joy_yg
- 浏览: 48030 次
- 性别:
- 来自: 南京
-
文章分类
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileNotFoundException;
import java.security.Security;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.io.UnsupportedEncodingException;
public class TLSTrustManager
{
public static void main( String[] args )
{
try
{
// Check for valid arguments
if (args.length != 3 && args.length != 5)
{
System.err.println("Usage: java TLSTrustManager <host name>"
+ " <login dn> <password>"
+ " <keystore path> <keystore password>");
System.err.println("*Note: If <keystore path> does not"
+ " exist it will be created if the untrusted"
+ " certificate chain is trusted by the user."
);
System.err.println("Example: java TLSTrustManager Acme.com"
+ " \"cn=Admin,o=Acme\" secret my.keystore"
+ " mykeypass");
System.exit(1);
}
String ldapHost = args[0];
String loginDN = args[1];
String password = args[2];
String keyStorePath = args[3];
char[] keyStorePassword = args[4].toCharArray();
//dynamically set SunJSSE as a security provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Open the keystore file.
FileInputStream keyStoreIStream = null;
try
{
// Open the stream to read in the keystore.
keyStoreIStream = new FileInputStream(keyStorePath);
}
catch( FileNotFoundException e )
{
// If the path does not exist then a null stream means
// the keystore is initialized empty. If an untrusted
// certificate chain is trusted by the user, then it will be
// saved in the file pointed to by keyStorePath.
keyStoreIStream = null;
}
// Create a KeyStore Object
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// Init the Keystore with the contents of the keystore file.
// If the input stream is null the keystore is initialized empty.
keyStore.load(keyStoreIStream, keyStorePassword);
// Close keystore input stream
if(keyStoreIStream != null)
{
keyStoreIStream.close();
keyStoreIStream = null;
}
// Instantiate MyTrustManager that will handle server certificate
// chains.
TrustManager[] tms = {new MyTrustManager(keyStore,
keyStorePath,
keyStorePassword)};
// Create context based on a TLS protocol and a SunJSSE provider.
SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");
// Initialize the SSL context with MyTrustManager.
// The first parameter - null means use the default key manager.
// The third parameter - null means use the default value
// "secure random".
context.init(null, tms, null);
// The socket factory must be set before the connection is made.
// Version 1.6 or later of the NDK must be used in order for this
// code to compile properly.
LDAPJSSESecureSocketFactory ssf =
new LDAPJSSESecureSocketFactory( context.getSocketFactory() );
// Create an LDAP connection object. Pass in the secure socket.
LDAPConnection lc = new LDAPConnection(ssf);
// Connect to the server.
lc.connect( ldapHost, LDAPConnection.DEFAULT_SSL_PORT );
// Authenticate to the server
lc.bind( LDAPConnection.LDAP_V3, loginDN, password.getBytes("UTF8") );
// At this point you are connected with a secure connection.
System.out.println( "Successful bind using TLS connection.");
// Close the connection.
lc.disconnect();
System.out.println( "Disconnect");
System.exit(0);
}
catch( UnsupportedEncodingException e ) {
System.out.println( "Error: " + e.toString() );
}
catch( LDAPException ex )
{
System.out.println( "LDAP Error: " + ex.toString() );
}
catch( Exception e )
{
System.out.println( "main Error: " + e.toString() );
System.exit(1);
}
}
// MyTrustManager
// This sub_class implements the X509TrustManager interface. MyTrustManager
// trusts known certificate chains, and queries the user to approve unknown
// chains. It will add trusted chains to the keystore.
private static class MyTrustManager implements X509TrustManager
{
private KeyStore keyStore;
private String keyStorePath;
private char[] keyStorePassword;
// MyTrustManager constructor. Save off keyStore object along with
// the path to the keystore (keyStorePath) and it's password
// (keyStorePassword).
public MyTrustManager(KeyStore keyStore,
String keyStorePath,
char[] keyStorePassword)
{
this.keyStore = keyStore;
this.keyStorePath = keyStorePath;
this.keyStorePassword = keyStorePassword;
}
// isClientTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted.
public boolean isClientTrusted(X509Certificate[] chain)
{
return isChainTrusted(chain);
}
// isServerTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted. If not it queries the
// user to see if the chain should be trusted and stored into the
// keyStore object. The keyStore is then saved in the file whose path
// keyStorePath
public boolean isServerTrusted(X509Certificate[] chain)
{
boolean trusted = false;
try
{
// See if the chain is in the keyStore object.
trusted = isChainTrusted(chain);
// If certificate is untrusted
if(!trusted)
{
System.out.println("Untrusted Certificate chain:");
for (int i = 0; i < chain.length; i++)
{
// display certificate chain information
System.out.println("Certificate chain[" + i + "]:");
System.out.println("Subject: "
+ chain[i].getSubjectDN().toString());
System.out.println("Issuer: "
+ chain[i].getIssuerDN().toString());
}
// Ask the user if the certificate should be trusted.
System.out.print("Trust this certificate chain and"
+ " add it to the keystore? (y or n) ");
int readStatus = System.in.read();
if(readStatus == 'y'|| readStatus == 'Y')
{
// Trust the chain.
trusted = true;
// Add Chain to the keyStore.
for (int i = 0; i < chain.length; i++)
{
keyStore.setCertificateEntry
(chain[i].getIssuerDN().toString(), chain[i]);
}
System.out.println("Certificate chain to keystore.");
// Save keystore to file.
FileOutputStream keyStoreOStream =
new FileOutputStream(keyStorePath);
keyStore.store(keyStoreOStream, keyStorePassword);
keyStoreOStream.close();
keyStoreOStream = null;
System.out.println("Keystore saved in " + keyStorePath);
}
else
trusted = false;
}
}
catch( Exception e )
{
System.out.println( "isServerTrusted Error: " + e.toString() );
trusted = false;
}
return trusted;
}
// getAcceptedIssuers retrieves all of the certificates in the keyStore
// and returns them in an X509Certificate array.
public X509Certificate[] getAcceptedIssuers()
{
X509Certificate[] X509Certs = null;
try
{
// See how many certificates are in the keystore.
int numberOfEntry = keyStore.size();
// If there are any certificates in the keystore.
if(numberOfEntry > 0)
{
// Create an array of X509Certificates
X509Certs = new X509Certificate[numberOfEntry];
// Get all of the certificate alias out of the keystore.
Enumeration aliases = keyStore.aliases();
// Retrieve all of the certificates out of the keystore
// via the alias name.
int i = 0;
while (aliases.hasMoreElements())
{
X509Certs[i] =
(X509Certificate)keyStore.
getCertificate((String)aliases.nextElement());
i++;
}
}
}
catch( Exception e )
{
System.out.println( "getAcceptedIssuers Exception: "
+ e.toString() );
X509Certs = null;
}
return X509Certs;
}
// isChainTrusted searches the keyStore for any certificate in the
// certificate chain.
private boolean isChainTrusted(X509Certificate[] chain)
{
boolean trusted = false;
try
{
// Start with the root and see if it is in the Keystore.
// The root is at the end of the chain.
for (int i = chain.length - 1; i >= 0; i-- )
{
if (keyStore.getCertificateAlias(chain[i]) != null)
{
trusted = true;
break;
}
}
}
catch( Exception e )
{
System.out.println( "isChainTrusted Exception: "
+ e.toString() );
trusted = false;
}
return trusted;
}
}
}
分享到:
发表评论
-
JLDAP/async
2012-12-06 00:09 1028import com.novell.ldap.*; im ... -
JLDAP/SSL
2012-12-06 00:03 1505引用:http://www.novell.com/docume ... -
配置OPENLDAP使用KERBEROS验证
2012-10-26 20:41 1013http://www.cnblogs.com/Poseidon ... -
LDAP SSL
2012-10-07 13:54 800引用:http://www.experts-exchange. ... -
Work with SSL/LDAP Using Java
2012-10-07 13:49 1033引用http://www.devx.com/tips/Tip/ ...
相关推荐
.net 中为 SSL/TLS 安全通道建立信任关系 在 .NET 中,建立 SSL/TLS 安全通道时,需要建立信任关系,以确保数据的安全传输。在本文中,我们将讨论如何在 .NET 中建立 SSL/TLS 安全通道的信任关系,并解决常见的调试...
**基于SSL/TLS协议的FTP客户端和服务器端** 在当今的网络环境中,数据安全尤为重要,尤其是在文件传输过程中。FTP(File Transfer Protocol)虽然方便,但其明文传输的特性使得数据容易被窃取或篡改。为了解决这个...
Windows Server 合规漏洞修复,修复Windows Server CVE-2016-2183 SSL/TLS协议信息泄露漏洞修复脚本,基于Windows PowerShell, 兼容Windows Server 2016/2019,防止Sweet32 生日攻击
解决 SSL/TLS协议信息泄露漏洞(CVE-2016-2183) ps1 文件
SSL(Secure Sockets Layer)和TLS(Transport Layer Security)是网络安全传输层的重要协议,它们为网络通信提供了加密处理,确保了数据在网络中的安全传输。 本示例代码着重展示了如何在Netty中集成SSL/TLS,以...
Java提供的SSL(Secure Sockets Layer)和TLS(Transport Layer Security)协议是确保数据安全的重要工具。本篇将深入探讨如何使用Java实现SSL/TLS双向认证,以及涉及到的相关工具和步骤。 首先,让我们理解什么是...
根据提供的文件信息,可以看出这是一本关于实现SSL/TLS协议的书籍,使用密码学和公钥基础设施(PKI)作为实现手段。下面将详细介绍与这个主题相关的关键知识点。 SSL(安全套接字层)和TLS(传输层安全性)是两种...
SSL/TLS(Secure Socket Layer/Transport Layer Security)安全协议是互联网上用于保护数据传输的协议标准,它为网络通信提供加密处理,确保数据在传输过程中不被窃取或篡改。该协议广泛应用于Web浏览器和其他需要...
SSL/TLS(Secure Sockets Layer/Transport Layer Security)是网络安全领域中的重要协议,主要用于保障互联网通信的安全性。在Android平台上,SSL/TLS被广泛应用于移动应用程序中,以确保用户数据的隐私和完整性。本...
SSL(Secure Sockets Layer)和TLS(Transport Layer Security)是网络安全协议,用于在互联网上提供安全通信。它们确保了在客户端(如浏览器)和服务器之间传输的数据是加密的,保护了用户的隐私和数据完整性,防止...
ESP8266 MQTT SSL/TLS 阿里物联网套件 百度天工 Onenet等MQTT服务器固件详解 ESP8266是一款低功耗、高性能的Wi-Fi微控制器,常用于IoT(物联网)应用。在这个场景中,我们关注的是ESP8266如何通过MQTT协议安全地...
《XEP-0035: SSL/TLS Integration》是XMPP(Extensible Messaging and Presence Protocol)标准框架下关于SSL/TLS整合的一份文档。该文档由Robert Norris撰写,并于2003年11月5日发布,但随后在同一天被撤销,因为其...
8. **TLS/SSL的安全挑战**:如BEAST、CRIME、POODLE等攻击方法,以及对弱加密套件的利用,都是SSL/TLS协议面临的安全威胁。 9. **证书管理**:了解如何获取、安装和管理SSL/TLS证书,以及处理证书过期、吊销等问题...
**IISCrypto:SSL/TLS协议安全配置工具** IISCrypto 是一款专为Windows服务器(如Windows 2008、2012、2016)设计的实用工具,用于解决SSL(Secure Sockets Layer)和TLS(Transport Layer Security)协议的安全...
### 理解 SSL/TLS:安全加密与网络信任 #### 一、SSL/TLS 是什么? SSL(Secure Sockets Layer)与 TLS(Transport Layer Security)是两种用于保护互联网通信安全的技术标准。这两种协议主要用于在客户端(如...
根据提供的文件信息,我们可以深入探讨以下几个关键的知识点:SSL/TLS协议的作用与实施、加密技术在SSL/TLS中的应用以及公钥基础设施(PKI)如何支撑整个安全通信过程。 ### 1. SSL/TLS协议的基本概念及作用 **SSL...
标题 "c++ smpt发送邮件类 ssl/tls" 涉及的是在C++编程环境中使用SMTP(Simple Mail Transfer Protocol)协议并通过SSL/TLS(Secure Socket Layer/Transport Layer Security)加密来发送电子邮件的知识。SMTP是...
本资源包含一个 openssl 工具安装包 Win32OpenSSL-1_1_0c.exe,一个 tomcat 进行配置 ssl 证书、完全 TLS v1.2、完全正向加密的 server.xml、startup.bat 配置文件。关于tomcat 进行配置 ssl 证书、完全 TLS v1.2、...