From cbc64bf726c6178e8850fef01ccbac23d38cadbd Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Mon, 17 Dec 2012 16:36:07 +0000
Subject: [PATCH] Fix OPENDJ-666: Expose SSLSession in LDAPClientContext
---
opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java | 23 ++++++++++++-----------
opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/LDAPClientContext.java | 21 ++++++++++++++++++---
2 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java b/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java
index a108882..6e89798 100644
--- a/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java
+++ b/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java
@@ -35,6 +35,7 @@
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSession;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConnectionSecurityLayer;
@@ -235,24 +236,24 @@
@Override
public int getSecurityStrengthFactor() {
- int ssf = 0;
- final SSLEngine sslEngine = SSLUtils.getSSLEngine(connection);
- if (sslEngine != null) {
- final String cipherString = sslEngine.getSession().getCipherSuite();
+ final SSLSession sslSession = getSSLSession();
+ if (sslSession != null) {
+ final String cipherString = sslSession.getCipherSuite();
for (final Object[] cipher : CIPHER_KEY_SIZES) {
if (cipherString.indexOf((String) cipher[0]) >= 0) {
- ssf = (Integer) cipher[1];
- break;
+ return (Integer) cipher[1];
}
}
}
-
- return ssf;
+ return 0;
}
- /**
- * {@inheritDoc}
- */
+ @Override
+ public SSLSession getSSLSession() {
+ final SSLEngine sslEngine = SSLUtils.getSSLEngine(connection);
+ return sslEngine != null ? sslEngine.getSession() : null;
+ }
+
@Override
public boolean isClosed() {
return isClosed.get();
diff --git a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/LDAPClientContext.java b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/LDAPClientContext.java
index 7575ea0..d3491ad 100644
--- a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/LDAPClientContext.java
+++ b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/LDAPClientContext.java
@@ -30,6 +30,7 @@
import java.net.InetSocketAddress;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
import org.forgerock.opendj.ldap.responses.ExtendedResult;
@@ -82,15 +83,29 @@
InetSocketAddress getPeerAddress();
/**
- * Returns the strongest cipher strength currently in use by the underlying
- * connection.
+ * Returns the cipher strength, in bits, currently in use by the underlying
+ * connection. This value is analogous to the
+ * {@code javax.servlet.request.key_size} property defined in the Servlet
+ * specification (section 3.8 "SSL Attributes"). It provides no indication
+ * of the relative strength of different cipher algorithms, their known
+ * weaknesses, nor the strength of other cryptographic information used
+ * during SSL/TLS negotiation.
*
- * @return The strongest cipher strength currently in use by the underlying
+ * @return The cipher strength, in bits, currently in use by the underlying
* connection.
*/
int getSecurityStrengthFactor();
/**
+ * Returns the SSL session currently in use by the underlying connection, or
+ * {@code null} if SSL/TLS is not enabled.
+ *
+ * @return The SSL session currently in use by the underlying connection, or
+ * {@code null} if SSL/TLS is not enabled.
+ */
+ SSLSession getSSLSession();
+
+ /**
* Returns {@code true} if the underlying connection has been closed as a
* result of a client disconnect, a fatal connection error, or a server-side
* {@link #disconnect}.
--
Gitblit v1.10.0