001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.extensions; 028 import org.opends.messages.MessageBuilder; 029 030 031 import org.opends.server.types.DirectoryException; 032 import org.opends.server.types.Operation; 033 034 035 036 /** 037 * This interface defines a set of methods that must be implemented by a class 038 * (expected to be a client connection) that can dynamically enable and disable 039 * the TLS connection security provider. This will be used by the StartTLS 040 * extended operation handler to perform the core function of enabling TLS on an 041 * established connection. 042 */ 043 public interface TLSCapableConnection 044 { 045 /** 046 * Indicates whether TLS protection is actually available for the underlying 047 * client connection. If there is any reason that TLS protection cannot be 048 * enabled on this client connection, then it should be appended to the 049 * provided buffer. 050 * 051 * @param unavailableReason The buffer used to hold the reason that TLS is 052 * not available on the underlying client 053 * connection. 054 * 055 * @return <CODE>true</CODE> if TLS is available on the underlying client 056 * connection, or <CODE>false</CODE> if it is not. 057 */ 058 public boolean tlsProtectionAvailable(MessageBuilder unavailableReason); 059 060 061 062 /** 063 * Installs the TLS connection security provider on this client connection. 064 * If an error occurs in the process, then the underlying client connection 065 * must be terminated and an exception must be thrown to indicate the 066 * underlying cause. 067 * 068 * @throws DirectoryException If the TLS connection security provider could 069 * not be enabled and the underlying connection 070 * has been closed. 071 */ 072 public void enableTLSConnectionSecurityProvider() 073 throws DirectoryException; 074 075 076 077 /** 078 * Disables the TLS connection security provider on this client connection. 079 * This must also eliminate any authentication that had been performed on the 080 * client connection so that it is in an anonymous state. If a problem occurs 081 * while attempting to revert the connection to a non-TLS-protected state, 082 * then an exception must be thrown and the client connection must be 083 * terminated. 084 * 085 * @throws DirectoryException If TLS protection cannot be reverted and the 086 * underlying client connection has been closed. 087 */ 088 public void disableTLSConnectionSecurityProvider() 089 throws DirectoryException; 090 091 092 093 /** 094 * Sends a response to the client in the clear rather than through the 095 * encrypted channel. This should only be used when processing the StartTLS 096 * extended operation to send the response in the clear after the SSL 097 * negotiation has already been initiated. 098 * 099 * @param operation The operation for which to send the response in the 100 * clear. 101 * 102 * @throws DirectoryException If a problem occurs while sending the response 103 * in the clear. 104 */ 105 public void sendClearResponse(Operation operation) 106 throws DirectoryException; 107 } 108