001/* 002 * Copyright 2007-2022 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2007-2022 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2007-2022 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk; 037 038 039 040import javax.net.ssl.SSLContext; 041import javax.net.ssl.SSLSocketFactory; 042 043import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest; 044import com.unboundid.util.NotMutable; 045import com.unboundid.util.NotNull; 046import com.unboundid.util.Nullable; 047import com.unboundid.util.ThreadSafety; 048import com.unboundid.util.ThreadSafetyLevel; 049import com.unboundid.util.Validator; 050 051 052 053/** 054 * This class provides an implementation of a post-connect processor that can 055 * be used to perform StartTLS negotiation on an LDAP connection that is 056 * intended to be used in a connection pool. 057 * <BR><BR> 058 * <H2>Example</H2> 059 * The following example demonstrates the use of the StartTLS post-connect 060 * processor to create an LDAP connection pool whose connections are secured 061 * using StartTLS: 062 * <PRE> 063 * // Configure an SSLUtil instance and use it to obtain an SSLContext. 064 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath)); 065 * SSLContext sslContext = sslUtil.createSSLContext(); 066 * 067 * // Establish an insecure connection to the directory server. 068 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort); 069 * 070 * // Use the StartTLS extended operation to secure the connection. 071 * ExtendedResult startTLSResult = connection.processExtendedOperation( 072 * new StartTLSExtendedRequest(sslContext)); 073 * 074 * // Create a connection pool that will secure its connections with StartTLS. 075 * BindResult bindResult = connection.bind( 076 * "uid=john.doe,ou=People,dc=example,dc=com", "password"); 077 * StartTLSPostConnectProcessor startTLSProcessor = 078 * new StartTLSPostConnectProcessor(sslContext); 079 * LDAPConnectionPool pool = 080 * new LDAPConnectionPool(connection, 1, 10, startTLSProcessor); 081 * 082 * // Verify that we can use the pool to communicate with the directory server. 083 * RootDSE rootDSE = pool.getRootDSE(); 084 * 085 * // Close the connection pool. 086 * pool.close(); 087 * </PRE> 088 */ 089@NotMutable() 090@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 091public final class StartTLSPostConnectProcessor 092 implements PostConnectProcessor 093{ 094 // The SSL context to use to perform the negotiation. 095 @Nullable private final SSLContext sslContext; 096 097 // The SSL socket factory to create the secure connection. 098 @Nullable private final SSLSocketFactory sslSocketFactory; 099 100 101 102 /** 103 * Creates a new instance of this StartTLS post-connect processor that will 104 * use the provided SSL context. 105 * 106 * @param sslContext The SSL context to use to perform the StartTLS 107 * negotiation. It must not be {@code null}. 108 */ 109 public StartTLSPostConnectProcessor(@NotNull final SSLContext sslContext) 110 { 111 Validator.ensureNotNull(sslContext); 112 113 this.sslContext = sslContext; 114 sslSocketFactory = null; 115 } 116 117 118 119 /** 120 * Creates a new instance of this StartTLS post-connect processor that will 121 * use the provided SSL context. 122 * 123 * @param sslSocketFactory The SSL socket factory to use to create the 124 * TLS-secured socket. It must not be {@code null}. 125 */ 126 public StartTLSPostConnectProcessor( 127 @NotNull final SSLSocketFactory sslSocketFactory) 128 { 129 Validator.ensureNotNull(sslSocketFactory); 130 131 this.sslSocketFactory = sslSocketFactory; 132 sslContext = null; 133 } 134 135 136 137 /** 138 * {@inheritDoc} 139 */ 140 @Override() 141 public void processPreAuthenticatedConnection( 142 @NotNull final LDAPConnection connection) 143 throws LDAPException 144 { 145 final StartTLSExtendedRequest startTLSRequest; 146 if (sslContext == null) 147 { 148 startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory); 149 } 150 else 151 { 152 startTLSRequest = new StartTLSExtendedRequest(sslContext); 153 } 154 155 // Since the StartTLS processing will occur during the course of 156 // establishing the connection for use in the pool, set the connect timeout 157 // for the operation to be equal to the connect timeout from the connection 158 // options. 159 final LDAPConnectionOptions opts = connection.getConnectionOptions(); 160 startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis()); 161 162 final ExtendedResult r = 163 connection.processExtendedOperation(startTLSRequest); 164 if (! r.getResultCode().equals(ResultCode.SUCCESS)) 165 { 166 throw new LDAPExtendedOperationException(r); 167 } 168 } 169 170 171 172 /** 173 * {@inheritDoc} 174 */ 175 @Override() 176 public void processPostAuthenticatedConnection( 177 @NotNull final LDAPConnection connection) 178 throws LDAPException 179 { 180 // No implementation is required for this post-connect processor. 181 } 182}