Skip to content

O
Openfire
Commit 2e04110c authored by daryl herzmann's avatar daryl herzmann
Browse files
Options

Merge pull request #364 from speedy01/ldapconnectionfixes 

Ldapconnectionfixes
parents 91c8f856 6f0eee41
Show whitespace changes
Inline Side-by-side
Showing with 35 additions and 21 deletions
src/java/org/jivesoftware/openfire/ldap/LdapManager.java
View file @ 2e04110c
......@@ -495,6 +495,7 @@ public class LdapManager {
// SSL
if (sslEnabled) {
env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
......@@ -533,7 +534,15 @@ public class LdapManager {
} else {
env.put("com.sun.jndi.ldap.connect.pool", "false");
}
if (connTimeout > 0) {
env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(connTimeout));
} else {
env.put("com.sun.jndi.ldap.connect.timeout", "10000");
}
if (readTimeout > 0) {
env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout));
}
if (followReferrals) {
env.put(Context.REFERRAL, "follow");
}
......@@ -565,7 +574,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */
try {
SSLSession session = tls.negotiate();
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
context.setTlsResponse(tls);
context.setSslSession(session);
......@@ -629,6 +638,7 @@ public class LdapManager {
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
if (sslEnabled) {
env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
......@@ -644,14 +654,14 @@ public class LdapManager {
}
}
// Set only on non SSL since SSL connections break with a timeout.
if (!sslEnabled) {
if (connTimeout > 0) {
env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(connTimeout));
} else {
env.put("com.sun.jndi.ldap.connect.timeout", "10000");
}
}
if (readTimeout > 0) {
env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout));
}
......@@ -684,7 +694,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */
try {
SSLSession session = tls.negotiate();
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
ctx.setTlsResponse(tls);
ctx.setSslSession(session);
......@@ -733,6 +743,7 @@ public class LdapManager {
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, getProviderURL(alternateBaseDN));
if (sslEnabled) {
env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
......@@ -743,11 +754,9 @@ public class LdapManager {
env.put(Context.SECURITY_PRINCIPAL, userDN + "," + alternateBaseDN);
env.put(Context.SECURITY_CREDENTIALS, password);
}
// Specify timeout to be 10 seconds, only on non SSL since SSL connections
// break with a timemout.
if (!sslEnabled) {
env.put("com.sun.jndi.ldap.connect.timeout", "10000");
}
if (ldapDebugEnabled) {
env.put("com.sun.jndi.ldap.trace.ber", System.err);
}
......@@ -776,7 +785,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */
try {
SSLSession session = tls.negotiate();
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
ctx.setTlsResponse(tls);
ctx.setSslSession(session);
......
src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
View file @ 2e04110c
......@@ -20,6 +20,14 @@
package org.jivesoftware.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
......@@ -29,15 +37,7 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Comparator;
/**
* SSLSocketFactory that accepts any certificate chain and also accepts expired
......@@ -45,7 +45,7 @@ import org.slf4j.LoggerFactory;
*
* @author Matt Tucker
*/
public class SimpleSSLSocketFactory extends SSLSocketFactory {
public class SimpleSSLSocketFactory extends SSLSocketFactory implements Comparator<Object> {
private static final Logger Log = LoggerFactory.getLogger(SimpleSSLSocketFactory.class);
......@@ -123,6 +123,11 @@ public class SimpleSSLSocketFactory extends SSLSocketFactory {
return factory.getSupportedCipherSuites();
}
//Workaround for ssl pooling when using a custom ssl factory
@Override
public int compare(Object o1, Object o2) {
return o1.toString().compareTo(o2.toString());
}
private static class DummyTrustManager implements X509TrustManager {
public boolean isClientTrusted(X509Certificate[] cert) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023