Example 1 with LdapOperationException
use of org.apache.directory.api.ldap.model.exception.LdapOperationException in project directory-ldap-api by apache.
the class LdapNetworkConnection method startTls.
/**
* Sends the StartTLS extended request to server and adds a security layer
* upon receiving a response with successful result. Note that we will use
* the default LDAP connection.
*
* @throws LdapException If the StartTLS operation failed
*/
public void startTls() throws LdapException {
try {
if (config.isUseSsl()) {
throw new LdapException("Cannot use TLS when the useSsl flag is set true in the configuration");
}
// try to connect, if we aren't already connected.
connect();
checkSession();
IoFilter sslFilter = ldapSession.getFilterChain().get(SSL_FILTER_KEY);
if (sslFilter != null) {
if (LOG.isDebugEnabled()) {
LOG.debug(I18n.msg(I18n.MSG_03222_LDAP_ALREADY_USING_START_TLS));
}
return;
}
ExtendedResponse resp = extended(new StartTlsRequestImpl());
LdapResult result = resp.getLdapResult();
if (result.getResultCode() == ResultCodeEnum.SUCCESS) {
addSslFilter();
} else {
throw new LdapOperationException(result.getResultCode(), result.getDiagnosticMessage());
}
} catch (LdapException e) {
throw e;
} catch (Exception e) {
throw new LdapException(e);
}
}
Also used :
LdapResult(org.apache.directory.api.ldap.model.message.LdapResult)
ExtendedResponse(org.apache.directory.api.ldap.model.message.ExtendedResponse)
StartTlsRequestImpl(org.apache.directory.api.ldap.extras.extended.startTls.StartTlsRequestImpl)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
IoFilter(org.apache.mina.core.filterchain.IoFilter)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
UnresolvedAddressException(java.nio.channels.UnresolvedAddressException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
InvalidConnectionException(org.apache.directory.ldap.client.api.exception.InvalidConnectionException)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
MessageEncoderException(org.apache.directory.api.ldap.codec.api.MessageEncoderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
DecoderException(org.apache.directory.api.asn1.DecoderException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException)
ProtocolEncoderException(org.apache.mina.filter.codec.ProtocolEncoderException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
Example 2 with LdapOperationException
use of org.apache.directory.api.ldap.model.exception.LdapOperationException in project directory-ldap-api by apache.
the class LdapNetworkConnection method addSslFilter.
/**
* adds {@link SslFilter} to the IOConnector or IOSession's filter chain
*/
private void addSslFilter() throws LdapException {
try {
SSLContext sslContext = SSLContext.getInstance(config.getSslProtocol());
TrustManager[] trustManagers = config.getTrustManagers();
if ((trustManagers == null) || (trustManagers.length == 0)) {
trustManagers = new TrustManager[] { new NoVerificationTrustManager() };
}
sslContext.init(config.getKeyManagers(), trustManagers, config.getSecureRandom());
SslFilter sslFilter = new SslFilter(sslContext);
sslFilter.setUseClientMode(true);
// Configure the enabled cipher lists
String[] enabledCipherSuite = config.getEnabledCipherSuites();
if ((enabledCipherSuite != null) && (enabledCipherSuite.length != 0)) {
sslFilter.setEnabledCipherSuites(enabledCipherSuite);
}
// Be sure we disable SSLV3
String[] enabledProtocols = config.getEnabledProtocols();
if ((enabledProtocols != null) && (enabledProtocols.length != 0)) {
sslFilter.setEnabledProtocols(enabledProtocols);
} else {
// Default to TLS
sslFilter.setEnabledProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });
}
// for LDAPS
if (ldapSession == null) {
connector.getFilterChain().addFirst(SSL_FILTER_KEY, sslFilter);
} else // for StartTLS
{
HandshakeFuture handshakeFuture = new HandshakeFuture();
ldapSession.setAttribute(SslFilter.USE_NOTIFICATION, Boolean.TRUE);
ldapSession.setAttribute("HANDSHAKE_FUTURE", handshakeFuture);
ldapSession.getFilterChain().addFirst(SSL_FILTER_KEY, sslFilter);
boolean isSecured = handshakeFuture.get(timeout, TimeUnit.MILLISECONDS);
if (!isSecured) {
throw new LdapOperationException(ResultCodeEnum.OTHER, I18n.err(I18n.ERR_4100_TLS_HANDSHAKE_ERROR));
}
}
} catch (Exception e) {
String msg = "Failed to initialize the SSL context";
LOG.error(msg, e);
throw new LdapException(msg, e);
}
}
Also used :
SslFilter(org.apache.mina.filter.ssl.SslFilter)
HandshakeFuture(org.apache.directory.ldap.client.api.future.HandshakeFuture)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
SSLContext(javax.net.ssl.SSLContext)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
UnresolvedAddressException(java.nio.channels.UnresolvedAddressException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
InvalidConnectionException(org.apache.directory.ldap.client.api.exception.InvalidConnectionException)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
MessageEncoderException(org.apache.directory.api.ldap.codec.api.MessageEncoderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
DecoderException(org.apache.directory.api.asn1.DecoderException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException)
ProtocolEncoderException(org.apache.mina.filter.codec.ProtocolEncoderException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
TrustManager(javax.net.ssl.TrustManager)
Aggregations
IOException (java.io.IOException)2
ConnectException (java.net.ConnectException)2
UnresolvedAddressException (java.nio.channels.UnresolvedAddressException)2
DecoderException (org.apache.directory.api.asn1.DecoderException)2
MessageEncoderException (org.apache.directory.api.ldap.codec.api.MessageEncoderException)2
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)2
LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
LdapInvalidDnException (org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)2
LdapNoPermissionException (org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)2
LdapOperationException (org.apache.directory.api.ldap.model.exception.LdapOperationException)2
LdapOtherException (org.apache.directory.api.ldap.model.exception.LdapOtherException)2
InvalidConnectionException (org.apache.directory.ldap.client.api.exception.InvalidConnectionException)2
ProtocolEncoderException (org.apache.mina.filter.codec.ProtocolEncoderException)2
SSLContext (javax.net.ssl.SSLContext)1
TrustManager (javax.net.ssl.TrustManager)1
StartTlsRequestImpl (org.apache.directory.api.ldap.extras.extended.startTls.StartTlsRequestImpl)1
ExtendedResponse (org.apache.directory.api.ldap.model.message.ExtendedResponse)1
LdapResult (org.apache.directory.api.ldap.model.message.LdapResult)1
HandshakeFuture (org.apache.directory.ldap.client.api.future.HandshakeFuture)1
