Examples of javax.naming.ldap.StartTlsRequest

• javax.naming.ldap.StartTlsRequest
  etf.org/rfc/rfc2830.txt">Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended request value is defined.

  StartTlsRequest/StartTlsResponse are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked. Typically, a JNDI program uses these classes as follows.

   import javax.naming.ldap.*; // Open an LDAP association LdapContext ctx = new InitialLdapContext(); // Perform a StartTLS extended operation StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest()); // Open a TLS connection (over the existing LDAP association) and get details // of the negotiated TLS session: cipher suite, peer certificate, etc. SSLSession session = tls.negotiate(); // ... use ctx to perform protected LDAP operations // Close the TLS connection (revert back to the underlying LDAP association) tls.close(); // ... use ctx to perform unprotected LDAP operations // Close the LDAP association ctx.close; 

  @since 1.4 @see StartTlsResponse @author Vincent Ryan

   * <p>Here we are testing if this method retrieves the StartTLS request's object identifier string.</p>
   * <p>The expected result is a string : "1.3.6.1.4.1.1466.20037".</p>
   */
  public void testGetID() {
        assertEquals("1.3.6.1.4.1.1466.20037", StartTlsRequest.OID);
        assertSame(StartTlsRequest.OID, new StartTlsRequest().getID());
    }

   * <p>Test method for 'javax.naming.ldap.StartTlsRequest.getEncodedValue()'</p>
   * <p>Here we are testing if this method retrieves the StartTLS request's ASN.1 BER encoded value.</p>
   * <p>The expected result is a null value.</p>
   */
  public void testGetEncodedValue() {
        assertNull(new StartTlsRequest().getEncodedValue());
    }

   * <p>Here we are testing if this method creates an extended response object that corresponds to the LDAP StartTLS extended request.
   * In this case we are testing the extended response with the argument ID=""</p>
   * <p>The expected result is an exception.</p>
   */
  public void testCreateExtendedResponse005() {
        StartTlsRequest str = new StartTlsRequest();
        try {
            str.createExtendedResponse("", null, 1, 2);
            fail("NamingException expected");
        } catch (NamingException e) {}
    }

     * <p>Notice here that this package does not have a provider so an implementation does not exist, so this test must not fail with a provider
     * and fail with no provider.</p>
     * <p>The expected result is a Tls response.</p>
     */
    public void testCreateExtendedResponse004() throws Exception {
        StartTlsRequest str = new StartTlsRequest();
        String ID = "1.3.6.1.4.1.1466.20037";
        int t1 = 210, t2 = 650;
        byte[] t0 = ID.getBytes();

        StartTlsResponse x = (StartTlsResponse) str.createExtendedResponse(ID,
                t0, t1, t2);
        assertEquals(MockStartTlsResponse.class, x.getClass());
    }

        env.put( "java.naming.provider.url", "ldap://localhost:" + ldapServer.getPort() );
        env.put( "java.naming.security.principal", "uid=admin,ou=system" );
        env.put( "java.naming.security.credentials", "secret" );
        env.put( "java.naming.security.authentication", "simple" );
        LdapContext ctx = new InitialLdapContext( env, null );
        StartTlsResponse tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest() );
        tls.setHostnameVerifier( new HostnameVerifier() {
            public boolean verify( String hostname, SSLSession session )
            {
                return true;
            }
        } );
        tls.negotiate( BogusSSLContextFactory.getInstance( false ).getSocketFactory() );

        // create a new certificate
        String newIssuerDN = "cn=new_issuer_dn";
        String newSubjectDN = "cn=new_subject_dn";
        ServerEntry entry = ldapServer.getDirectoryService().getAdminSession().lookup(
            new DN( "uid=admin,ou=system" ) );
        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );

        // now update the certificate (over the wire)
        ModificationItem[] mods = new ModificationItem[3];
        mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
            TlsKeyGenerator.PRIVATE_KEY_AT, entry.get( TlsKeyGenerator.PRIVATE_KEY_AT ).getBytes() ) );
        mods[1] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
            TlsKeyGenerator.PUBLIC_KEY_AT, entry.get( TlsKeyGenerator.PUBLIC_KEY_AT ).getBytes() ) );
        mods[2] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
            TlsKeyGenerator.USER_CERTIFICATE_AT, entry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ).getBytes() ) );
        ctx.modifyAttributes( "uid=admin,ou=system", mods );
        ctx.close();

        ldapServer.reloadSslContext();

        // create a new secure connection
        ctx = new InitialLdapContext( env, null );
        tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest() );
        tls.setHostnameVerifier( new HostnameVerifier() {
            public boolean verify( String hostname, SSLSession session )
            {
                return true;
            }

        LOG.debug( "About to get initial context" );
        LdapContext ctx = new InitialLdapContext( env, null );

        // Start TLS
        LOG.debug( "About send startTls extended operation" );
        StartTlsResponse tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest() );
        LOG.debug( "Extended operation issued" );
        tls.setHostnameVerifier( new HostnameVerifier() {
            public boolean verify( String hostname, SSLSession session )
            {
                return true;

            LOG.debug( "About to get initial context" );
            LdapContext ctx = new InitialLdapContext( env, null );

            // Start TLS
            LOG.debug( "About send startTls extended operation" );
            StartTlsResponse tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest() );
            LOG.debug( "Extended operation issued" );
            tls.setHostnameVerifier( new HostnameVerifier() {
                public boolean verify( String hostname, SSLSession session )
                {
                    return true;

      StartTlsResponse tls = null;
      try {
        ctx = new InitialLdapContext(env, null);

        // Authentication must be performed over a secure channel
        tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
        tls.negotiate();

        // Authenticate via SASL EXTERNAL mechanism using client X.509
        // certificate contained in JVM keystore
        ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");

      StartTlsResponse tls = null;
      try {
        ctx = new InitialLdapContext(env, null);

        // Authentication must be performed over a secure channel
        tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
        tls.negotiate();

        // Authenticate via SASL EXTERNAL mechanism using client X.509
        // certificate contained in JVM keystore
        ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");

                    if ( useStartTLS )
                    {
                        try
                        {
                            StartTlsResponse tls = ( StartTlsResponse ) context
                                .extendedOperation( new StartTlsRequest() );
                            // deactivate host name verification at this level,
                            // host name verification is done in StudioTrustManager
                            tls.setHostnameVerifier( new HostnameVerifier()
                            {
                                public boolean verify( String hostname, SSLSession session )