下面列出了怎么用javax.naming.ldap.StartTlsResponse的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* Initialize the LDAP context with secured connection by applying StartTLS extended operation.
*
* @param environment environment used to create the initial Context.
* @param connectionControls connection request controls for the initial context.
* @return secured ldap connection context.
* @throws NamingException if a naming exception is encountered.
* @throws UserStoreException if a user store related exception is encountered.
*/
public static LdapContext startTLS(Hashtable<?, ?> environment, Control[] connectionControls)
throws NamingException, UserStoreException {
Hashtable<String, Object> tempEnv = getEnvironmentForSecuredLdapInitialization(environment);
LdapContext ldapContext = new InitialLdapContext(tempEnv, connectionControls);
try {
StartTlsResponse startTlsResponse = (StartTlsResponse) ldapContext.extendedOperation(new StartTlsRequest());
startTlsResponse.negotiate();
if (log.isDebugEnabled()) {
log.debug("StartTLS connection established successfully with LDAP server");
}
LdapContextWrapper ldapContextWrapper = new LdapContextWrapper(ldapContext, startTlsResponse);
ldapContextWrapper.performAuthenticationIfProvided(environment);
return ldapContextWrapper;
} catch (IOException e) {
throw new UserStoreException("Unable to establish the StartTLS connection", e);
}
}
protected void closeDirContext(DirContext dirCtx) {
if (null == dirCtx) {
return;
}
try {
if (dirCtx instanceof InitialLdapContext && null != ((InitialLdapContext) dirCtx).getExtendedResponse()) {
((StartTlsResponse) ((InitialLdapContext) dirCtx).getExtendedResponse()).close();
}
dirCtx.close();
} catch (IOException ex) {
logger.error("Error closing DirContext", ex);
} catch (NamingException e) {
logger.error("Error closing DirContext", e);
throw new RuntimeException("Error closing DirContext", e);
}
}
private LdapContextWrapper(LdapContext ldapContext, StartTlsResponse startTlsResponse) {
this.ldapContext = ldapContext;
this.startTlsResponse = startTlsResponse;
this.startTlsResponseWrapper = new StartTlsResponseWrapper(this.startTlsResponse);
this.startTlsResponseWrapper.incrementReferenceCounter();
}
private void createLdapContext() throws Throwable {
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
if (ldapUrl.startsWith("ldaps") && (config.getSSLTrustStorePath() != null && !config.getSSLTrustStorePath().trim().isEmpty())) {
env.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory");
}
ldapContext = new InitialLdapContext(env, null);
if (!ldapUrl.startsWith("ldaps")) {
if (config.isStartTlsEnabled()) {
tls = (StartTlsResponse) ldapContext.extendedOperation(new StartTlsRequest());
if (config.getSSLTrustStorePath() != null && !config.getSSLTrustStorePath().trim().isEmpty()) {
tls.negotiate(CustomSSLSocketFactory.getDefault());
} else {
tls.negotiate();
}
LOG.info("Starting TLS session...");
}
}
ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapBindDn);
ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapBindPassword);
ldapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, ldapAuthenticationMechanism);
ldapContext.addToEnvironment(Context.REFERRAL, ldapReferral);
}
protected InitialLdapContext getDirContext() throws NamingException, CommunicationException, ConnectException {
InitialLdapContext dirCtx = null;
try {
if (this.isTlsSecurityConnection()) {
dirCtx = new InitialLdapContext(this.getParams(true), null);
StartTlsResponse tls = (StartTlsResponse) dirCtx.extendedOperation(new StartTlsRequest());
if (this.isTlsFreeSecurityConnection()) {
// Set the (our) HostVerifier
tls.setHostnameVerifier(new MyTLSHostnameVerifier());
SSLSocketFactory sslsf = null;
try {
TrustManager[] tm = new TrustManager[]{new MyX509TrustManager()};
SSLContext sslC = SSLContext.getInstance("TLSv1.2");
sslC.init(null, tm, null);
sslsf = sslC.getSocketFactory();
} catch (NoSuchAlgorithmException nSAE) {
logger.error("error Hier: {}", nSAE.getMessage(), nSAE);
} catch (KeyManagementException kME) {
logger.error("error Hier: {}", kME.getMessage(), kME);
}
tls.negotiate(sslsf);
} else {
tls.negotiate();
}
if (null != this.getSecurityPrincipal() && null != this.getSecurityCredentials()) {
dirCtx.addToEnvironment(Context.SECURITY_PRINCIPAL, this.getSecurityPrincipal());
dirCtx.addToEnvironment(Context.SECURITY_CREDENTIALS, this.getSecurityCredentials());
dirCtx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
}
} else {
dirCtx = new InitialLdapContext(this.getParams(false), null);
}
} catch (IOException ex) {
logger.error("error in getDirContext", ex);
} catch (NamingException e) {
throw e;
}
return dirCtx;
}
public final DirContext processContextAfterCreation(DirContext ctx, String userDn, String password)
throws NamingException {
if (ctx instanceof LdapContext) {
final LdapContext ldapCtx = (LdapContext) ctx;
final StartTlsResponse tlsResponse = (StartTlsResponse) ldapCtx.extendedOperation(new StartTlsRequest());
try {
if (hostnameVerifier != null) {
tlsResponse.setHostnameVerifier(hostnameVerifier);
}
tlsResponse.negotiate(sslSocketFactory); // If null, the default SSL socket factory is used
applyAuthentication(ldapCtx, userDn, password);
if (shutdownTlsGracefully) {
// Wrap the target context in a proxy to intercept any calls
// to 'close', so that we can shut down the TLS connection
// gracefully first.
return (DirContext) Proxy.newProxyInstance(DirContextProxy.class.getClassLoader(), new Class<?>[] {
LdapContext.class, DirContextProxy.class }, new TlsAwareDirContextProxy(ldapCtx,
tlsResponse));
}
else {
return ctx;
}
}
catch (IOException e) {
LdapUtils.closeContext(ctx);
throw new UncategorizedLdapException("Failed to negotiate TLS session", e);
}
}
else {
throw new IllegalArgumentException(
"Processed Context must be an LDAPv3 context, i.e. an LdapContext implementation");
}
}
@Before
public void setup() throws NamingException {
mockLogChannelInterface = mock( LogChannelInterface.class );
mockVariableSpace = mock( VariableSpace.class );
mockLdapMeta = mock( LdapMeta.class );
mockInitialLdapContext = mock( InitialLdapContext.class );
mockStartTlsResponse = mock( StartTlsResponse.class );
when( mockInitialLdapContext.extendedOperation( any( StartTlsRequest.class ) ) ).thenReturn(
mockStartTlsResponse );
}
public ContextHandler(DirContext dirContext, StartTlsResponse tlsResponse) {
this.dirContext = dirContext;
this.tlsResponse = tlsResponse;
}
public StartTlsResponse getTlsResponse() {
return tlsResponse;
}
public StartTlsResponse getTlsResponse() {
return tlsResp;
}
public void setTlsResponse(StartTlsResponse tlsResp) {
this.tlsResp = tlsResp;
}
public TlsAwareDirContextProxy(LdapContext target, StartTlsResponse tlsResponse) {
this.target = target;
this.tlsResponse = tlsResponse;
}
public StartTlsResponseWrapper(StartTlsResponse startTlsResponse) {
this.startTlsResponse = startTlsResponse;
}