一、导入证书
cmd运行命令:(管理员权限运行哦)(蓝色的是不可修改的的,其他对应替换就好了)
1、导入命令:
keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -keypass changeit -alias ca_test -file C:\Users\Desktop\证书\ca.cer
"%JAVA_HOME%\jre\lib\security\cacerts" JDK对应下面的证书库路径,用绝对路径我的是报错, ca_test是证书库里面的一个名称随便起只要不冲突就好了。changeit是证书库中该证书对应的密码,可以自己定义,默认就是changeit, C:\Users\Desktop\证书\ca.cer 证书所在的绝对路径
2、查询命令:
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit
3、删除命令:
keytool -delete -alias ca_test -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit
二、代码
代码主要讲工具类的,证书管理器,以及其他的类请到该GitHub下载https://github.com/YH0128/ldap-demo
Util工具类代码:
@Slf4j
public class LdapUtil {
private LdapUtil() {
}
private static final String LDAP_URL = "LDAP://172.162.60.190:389";
private static final String LDAP_SSL_URL = "LDAP://172.162.60.190:636";
private static final String INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
// LDAP访问安全级别:"none","simple","strong"
private static final String SECURITY_AUTHENTICATION = "simple";
// 管理员账号
private static final String SECURITY_PRINCIPAL = "CN=testit,CN=Users,DC=test,DC=com";
// 管理员密码
private static final String SECURITY_CREDENTIALS = "Yh128123";
// 证书管理名称
private static final String SOCKET_FACTORY_KEY = "java.naming.ldap.factory.socket";
// 自定义证书管理器所在路径
private static final String SOCKET_FACTORY_VALUE = "com.ldap.demo.common.MySSLSocketFactory";
// 端点表示
private static final String DISABLE_ENDPOINT_IDENTIFICATION = "com.sun.jndi.ldap.objectdisableEndpointIdentification";
private static final String TRUST_STORE_KEY = "javax.net.ssl.trustStore";
// JDK证书所在位置
private static final String TRUST_STORE_VALUE = "C:\\Program Files\\Java\\jdk1.8.0_211\\jre\\lib\\security\\cacerts";
private static final String TRUST_STORE_PASSWORD_KEY = "javax.net.ssl.trustStorePassword";
private static final String TRUST_STORE_PASSWORD_VALUE = "changeit";
private static final String SECURITY_PROTOCOL = "ssl";
// LDAP的根节点的DC
public static final String ROOT = "DC=test,DC=com";
private static DirContext dirContext = null;
//获取连接
private static DirConte