红帽全球峰会90.10. 配置 SSL
您只需要创建自定义套接字工厂并在 InitialDirContext bean 中引用它,如下例所示。
SSL 配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">
<sslContextParameters xmlns="http://camel.apache.org/schema/spring" id="sslContextParameters" >
<keyManagers keyPassword="{{keystore.pwd}}">
<keyStore resource="{{keystore.url}}" password="{{keystore.pwd}}"/>
</keyManagers>
</sslContextParameters>
<bean id="customSocketFactory" class="com.example.ldap.CustomSocketFactory">
<constructor-arg index="0" ref="sslContextParameters"/>
</bean>
<bean id="ldapserver" class="javax.naming.directory.InitialDirContext" scope="prototype">
<constructor-arg>
<props>
<prop key="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</prop>
<prop key="java.naming.provider.url">ldaps://127.0.0.1:10636</prop>
<prop key="java.naming.security.protocol">ssl</prop>
<prop key="java.naming.security.authentication">none</prop>
<prop key="java.naming.ldap.factory.socket">com.example.ldap.CustomSocketFactory</prop>
</props>
</constructor-arg>
</bean>
</beans>
自定义插槽工厂
package com.example.ldap;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.camel.support.jsse.SSLContextParameters;
/**
* The CustomSocketFactory. Loads the KeyStore and creates an instance of SSLSocketFactory
*/
public class CustomSocketFactory extends SSLSocketFactory {
private static SSLSocketFactory socketFactory;
/**
* Called by the getDefault() method.
*/
public CustomSocketFactory() {
}
/**
* Called by Spring Boot DI to initialize an instance of SocketFactory
*/
public CustomSocketFactory(SSLContextParameters sslContextParameters) {
try {
KeyStore keyStore = sslContextParameters.getKeyManagers().getKeyStore().createKeyStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
socketFactory = ctx.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace(System.err);
}
}
/**
* Getter for the SocketFactory
*/
public static SocketFactory getDefault() {
return new CustomSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return socketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return socketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException {
return socketFactory.createSocket(socket, string, i, bln);
}
@Override
public Socket createSocket(String string, int i) throws IOException {
return socketFactory.createSocket(string, i);
}
@Override
public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException {
return socketFactory.createSocket(string, i, ia, i1);
}
@Override
public Socket createSocket(InetAddress ia, int i) throws IOException {
return socketFactory.createSocket(ia, i);
}
@Override
public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException {
return socketFactory.createSocket(ia, i, ia1, i1);
}
}
