org.opends.server.extensions
Interface TLSCapableConnection

All Known Implementing Classes:
LDAPClientConnection

public interface TLSCapableConnection

This interface defines a set of methods that must be implemented by a class (expected to be a client connection) that can dynamically enable and disable the TLS connection security provider. This will be used by the StartTLS extended operation handler to perform the core function of enabling TLS on an established connection.


Method Summary
 void disableTLSConnectionSecurityProvider()
          Disables the TLS connection security provider on this client connection.
 void enableTLSConnectionSecurityProvider()
          Installs the TLS connection security provider on this client connection.
 void sendClearResponse(Operation operation)
          Sends a response to the client in the clear rather than through the encrypted channel.
 boolean tlsProtectionAvailable(MessageBuilder unavailableReason)
          Indicates whether TLS protection is actually available for the underlying client connection.
 

Method Detail

tlsProtectionAvailable

boolean tlsProtectionAvailable(MessageBuilder unavailableReason)
Indicates whether TLS protection is actually available for the underlying client connection. If there is any reason that TLS protection cannot be enabled on this client connection, then it should be appended to the provided buffer.

Parameters:
unavailableReason - The buffer used to hold the reason that TLS is not available on the underlying client connection.
Returns:
true if TLS is available on the underlying client connection, or false if it is not.

enableTLSConnectionSecurityProvider

void enableTLSConnectionSecurityProvider()
                                         throws DirectoryException
Installs the TLS connection security provider on this client connection. If an error occurs in the process, then the underlying client connection must be terminated and an exception must be thrown to indicate the underlying cause.

Throws:
DirectoryException - If the TLS connection security provider could not be enabled and the underlying connection has been closed.

disableTLSConnectionSecurityProvider

void disableTLSConnectionSecurityProvider()
                                          throws DirectoryException
Disables the TLS connection security provider on this client connection. This must also eliminate any authentication that had been performed on the client connection so that it is in an anonymous state. If a problem occurs while attempting to revert the connection to a non-TLS-protected state, then an exception must be thrown and the client connection must be terminated.

Throws:
DirectoryException - If TLS protection cannot be reverted and the underlying client connection has been closed.

sendClearResponse

void sendClearResponse(Operation operation)
                       throws DirectoryException
Sends a response to the client in the clear rather than through the encrypted channel. This should only be used when processing the StartTLS extended operation to send the response in the clear after the SSL negotiation has already been initiated.

Parameters:
operation - The operation for which to send the response in the clear.
Throws:
DirectoryException - If a problem occurs while sending the response in the clear.