/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2010 Sun Microsystems, Inc.
|
* Portions copyright 2012 ForgeRock AS.
|
*/
|
|
package org.forgerock.opendj.ldap.requests;
|
|
import java.util.List;
|
|
import javax.net.ssl.SSLContext;
|
|
import org.forgerock.opendj.ldap.ByteString;
|
import org.forgerock.opendj.ldap.DecodeException;
|
import org.forgerock.opendj.ldap.DecodeOptions;
|
import org.forgerock.opendj.ldap.controls.Control;
|
import org.forgerock.opendj.ldap.controls.ControlDecoder;
|
import org.forgerock.opendj.ldap.responses.ExtendedResult;
|
import org.forgerock.opendj.ldap.responses.ExtendedResultDecoder;
|
|
/**
|
* The start TLS extended request as defined in RFC 4511. The Start Transport
|
* Layer Security (StartTLS) operation's purpose is to initiate installation of
|
* a TLS layer.
|
* <p>
|
* Use an {@link org.forgerock.opendj.ldap.SSLContextBuilder SSLContextBuilder}
|
* when setting up LDAP options needed to use StartTLS.
|
* {@link org.forgerock.opendj.ldap.TrustManagers TrustManagers} has methods you
|
* can use to set the trust manager for the SSL context builder.
|
*
|
* <pre>
|
* LDAPOptions options = new LDAPOptions();
|
* SSLContext sslContext =
|
* new SSLContextBuilder().setTrustManager(...).getSSLContext();
|
* options.setSSLContext(sslContext);
|
* options.setUseStartTLS(true);
|
*
|
* String host = ...;
|
* int port = ...;
|
* LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port, options);
|
* Connection connection = factory.getConnection();
|
* // Connection uses StartTLS...
|
* </pre>
|
*
|
* @see <a href="http://tools.ietf.org/html/rfc4511">RFC 4511 - Lightweight
|
* Directory Access Protocol (LDAP): The Protocol </a>
|
*/
|
public interface StartTLSExtendedRequest extends ExtendedRequest<ExtendedResult> {
|
|
/**
|
* A decoder which can be used to decode start TLS extended operation
|
* requests.
|
*/
|
public static final ExtendedRequestDecoder<StartTLSExtendedRequest, ExtendedResult> DECODER =
|
new StartTLSExtendedRequestImpl.RequestDecoder();
|
|
/**
|
* The OID for the start TLS extended operation request.
|
*/
|
public static final String OID = "1.3.6.1.4.1.1466.20037";
|
|
@Override
|
StartTLSExtendedRequest addControl(Control control);
|
|
/**
|
* Adds the cipher suites enabled for secure connections with the Directory
|
* Server. The suites must be supported by the SSLContext specified in
|
* {@link #setSSLContext(SSLContext)}. Following a successful call to this
|
* method, only the suites listed in the protocols parameter are enabled for
|
* use.
|
*
|
* @param suites
|
* Names of all the suites to enable.
|
* @return A reference to this LDAP connection options.
|
* @throws UnsupportedOperationException
|
* If this start TLS extended request does not permit the
|
* enabled cipher suites to be set.
|
*/
|
StartTLSExtendedRequest addEnabledCipherSuite(String... suites);
|
|
/**
|
* Adds the protocol versions enabled for secure connections with the
|
* Directory Server. The protocols must be supported by the SSLContext
|
* specified in {@link #setSSLContext(SSLContext)}. Following a successful
|
* call to this method, only the protocols listed in the protocols parameter
|
* are enabled for use.
|
*
|
* @param protocols
|
* Names of all the protocols to enable.
|
* @return A reference to this LDAP connection options.
|
* @throws UnsupportedOperationException
|
* If this start TLS extended request does not permit the
|
* enabled protocols to be set.
|
*/
|
StartTLSExtendedRequest addEnabledProtocol(String... protocols);
|
|
@Override
|
<C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options)
|
throws DecodeException;
|
|
@Override
|
List<Control> getControls();
|
|
/**
|
* Returns the names of the protocol versions which are currently enabled
|
* for secure connections with the Directory Server.
|
*
|
* @return an array of protocols or empty set if the default protocols are
|
* to be used.
|
*/
|
List<String> getEnabledCipherSuites();
|
|
/**
|
* Returns the names of the protocol versions which are currently enabled
|
* for secure connections with the Directory Server.
|
*
|
* @return an array of protocols or empty set if the default protocols are
|
* to be used.
|
*/
|
List<String> getEnabledProtocols();
|
|
@Override
|
String getOID();
|
|
@Override
|
ExtendedResultDecoder<ExtendedResult> getResultDecoder();
|
|
/**
|
* Returns the SSLContext that should be used when installing the TLS layer.
|
*
|
* @return The SSLContext that should be used when installing the TLS layer.
|
*/
|
SSLContext getSSLContext();
|
|
@Override
|
ByteString getValue();
|
|
@Override
|
boolean hasValue();
|
|
/**
|
* Sets the SSLContext that should be used when installing the TLS layer.
|
*
|
* @param sslContext
|
* The SSLContext that should be used when installing the TLS
|
* layer.
|
* @return This startTLS request.
|
*/
|
StartTLSExtendedRequest setSSLContext(SSLContext sslContext);
|
}
|
