testSSL.jsp
5.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="weaver.general.BaseBean" %>
<%@ page import="weaver.general.Util" %>
<%@ page import="weaver.hrm.HrmUserVarify" %>
<%@ page import="weaver.hrm.User" %>
<%@ page import="weaver.ldap.LdapUtil" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="javax.naming.directory.BasicAttribute" %>
<%@ page import="javax.naming.directory.DirContext" %>
<%@ page import="javax.naming.directory.InitialDirContext" %>
<%@ page import="javax.naming.directory.ModificationItem" %>
<%@ page import="java.util.ArrayList" %>
<%@page import="java.util.Hashtable"%>
<jsp:useBean id="rs" class="weaver.conn.RecordSet" scope="page"/>
<%
User user = HrmUserVarify.getUser(request, response);
if(user==null) {
response.sendRedirect("/notice/noright.jsp") ;
return ;
}
request.setCharacterEncoding("UTF-8");
LdapUtil ldaputil = LdapUtil.getInstance();
String ldapserverurl2 = "";
String ldaparea = "";
String factoryclass = "";
String ldapuser = Util.null2String(request.getParameter("ldapuser"));
String ldappasswd = Util.null2String(request.getParameter("ldappasswd"));
String needSynOrg = "";
String sql = "select * from ldapset";
rs.executeSql(sql);
if(rs.next()) {
needSynOrg = Util.null2String(rs.getString("needSynOrg"));
ldapserverurl2 = Util.null2String(rs.getString("ldapserverurl2"));
ldaparea = Util.null2String(rs.getString("ldaparea"));
factoryclass = Util.null2String(rs.getString("factoryclass"));
//ldapuser = Util.null2String(rs.getString("ldapuser"));
//ldappasswd = Util.null2String(rs.getString("ldappasswd"));
}
String res = "";
String name = "";
String[] ldaparealist = ldaparea.split(",");
String keystorepath = request.getParameter("keystorepath");
String keystorepassword = request.getParameter("keystorepassword");
//String password=new BaseBean().getPropValue("AESpassword", "pwd");
//if(password.equals("")){//缺省加密密码
// password="1";
//}
//ldappasswd=weaver.general.AES.decrypt(ldappasswd,password);
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, factoryclass);
env.put(Context.PROVIDER_URL, ldapserverurl2);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put("com.sun.jndi.ldap.connect.pool", "false");
new BaseBean().writeLog("keystorepath:"+keystorepath);
new BaseBean().writeLog("keystorepassword:"+keystorepassword);
System.clearProperty("javax.net.ssl.trustStore");
System.clearProperty("javax.net.ssl.trustStorePassword");
//System.out.println("javax.net.ssl.trustStore:"+System.getProperty("javax.net.ssl.trustStorePassword"));
//System.out.println("javax.net.ssl.trustStorePassword:"+System.getProperty("javax.net.ssl.trustStorePassword"));
System.setProperty("javax.net.ssl.trustStore", keystorepath);
System.setProperty("javax.net.ssl.trustStorePassword", keystorepassword);
ldapuser = ldaputil.buildPrincipal(ldapuser);//处理账号中的特殊字符
String domain = Util.null2String(ldaparea);
domain = ldaputil.changeStr(domain);
domain = ldaputil.buildDomain(domain);
ArrayList<String> array = new ArrayList<String>();
if("y".equals(needSynOrg)) {
rs.executeSql("select * from ldapsetdetail");
while(rs.next()) {
array.add(rs.getString("subcompanydomain"));
}
} else {
String[] arr_baseDN = Util.TokenizerString2(domain, "|");
for(int j = 0; j < arr_baseDN.length; j++) {
array.add(arr_baseDN[j]);
}
}
String baseDN = "";
InitialDirContext initialContext = null;
for (int i = 0; i < array.size(); i++) {
try {
if(array.get(i) == null || "".equals(array.get(i))) {
continue;
}
if(keystorepassword == null || "".equals(keystorepassword)) {
res = res + "no,";
continue;
}
baseDN = array.get(i).substring(array.get(i).toUpperCase().indexOf("DC"));
baseDN = ldaputil.buildDomain(baseDN);//处理domain中的特殊字符
if(ldapuser.toUpperCase().indexOf("CN=")<0&&ldapuser.toUpperCase().indexOf(",OU=")<0
&&ldapuser.toUpperCase().indexOf(",DC=")<0){ //原来的配置,默认在users组下
env.put(Context.SECURITY_PRINCIPAL, "cn=" + ldapuser + ",cn=users," + baseDN);
name = "cn=" + ldapuser + ",cn=users," + baseDN;
} else{
env.put(Context.SECURITY_PRINCIPAL, ldapuser);
name = ldapuser;
}
env.put(Context.SECURITY_CREDENTIALS, ldappasswd);
initialContext = new InitialDirContext(env);
String newQuotedPassword = "\"" + ldappasswd + "\"";
byte[] pwd;
pwd = newQuotedPassword.getBytes("UTF-16LE");
ModificationItem modificationItem[] = new ModificationItem[1];
modificationItem[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", pwd));
//System.out.println(pwd+"-----userDN:"+name);
initialContext.modifyAttributes(name,modificationItem);
res = res + "ok,";
initialContext.close();
break;
} catch(Exception e) {
if(e.toString().indexOf("timestamp check failed") > -1) {
res = res + "1,";
} else if(e.toString().indexOf("java.security.InvalidAlgorithmParameterException") > -1) {
res = res + "2,";
} else if(e.toString().indexOf("java.security.NoSuchAlgorithmException") > -1) {
res = res + "3,";
} else {
res = res + "no,";
}
try {
if(initialContext != null) {
initialContext.close();
}
} catch(Exception e1) {
e1.printStackTrace();
}
e.printStackTrace();
continue;
}
}
out.print(res);
%>