1. 首頁
  2. 問答
  3. 使用證書和定製ssl套接字工廠連接到ldap的SSL連接

使用證書和定製ssl套接字工廠連接到ldap的SSL連接

2012-10-23 89 views
2

這是我的場景,我想連接到ldap usign jndi,我正在使用定製的SSLSOcketfactory來讀取truststore和keystore。上下文創建成功,但當我嘗試使用相同的憑據進行身份驗證時,會引發錯誤,指出身份驗證方法不受支持。使用證書和定製ssl套接字工廠連接到ldap的SSL連接

這裏是我的自定義SSL套接字的代碼 -

try { 
    StringBuffer trustStore = new StringBuffer("c:/Temp/certs/TrustStore"); 
      StringBuffer keyStore = new StringBuffer("c:/Temp/certs/keystore.arun"); 
    StringBuffer keyStorePass = new StringBuffer("xxxxx"); 
       StringBuffer keyAlias = new StringBuffer("user"); 
     StringBuffer keyPass = new StringBuffer("XXXX"); 

      TrustManagerFactory tmf =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 

    FileInputStream fis = new FileInputStream(trustStore.toString()); 
    KeyStore ks1 = KeyStore.getInstance("jks"); 
    ks1.load(fis, trustStorePass.toString().toCharArray()); 
      fis.close(); 
    tmf.init(ks1); 
    TrustManager[] tms = tmf.getTrustManagers(); 
    FileInputStream fin = new FileInputStream(keyStore.toString()); 
    KeyStore ks2 = KeyStore.getInstance("jks"); 
    ks2.load(fin, keyStorePass.toString().toCharArray()); 
    fin.close(); 
    KeyManagerFactory kmf = 
     KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    kmf.init(ks2, keyStorePass.toString().toCharArray()); 
    KeyManager[] kms = kmf.getKeyManagers(); 
    if (keyAlias != null && keyAlias.length() > 0) { 
      for (int i = 0; i < kms.length; i++) { 
       // We can only deal with instances of X509KeyManager 
       if (kms[i] instanceof X509KeyManager) 
        kms[i] = new CustomKeyManager(
          (X509KeyManager) kms[i], keyAlias.toString()); 
      } 
     } 

SSLContext context = SSLContext.getInstance("TLS"); 
    context.init(kms,tms, null); 
    ssf = context.getSocketFactory(); 
} catch (Exception e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
} 
} 

    public static SocketFactory getDefault() { 

    return new CustomSSLSocketFactory(); 
}

而且使用這種CustomSSLSocketFactory如下

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    env.put(Context.PROVIDER_URL, "ldaps://wx64ads01a.vapps.esca.com:636"); 
    env.put(Context.REFERRAL, "follow"); 
env.put("java.naming.ldap.derefAliases", "always"); 
env.put("java.naming.ldap.factory.socket","com.eterra.security.authz.dao.CustomSSLSocketFactory"); 

try { 
    ctx = new InitialLdapContext(env, null); 
// start ssl session for server authentication 
    }catch(Exception e){ 
    System.out.println(e); 
} 
    try{ 
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, 
        "EXTERNAL"); 
    String path = "CN=domain,DC=casa,DC=com" 
    String inFilter = "(&(objectClass=*))"; 
    SearchControls sc = new SearchControls(); 
sc.setSearchScope(SearchControls.SUBTREE_SCOPE); 
NamingEnumeration<SearchResult> results = null; 

results = ctx.search(path, inFilter, sc); 
    }

我的背景是完全建立,但JNDI代碼時,我嘗試驗證並綁定到ldap,我得到無效身份驗證方法。任何幫助將不勝感激,現在努力解決這些錯誤很長一段時間。提前致謝 。

來源

2012-10-23 user1769029

+0

爲什麼所有的'StringBuffers'和toString()調用?你真的使這個模糊。 – EJP

回答

0

Context.SECURITY_AUTHENTICATION,「外部」

當我嘗試進行身份驗證並綁定到LDAP,我得到無效的認證方法

所以,你的LDAP服務器不支持外部認證。

來源

2012-10-24 04:58:30 EJP

相關問題

 相關問題