netscape.ldap.factory

Class JSSSocketFactory

Implemented Interfaces:
Serializable, LDAPSocketFactory, LDAPTLSSocketFactory, SSLCertificateApprovalCallback

public class JSSSocketFactory
extends java.lang.Object
implements Serializable, LDAPTLSSocketFactory, SSLCertificateApprovalCallback

Creates an SSL socket connection to a server, using the Netscape/Mozilla JSS package. This class implements the LDAPSocketFactory interface.

By default, the factory uses "secmod.db", "key*.db" and "cert*.db" databases in the current directory. If you need to override this default setting, then you should use the constructor JSSSocketFactory(certdbDir).

Version:
1.1
See Also:
LDAPSocketFactory, LDAPConnection.LDAPConnection(LDAPSocketFactory)

Constructor Summary

JSSSocketFactory()
Constructs a new JSSSocketFactory, initializing the JSS security system if it has not already been initialized.
JSSSocketFactory(String certdbDir)
Constructs a new JSSSocketFactory, initializing the JSS security system if it has not already been initialized.

Method Summary

boolean
approve(X509Certificate serverCert, ValidityStatus status)
The default implementation of the SSLCertificateApprovalCallback interface.
static void
initialize(String certdbDir)
Initialize the JSS security subsystem.
Socket
makeSocket(Socket s)
Creates an SSL socket layered over an existing socket.
Socket
makeSocket(String host, int port)
Creates an SSL socket

Constructor Details

JSSSocketFactory

public JSSSocketFactory()
            throws LDAPException
Constructs a new JSSSocketFactory, initializing the JSS security system if it has not already been initialized.

The current directory is assumed to be the certificate database directory.

Throws:
LDAPException - on initialization error
See Also:
netscape.ldap.factory.JSSSocketFactory.JSSSocketFactory(java.lang.String)

JSSSocketFactory

public JSSSocketFactory(String certdbDir)
            throws LDAPException
Constructs a new JSSSocketFactory, initializing the JSS security system if it has not already been initialized.
Parameters:
certdbDir - The full path, relative or absolute, of the certificate database directory
Throws:
LDAPException - on initialization error

Method Details

approve

public boolean approve(X509Certificate serverCert,
                       ValidityStatus status)
The default implementation of the SSLCertificateApprovalCallback interface.

This default implementation always returns true. If you need to verify the server certificate validity, then you should override this method.

Parameters:
serverCert - X509 Certificate
status - The validity of the server certificate
Returns:
true, by default we trust the certificate

initialize

public static void initialize(String certdbDir)
            throws LDAPException
Initialize the JSS security subsystem.

This method allows you to override the current directory as the default certificate database directory. The directory is expected to contain secmod.db, key*.db and cert*.db files as the security module database, key database and certificate database respectively.

The method may be called only once, before the first instance of JSSSocketFactory is created. When creating the first instance, the constructor will automatically initialize the JSS security subsystem using the defaults, unless it is already initialized.

Parameters:
certdbDir - The full path, relative or absolute, of the certificate database directory.
Throws:
LDAPException - on initialization error

makeSocket

public Socket makeSocket(Socket s)
            throws LDAPException
Creates an SSL socket layered over an existing socket. Used for the startTLS implementation (RFC2830).
Specified by:
makeSocket in interface LDAPTLSSocketFactory
Parameters:
s - An existing non-SSL socket
Returns:
A SSL socket layered over the input socket
Throws:
LDAPException - on error creating socket
Since:
LDAPJDK 4.17

makeSocket

public Socket makeSocket(String host,
                         int port)
            throws LDAPException
Creates an SSL socket
Specified by:
makeSocket in interface LDAPSocketFactory
Parameters:
host - Host name or IP address of SSL server
port - Port numbers of SSL server
Returns:
A socket for an encrypted session
Throws:
LDAPException - on error creating socket