| java.lang.Object | ||
| ↳ | javax.naming.ldap.StartTlsResponse | |
| ↳ | com.sun.jndi.ldap.ext.StartTlsResponseImpl | |
Class Overview
This class implements the LDAPv3 Extended Response for StartTLS as defined in Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended response value is defined.
The Start TLS extended request and response are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked.
See Also
Summary
|
[Expand]
Inherited Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
 From class
javax.naming.ldap.StartTlsResponse
| |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Closes the TLS connection gracefully and reverts back to the underlying
connection.
| |||||||||||
Negotiates a TLS session using the default SSL socket factory.
| |||||||||||
Negotiates a TLS session using an SSL socket factory.
| |||||||||||
Sets the connection for TLS to use.
| |||||||||||
Overrides the default list of cipher suites enabled for use on the
TLS connection.
| |||||||||||
Overrides the default hostname verifier used by negotiate()
after the TLS handshake has completed.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
javax.naming.ldap.StartTlsResponse
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
javax.naming.ldap.ExtendedResponse
| |||||||||||
Public Constructors
public StartTlsResponseImpl ()
Public Methods
public void close ()
Closes the TLS connection gracefully and reverts back to the underlying connection.
Throws
| IOException |
|---|
public SSLSession negotiate ()
Negotiates a TLS session using the default SSL socket factory.
This method is equivalent to negotiate(null).
Returns
- The negotiated SSL session
Throws
| IOException |
|---|
public SSLSession negotiate (SSLSocketFactory factory)
Negotiates a TLS session using an SSL socket factory.
Creates an SSL socket using the supplied SSL socket factory and attaches it to the existing connection. Performs the TLS handshake and returns the negotiated session information.
If cipher suites have been set via setEnabledCipherSuites then they are enabled before the TLS handshake begins.
Hostname verification is performed after the TLS handshake completes. The default check performs a case insensitive match of the server's hostname against that in the server's certificate. The server's hostname is extracted from the subjectAltName in the server's certificate (if present). Otherwise the value of the common name attribute of the subject name is used. If a callback has been set via setHostnameVerifier then that verifier is used if the default check fails.
If an error occurs then the SSL socket is closed and an IOException is thrown. The underlying connection remains intact.
Parameters
| factory | The possibly null SSL socket factory to use. If null, the default SSL socket factory is used. |
|---|
Returns
- The negotiated SSL session
Throws
| IOException |
|---|
public void setConnection (Connection ldapConnection, String hostname)
Sets the connection for TLS to use. The TLS connection will be attached to this connection.
Parameters
| ldapConnection | The non-null connection to use. |
|---|---|
| hostname | The server's hostname. If null, the hostname used to open the connection will be used instead. |
public void setEnabledCipherSuites (String[] suites)
Overrides the default list of cipher suites enabled for use on the TLS connection. The cipher suites must have already been listed by SSLSocketFactory.getSupportedCipherSuites() as being supported. Even if a suite has been enabled, it still might not be used because the peer does not support it, or because the requisite certificates (and private keys) are not available.
Parameters
| suites | The non-null list of names of all the cipher suites to enable. |
|---|
See Also
public void setHostnameVerifier (HostnameVerifier verifier)
Overrides the default hostname verifier used by negotiate() after the TLS handshake has completed. If setHostnameVerifier() has not been called before negotiate() is invoked, negotiate() will perform a simple case ignore match. If called after negotiate(), this method does not do anything.
Parameters
| verifier | The non-null hostname verifier callback. |
|---|