/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.extensions;
import org.opends.messages.MessageBuilder;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Operation;
/**
* This interface defines a set of methods that must be implemented by a class
* (expected to be a client connection) that can dynamically enable and disable
* the TLS connection security provider. This will be used by the StartTLS
* extended operation handler to perform the core function of enabling TLS on an
* established connection.
*/
public interface TLSCapableConnection
{
/**
* Indicates whether TLS protection is actually available for the underlying
* client connection. If there is any reason that TLS protection cannot be
* enabled on this client connection, then it should be appended to the
* provided buffer.
*
* @param unavailableReason The buffer used to hold the reason that TLS is
* not available on the underlying client
* connection.
*
* @return true if TLS is available on the underlying client
* connection, or false if it is not.
*/
public boolean tlsProtectionAvailable(MessageBuilder unavailableReason);
/**
* Installs the TLS connection security provider on this client connection.
* If an error occurs in the process, then the underlying client connection
* must be terminated and an exception must be thrown to indicate the
* underlying cause.
*
* @throws DirectoryException If the TLS connection security provider could
* not be enabled and the underlying connection
* has been closed.
*/
public void enableTLSConnectionSecurityProvider()
throws DirectoryException;
/**
* Disables the TLS connection security provider on this client connection.
* This must also eliminate any authentication that had been performed on the
* client connection so that it is in an anonymous state. If a problem occurs
* while attempting to revert the connection to a non-TLS-protected state,
* then an exception must be thrown and the client connection must be
* terminated.
*
* @throws DirectoryException If TLS protection cannot be reverted and the
* underlying client connection has been closed.
*/
public void disableTLSConnectionSecurityProvider()
throws DirectoryException;
/**
* Sends a response to the client in the clear rather than through the
* encrypted channel. This should only be used when processing the StartTLS
* extended operation to send the response in the clear after the SSL
* negotiation has already been initiated.
*
* @param operation The operation for which to send the response in the
* clear.
*
* @throws DirectoryException If a problem occurs while sending the response
* in the clear.
*/
public void sendClearResponse(Operation operation)
throws DirectoryException;
}