-1

以下示例代码的含义并不重要,我想问的是如何将“certFileName”作为参数发送到socketFactory,因为我需要使用不同的certFile到不同的endPoint,谢谢

public class LdapConnection
{

    private String host = "1.2.3.4"; //the correct ip...
    private String baseDn = "dc=x,dc=y,dc=com"; //the correct base DN

    private String username = "myUsername";
    private String password = "myPassword";

    private String connectionUrl = null;

    public void connectLdaps() throws Exception
    {
        connectionUrl = "ldaps://" + host + "/" + baseDn;

        System.out.println("Trying to connect to " + connectionUrl + " using LDAPS protocol");

        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put("java.naming.ldap.derefAliases", "finding");
        env.put(Context.PROVIDER_URL, connectionUrl);
        env.put(Context.SECURITY_AUTHENTICATION, "Simple");
        env.put(Context.SECURITY_PRINCIPAL, username);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put("java.naming.ldap.factory.socket", MySocketFactory.class.getName());

        new InitialLdapContext(env, null);

        System.out.println("Connected successfully!");
    }

    public static void main(String[] args) throws Exception
    {
        LdapConnection ldapConnection = new LdapConnection();
        ldapConnection.connectLdaps();
    }

}

public class MySocketFactory extends SocketFactory
{
    private static MySocketFactory instance = null;
    private SSLContext sslContext = null;

    //I want to send this var from outside
    **private static String certFileName = "C:\\certs\\cert_by_hostname.cer";**

    public static SocketFactory getDefault()
    {
        if (instance == null)
        {
            try
            {
                instance = new MySocketFactory();
                instance.initFactory();
            }
            catch (Exception e)
            {
                e.printStackTrace();
                System.out.println("Returning null socket factory");
            }
        }

        return instance;
    }
}

可能是这样的:在“外部”代码中应该怎么做

public class MySocketFactory extends SocketFactory
{
    private MySocketFactory instance = null;
    private SSLContext sslContext = null;

    //I want to send this var from outside
    private String certFileName = null

    public MySocketFactory(String varCert)
    {
       certFileName = varCert;
    }
}

谢谢!

4

2 回答 2

1

您根本不需要编写套接字工厂。请参阅 JSSE 参考指南。只需设置适当的系统属性。

于 2012-03-26T01:47:47.010 回答
0

我不相信有办法从代码外部传递变量。好吧,至少不是以通常的方式。不过,您可以使用解决方法。

不是直接传递变量,而是硬编码certFileName变量以从用户定义的系统属性中读取。然后在代码之外设置用户定义的系统属性。

例如:

你有:
private String certFileName = "C:\\certs\\cert_by_hostname.cer";

相反,请执行以下操作:
private String certFileName = System.getProperty("custom.ldap.cert.file.loc");

现在,您可以在custom.ldap.cert.file.loc代码之外设置属性。

所以,把它们放在一起,你会得到类似的东西。我已在您的代码中的适当位置拨打System.setProperty()电话System.getProperty()

public class LdapConnection
{

    private String host = "1.2.3.4"; //the correct ip...
    private String baseDn = "dc=x,dc=y,dc=com"; //the correct base DN

    private String username = "myUsername";
    private String password = "myPassword";

    private String certFileLocation = "C:\\certs\\cert_by_hostname.cer";

    private String connectionUrl = null;

    public void connectLdaps() throws Exception
    {
        connectionUrl = "ldaps://" + host + "/" + baseDn;

        System.out.println("Trying to connect to " + connectionUrl + " using LDAPS protocol");

        System.setProperty("custom.ldap.cert.file.loc", certFileLocation);

        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put("java.naming.ldap.derefAliases", "finding");
        env.put(Context.PROVIDER_URL, connectionUrl);
        env.put(Context.SECURITY_AUTHENTICATION, "Simple");
        env.put(Context.SECURITY_PRINCIPAL, username);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put("java.naming.ldap.factory.socket", MySocketFactory.class.getName());

        new InitialLdapContext(env, null);

        System.out.println("Connected successfully!");
    }

    public static void main(String[] args) throws Exception
    {
        LdapConnection ldapConnection = new LdapConnection();
        ldapConnection.connectLdaps();
    }

}


public class MySocketFactory extends SocketFactory
{
    private static MySocketFactory instance = null;
    private SSLContext sslContext = null;

    //Now reference the system property here. This system property is set outside.
    private String certFileName = System.getProperty("custom.ldap.cert.file.loc");

    public static SocketFactory getDefault()
    {
        if (instance == null)
        {
            try
            {
                instance = new MySocketFactory();
                instance.initFactory();
            }
            catch (Exception e)
            {
                e.printStackTrace();
                System.out.println("Returning null socket factory");
            }
        }

        return instance;
    }

    private void someMethodThatMakesUseOfTheCertFile()
    {
          //do something with the variable: certFileName
    }
}

一个警告。您必须在调用之前将 System 属性设置为 cert 文件:
new InitialLdapContext(env, null);这非常重要。

请注意,如果您需要不断更改证书文件名或位置,您可以这样做,首先更新系统属性,然后调用: new InitialLdapContext(env, null);. 但是,如果您要连接到不同线程中的不同 LDAP 目录,那么使用 ThreadLocal 变量而不是系统属性可能会更好。概念应该是一样的。

最后,如果您要连接的 LDAP 目录总是已知的,那么您可以预先下载它们的每个公共证书,并将它们全部放在一个信任库中。这样,您的 LDAP 连接只需要读取一个信任库而不是多个单独的证书文件。

使用这种方法,您可以像其他人建议的那样简单地设置适当的内置系统属性。例如:

System.setProperty("javax.net.ssl.trustStore", "/path/to/truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "the truststore password");

如果设置适当的内置系统属性不是您的特定情况的选项,那么上述使用自定义系统属性或 ThreadLocals 的方法也可用于从信任库中读取。

于 2021-09-11T02:36:56.250 回答