< prev index next >

src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java

Print this page

        

*** 50,63 **** * Access Protocol (v3): Extension for Transport Layer Security</a> * * The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 * and no extended response value is defined. * ! *<p> * The Start TLS extended request and response are used to establish * a TLS connection over the existing LDAP connection associated with ! * the JNDI context on which <tt>extendedOperation()</tt> is invoked. * * @see StartTlsRequest * @author Vincent Ryan */ final public class StartTlsResponseImpl extends StartTlsResponse { --- 50,63 ---- * Access Protocol (v3): Extension for Transport Layer Security</a> * * The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 * and no extended response value is defined. * ! * <p> * The Start TLS extended request and response are used to establish * a TLS connection over the existing LDAP connection associated with ! * the JNDI context on which {@code extendedOperation()} is invoked. * * @see StartTlsRequest * @author Vincent Ryan */ final public class StartTlsResponseImpl extends StartTlsResponse {
*** 122,132 **** public StartTlsResponseImpl() {} /** * Overrides the default list of cipher suites enabled for use on the * TLS connection. The cipher suites must have already been listed by ! * <tt>SSLSocketFactory.getSupportedCipherSuites()</tt> as being supported. * Even if a suite has been enabled, it still might not be used because * the peer does not support it, or because the requisite certificates * (and private keys) are not available. * * @param suites The non-null list of names of all the cipher suites to --- 122,132 ---- public StartTlsResponseImpl() {} /** * Overrides the default list of cipher suites enabled for use on the * TLS connection. The cipher suites must have already been listed by ! * {@code SSLSocketFactory.getSupportedCipherSuites()} as being supported. * Even if a suite has been enabled, it still might not be used because * the peer does not support it, or because the requisite certificates * (and private keys) are not available. * * @param suites The non-null list of names of all the cipher suites to
*** 138,153 **** // a non-null list. this.suites = suites == null ? null : suites.clone(); } /** ! * Overrides the default hostname verifier used by <tt>negotiate()</tt> * after the TLS handshake has completed. If ! * <tt>setHostnameVerifier()</tt> has not been called before ! * <tt>negotiate()</tt> is invoked, <tt>negotiate()</tt> * will perform a simple case ignore match. If called after ! * <tt>negotiate()</tt>, this method does not do anything. * * @param verifier The non-null hostname verifier callback. * @see #negotiate */ public void setHostnameVerifier(HostnameVerifier verifier) { --- 138,153 ---- // a non-null list. this.suites = suites == null ? null : suites.clone(); } /** ! * Overrides the default hostname verifier used by {@code negotiate()} * after the TLS handshake has completed. If ! * {@code setHostnameVerifier()} has not been called before ! * {@code negotiate()} is invoked, {@code negotiate()} * will perform a simple case ignore match. If called after ! * {@code negotiate()}, this method does not do anything. * * @param verifier The non-null hostname verifier callback. * @see #negotiate */ public void setHostnameVerifier(HostnameVerifier verifier) {
*** 155,168 **** } /** * Negotiates a TLS session using the default SSL socket factory. * <p> ! * This method is equivalent to <tt>negotiate(null)</tt>. * * @return The negotiated SSL session ! * @throw IOException If an IO error was encountered while establishing * the TLS session. * @see #setEnabledCipherSuites * @see #setHostnameVerifier */ public SSLSession negotiate() throws IOException { --- 155,168 ---- } /** * Negotiates a TLS session using the default SSL socket factory. * <p> ! * This method is equivalent to {@code negotiate(null)}. * * @return The negotiated SSL session ! * @throws IOException If an IO error was encountered while establishing * the TLS session. * @see #setEnabledCipherSuites * @see #setHostnameVerifier */ public SSLSession negotiate() throws IOException {
*** 175,203 **** * <p> * Creates an SSL socket using the supplied SSL socket factory and * attaches it to the existing connection. Performs the TLS handshake * and returns the negotiated session information. * <p> ! * If cipher suites have been set via <tt>setEnabledCipherSuites</tt> * then they are enabled before the TLS handshake begins. * <p> * Hostname verification is performed after the TLS handshake completes. * The default check performs a case insensitive match of the server's * hostname against that in the server's certificate. The server's * hostname is extracted from the subjectAltName in the server's * certificate (if present). Otherwise the value of the common name * attribute of the subject name is used. If a callback has ! * been set via <tt>setHostnameVerifier</tt> then that verifier is used if * the default check fails. * <p> * If an error occurs then the SSL socket is closed and an IOException * is thrown. The underlying connection remains intact. * * @param factory The possibly null SSL socket factory to use. * If null, the default SSL socket factory is used. * @return The negotiated SSL session ! * @throw IOException If an IO error was encountered while establishing * the TLS session. * @see #setEnabledCipherSuites * @see #setHostnameVerifier */ public SSLSession negotiate(SSLSocketFactory factory) throws IOException { --- 175,203 ---- * <p> * Creates an SSL socket using the supplied SSL socket factory and * attaches it to the existing connection. Performs the TLS handshake * and returns the negotiated session information. * <p> ! * If cipher suites have been set via {@code setEnabledCipherSuites} * then they are enabled before the TLS handshake begins. * <p> * Hostname verification is performed after the TLS handshake completes. * The default check performs a case insensitive match of the server's * hostname against that in the server's certificate. The server's * hostname is extracted from the subjectAltName in the server's * certificate (if present). Otherwise the value of the common name * attribute of the subject name is used. If a callback has ! * been set via {@code setHostnameVerifier} then that verifier is used if * the default check fails. * <p> * If an error occurs then the SSL socket is closed and an IOException * is thrown. The underlying connection remains intact. * * @param factory The possibly null SSL socket factory to use. * If null, the default SSL socket factory is used. * @return The negotiated SSL session ! * @throws IOException If an IO error was encountered while establishing * the TLS session. * @see #setEnabledCipherSuites * @see #setHostnameVerifier */ public SSLSession negotiate(SSLSocketFactory factory) throws IOException {
*** 250,260 **** /** * Closes the TLS connection gracefully and reverts back to the underlying * connection. * ! * @throw IOException If an IO error was encountered while closing the * TLS connection */ public void close() throws IOException { if (isClosed) { --- 250,260 ---- /** * Closes the TLS connection gracefully and reverts back to the underlying * connection. * ! * @throws IOException If an IO error was encountered while closing the * TLS connection */ public void close() throws IOException { if (isClosed) {
< prev index next >