Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to connect to open LDAP over 256 bit using both JNDI API and JSSE API

843811Jan 20 2010 — edited Feb 4 2010
I am really struggling in creating a connection to openLDAP with java using SSLSocketFactory and only selecting 256 bit AES encryption cipher suites.

Following is the code I am using:
****************************************************************************************************************************************

package demo;

import java.io.;
import java.util.Hashtable;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.naming.;
import javax.naming.directory.;
import javax.naming.ldap.;
import java.security.;
import javax.net.ssl.;

class SslSocketExample {

public static void main(String[] args) {

String patternString = "AES.256";
Pattern pattern = Pattern.compile(patternString);
Matcher matcher;
boolean matchFound;

// Set up environment for creating initial context
Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.STATE_FACTORIES, "PersonStateFactory");
env.put(Context.OBJECT_FACTORIES, "PersonObjectFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:636/dc=my-domain,dc=com");
//env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");


// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");

// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"cn=manager,dc=my-domain,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "secret");


// this is to use the SSL Socket Factory
env.put("java.naming.ldap.factory.socket",SSLSocketFactory.class.getName());

// Specify the search filter to match all users with no full name
String filter = "(&(objectClass=Person))";

// limit returned attributes to those we care about
String[] attrIDs = {"cn"};

SearchControls ctls = new SearchControls();

ctls.setReturningAttributes(attrIDs);

ctls.setSearchScope(ctls.SUBTREE_SCOPE);

// Search for objects using filter and controls

try {


// Create initial context
LdapContext ctx = new InitialLdapContext(env, null);
System.out.println("Successfull bind to ");

//this is used previously
//DirContext ctx = new InitialDirContext(env);

// cycle through result set

try{

//trying to use the ssl socket
SSLSocketFactory sslFact =(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket s =(SSLSocket)sslFact.createSocket(args.length == 0 ? "localhost" : args[0], 636);


//Following lines are used to select and enable the 256 bit AES ciphers only on socket
String str[]=s.getSupportedCipherSuites();
int len = str.length;
String set[] = new String[len];

int j=0, k = len-1;
for (int i=0; i < len; i++) {
System.out.println(str);

// Determine if pattern exists in input
matcher = pattern.matcher(str[i]);
matchFound = matcher.find();

if (matchFound)
set[j++] = str[i];
else
set[k--] = str[i];
}

s.setEnabledCipherSuites(set);

str=s.getEnabledCipherSuites();

System.out.println("Available Suites after Set:");
for (int i=0; i < str.length; i++)
System.out.println(str[i]);

System.out.println("socket is connected" s.isConnected());

s.startHandshake();
OutputStream out = s.getOutputStream();

out.write("GET / HTTP/1.0\n\r\n\r".getBytes());
out.flush();
System.out.println("Successfull connection to localhost :636");
NamingEnumeration answer = ctx.search("", filter, ctls);

//this is to get the users from LDAP
while (answer.hasMore())
{
SearchResult sr = (SearchResult)answer.next();
System.out.println(">>>" sr.getAttributes());

}

ctx.close();

}
catch(Exception e)
{System.out.println("error"+e);}

} catch (NamingException e) {
e.printStackTrace();
}
}
}

*****************************************************************************************************************************************

I am receiving the following error:

Thread-0, handling exception: java.net.SocketException: socket closed
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - stronger confidentialityquired]%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032)Thread-0
, SEND TLSv1 ALERT: fatal, at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)dcription = unexpected_message
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
Padded plaintext before ENCRYPTION: len = 18 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:03)
0000: at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)02

Please help us me in providing any JAVA code that can connect to the OpenLDAP over 256 bit SSL encryption.


Sandeep
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 4 2010
Added on Jan 20 2010
#java-secure-socket-extension-jsse
10 comments
873 views