使用证书和自定义SSL套接字工厂与ldap的SSL连接
这是我的场景,我想使用jndi连接到ldap,我使用的是定制的SSLSOcketfactory,它读取信任库和密钥库。上下文创建成功,但当我尝试使用相同的凭据进行身份验证时,它会抛出一个错误,告知不支持该身份验证方法 这是我的自定义ssl套接字代码-使用证书和自定义SSL套接字工厂与ldap的SSL连接,ssl,ldap,jndi,Ssl,Ldap,Jndi,这是我的场景,我想使用jndi连接到ldap,我使用的是定制的SSLSOcketfactory,它读取信任库和密钥库。上下文创建成功,但当我尝试使用相同的凭据进行身份验证时,它会抛出一个错误,告知不支持该身份验证方法 这是我的自定义ssl套接字代码- try { StringBuffer trustStore = new StringBuffer("c:/Temp/certs/TrustStore"); StringBuffer keyStore = new S
try {
StringBuffer trustStore = new StringBuffer("c:/Temp/certs/TrustStore");
StringBuffer keyStore = new StringBuffer("c:/Temp/certs/keystore.arun");
StringBuffer keyStorePass = new StringBuffer("xxxxx");
StringBuffer keyAlias = new StringBuffer("user");
StringBuffer keyPass = new StringBuffer("XXXX");
TrustManagerFactory tmf =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
FileInputStream fis = new FileInputStream(trustStore.toString());
KeyStore ks1 = KeyStore.getInstance("jks");
ks1.load(fis, trustStorePass.toString().toCharArray());
fis.close();
tmf.init(ks1);
TrustManager[] tms = tmf.getTrustManagers();
FileInputStream fin = new FileInputStream(keyStore.toString());
KeyStore ks2 = KeyStore.getInstance("jks");
ks2.load(fin, keyStorePass.toString().toCharArray());
fin.close();
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks2, keyStorePass.toString().toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
if (keyAlias != null && keyAlias.length() > 0) {
for (int i = 0; i < kms.length; i++) {
// We can only deal with instances of X509KeyManager
if (kms[i] instanceof X509KeyManager)
kms[i] = new CustomKeyManager(
(X509KeyManager) kms[i], keyAlias.toString());
}
}
SSLContext context = SSLContext.getInstance("TLS");
context.init(kms,tms, null);
ssf = context.getSocketFactory();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static SocketFactory getDefault() {
return new CustomSSLSocketFactory();
}
试试看{
StringBuffer信任库=新的StringBuffer(“c:/Temp/certs/trustStore”);
StringBuffer密钥库=新的StringBuffer(“c:/Temp/certs/keyStore.arun”);
StringBuffer keyStorePass=新的StringBuffer(“xxxxx”);
StringBuffer keyAlias=新的StringBuffer(“用户”);
StringBuffer keyPass=新的StringBuffer(“XXXX”);
TrustManagerFactory tmf=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
FileInputStream fis=新的FileInputStream(trustStore.toString());
KeyStore ks1=KeyStore.getInstance(“jks”);
ks1.load(fis,trustStorePass.toString().ToCharray());
fis.close();
tmf.init(ks1);
TrustManager[]tms=tmf.getTrustManager();
FileInputStream fin=新的FileInputStream(keyStore.toString());
KeyStore ks2=KeyStore.getInstance(“jks”);
ks2.load(fin,keystrepass.toString().toCharArray());
fin.close();
KeyManagerFactory kmf=
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
init(ks2,keystrepass.toString().toCharArray());
KeyManager[]kms=kmf.getKeyManagers();
如果(keyAlias!=null&&keyAlias.length()>0){
对于(int i=0;i
使用这个CustomSSLSocketFactory的jndi代码如下
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://wx64ads01a.vapps.esca.com:636");
env.put(Context.REFERRAL, "follow");
env.put("java.naming.ldap.derefAliases", "always");
env.put("java.naming.ldap.factory.socket","com.eterra.security.authz.dao.CustomSSLSocketFactory" );
try {
ctx = new InitialLdapContext(env, null);
// start ssl session for server authentication
}catch(Exception e ){
System.out.println(e);
}
try{
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION,
"EXTERNAL");
String path = "CN=domain,DC=casa,DC=com"
String inFilter = "(&(objectClass=*))";
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = null;
results = ctx.search(path, inFilter, sc);
}
env.put(Context.INITIAL\u Context\u工厂,“com.sun.jndi.ldap.LdapCtxFactory”);
env.put(Context.PROVIDER\u URL,“ldaps://wx64ads01a.vapps.esca.com:636");
环境投入(Context.reference,“follow”);
put(“java.naming.ldap.derefAliases”,“总是”);
put(“java.naming.ldap.factory.socket”、“com.etera.security.authz.dao.CustomSSLSocketFactory”);
试一试{
ctx=新的InitialLdapContext(env,null);
//启动用于服务器身份验证的ssl会话
}捕获(例外e){
系统输出打印ln(e);
}
试一试{
ctx.addToEnvironment(Context.SECURITY\u身份验证,
“外部”);
String path=“CN=domain,DC=casa,DC=com”
字符串填充器=“(&(objectClass=*)”;
SearchControls sc=新的SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_范围);
NamingEnumeration结果=空;
结果=ctx.search(路径、填充器、sc);
}
我的上下文创建得非常完美,但当我尝试进行身份验证并绑定到ldap时,得到的身份验证方法无效。任何帮助都将被感激,在很长一段时间内与这些错误作斗争。提前谢谢
Context.SECURITY\u身份验证,“外部”
当我尝试进行身份验证并绑定到ldap时,得到的身份验证方法无效
因此,您的LDAP服务器不支持外部身份验证。为什么所有的
StringBuffers
和toString()调用?你真的把这件事弄得晦涩难懂。