|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.api.ConnectionSecurityProvider
org.opends.server.extensions.TLSConnectionSecurityProvider
public class TLSConnectionSecurityProvider
This class provides an implementation of a connection security provider that
uses SSL/TLS to encrypt the communication to and from the client. It uses
the javax.net.ssl.SSLEngine
class to provide the actual SSL
communication layer, and the Directory Server key and trust store providers
to determine which key and trust stores to use.
Constructor Summary | |
---|---|
TLSConnectionSecurityProvider()
Creates a new instance of this connection security provider. |
Method Summary | |
---|---|
void |
disconnect(boolean connectionValid)
Indicates that the associated client connection is being closed and that this security provider should perform any necessary processing to deal with that. |
void |
finalizeConnectionSecurityProvider()
Performs any finalization that may be necessary for this connection security provider. |
int |
getClearBufferSize()
Retrieves the size in bytes that the client should use for the byte buffer meant to hold clear-text data read from or to be written to the client. |
java.security.cert.Certificate[] |
getClientCertificateChain()
Retrieves the certificate chain that the client presented to the server during the handshake process. |
java.lang.String[] |
getEnabledCipherSuites()
Retrieves the set of SSL cipher suites that will be allowed. |
java.lang.String[] |
getEnabledProtocols()
Retrieves the set of SSL protocols that will be allowed. |
int |
getEncodedBufferSize()
Retrieves the size in bytes that the client should use for the byte buffer meant to hold encoded data read from or to be written to the client. |
java.lang.String |
getSecurityMechanismName()
Retrieves the name used to identify this security mechanism. |
SSLClientAuthPolicy |
getSSLClientAuthPolicy()
Retrieves the policy that should be used for SSL client authentication. |
javax.net.ssl.SSLSession |
getSSLSession()
Retrieves the SSL session associated with this client connection. |
void |
initializeConnectionSecurityProvider(ConfigEntry configEntry)
Initializes this connection security provider using the information in the provided configuration entry. |
boolean |
isSecure()
Indicates whether client connections using this connection security provider should be considered secure. |
ConnectionSecurityProvider |
newInstance(ClientConnection clientConnection,
java.nio.channels.SocketChannel socketChannel)
Creates a new instance of this connection security provider that will be used to encode and decode all communication on the provided client connection. |
boolean |
readData()
Reads data from a client connection, performing any necessary negotiation in the process. |
void |
setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)
Specifies the set of SSL cipher suites that will be allowed. |
void |
setEnabledProtocols(java.lang.String[] enabledProtocols)
Specifies the set of SSL protocols that will be allowed. |
void |
setSSLClientAuthPolicy(SSLClientAuthPolicy sslClientAuthPolicy)
Specifies the policy that should be used for SSL client authentication. |
boolean |
writeData(java.nio.ByteBuffer clearData)
Writes the data contained in the provided clear-text buffer to the client, performing any necessary encoding in the process. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public TLSConnectionSecurityProvider()
initializeConnectionSecurityProvider
method. Also note that this
instance should only be used to create new instances that are associated
with specific client connections. This instance itself should not be used
to attempt secure communication with the client.
Method Detail |
---|
public void initializeConnectionSecurityProvider(ConfigEntry configEntry) throws ConfigException, InitializationException
initializeConnectionSecurityProvider
in class ConnectionSecurityProvider
configEntry
- The entry that contains the configuration
for this connection security provider.
ConfigException
- If the provided entry does not contain
an acceptable configuration for this
security provider.
InitializationException
- If a problem occurs during
initialization that is not
related to the provided
configuration.public void finalizeConnectionSecurityProvider()
finalizeConnectionSecurityProvider
in class ConnectionSecurityProvider
public java.lang.String getSecurityMechanismName()
getSecurityMechanismName
in class ConnectionSecurityProvider
public boolean isSecure()
isSecure
in class ConnectionSecurityProvider
true
if client connections using this connection
security provider should be considered secure, or
false
if not.public ConnectionSecurityProvider newInstance(ClientConnection clientConnection, java.nio.channels.SocketChannel socketChannel) throws DirectoryException
newInstance
in class ConnectionSecurityProvider
clientConnection
- The client connection with which this
security provider will be associated.socketChannel
- The socket channel that may be used to
communicate with the client.
DirectoryException
- If a problem occurs while creating a
new instance of this security
provider for the given client
connection.public void disconnect(boolean connectionValid)
disconnect
in class ConnectionSecurityProvider
connectionValid
- Indicates whether the Directory Server
believes that the client connection is
still valid and may be used for
communication with the client. Note
that this may be inaccurate, or that the
state of the connection may change
during the course of this method, so the
security provider must be able to handle
failures if they arise.public int getClearBufferSize()
getClearBufferSize
in class ConnectionSecurityProvider
public int getEncodedBufferSize()
getEncodedBufferSize
in class ConnectionSecurityProvider
public boolean readData()
ClientConnection.processDataRead
method.
readData
in class ConnectionSecurityProvider
true
if all the data in the provided buffer was
processed and the client connection can remain
established, or false
if a decoding error
occurred and requests from this client should no longer
be processed. Note that if this method does return
false
, then it must have already disconnected
the client.public boolean writeData(java.nio.ByteBuffer clearData)
getClearBufferSize
method.
When this method returns, the provided buffer should be in its
original state with regard to the position and limit.
writeData
in class ConnectionSecurityProvider
clearData
- The buffer containing the clear-text data to
write to the client.
true
if all the data in the provided buffer was
written to the client and the connection may remain
established, or false
if a problem occurred and
the client connection is no longer valid. Note that if
this method does return false
, then it must have
already disconnected the client.public java.lang.String[] getEnabledProtocols()
null
if
the default set will be used.public void setEnabledProtocols(java.lang.String[] enabledProtocols)
enabledProtocols
- The set of SSL protocols that will be allowed, or
null
if the default set will be used.public java.lang.String[] getEnabledCipherSuites()
public void setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)
enabledCipherSuites
- The set of SSL cipher suites that will be
allowed.public SSLClientAuthPolicy getSSLClientAuthPolicy()
public void setSSLClientAuthPolicy(SSLClientAuthPolicy sslClientAuthPolicy)
sslClientAuthPolicy
- The policy that should be used for SSL client
authentication.public javax.net.ssl.SSLSession getSSLSession()
public java.security.cert.Certificate[] getClientCertificateChain()
null
if the client did
not present a certificate.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |