedResult startTLSResult = connection.processExtendedOperation(
053     *      new StartTLSExtendedRequest(sslContext));
054     *
055     * // Create a connection pool that will secure its connections with StartTLS.
056     * BindResult bindResult = connection.bind(
057     *      "uid=john.doe,ou=People,dc=example,dc=com", "password");
058     * StartTLSPostConnectProcessor startTLSProcessor =
059     *      new StartTLSPostConnectProcessor(sslContext);
060     * LDAPConnectionPool pool =
061     *      new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
062     *
063     * // Verify that we can use the pool to communicate with the directory server.
064     * RootDSE rootDSE = pool.getRootDSE();
065     *
066     * // Close the connection pool.
067     * pool.close();
068     * </PRE>
069     */
070    public final class StartTLSPostConnectProcessor
071           implements PostConnectProcessor
072    {
073      // The SSL context to use to perform the negotiation.
074      private final SSLContext sslContext;
075    
076      // The SSL socket factory to create the secure connection.
077      private final SSLSocketFactory sslSocketFactory;
078    
079    
080    
081      /**
082       * Creates a new instance of this StartTLS post-connect processor that will
083       * use the provided SSL context.
084       *
085       * @param  sslContext  The SSL context to use to perform the StartTLS
086       *                     negotiation.  It must not be {@code null}.
087       */
088      public StartTLSPostConnectProcessor(final SSLContext sslContext)
089      {
090        ensureNotNull(sslContext);
091    
092        this.sslContext = sslContext;
093        sslSocketFactory = null;
094      }
095    
096    
097    
098      /**
099       * Creates a new instance of this StartTLS post-connect processor that will
100       * use the provided SSL context.
101       *
102       * @param  sslSocketFactory  The SSL socket factory to use to create the
103       *                           TLS-secured socket.  It must not be {@code null}.
104       */
105      public StartTLSPostConnectProcessor(final SSLSocketFactory sslSocketFactory)
106      {
107        ensureNotNull(sslSocketFactory);
108    
109        this.sslSocketFactory = sslSocketFactory;
110        sslContext = null;
111      }
112    
113    
114    
115      /**
116       * {@inheritDoc}
117       */
118      public void processPreAuthenticatedConnection(final LDAPConnection connection)
119             throws LDAPException
120      {
121        final StartTLSExtendedRequest startTLSRequest;
122        if (sslContext == null)
123        {
124          startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory);
125        }
126        else
127        {
128          startTLSRequest = new StartTLSExtendedRequest(sslContext);
129        }
130    
131        // Since the StartTLS processing will occur during the course of
132        // establishing the connection for use in the pool, set the connect timeout
133        // for the operation to be equal to the connect timeout from the connection
134        // options.
135        final LDAPConnectionOptions opts = connection.getConnectionOptions();
136        startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
137    
138        final ExtendedResult r =
139             connection.processExtendedOperation(startTLSRequest);
140        if (! r.getResultCode().equals(ResultCode.SUCCESS))
141        {
142          throw new LDAPExtendedOperationException(r);
143        }
144      }
145    
146    
147    
148      /**
149       * {@inheritDoc}
150       */
151      public void processPostAuthenticatedConnection(
152                       final LDAPConnection connection)
153             throws LDAPException
154      {
155        // No implementation is required for this post-connect processor.
156      }
157    }