Package org.forgerock.opendj.ldap.requests

Interface StartTLSExtendedRequest

All Superinterfaces:
ExtendedRequest<ExtendedResult>, Request
public interface StartTLSExtendedRequest extends ExtendedRequest<ExtendedResult>
The start TLS extended request as defined in RFC 4511. The Start Transport Layer Security (StartTLS) operation's purpose is to initiate installation of a TLS layer.

Use an SSLContextBuilder when setting up LDAP options needed to use StartTLS. TrustManagers has methods you can use to set the trust manager for the SSL context builder. 

 LDAPOptions options = new LDAPOptions();
 SSLContext sslContext =
         new SSLContextBuilder().setTrustManager(...).getSSLContext();
 options.setSSLContext(sslContext);
 options.setUseStartTLS(true);

 String host = ...;
 int port = ...;
 LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port, options);
 Connection connection = factory.getConnection();
 // Connection uses StartTLS...
See Also:

  • Field Details

  • Method Details

    • addControl

      StartTLSExtendedRequest addControl(Control control)
      Description copied from interface: Request
      Adds the provided control to this request.
      Specified by:
      addControl in interface ExtendedRequest<ExtendedResult>
      Specified by:
      addControl in interface Request
      Parameters:
      control - The control to be added to this request.
      Returns:
      This request.

    • addEnabledCipherSuite

      StartTLSExtendedRequest addEnabledCipherSuite(String... suites)
      Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified in setSSLContext(SSLContext). Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
      Parameters:
      suites - Names of all the suites to enable.
      Returns:
      A reference to this LDAP connection options.
      Throws:
      UnsupportedOperationException - If this start TLS extended request does not permit the enabled cipher suites to be set.

    • addEnabledCipherSuite

      StartTLSExtendedRequest addEnabledCipherSuite(Collection<String> suites)
      Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified in setSSLContext(SSLContext). Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
      Parameters:
      suites - Names of all the suites to enable.
      Returns:
      A reference to this LDAP connection options.
      Throws:
      UnsupportedOperationException - If this start TLS extended request does not permit the enabled cipher suites to be set.

    • addEnabledProtocol

      StartTLSExtendedRequest addEnabledProtocol(String... protocols)
      Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified in setSSLContext(SSLContext). Following a successful call to this method, only the protocols listed in the protocols parameter are enabled for use.
      Parameters:
      protocols - Names of all the protocols to enable.
      Returns:
      A reference to this LDAP connection options.
      Throws:
      UnsupportedOperationException - If this start TLS extended request does not permit the enabled protocols to be set.

    • addEnabledProtocol

      StartTLSExtendedRequest addEnabledProtocol(Collection<String> protocols)
      Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified in setSSLContext(SSLContext). Following a successful call to this method, only the protocols listed in the protocols parameter are enabled for use.
      Parameters:
      protocols - Names of all the protocols to enable.
      Returns:
      A reference to this LDAP connection options.
      Throws:
      UnsupportedOperationException - If this start TLS extended request does not permit the enabled protocols to be set.

    • getControl

      <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
      Description copied from interface: Request
      Decodes and returns the first control in this request having an OID corresponding to the provided control decoder.
      Specified by:
      getControl in interface ExtendedRequest<ExtendedResult>
      Specified by:
      getControl in interface Request
      Type Parameters:
      C - The type of control to be decoded and returned.
      Parameters:
      decoder - The control decoder.
      options - The set of decode options which should be used when decoding the control.
      Returns:
      The decoded control, or null if the control is not included with this request.
      Throws:
      DecodeException - If the control could not be decoded because it was malformed in some way (e.g. the control value was missing, or its content could not be decoded).

    • getControls

      List<Control> getControls()
      Description copied from interface: Request
      Returns a List containing the controls included with this request. The returned List may be modified if permitted by this request.
      Specified by:
      getControls in interface ExtendedRequest<ExtendedResult>
      Specified by:
      getControls in interface Request
      Returns:
      A List containing the controls.

    • getEnabledCipherSuites

      List<String> getEnabledCipherSuites()
      Returns the names of the protocol versions which are currently enabled for secure connections with the Directory Server.
      Returns:
      an array of protocols or empty set if the default protocols are to be used.

    • getEnabledProtocols

      List<String> getEnabledProtocols()
      Returns the names of the protocol versions which are currently enabled for secure connections with the Directory Server.
      Returns:
      an array of protocols or empty set if the default protocols are to be used.

    • getOID

      String getOID()
      Description copied from interface: ExtendedRequest
      Returns the numeric OID associated with this extended request.
      Specified by:
      getOID in interface ExtendedRequest<ExtendedResult>
      Returns:
      The numeric OID associated with this extended request.

    • getResultDecoder

      ExtendedResultDecoder<ExtendedResult> getResultDecoder()
      Description copied from interface: ExtendedRequest
      Returns a decoder which can be used to decoded responses to this extended request.
      Specified by:
      getResultDecoder in interface ExtendedRequest<ExtendedResult>
      Returns:
      A decoder which can be used to decoded responses to this extended request.

    • getSSLContext

      SSLContext getSSLContext()
      Returns the SSLContext that should be used when installing the TLS layer.
      Returns:
      The SSLContext that should be used when installing the TLS layer.

    • getValue

      ByteString getValue()
      Description copied from interface: ExtendedRequest
      Returns the value, if any, associated with this extended request. Its format is defined by the specification of this extended request.
      Specified by:
      getValue in interface ExtendedRequest<ExtendedResult>
      Returns:
      The value associated with this extended request, or null if there is no value.

    • hasValue

      boolean hasValue()
      Description copied from interface: ExtendedRequest
      Returns true if this extended request has a value. In some circumstances it may be useful to determine if a extended request has a value, without actually calculating the value and incurring any performance costs.
      Specified by:
      hasValue in interface ExtendedRequest<ExtendedResult>
      Returns:
      true if this extended request has a value, or false if there is no value.

    • setSSLContext

      StartTLSExtendedRequest setSSLContext(SSLContext sslContext)
      Sets the SSLContext that should be used when installing the TLS layer.
      Parameters:
      sslContext - The SSLContext that should be used when installing the TLS layer.
      Returns:
      This startTLS request.