001/*
002 * Copyright 2007-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2007-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2007-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk;
037
038
039
040import javax.net.ssl.SSLContext;
041import javax.net.ssl.SSLSocketFactory;
042
043import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
044import com.unboundid.util.NotMutable;
045import com.unboundid.util.NotNull;
046import com.unboundid.util.Nullable;
047import com.unboundid.util.ThreadSafety;
048import com.unboundid.util.ThreadSafetyLevel;
049import com.unboundid.util.Validator;
050
051
052
053/**
054 * This class provides an implementation of a post-connect processor that can
055 * be used to perform StartTLS negotiation on an LDAP connection that is
056 * intended to be used in a connection pool.
057 * <BR><BR>
058 * <H2>Example</H2>
059 * The following example demonstrates the use of the StartTLS post-connect
060 * processor to create an LDAP connection pool whose connections are secured
061 * using StartTLS:
062 * <PRE>
063 * // Configure an SSLUtil instance and use it to obtain an SSLContext.
064 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
065 * SSLContext sslContext = sslUtil.createSSLContext();
066 *
067 * // Establish an insecure connection to the directory server.
068 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort);
069 *
070 * // Use the StartTLS extended operation to secure the connection.
071 * ExtendedResult startTLSResult = connection.processExtendedOperation(
072 *      new StartTLSExtendedRequest(sslContext));
073 *
074 * // Create a connection pool that will secure its connections with StartTLS.
075 * BindResult bindResult = connection.bind(
076 *      "uid=john.doe,ou=People,dc=example,dc=com", "password");
077 * StartTLSPostConnectProcessor startTLSProcessor =
078 *      new StartTLSPostConnectProcessor(sslContext);
079 * LDAPConnectionPool pool =
080 *      new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
081 *
082 * // Verify that we can use the pool to communicate with the directory server.
083 * RootDSE rootDSE = pool.getRootDSE();
084 *
085 * // Close the connection pool.
086 * pool.close();
087 * </PRE>
088 */
089@NotMutable()
090@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
091public final class StartTLSPostConnectProcessor
092       implements PostConnectProcessor
093{
094  // The SSL context to use to perform the negotiation.
095  @Nullable private final SSLContext sslContext;
096
097  // The SSL socket factory to create the secure connection.
098  @Nullable private final SSLSocketFactory sslSocketFactory;
099
100
101
102  /**
103   * Creates a new instance of this StartTLS post-connect processor that will
104   * use the provided SSL context.
105   *
106   * @param  sslContext  The SSL context to use to perform the StartTLS
107   *                     negotiation.  It must not be {@code null}.
108   */
109  public StartTLSPostConnectProcessor(@NotNull final SSLContext sslContext)
110  {
111    Validator.ensureNotNull(sslContext);
112
113    this.sslContext = sslContext;
114    sslSocketFactory = null;
115  }
116
117
118
119  /**
120   * Creates a new instance of this StartTLS post-connect processor that will
121   * use the provided SSL context.
122   *
123   * @param  sslSocketFactory  The SSL socket factory to use to create the
124   *                           TLS-secured socket.  It must not be {@code null}.
125   */
126  public StartTLSPostConnectProcessor(
127              @NotNull final SSLSocketFactory sslSocketFactory)
128  {
129    Validator.ensureNotNull(sslSocketFactory);
130
131    this.sslSocketFactory = sslSocketFactory;
132    sslContext = null;
133  }
134
135
136
137  /**
138   * {@inheritDoc}
139   */
140  @Override()
141  public void processPreAuthenticatedConnection(
142                   @NotNull final LDAPConnection connection)
143         throws LDAPException
144  {
145    final StartTLSExtendedRequest startTLSRequest;
146    if (sslContext == null)
147    {
148      startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory);
149    }
150    else
151    {
152      startTLSRequest = new StartTLSExtendedRequest(sslContext);
153    }
154
155    // Since the StartTLS processing will occur during the course of
156    // establishing the connection for use in the pool, set the connect timeout
157    // for the operation to be equal to the connect timeout from the connection
158    // options.
159    final LDAPConnectionOptions opts = connection.getConnectionOptions();
160    startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
161
162    final ExtendedResult r =
163         connection.processExtendedOperation(startTLSRequest);
164    if (! r.getResultCode().equals(ResultCode.SUCCESS))
165    {
166      throw new LDAPExtendedOperationException(r);
167    }
168  }
169
170
171
172  /**
173   * {@inheritDoc}
174   */
175  @Override()
176  public void processPostAuthenticatedConnection(
177                   @NotNull final LDAPConnection connection)
178         throws LDAPException
179  {
180    // No implementation is required for this post-connect processor.
181  }
182}