Java 在LDAP身份验证期间,无法绕过不存在证书的SSL通信
在我的应用程序中,用户通过安全和/或不安全的端口向LDAP服务器进行身份验证。我想模拟一些安全端口通信的测试。但是,我还没有LDAP服务器的相应证书来模拟用例(请忽略安全方面)。因此,我希望在SSL通信期间通过SSL证书检查。为此,我使用在internet上找到的BlindSSLFactory代码,并在java运行时添加相应的系统属性。然而,我仍然得到通信超时错误。我在下面的代码中哪里犯了错误,或者我遗漏了一些要点Java 在LDAP身份验证期间,无法绕过不存在证书的SSL通信,java,ssl,ldap,ssl-certificate,Java,Ssl,Ldap,Ssl Certificate,在我的应用程序中,用户通过安全和/或不安全的端口向LDAP服务器进行身份验证。我想模拟一些安全端口通信的测试。但是,我还没有LDAP服务器的相应证书来模拟用例(请忽略安全方面)。因此,我希望在SSL通信期间通过SSL证书检查。为此,我使用在internet上找到的BlindSSLFactory代码,并在java运行时添加相应的系统属性。然而,我仍然得到通信超时错误。我在下面的代码中哪里犯了错误,或者我遗漏了一些要点 private boolean createLoginSession(Strin
private boolean createLoginSession(String username, String password)
throws NamingException {
Properties props = new Properties();
props.put("java.naming.ldap.factory.socket",
BlindSSLSocketFactory.class.getName());
props.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, ldapServerUrl);
props.put(Context.SECURITY_PRINCIPAL, username);
props.put(Context.SECURITY_CREDENTIALS, password);
InitialDirContext context = null;
try {
context = new InitialDirContext(props);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = context.search(
toDC(SettingsResolver.getInstance().getSetting(
"ldap.server.domain.name")), String.format(
"(& (userPrincipalName=%s)(objectClass=user))",
this.username), controls);
return results.hasMore();
} catch (NamingException namingException) {
logger.error(
"Exception occurred while authenticating to LDAP Server: ",
namingException);
throw namingException;
} finally {
try {
if (context != null)
context.close();
} catch (Exception ex) {
}
}
}
}我不太确定这是否是适合您的解决方案,但其他人也遇到了类似的挑战,并通过以下设置使其正常工作:
public class BlindSSLSocketFactory extends SocketFactory {
private static SocketFactory blindFactory = null;
/**
* Builds an ALL trusting "blind" ssl socket factory.
*/
static {
// create a trust manager that will purposefully fall down on the
// job
TrustManager[] blindTrustMan = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] c, String a) {
}
public void checkServerTrusted(X509Certificate[] c, String a) {
}
} };
// create our "blind" ssl socket factory with our lazy trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, blindTrustMan, new java.security.SecureRandom());
blindFactory = sc.getSocketFactory();
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
}
/**
* @see javax.net.SocketFactory#getDefault()
*/
public static SocketFactory getDefault() {
return new BlindSSLSocketFactory();
}
/**
* @see javax.net.SocketFactory#createSocket(java.lang.String, int)
*/
public Socket createSocket(String arg0, int arg1) throws IOException, UnknownHostException {
return blindFactory.createSocket(arg0, arg1);
}
/**
* @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int)
*/
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
return blindFactory.createSocket(arg0, arg1);
}
/**
* @see javax.net.SocketFactory#createSocket(java.lang.String, int,
* java.net.InetAddress, int)
*/
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
throws IOException, UnknownHostException {
return blindFactory.createSocket(arg0, arg1, arg2, arg3);
}
/**
* @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int,
* java.net.InetAddress, int)
*/
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException {
return blindFactory.createSocket(arg0, arg1, arg2, arg3);
}