OF-926 Clients can't authenticate using LDAP SSL

Reverting some changes made with PR #239. by enabling the custom socket factory. Added the use of Comparator per http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling for connection pooling

OF-926 Clients can't authenticate using LDAP SSL
Reverting some changes made with PR #239. by enabling the custom socket factory. Added the use of Comparator per http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling for connection pooling
fc55e87b · speedy01 · 91c8f856 · fc55e87b · fc55e87b
Commit fc55e87b authored Nov 06, 2015 by speedy01
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 10 deletions

LdapManager.java src/java/org/jivesoftware/openfire/ldap/LdapManager.java +3 -0

SimpleSSLSocketFactory.java src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java +15 -10

No files found.
--- a/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
+++ b/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
@@ -495,6 +495,7 @@ public class LdapManager {
        // SSL
        if (sslEnabled) {
+            env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
            env.put(Context.SECURITY_PROTOCOL, "ssl");
        }
@@ -629,6 +630,7 @@ public class LdapManager {
            env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
            env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
            if (sslEnabled) {
+                env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
                env.put(Context.SECURITY_PROTOCOL, "ssl");
            }
@@ -733,6 +735,7 @@ public class LdapManager {
                    env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
                    env.put(Context.PROVIDER_URL, getProviderURL(alternateBaseDN));
                    if (sslEnabled) {
+                        env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
                        env.put(Context.SECURITY_PROTOCOL, "ssl");
                    }

--- a/src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
+++ b/src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
@@ -20,6 +20,14 @@
 package org.jivesoftware.util;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.Socket;
@@ -29,15 +37,7 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
+import java.util.Comparator;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 /**
 * SSLSocketFactory that accepts any certificate chain and also accepts expired
@@ -45,7 +45,7 @@ import org.slf4j.LoggerFactory;
 *
 * @author Matt Tucker
 */
-public class SimpleSSLSocketFactory extends SSLSocketFactory {
+public class SimpleSSLSocketFactory extends SSLSocketFactory implements Comparator<Object> {
 	private static final Logger Log = LoggerFactory.getLogger(SimpleSSLSocketFactory.class);
@@ -123,6 +123,11 @@ public class SimpleSSLSocketFactory extends SSLSocketFactory {
        return factory.getSupportedCipherSuites();
    }
+    //Workaround for ssl pooling when using a custom ssl factory
+    @Override
+    public int compare(Object o1, Object o2) {
+        return o1.toString().compareTo(o2.toString());
+    }
    private static class DummyTrustManager implements X509TrustManager {
        public boolean isClientTrusted(X509Certificate[] cert) {