001 /* 002 * Copyright 2007-2015 UnboundID Corp. 003 * All Rights Reserved. 004 */ 005 /* 006 * Copyright (C) 2008-2015 UnboundID Corp. 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021 package com.unboundid.ldap.sdk; 022 023 024 025 import javax.net.ssl.SSLContext; 026 import javax.net.ssl.SSLSocketFactory; 027 028 import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest; 029 030 import static com.unboundid.util.Validator.*; 031 032 033 034 /** 035 * This class provides an implementation of a post-connect processor that can 036 * be used to perform StartTLS negotiation on an LDAP connection that is 037 * intended to be used in a connection pool. 038 * <BR><BR> 039 * <H2>Example</H2> 040 * The following example demonstrates the use of the StartTLS post-connect 041 * processor to create an LDAP connection pool whose connections are secured 042 * using StartTLS: 043 * <PRE> 044 * // Configure an SSLUtil instance and use it to obtain an SSLContext. 045 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath)); 046 * SSLContext sslContext = sslUtil.createSSLContext(); 047 * 048 * // Establish an insecure connection to the directory server. 049 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort); 050 * 051 * // Use the StartTLS extended operation to secure the connection. 052 * ExtendedResult startTLSResult = connection.processExtendedOperation( 053 * new StartTLSExtendedRequest(sslContext)); 054 * 055 * // Create a connection pool that will secure its connections with StartTLS. 056 * BindResult bindResult = connection.bind( 057 * "uid=john.doe,ou=People,dc=example,dc=com", "password"); 058 * StartTLSPostConnectProcessor startTLSProcessor = 059 * new StartTLSPostConnectProcessor(sslContext); 060 * LDAPConnectionPool pool = 061 * new LDAPConnectionPool(connection, 1, 10, startTLSProcessor); 062 * 063 * // Verify that we can use the pool to communicate with the directory server. 064 * RootDSE rootDSE = pool.getRootDSE(); 065 * 066 * // Close the connection pool. 067 * pool.close(); 068 * </PRE> 069 */ 070 public final class StartTLSPostConnectProcessor 071 implements PostConnectProcessor 072 { 073 // The SSL context to use to perform the negotiation. 074 private final SSLContext sslContext; 075 076 // The SSL socket factory to create the secure connection. 077 private final SSLSocketFactory sslSocketFactory; 078 079 080 081 /** 082 * Creates a new instance of this StartTLS post-connect processor that will 083 * use the provided SSL context. 084 * 085 * @param sslContext The SSL context to use to perform the StartTLS 086 * negotiation. It must not be {@code null}. 087 */ 088 public StartTLSPostConnectProcessor(final SSLContext sslContext) 089 { 090 ensureNotNull(sslContext); 091 092 this.sslContext = sslContext; 093 sslSocketFactory = null; 094 } 095 096 097 098 /** 099 * Creates a new instance of this StartTLS post-connect processor that will 100 * use the provided SSL context. 101 * 102 * @param sslSocketFactory The SSL socket factory to use to create the 103 * TLS-secured socket. It must not be {@code null}. 104 */ 105 public StartTLSPostConnectProcessor(final SSLSocketFactory sslSocketFactory) 106 { 107 ensureNotNull(sslSocketFactory); 108 109 this.sslSocketFactory = sslSocketFactory; 110 sslContext = null; 111 } 112 113 114 115 /** 116 * {@inheritDoc} 117 */ 118 public void processPreAuthenticatedConnection(final LDAPConnection connection) 119 throws LDAPException 120 { 121 final StartTLSExtendedRequest startTLSRequest; 122 if (sslContext == null) 123 { 124 startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory); 125 } 126 else 127 { 128 startTLSRequest = new StartTLSExtendedRequest(sslContext); 129 } 130 131 // Since the StartTLS processing will occur during the course of 132 // establishing the connection for use in the pool, set the connect timeout 133 // for the operation to be equal to the connect timeout from the connection 134 // options. 135 final LDAPConnectionOptions opts = connection.getConnectionOptions(); 136 startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis()); 137 138 final ExtendedResult r = 139 connection.processExtendedOperation(startTLSRequest); 140 if (! r.getResultCode().equals(ResultCode.SUCCESS)) 141 { 142 throw new LDAPExtendedOperationException(r); 143 } 144 } 145 146 147 148 /** 149 * {@inheritDoc} 150 */ 151 public void processPostAuthenticatedConnection( 152 final LDAPConnection connection) 153 throws LDAPException 154 { 155 // No implementation is required for this post-connect processor. 156 } 157 }