无法在ldap身份验证期间绕过不存在的证书的ssl通信

ulydmbyx  于 2021-07-08  发布在  Java
关注(0)|答案(0)|浏览(220)

在我的应用程序中,用户通过安全和/或不安全的端口向ldap服务器进行身份验证。我想模拟一些安全端口通信的测试。但是,我还没有ldap服务器的相应证书来模拟一个用例(请忽略安全方面)。因此,我想在ssl通信期间通过ssl证书检查。为此,我使用在internet上找到的blindsslfactory代码,并在java运行时添加相应的系统属性。但是我还是得到了通信超时错误。我在下面的代码中哪里犯了错误,或者我遗漏了什么?

private boolean createLoginSession(String username, String password)
        throws NamingException {

    Properties props = new Properties();

    props.put("java.naming.ldap.factory.socket",
            BlindSSLSocketFactory.class.getName());

    props.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
    props.put(Context.PROVIDER_URL, ldapServerUrl);
    props.put(Context.SECURITY_PRINCIPAL, username);
    props.put(Context.SECURITY_CREDENTIALS, password);

    InitialDirContext context = null;
    try {
        context = new InitialDirContext(props);
        SearchControls controls = new SearchControls();
        controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        NamingEnumeration<SearchResult> results = context.search(
                toDC(SettingsResolver.getInstance().getSetting(
                        "ldap.server.domain.name")), String.format(
                        "(& (userPrincipalName=%s)(objectClass=user))",
                        this.username), controls);

        return results.hasMore();
    } catch (NamingException namingException) {
        logger.error(
                "Exception occurred while authenticating to LDAP Server: ",
                namingException);

        throw namingException;
    } finally {
        try {
            if (context != null)
                context.close();
        } catch (Exception ex) {
        }
    }
}

我的盲人工厂课程是:

public class BlindSSLSocketFactory extends SocketFactory {

private static SocketFactory blindFactory = null;
/**
 * Builds an ALL trusting "blind" ssl socket factory.
 */
static {
 // create a trust manager that will purposefully fall down on the
 // job
    TrustManager[] blindTrustMan = new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] c, String a) {
        }

        public void checkServerTrusted(X509Certificate[] c, String a) {
        }
    } };

    // create our "blind" ssl socket factory with our lazy trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, blindTrustMan, new java.security.SecureRandom());
        blindFactory = sc.getSocketFactory();
    } catch (GeneralSecurityException e) {
        e.printStackTrace();
    }
}

/**
 * @see javax.net.SocketFactory#getDefault()
 */
public static SocketFactory getDefault() {
    return new BlindSSLSocketFactory();
}

/**
 * @see javax.net.SocketFactory#createSocket(java.lang.String, int)
 */
public Socket createSocket(String arg0, int arg1) throws IOException, UnknownHostException {
    return blindFactory.createSocket(arg0, arg1);
}

/**
 * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int)
 */
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
    return blindFactory.createSocket(arg0, arg1);
}

/**
 * @see javax.net.SocketFactory#createSocket(java.lang.String, int,
 *      java.net.InetAddress, int)
 */
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
        throws IOException, UnknownHostException {
    return blindFactory.createSocket(arg0, arg1, arg2, arg3);
}

/**
 * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int,
 *      java.net.InetAddress, int)
 */
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException {
    return blindFactory.createSocket(arg0, arg1, arg2, arg3);
}

}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题