001    /*
002     * Copyright 2007-2014 UnboundID Corp.
003     * All Rights Reserved.
004     */
005    /*
006     * Copyright (C) 2008-2014 UnboundID Corp.
007     *
008     * This program is free software; you can redistribute it and/or modify
009     * it under the terms of the GNU General Public License (GPLv2 only)
010     * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011     * as published by the Free Software Foundation.
012     *
013     * This program is distributed in the hope that it will be useful,
014     * but WITHOUT ANY WARRANTY; without even the implied warranty of
015     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016     * GNU General Public License for more details.
017     *
018     * You should have received a copy of the GNU General Public License
019     * along with this program; if not, see <http://www.gnu.org/licenses>.
020     */
021    package com.unboundid.ldap.sdk;
022    
023    
024    
025    import javax.net.ssl.SSLContext;
026    
027    import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
028    import com.unboundid.util.NotMutable;
029    import com.unboundid.util.ThreadSafety;
030    import com.unboundid.util.ThreadSafetyLevel;
031    
032    import static com.unboundid.util.Validator.*;
033    
034    
035    
036    /**
037     * This class provides an implementation of a post-connect processor that can
038     * be used to perform StartTLS negotiation on an LDAP connection that is
039     * intended to be used in a connection pool.
040     * <BR><BR>
041     * <H2>Example</H2>
042     * The following example demonstrates the use of the StartTLS post-connect
043     * processor to create an LDAP connection pool whose connections are secured
044     * using StartTLS:
045     * <PRE>
046     * // Configure an SSLUtil instance and use it to obtain an SSLContext.
047     * SSLUtil sslUtil = new SSLUtil(new TrustStoreTrustManager(trustStorePath));
048     * SSLContext sslContext = sslUtil.createSSLContext();
049     *
050     * // Establish an insecure connection to the directory server.
051     * LDAPConnection connection = new LDAPConnection(serverAddress, nonSSLPort);
052     *
053     * // Use the StartTLS extended operation to secure the connection.
054     * ExtendedResult startTLSResult = connection.processExtendedOperation(
055     *      new StartTLSExtendedRequest(sslContext));
056     *
057     * // Create a connection pool that will secure its connections with StartTLS.
058     * BindResult bindResult = connection.bind(
059     *      "uid=john.doe,ou=People,dc=example,dc=com", "password");
060     * StartTLSPostConnectProcessor startTLSProcessor =
061     *      new StartTLSPostConnectProcessor(sslContext);
062     * LDAPConnectionPool pool =
063     *      new LDAPConnectionPool(connection, 1, 10, startTLSProcessor);
064     *
065     * // Verify that we can use the pool to communicate with the directory server.
066     * RootDSE rootDSE = pool.getRootDSE();
067     *
068     * // Close the connection pool.
069     * pool.close();
070     * </PRE>
071     */
072    @NotMutable()
073    @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
074    public final class StartTLSPostConnectProcessor
075           implements PostConnectProcessor
076    {
077      // The SSL context to use to perform the negotiation.
078      private final SSLContext sslContext;
079    
080    
081    
082      /**
083       * Creates a new instance of this StartTLS post-connect processor that will
084       * use the provided SSL context.
085       *
086       * @param  sslContext  The SSL context to use to perform the StartTLS
087       *                     negotiation.  It must not be {@code null}.
088       */
089      public StartTLSPostConnectProcessor(final SSLContext sslContext)
090      {
091        ensureNotNull(sslContext);
092    
093        this.sslContext = sslContext;
094      }
095    
096    
097    
098      /**
099       * {@inheritDoc}
100       */
101      public void processPreAuthenticatedConnection(final LDAPConnection connection)
102             throws LDAPException
103      {
104        final StartTLSExtendedRequest startTLSRequest =
105             new StartTLSExtendedRequest(sslContext);
106    
107        // Since the StartTLS processing will occur during the course of
108        // establishing the connection for use in the pool, set the connect timeout
109        // for the operation to be equal to the connect timeout from the connection
110        // options.
111        final LDAPConnectionOptions opts = connection.getConnectionOptions();
112        startTLSRequest.setResponseTimeoutMillis(opts.getConnectTimeoutMillis());
113    
114        final ExtendedResult r =
115             connection.processExtendedOperation(startTLSRequest);
116        if (! r.getResultCode().equals(ResultCode.SUCCESS))
117        {
118          throw new LDAPException(r);
119        }
120      }
121    
122    
123    
124      /**
125       * {@inheritDoc}
126       */
127      public void processPostAuthenticatedConnection(
128                       final LDAPConnection connection)
129             throws LDAPException
130      {
131        // No implementation is required for this post-connect processor.
132      }
133    }