Java中的SSLSocketFactory,LDAP网络连接

【问题标题】:SSLSocketFactory in Java, LDAP network connectionJava中的SSLSocketFactory,LDAP网络连接
【发布时间】:2020-06-19 14:22:49
【问题描述】:

我的问题类似于:SSLSocketFactory in java

我需要设置一个自定义 SSLSocketFactory...除了我 NOT 有 https 连接(它是 LDAPS),所以不能使用:

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

...设置 SSLSocketFactory。我初始化了一个 SSLContext 对象,但是当我建立 LDAP 连接时,会自动调用默认的 SSLContext,因为我的自定义对象没有设置:

dirContext = new InitialDirContext(env); // <-- reverts to default ssl context

下面的第 3 行是否有非 HTTPS 等效方法:

  1. SSLContext sc = SSLContext.getInstance("SSL");

  2. sc.init(myKeyManagerFactory.getKeyManagers(), myTrustManagerArray, new java.security.SecureRandom());

  3. HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

【问题讨论】:

    标签: java ldap sslsocketfactory sslcontext


    【解决方案1】:

    是的,有。

    env.put("java.naming.ldap.factory.socket", UnsecuredSSLSocketFactory.class.getName());

    UnsecuredSSLSocketFactory.java

    public class UnsecuredSSLSocketFactory extends SSLSocketFactory
{
    private SSLSocketFactory socketFactory;

    public UnsecuredSSLSocketFactory()
    {
        try
        {
            var sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new TrustManager[]{new X509TrustManager()
            {
                @Override
                public void checkClientTrusted(X509Certificate[] xcs, String string){}

                @Override
                public void checkServerTrusted(X509Certificate[] xcs, String string){}

                @Override
                public X509Certificate[] getAcceptedIssuers()
                {
                    return null;
                }
            }}, new SecureRandom());
            socketFactory = sslContext.getSocketFactory();
        }
        catch(Exception e)
        {
            throw new RuntimeException(e);
        }
    }

    @SuppressWarnings("unused")
    public static SocketFactory getDefault()
    {
        return new UnsecuredSSLSocketFactory();
    }

    @Override
    public String[] getDefaultCipherSuites()
    {
        return socketFactory.getDefaultCipherSuites();
    }

    @Override
    public String[] getSupportedCipherSuites()
    {
        return socketFactory.getSupportedCipherSuites();
    }

    @Override
    public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException
    {
        return socketFactory.createSocket(socket, string, i, bln);
    }

    @Override
    public Socket createSocket(String string, int i) throws IOException
    {
        return socketFactory.createSocket(string, i);
    }

    @Override
    public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException
    {
        return socketFactory.createSocket(string, i, ia, i1);
    }

    @Override
    public Socket createSocket(InetAddress ia, int i) throws IOException
    {
        return socketFactory.createSocket(ia, i);
    }

    @Override
    public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException
    {
        return socketFactory.createSocket(ia, i, ia1, i1);
    }

    @Override
    public Socket createSocket() throws IOException
    {
        return socketFactory.createSocket();
    }
}

    【讨论】:

    • 如果我的套接字工厂不是类而是 sc.getSocketFactory() 返回的对象怎么办?
    • AFAIK,不支持。它必须是类路径中可用的类,并且 LDAP 实现将加载它。
    猜你喜欢
    • 2011-06-24
    • 2011-10-12
    • 1970-01-01
    • 2012-04-12
    • 2011-03-20
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2013-02-06
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode