javax.naming.ldap

Class StartTlsResponse

  • All Implemented Interfaces:
    Serializable, ExtendedResponse

    public abstract class StartTlsResponse
    extends Object
    implements ExtendedResponse
    This class implements the LDAPv3 Extended Response for StartTLS as defined in Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended response value is defined.

    The Start TLS extended request and response are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked. Typically, a JNDI program uses the StartTLS extended request and response classes as follows.

     import javax.naming.ldap.*;
    
     // Open an LDAP association
     LdapContext ctx = new InitialLdapContext();
    
     // Perform a StartTLS extended operation
     StartTlsResponse tls =
         (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
    
     // Open a TLS connection (over the existing LDAP association) and get details
     // of the negotiated TLS session: cipher suite, peer certificate, ...
     SSLSession session = tls.negotiate();
    
     // ... use ctx to perform protected LDAP operations
    
     // Close the TLS connection (revert back to the underlying LDAP association)
     tls.close();
    
     // ... use ctx to perform unprotected LDAP operations
    
     // Close the LDAP association
     ctx.close;
     
    Since:
    1.4
    See Also:
    StartTlsRequest, Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field and Description
      static String OID
      The StartTLS extended response's assigned object identifier is 1.3.6.1.4.1.1466.20037.

        

    • Constructor Summary

      Constructors 
      Modifier Constructor and Description
      protected StartTlsResponse()
      Constructs a StartTLS extended response.

        

    • Field Detail

      • OID

        public static final String OID
        The StartTLS extended response's assigned object identifier is 1.3.6.1.4.1.1466.20037.
        See Also:
        Constant Field Values
    • Constructor Detail

      • StartTlsResponse

        protected StartTlsResponse()
        Constructs a StartTLS extended response. A concrete subclass must have a public no-arg constructor.
    • Method Detail

      • getID

        public String getID()
        Retrieves the StartTLS response's object identifier string.
        Specified by:
        getID in interface ExtendedResponse
        Returns:
        The object identifier string, "1.3.6.1.4.1.1466.20037".
      • getEncodedValue

        public byte[] getEncodedValue()
        Retrieves the StartTLS response's ASN.1 BER encoded value. Since the response has no defined value, null is always returned.
        Specified by:
        getEncodedValue in interface ExtendedResponse
        Returns:
        The null value.
      • setEnabledCipherSuites

        public abstract void setEnabledCipherSuites(String[] suites)
        Overrides the default list of cipher suites enabled for use on the TLS connection. The cipher suites must have already been listed by SSLSocketFactory.getSupportedCipherSuites() as being supported. Even if a suite has been enabled, it still might not be used because the peer does not support it, or because the requisite certificates (and private keys) are not available.
        Parameters:
        suites - The non-null list of names of all the cipher suites to enable.
        See Also:
        negotiate()
      • setHostnameVerifier

        public abstract void setHostnameVerifier(HostnameVerifier verifier)
        Sets the hostname verifier used by negotiate() after the TLS handshake has completed and the default hostname verification has failed. setHostnameVerifier() must be called before negotiate() is invoked for it to have effect. If called after negotiate(), this method does not do anything.
        Parameters:
        verifier - The non-null hostname verifier callback.
        See Also:
        negotiate()
      • negotiate

        public abstract SSLSession negotiate(SSLSocketFactory factory)
                                      throws IOException
        Negotiates a TLS session using an SSL socket factory.

        Creates an SSL socket using the supplied SSL socket factory and attaches it to the existing connection. Performs the TLS handshake and returns the negotiated session information.

        If cipher suites have been set via setEnabledCipherSuites then they are enabled before the TLS handshake begins.

        Hostname verification is performed after the TLS handshake completes. The default hostname verification performs a match of the server's hostname against the hostname information found in the server's certificate. If this verification fails and no callback has been set via setHostnameVerifier then the negotiation fails. If this verification fails and a callback has been set via setHostnameVerifier, then the callback is used to determine whether the negotiation succeeds.

        If an error occurs then the SSL socket is closed and an IOException is thrown. The underlying connection remains intact.

        Parameters:
        factory - The possibly null SSL socket factory to use. If null, the default SSL socket factory is used.
        Returns:
        The negotiated SSL session
        Throws:
        IOException - If an IO error was encountered while establishing the TLS session.
        See Also:
        setEnabledCipherSuites(java.lang.String[]), setHostnameVerifier(javax.net.ssl.HostnameVerifier)
      • close

        public abstract void close()
                            throws IOException
        Closes the TLS connection gracefully and reverts back to the underlying connection.
        Throws:
        IOException - If an IO error was encountered while closing the TLS connection

Traduction non disponible

Les API Java ne sont pas encore traduites en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.

Version en cache

21/11/2024 21:43:00 Cette version de la page est en cache (à la date du 21/11/2024 21:43:00) afin d'accélérer le traitement. Vous pouvez activer le mode utilisateur dans le menu en haut pour afficher la dernère version de la page.

Document créé le 31/08/2006, dernière modification le 04/03/2020
Source du document imprimé : https://www.gaudry.be/java-api-rf-javax/naming/ldap/starttlsresponse.html

L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.

Références

  1. Consulter le document html Langue du document :fr Manuel PHP : https://docs.oracle.com, StartTlsResponse

Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.

Table des matières Haut