changeset 13240:355822b67ab3

8200666: Improve LDAP support Reviewed-by: chegar
author rpatil
date Fri, 08 Jun 2018 07:54:59 -0700
parents 5bdf60cf3bb7
children 05732fed4902
files src/share/classes/com/sun/jndi/ldap/Connection.java
diffstat 1 files changed, 36 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java	Thu Jun 07 15:00:19 2018 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/Connection.java	Fri Jun 08 07:54:59 2018 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,26 +27,27 @@
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.InterruptedIOException;
-import java.io.IOException;
 import java.io.OutputStream;
-import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.Socket;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Arrays;
+
+import javax.naming.CommunicationException;
+import javax.naming.InterruptedNamingException;
+import javax.naming.NamingException;
+import javax.naming.ServiceUnavailableException;
+import javax.naming.ldap.Control;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 
-import javax.naming.CommunicationException;
-import javax.naming.ServiceUnavailableException;
-import javax.naming.NamingException;
-import javax.naming.InterruptedNamingException;
-
-import javax.naming.ldap.Control;
-
-import java.lang.reflect.Method;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-import java.util.Arrays;
 import sun.misc.IOUtils;
-//import javax.net.SocketFactory;
 
 /**
   * A thread that creates a connection to an LDAP server.
@@ -159,7 +160,18 @@
 
     int readTimeout;
     int connectTimeout;
+    private static final boolean IS_HOSTNAME_VERIFICATION_DISABLED
+            = hostnameVerificationDisabledValue();
 
+    private static boolean hostnameVerificationDisabledValue() {
+        PrivilegedAction<String> act = () -> System.getProperty(
+                "com.sun.jndi.ldap.object.disableEndpointIdentification");
+        String prop = AccessController.doPrivileged(act);
+        if (prop == null) {
+            return false;
+        }
+        return prop.isEmpty() ? true : Boolean.parseBoolean(prop);
+    }
     // true means v3; false means v2
     // Called in LdapClient.authenticate() (which is synchronized)
     // when connection is "quiet" and not shared; no need to synchronize
@@ -368,15 +380,20 @@
         // the SSL handshake following socket connection as part of the timeout.
         // So explicitly set a socket read timeout, trigger the SSL handshake,
         // then reset the timeout.
-        if (connectTimeout > 0 && socket instanceof SSLSocket) {
+        if (socket instanceof SSLSocket) {
             SSLSocket sslSocket = (SSLSocket) socket;
             int socketTimeout = sslSocket.getSoTimeout();
-
-            sslSocket.setSoTimeout(connectTimeout); // reuse full timeout value
+            if (!IS_HOSTNAME_VERIFICATION_DISABLED) {
+                SSLParameters param = sslSocket.getSSLParameters();
+                param.setEndpointIdentificationAlgorithm("LDAPS");
+                sslSocket.setSSLParameters(param);
+            }
+            if (connectTimeout > 0) {
+                sslSocket.setSoTimeout(connectTimeout); // reuse full timeout value
+            }
             sslSocket.startHandshake();
             sslSocket.setSoTimeout(socketTimeout);
         }
-
         return socket;
     }