001/*
002 * Copyright 2007-2020 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2007-2020 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2008-2020 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk;
037
038
039
040import javax.net.ssl.SSLContext;
041import javax.net.ssl.SSLSocketFactory;
042
043import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
044import com.unboundid.util.NotMutable;
045import com.unboundid.util.ThreadSafety;
046import com.unboundid.util.ThreadSafetyLevel;
047import com.unboundid.util.Validator;
048
049
050
051/**
052 * This class provides an implementation of a post-connect processor that can
053 * be used to perform StartTLS negotiation on an LDAP connection that is
054 * intended to be used in a connection pool.
055 * <BR><BR>
056 * <H2>Example</H2>
057 * The following example demonstrates the use of the StartTLS post-connect
058 * processor to create an LDAP connection pool whose connections are secured
059 * using StartTLS:
060 * <PRE>
061 * // Configure an SSLUtil instance and use it to obtain an SSLContext.
062 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
063 * SSLContext sslContext = sslUtil.createSSLContext();
064 *
065 * // Establish an insecure connection to the directory server.
066 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort);
067 *
068 * // Use the StartTLS extended operation to secure the connection.
069 * ExtendedResult startTLSResult = connection.processExtendedOperation(
070 *      new StartTLSExtendedRequest(sslContext));
071 *
072 * // Create a connection pool that will secure its connections with StartTLS.
073 * BindResult bindResult = connection.bind(
074 *      "uid=john.doe,ou=People,dc=example,dc=com", "password");
075 * StartTLSPostConnectProcessor startTLSProcessor =
076 *      new StartTLSPostConnectProcessor(sslContext);
077 * LDAPConnectionPool pool =
078 *      new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
079 *
080 * // Verify that we can use the pool to communicate with the directory server.
081 * RootDSE rootDSE = pool.getRootDSE();
082 *
083 * // Close the connection pool.
084 * pool.close();
085 * </PRE>
086 */
087@NotMutable()
088@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
089public final class StartTLSPostConnectProcessor
090       implements PostConnectProcessor
091{
092  // The SSL context to use to perform the negotiation.
093  private final SSLContext sslContext;
094
095  // The SSL socket factory to create the secure connection.
096  private final SSLSocketFactory sslSocketFactory;
097
098
099
100  /**
101   * Creates a new instance of this StartTLS post-connect processor that will
102   * use the provided SSL context.
103   *
104   * @param  sslContext  The SSL context to use to perform the StartTLS
105   *                     negotiation.  It must not be {@code null}.
106   */
107  public StartTLSPostConnectProcessor(final SSLContext sslContext)
108  {
109    Validator.ensureNotNull(sslContext);
110
111    this.sslContext = sslContext;
112    sslSocketFactory = null;
113  }
114
115
116
117  /**
118   * Creates a new instance of this StartTLS post-connect processor that will
119   * use the provided SSL context.
120   *
121   * @param  sslSocketFactory  The SSL socket factory to use to create the
122   *                           TLS-secured socket.  It must not be {@code null}.
123   */
124  public StartTLSPostConnectProcessor(final SSLSocketFactory sslSocketFactory)
125  {
126    Validator.ensureNotNull(sslSocketFactory);
127
128    this.sslSocketFactory = sslSocketFactory;
129    sslContext = null;
130  }
131
132
133
134  /**
135   * {@inheritDoc}
136   */
137  @Override()
138  public void processPreAuthenticatedConnection(final LDAPConnection connection)
139         throws LDAPException
140  {
141    final StartTLSExtendedRequest startTLSRequest;
142    if (sslContext == null)
143    {
144      startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory);
145    }
146    else
147    {
148      startTLSRequest = new StartTLSExtendedRequest(sslContext);
149    }
150
151    // Since the StartTLS processing will occur during the course of
152    // establishing the connection for use in the pool, set the connect timeout
153    // for the operation to be equal to the connect timeout from the connection
154    // options.
155    final LDAPConnectionOptions opts = connection.getConnectionOptions();
156    startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
157
158    final ExtendedResult r =
159         connection.processExtendedOperation(startTLSRequest);
160    if (! r.getResultCode().equals(ResultCode.SUCCESS))
161    {
162      throw new LDAPExtendedOperationException(r);
163    }
164  }
165
166
167
168  /**
169   * {@inheritDoc}
170   */
171  @Override()
172  public void processPostAuthenticatedConnection(
173                   final LDAPConnection connection)
174         throws LDAPException
175  {
176    // No implementation is required for this post-connect processor.
177  }
178}