Return-Path: 
 <commits-return-6921-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: (qmail 59198 invoked from network); 9 Nov 2005 13:30:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 9 Nov 2005 13:30:52 -0000
Received: (qmail 5572 invoked by uid 500); 9 Nov 2005 13:30:51 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 5445 invoked by uid 500); 9 Nov 2005 13:30:50 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 5398 invoked by uid 99); 9 Nov 2005 13:30:50 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2005 05:30:50 -0800
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 09 Nov 2005 05:30:43 -0800
Received: (qmail 59033 invoked by uid 65534); 9 Nov 2005 13:30:29 -0000
Message-ID: <20051109133029.59032.qmail@minotaur.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r332034 -
 /directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
Date: Wed, 09 Nov 2005 13:30:28 -0000
To: commits@directory.apache.org
From: trustin@apache.org
X-Mailer: svnmailer-1.0.5
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: trustin
Date: Wed Nov  9 05:30:23 2005
New Revision: 332034

URL: http://svn.apache.org/viewcvs?rev=332034&view=rev
Log:
Changed LdapProtocolHandler to understand SSLFilterMessages

Modified:
    directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java

Modified: directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java?rev=332034&r1=332033&r2=332034&view=diff
==============================================================================
--- directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java (original)
+++ directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java Wed Nov  9 05:30:23 2005
@@ -65,12 +65,14 @@
 import org.apache.mina.common.IoHandler;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.filter.LoggingFilter;
+import org.apache.mina.filter.SSLFilter;
 import org.apache.mina.filter.codec.ProtocolCodecFactory;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
 import org.apache.mina.filter.codec.ProtocolDecoder;
 import org.apache.mina.filter.codec.ProtocolEncoder;
 import org.apache.mina.handler.DemuxingIoHandler;
 import org.apache.mina.handler.MessageHandler;
+import org.apache.mina.util.SessionLog;
 
 /**
  * An LDAP protocol provider implementation which dynamically associates
@@ -357,9 +359,42 @@
             SessionRegistry.getSingleton().remove( session );
         }
 
+        public void messageReceived( IoSession session, Object message ) throws Exception
+        {
+            // Translate SSLFilter messages into LDAP extended request
+            // defined in RFC #2830, 'Lightweight Directory Access Protocol (v3):
+            // Extension for Transport Layer Security'.
+            // 
+            // The RFC specifies the payload should be empty, but we use
+            // it to notify the TLS state changes.  This hack should be
+            // OK from the viewpoint of security because StartTLS
+            // handler should react to only SESSION_UNSECURED message
+            // and degrade authentication level to 'anonymous' as specified
+            // in the RFC, and this is no threat.
+            
+            if( message == SSLFilter.SESSION_SECURED )
+            {
+                ExtendedRequest req = new ExtendedRequestImpl( 0 );
+                req.setOid( "1.3.6.1.4.1.1466.20037" );
+                req.setPayload( "SECURED".getBytes( "ISO-8859-1" ) );
+                req.setLocked( true );
+                message = req;
+            }
+            else if( message == SSLFilter.SESSION_UNSECURED )
+            {
+                ExtendedRequest req = new ExtendedRequestImpl( 0 );
+                req.setOid( "1.3.6.1.4.1.1466.20037" );
+                req.setPayload( "UNSECURED".getBytes( "ISO-8859-1" ) );
+                req.setLocked( true );
+                message = req;
+            }
+            
+            super.messageReceived( session, message );
+        }
+        
         public void exceptionCaught( IoSession session, Throwable cause )
         {
-            cause.printStackTrace();
+            SessionLog.warn( session, "Unexpected exception.", cause );
         }
     }