Announcement Announcement Module
Collapse
No announcement yet.
TLS Connection and Certificate Handling Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • TLS Connection and Certificate Handling

    To enable TLS connections, use DefaultTlsDirContextAuthenticationStrategy.
    (http://blog.jayway.com/2008/10/27/wh...pring-ldap-13/)

    Ok, that didn't work well for me since I need to manage certificate stuff inside my program.
    So, I wrote my own class implements DirContextAuthenticationStrategy. In two override methods:
    set authenticate props in processContextAfterCreation(...):

    ctx.addToEnvironment(Context.SECURITY_AUTHENTICATI ON, "simple");
    ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDn);
    ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
    ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTO RY, "com.sun.jndi.ldap.LdapCtxFactory");
    ctx.addToEnvironment("java.naming.ldap.factory.soc ket", "MySSLSocketFactory");
    ctx.addToEnvironment(Context.SECURITY_PROTOCOL, "ssl");
    and set env properties in setupEnvironment(...):
    System.setProperty("javax.net.ssl.trustStore", trustStore);
    System.setProperty("javax.net.ssl.keyStore", keyStore);
    System.setProperty("javax.net.ssl.keyStorePassword ", keyStorePassword);

    So that works - if keyStore value is set properly before the call.

    Now, my question comes as what if I don't have the certificate set up before the method gets called -- I know of course, it throws that lovely exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception

    That's exactly what I need to handle: manage the certificate verification dynamically, ie: once the exception is caught, how do I retrieve the certificate info, and say accept, then the program just continue to run! (also store the certificate in my keystore so it won't ask me next time.) Any help is highly appreciated.
    Thanks,
    jb
Working...
X