public abstract class StartTlsResponse extends Object implements ExtendedResponse
The Start TLS extended request and response are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked. Typically, a JNDI program uses the StartTLS extended request and response classes as follows.
import javax.naming.ldap.*; // Open an LDAP association LdapContext ctx = new InitialLdapContext(); // Perform a StartTLS extended operation StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest()); // Open a TLS connection (over the existing LDAP association) and get details // of the negotiated TLS session: cipher suite, peer certificate, ... SSLSession session = tls.negotiate(); // ... use ctx to perform protected LDAP operations // Close the TLS connection (revert back to the underlying LDAP association) tls.close(); // ... use ctx to perform unprotected LDAP operations // Close the LDAP association ctx.close;
StartTlsRequest
,
Serialized FormModifier and Type | Field and Description |
---|---|
static String |
OID
The StartTLS extended response's assigned object identifier
is 1.3.6.1.4.1.1466.20037.
|
Modifier | Constructor and Description |
---|---|
protected |
StartTlsResponse()
Constructs a StartTLS extended response.
|
Modifier and Type | Method and Description |
---|---|
abstract void |
close()
Closes the TLS connection gracefully and reverts back to the underlying
connection.
|
byte[] |
getEncodedValue()
Retrieves the StartTLS response's ASN.1 BER encoded value.
|
String |
getID()
Retrieves the StartTLS response's object identifier string.
|
abstract SSLSession |
negotiate()
Negotiates a TLS session using the default SSL socket factory.
|
abstract SSLSession |
negotiate(SSLSocketFactory factory)
Negotiates a TLS session using an SSL socket factory.
|
abstract void |
setEnabledCipherSuites(String[] suites)
Overrides the default list of cipher suites enabled for use on the
TLS connection.
|
abstract void |
setHostnameVerifier(HostnameVerifier verifier)
Sets the hostname verifier used by negotiate()
after the TLS handshake has completed and the default hostname
verification has failed.
|
public static final String OID
protected StartTlsResponse()
public String getID()
getID
in interface ExtendedResponse
public byte[] getEncodedValue()
getEncodedValue
in interface ExtendedResponse
public abstract void setEnabledCipherSuites(String[] suites)
suites
- The non-null list of names of all the cipher suites to
enable.negotiate()
public abstract void setHostnameVerifier(HostnameVerifier verifier)
verifier
- The non-null hostname verifier callback.negotiate()
public abstract SSLSession negotiate() throws IOException
This method is equivalent to negotiate(null).
IOException
- If an IO error was encountered while establishing
the TLS session.setEnabledCipherSuites(java.lang.String[])
,
setHostnameVerifier(javax.net.ssl.HostnameVerifier)
public abstract SSLSession negotiate(SSLSocketFactory factory) throws IOException
Creates an SSL socket using the supplied SSL socket factory and attaches it to the existing connection. Performs the TLS handshake and returns the negotiated session information.
If cipher suites have been set via setEnabledCipherSuites then they are enabled before the TLS handshake begins.
Hostname verification is performed after the TLS handshake completes. The default hostname verification performs a match of the server's hostname against the hostname information found in the server's certificate. If this verification fails and no callback has been set via setHostnameVerifier then the negotiation fails. If this verification fails and a callback has been set via setHostnameVerifier, then the callback is used to determine whether the negotiation succeeds.
If an error occurs then the SSL socket is closed and an IOException is thrown. The underlying connection remains intact.
factory
- The possibly null SSL socket factory to use.
If null, the default SSL socket factory is used.IOException
- If an IO error was encountered while establishing
the TLS session.setEnabledCipherSuites(java.lang.String[])
,
setHostnameVerifier(javax.net.ssl.HostnameVerifier)
public abstract void close() throws IOException
IOException
- If an IO error was encountered while closing the
TLS connection Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2011, Oracle and/or its affiliates. All rights reserved.
DRAFT ea-b138