【发布时间】:2019-08-29 03:28:46
【问题描述】:
我想使用 java 和 ldaps 来连接 ldapService。但它错了。 问题是 : 嵌套异常是 javax.naming.CommunicationException: 192.168.174.145:636 [根异常是 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 没有主题替代名称]
如果我使用 hostname:636 就成功了。我不知道为什么。你能帮帮我吗?非常感谢
public class SslLdapContextSource extends LdapContextSource {
@Override
protected Hashtable<String, Object> getAnonymousEnv() {
Hashtable<String, Object> anonymousEnv = super.getAnonymousEnv();
anonymousEnv.put("java.naming.security.protocol", "ssl");
anonymousEnv.put("java.naming.ldap.factory.socket", CustomSSLSocketFactory.class.getName());
anonymousEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
return anonymousEnv;
}
}
public class CustomSslSocketFactory extends SSLSocketFactory {
private SSLSocketFactory socketFactory;
public CustomSslSocketFactory() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{new DummyTrustmanager()}, new SecureRandom());
socketFactory = ctx.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace(System.err);
}
}
public static SocketFactory getDefault() {
return new CustomSslSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return socketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return socketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket socket, Senter code heretring string, int num, boolean bool) throws IOException {
return socketFactory.createSocket(socket, string, num, bool);
}
@Override
public Socket createSocket(String string, int num) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num);
}
@Override
public Socket createSocket(String string, int num, InetAddress netAdd, int i) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num, netAdd, i);
}
@Override
public Socket createSocket(InetAddress netAdd, int num) throws IOException {
return socketFactory.createSocket(netAdd, num);
}
@Override
public Socket createSocket(InetAddress netAdd1, int num, InetAddress netAdd2, int i) throws IOException {
return socketFactory.createSocket(netAdd1, num, netAdd2, i);
}
public static class DummyTrustmanager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] cert, String string) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] cert, String string) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
}
}
@Bean
public LdapTemplate ldapTemplate() {
return new LdapTemplate(contextSourceTarget());
}
@Bean
public LdapContextSource contextSourceTarget() {
if(!useSSL){
String urls = "ldap://"+url+":"+port;
LdapContextSource ldapContextSource = new LdapContextSource();
ldapContextSource.setUrl(urls);
//ldapContextSource.setBase(base);
ldapContextSource.setUserDn(username);
ldapContextSource.setPassword(password);
ldapContextSource.setReferral(referral);
ldapContextSource.afterPropertiesSet();
return ldapContextSource;
}else{
String urls = "ldaps://"+url+":"+port;
SslLdapContextSource contextSource = new SslLdapContextSource();
contextSource.setUrl(urls);
contextSource.setUserDn(username);
contextSource.setPassword(password);
contextSource.setPooled(false);
contextSource.afterPropertiesSet();
return contextSource;
}
}
我想使用 ldaps://192.168.174.145:636 连接 ldapService。但是现在我只能使用 ldaps://test:636 连接 ldapService。 192.168.174.145 和测试是同一台电脑
【问题讨论】:
-
除非 IP 地址在证书中作为主题备用名称,否则您不能这样做。
标签: java ssl ldap openldap spring-ldap