001 /*
002 * Copyright 2007-2013 UnboundID Corp.
003 * All Rights Reserved.
004 */
005 /*
006 * Copyright (C) 2008-2013 UnboundID Corp.
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021 package com.unboundid.ldap.sdk;
022
023
024
025 import javax.net.ssl.SSLContext;
026
027 import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
028 import com.unboundid.util.NotMutable;
029 import com.unboundid.util.ThreadSafety;
030 import com.unboundid.util.ThreadSafetyLevel;
031
032 import static com.unboundid.util.Validator.*;
033
034
035
036 /**
037 * This class provides an implementation of a post-connect processor that can
038 * be used to perform StartTLS negotiation on an LDAP connection that is
039 * intended to be used in a connection pool.
040 * <BR><BR>
041 * <H2>Example</H2>
042 * The following example demonstrates the use of the StartTLS post-connect
043 * processor to create an LDAP connection pool whose connections are secured
044 * using StartTLS:
045 * <PRE>
046 * SSLUtil sslUtil =
047 * new SSLUtil(new TrustStoreTrustManager("/my/trust/store/file"));
048 * SSLContext sslContext = sslUtil.createSSLContext();
049 *
050 * LDAPConnection connection = new LDAPConnection("server.example.com", 389);
051 * ExtendedResult startTLSResult = connection.processExtendedOperation(
052 * new StartTLSExtendedRequest(sslContext);
053 * BindResult bindResult = connection.bind(
054 * "uid=john.doe,ou=People,dc=example,dc=com", "password");
055 *
056 * StartTLSPostConnectProcessor startTLSProcessor =
057 * new StartTLSPostConnectProcessor(sslContext);
058 * LDAPConnectionPool pool =
059 * new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
060 * </PRE>
061 */
062 @NotMutable()
063 @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
064 public final class StartTLSPostConnectProcessor
065 implements PostConnectProcessor
066 {
067 // The SSL context to use to perform the negotiation.
068 private final SSLContext sslContext;
069
070
071
072 /**
073 * Creates a new instance of this StartTLS post-connect processor that will
074 * use the provided SSL context.
075 *
076 * @param sslContext The SSL context to use to perform the StartTLS
077 * negotiation. It must not be {@code null}.
078 */
079 public StartTLSPostConnectProcessor(final SSLContext sslContext)
080 {
081 ensureNotNull(sslContext);
082
083 this.sslContext = sslContext;
084 }
085
086
087
088 /**
089 * {@inheritDoc}
090 */
091 public void processPreAuthenticatedConnection(final LDAPConnection connection)
092 throws LDAPException
093 {
094 final ExtendedResult r = connection.processExtendedOperation(
095 new StartTLSExtendedRequest(sslContext));
096 if (! r.getResultCode().equals(ResultCode.SUCCESS))
097 {
098 throw new LDAPException(r);
099 }
100 }
101
102
103
104 /**
105 * {@inheritDoc}
106 */
107 public void processPostAuthenticatedConnection(
108 final LDAPConnection connection)
109 throws LDAPException
110 {
111 // No implementation is required for this post-connect processor.
112 }
113 }