Java – how do I accept self signed certificates for JNDI / LDAP connections?

Java

I need to connect to LDAP directory through SSL

In a non production environment, we use self signed certificates, which of course cannot be verified:

javax.naming.CommunicationException: simple bind Failed: ldapserver:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)

I know how to use a custom trust manager for SSL enabled connections, but I don't know how to use a connection with JNDI API. I don't manage the actual connection That is, where can the trust manager be inserted with the following standard settings?

Thank you in advance

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldaps://ldapserver:636");
env.put(Context.Security_PROTOCOL,"ssl");
env.put(Context.Security_AUTHENTICATION,"simple");
env.put(Context.Security_PRINCIPAL,"myUser");
env.put(Context.Security_CREDENTIALS,"myPassword");
LdapContext ctx = new InitialLdapContext(env,null);
ctx.search (...)

Solution

According to the JNDI documentation, it seems possible to set up a custom sslsocketfactory

http://download.oracle.com/javase/1.5.0/docs/guide/jndi/jndi-ldap-gl.html#socket

public class MySSLSocketFactory extends SocketFactory {
    private SSLSocketFactory sf;

    public MySSLSocketFactory() {
        KeyStore keyStore = ... /* Get a keystore containing the self-signed certificate) */
        TrustManagerFactory tmf = TrustManagerFactory.getInstance();
        tmf.init(keyStore);
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null,tmf.getTrustManagers(),null);
        sf = ctx.getSocketFactory();
    }

    /* delegate SSLSocketFactory public methods to sf */
    ...
}

Configure the environment to use this socket factory

env.put("java.naming.ldap.factory.socket","com.example.MySSLSocketFactory");
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>