001/*
002 * Copyright 2007-2019 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2008-2019 Ping Identity Corporation
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.ldap.sdk;
022
023
024
025import javax.net.ssl.SSLContext;
026import javax.net.ssl.SSLSocketFactory;
027
028import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
029import com.unboundid.util.NotMutable;
030import com.unboundid.util.ThreadSafety;
031import com.unboundid.util.ThreadSafetyLevel;
032import com.unboundid.util.Validator;
033
034
035
036/**
037 * This class provides an implementation of a post-connect processor that can
038 * be used to perform StartTLS negotiation on an LDAP connection that is
039 * intended to be used in a connection pool.
040 * <BR><BR>
041 * <H2>Example</H2>
042 * The following example demonstrates the use of the StartTLS post-connect
043 * processor to create an LDAP connection pool whose connections are secured
044 * using StartTLS:
045 * <PRE>
046 * // Configure an SSLUtil instance and use it to obtain an SSLContext.
047 * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
048 * SSLContext sslContext = sslUtil.createSSLContext();
049 *
050 * // Establish an insecure connection to the directory server.
051 * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort);
052 *
053 * // Use the StartTLS extended operation to secure the connection.
054 * ExtendedResult startTLSResult = connection.processExtendedOperation(
055 *      new StartTLSExtendedRequest(sslContext));
056 *
057 * // Create a connection pool that will secure its connections with StartTLS.
058 * BindResult bindResult = connection.bind(
059 *      "uid=john.doe,ou=People,dc=example,dc=com", "password");
060 * StartTLSPostConnectProcessor startTLSProcessor =
061 *      new StartTLSPostConnectProcessor(sslContext);
062 * LDAPConnectionPool pool =
063 *      new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
064 *
065 * // Verify that we can use the pool to communicate with the directory server.
066 * RootDSE rootDSE = pool.getRootDSE();
067 *
068 * // Close the connection pool.
069 * pool.close();
070 * </PRE>
071 */
072@NotMutable()
073@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
074public final class StartTLSPostConnectProcessor
075       implements PostConnectProcessor
076{
077  // The SSL context to use to perform the negotiation.
078  private final SSLContext sslContext;
079
080  // The SSL socket factory to create the secure connection.
081  private final SSLSocketFactory sslSocketFactory;
082
083
084
085  /**
086   * Creates a new instance of this StartTLS post-connect processor that will
087   * use the provided SSL context.
088   *
089   * @param  sslContext  The SSL context to use to perform the StartTLS
090   *                     negotiation.  It must not be {@code null}.
091   */
092  public StartTLSPostConnectProcessor(final SSLContext sslContext)
093  {
094    Validator.ensureNotNull(sslContext);
095
096    this.sslContext = sslContext;
097    sslSocketFactory = null;
098  }
099
100
101
102  /**
103   * Creates a new instance of this StartTLS post-connect processor that will
104   * use the provided SSL context.
105   *
106   * @param  sslSocketFactory  The SSL socket factory to use to create the
107   *                           TLS-secured socket.  It must not be {@code null}.
108   */
109  public StartTLSPostConnectProcessor(final SSLSocketFactory sslSocketFactory)
110  {
111    Validator.ensureNotNull(sslSocketFactory);
112
113    this.sslSocketFactory = sslSocketFactory;
114    sslContext = null;
115  }
116
117
118
119  /**
120   * {@inheritDoc}
121   */
122  @Override()
123  public void processPreAuthenticatedConnection(final LDAPConnection connection)
124         throws LDAPException
125  {
126    final StartTLSExtendedRequest startTLSRequest;
127    if (sslContext == null)
128    {
129      startTLSRequest = new StartTLSExtendedRequest(sslSocketFactory);
130    }
131    else
132    {
133      startTLSRequest = new StartTLSExtendedRequest(sslContext);
134    }
135
136    // Since the StartTLS processing will occur during the course of
137    // establishing the connection for use in the pool, set the connect timeout
138    // for the operation to be equal to the connect timeout from the connection
139    // options.
140    final LDAPConnectionOptions opts = connection.getConnectionOptions();
141    startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
142
143    final ExtendedResult r =
144         connection.processExtendedOperation(startTLSRequest);
145    if (! r.getResultCode().equals(ResultCode.SUCCESS))
146    {
147      throw new LDAPExtendedOperationException(r);
148    }
149  }
150
151
152
153  /**
154   * {@inheritDoc}
155   */
156  @Override()
157  public void processPostAuthenticatedConnection(
158                   final LDAPConnection connection)
159         throws LDAPException
160  {
161    // No implementation is required for this post-connect processor.
162  }
163}