< prev index next >
src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java
Print this page
*** 50,63 ****
* Access Protocol (v3): Extension for Transport Layer Security</a>
*
* The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037
* and no extended response value is defined.
*
! *<p>
* The Start TLS extended request and response are used to establish
* a TLS connection over the existing LDAP connection associated with
! * the JNDI context on which <tt>extendedOperation()</tt> is invoked.
*
* @see StartTlsRequest
* @author Vincent Ryan
*/
final public class StartTlsResponseImpl extends StartTlsResponse {
--- 50,63 ----
* Access Protocol (v3): Extension for Transport Layer Security</a>
*
* The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037
* and no extended response value is defined.
*
! * <p>
* The Start TLS extended request and response are used to establish
* a TLS connection over the existing LDAP connection associated with
! * the JNDI context on which {@code extendedOperation()} is invoked.
*
* @see StartTlsRequest
* @author Vincent Ryan
*/
final public class StartTlsResponseImpl extends StartTlsResponse {
*** 122,132 ****
public StartTlsResponseImpl() {}
/**
* Overrides the default list of cipher suites enabled for use on the
* TLS connection. The cipher suites must have already been listed by
! * <tt>SSLSocketFactory.getSupportedCipherSuites()</tt> as being supported.
* Even if a suite has been enabled, it still might not be used because
* the peer does not support it, or because the requisite certificates
* (and private keys) are not available.
*
* @param suites The non-null list of names of all the cipher suites to
--- 122,132 ----
public StartTlsResponseImpl() {}
/**
* Overrides the default list of cipher suites enabled for use on the
* TLS connection. The cipher suites must have already been listed by
! * {@code SSLSocketFactory.getSupportedCipherSuites()} as being supported.
* Even if a suite has been enabled, it still might not be used because
* the peer does not support it, or because the requisite certificates
* (and private keys) are not available.
*
* @param suites The non-null list of names of all the cipher suites to
*** 138,153 ****
// a non-null list.
this.suites = suites == null ? null : suites.clone();
}
/**
! * Overrides the default hostname verifier used by <tt>negotiate()</tt>
* after the TLS handshake has completed. If
! * <tt>setHostnameVerifier()</tt> has not been called before
! * <tt>negotiate()</tt> is invoked, <tt>negotiate()</tt>
* will perform a simple case ignore match. If called after
! * <tt>negotiate()</tt>, this method does not do anything.
*
* @param verifier The non-null hostname verifier callback.
* @see #negotiate
*/
public void setHostnameVerifier(HostnameVerifier verifier) {
--- 138,153 ----
// a non-null list.
this.suites = suites == null ? null : suites.clone();
}
/**
! * Overrides the default hostname verifier used by {@code negotiate()}
* after the TLS handshake has completed. If
! * {@code setHostnameVerifier()} has not been called before
! * {@code negotiate()} is invoked, {@code negotiate()}
* will perform a simple case ignore match. If called after
! * {@code negotiate()}, this method does not do anything.
*
* @param verifier The non-null hostname verifier callback.
* @see #negotiate
*/
public void setHostnameVerifier(HostnameVerifier verifier) {
*** 155,168 ****
}
/**
* Negotiates a TLS session using the default SSL socket factory.
* <p>
! * This method is equivalent to <tt>negotiate(null)</tt>.
*
* @return The negotiated SSL session
! * @throw IOException If an IO error was encountered while establishing
* the TLS session.
* @see #setEnabledCipherSuites
* @see #setHostnameVerifier
*/
public SSLSession negotiate() throws IOException {
--- 155,168 ----
}
/**
* Negotiates a TLS session using the default SSL socket factory.
* <p>
! * This method is equivalent to {@code negotiate(null)}.
*
* @return The negotiated SSL session
! * @throws IOException If an IO error was encountered while establishing
* the TLS session.
* @see #setEnabledCipherSuites
* @see #setHostnameVerifier
*/
public SSLSession negotiate() throws IOException {
*** 175,203 ****
* <p>
* Creates an SSL socket using the supplied SSL socket factory and
* attaches it to the existing connection. Performs the TLS handshake
* and returns the negotiated session information.
* <p>
! * If cipher suites have been set via <tt>setEnabledCipherSuites</tt>
* then they are enabled before the TLS handshake begins.
* <p>
* Hostname verification is performed after the TLS handshake completes.
* The default check performs a case insensitive match of the server's
* hostname against that in the server's certificate. The server's
* hostname is extracted from the subjectAltName in the server's
* certificate (if present). Otherwise the value of the common name
* attribute of the subject name is used. If a callback has
! * been set via <tt>setHostnameVerifier</tt> then that verifier is used if
* the default check fails.
* <p>
* If an error occurs then the SSL socket is closed and an IOException
* is thrown. The underlying connection remains intact.
*
* @param factory The possibly null SSL socket factory to use.
* If null, the default SSL socket factory is used.
* @return The negotiated SSL session
! * @throw IOException If an IO error was encountered while establishing
* the TLS session.
* @see #setEnabledCipherSuites
* @see #setHostnameVerifier
*/
public SSLSession negotiate(SSLSocketFactory factory) throws IOException {
--- 175,203 ----
* <p>
* Creates an SSL socket using the supplied SSL socket factory and
* attaches it to the existing connection. Performs the TLS handshake
* and returns the negotiated session information.
* <p>
! * If cipher suites have been set via {@code setEnabledCipherSuites}
* then they are enabled before the TLS handshake begins.
* <p>
* Hostname verification is performed after the TLS handshake completes.
* The default check performs a case insensitive match of the server's
* hostname against that in the server's certificate. The server's
* hostname is extracted from the subjectAltName in the server's
* certificate (if present). Otherwise the value of the common name
* attribute of the subject name is used. If a callback has
! * been set via {@code setHostnameVerifier} then that verifier is used if
* the default check fails.
* <p>
* If an error occurs then the SSL socket is closed and an IOException
* is thrown. The underlying connection remains intact.
*
* @param factory The possibly null SSL socket factory to use.
* If null, the default SSL socket factory is used.
* @return The negotiated SSL session
! * @throws IOException If an IO error was encountered while establishing
* the TLS session.
* @see #setEnabledCipherSuites
* @see #setHostnameVerifier
*/
public SSLSession negotiate(SSLSocketFactory factory) throws IOException {
*** 250,260 ****
/**
* Closes the TLS connection gracefully and reverts back to the underlying
* connection.
*
! * @throw IOException If an IO error was encountered while closing the
* TLS connection
*/
public void close() throws IOException {
if (isClosed) {
--- 250,260 ----
/**
* Closes the TLS connection gracefully and reverts back to the underlying
* connection.
*
! * @throws IOException If an IO error was encountered while closing the
* TLS connection
*/
public void close() throws IOException {
if (isClosed) {
< prev index next >