diff --git a/backend/src/main/java/io/metersphere/ldap/service/CustomSSLSocketFactory.java b/backend/src/main/java/io/metersphere/ldap/service/CustomSSLSocketFactory.java new file mode 100644 index 0000000000..8a25c8c47a --- /dev/null +++ b/backend/src/main/java/io/metersphere/ldap/service/CustomSSLSocketFactory.java @@ -0,0 +1,84 @@ +package io.metersphere.ldap.service; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +public class CustomSSLSocketFactory extends SSLSocketFactory { + private SSLSocketFactory socketFactory; + + public CustomSSLSocketFactory() { + try { + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(null, new TrustManager[]{new DummyTrustmanager()}, new SecureRandom()); + socketFactory = ctx.getSocketFactory(); + } catch (Exception ex) { + ex.printStackTrace(System.err); + } + } + + public static SocketFactory getDefault() { + return new CustomSSLSocketFactory(); + } + + @Override + public String[] getDefaultCipherSuites() { + return socketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return socketFactory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket(Socket socket, String string, int num, boolean bool) throws IOException { + return socketFactory.createSocket(socket, string, num, bool); + } + + @Override + public Socket createSocket(String string, int num) throws IOException, UnknownHostException { + return socketFactory.createSocket(string, num); + } + + @Override + public Socket createSocket(String string, int num, InetAddress netAdd, int i) throws IOException, UnknownHostException { + return socketFactory.createSocket(string, num, netAdd, i); + } + + @Override + public Socket createSocket(InetAddress netAdd, int num) throws IOException { + return socketFactory.createSocket(netAdd, num); + } + + @Override + public Socket createSocket(InetAddress netAdd1, int num, InetAddress netAdd2, int i) throws IOException { + return socketFactory.createSocket(netAdd1, num, netAdd2, i); + } + + + /** + * 证书 + */ + public static class DummyTrustmanager implements X509TrustManager { + public void checkClientTrusted(X509Certificate[] cert, String string) throws CertificateException { + } + + public void checkServerTrusted(X509Certificate[] cert, String string) throws CertificateException { + } + + public X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + } +} \ No newline at end of file diff --git a/backend/src/main/java/io/metersphere/ldap/service/LdapService.java b/backend/src/main/java/io/metersphere/ldap/service/LdapService.java index 03436c179a..60a1ce0145 100644 --- a/backend/src/main/java/io/metersphere/ldap/service/LdapService.java +++ b/backend/src/main/java/io/metersphere/ldap/service/LdapService.java @@ -18,7 +18,6 @@ import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.AbstractContextMapper; import org.springframework.ldap.core.support.DefaultDirObjectFactory; -import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.ldap.query.SearchScope; import org.springframework.stereotype.Service; @@ -147,11 +146,16 @@ public class LdapService { String credentials = EncryptUtils.aesDecrypt(password).toString(); - LdapContextSource sourceLdapCtx = new LdapContextSource(); + SSLLdapContextSource sourceLdapCtx = new SSLLdapContextSource(); sourceLdapCtx.setUrl(url); sourceLdapCtx.setUserDn(dn); sourceLdapCtx.setPassword(credentials); sourceLdapCtx.setDirObjectFactory(DefaultDirObjectFactory.class); + // todo 这里加上strategy 会报错 +// DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy(); +// strategy.setShutdownTlsGracefully(true); +// strategy.setHostnameVerifier((hostname, session) -> true); +// sourceLdapCtx.setAuthenticationStrategy(strategy); sourceLdapCtx.afterPropertiesSet(); LdapTemplate ldapTemplate = new LdapTemplate(sourceLdapCtx); ldapTemplate.setIgnorePartialResultException(true); diff --git a/backend/src/main/java/io/metersphere/ldap/service/SSLLdapContextSource.java b/backend/src/main/java/io/metersphere/ldap/service/SSLLdapContextSource.java new file mode 100644 index 0000000000..05f302d02b --- /dev/null +++ b/backend/src/main/java/io/metersphere/ldap/service/SSLLdapContextSource.java @@ -0,0 +1,16 @@ +package io.metersphere.ldap.service; + +import org.springframework.ldap.core.support.LdapContextSource; + +import javax.naming.Context; +import java.util.Hashtable; + +public class SSLLdapContextSource extends LdapContextSource { + public Hashtable getAnonymousEnv() { + Hashtable anonymousEnv = super.getAnonymousEnv(); + anonymousEnv.put("java.naming.security.protocol", "ssl"); + anonymousEnv.put("java.naming.ldap.factory.socket", CustomSSLSocketFactory.class.getName()); + anonymousEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + return anonymousEnv; + } +} \ No newline at end of file