Mercurial > hg > openjdk > jdk6 > jdk

changeset 1818:9583b6a8e412

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8200666: Improve LDAP support Reviewed-by: chegar
author rpatil
date Fri, 08 Jun 2018 07:54:59 -0700
parents fd8651a3b753
children 015385190f06
files src/share/classes/com/sun/jndi/ldap/Connection.java
diffstat 1 files changed, 30 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java	Sat Mar 17 14:14:23 2018 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/Connection.java	Fri Jun 08 07:54:59 2018 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,11 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Arrays;
 import sun.misc.IOUtils;
+import sun.security.ssl.SSLSocketImpl;
 //import javax.net.SocketFactory;
 
 /**
@@ -157,6 +160,23 @@
     volatile boolean useable = true;  // is Connection still useable
 
     private int readTimeout;
+    private static final boolean IS_HOSTNAME_VERIFICATION_DISABLED
+            = hostnameVerificationDisabledValue();
+
+    private static boolean hostnameVerificationDisabledValue() {
+        PrivilegedAction<String> act = new PrivilegedAction<String>() {
+            @Override
+            public String run() {
+                return System.getProperty(
+                        "com.sun.jndi.ldap.object.disableEndpointIdentification");
+            }
+        };
+        String prop = AccessController.doPrivileged(act);
+        if (prop == null) {
+            return false;
+        }
+        return prop.isEmpty() ? true : Boolean.parseBoolean(prop);
+    }
 
     // true means v3; false means v2
     // Called in LdapClient.authenticate() (which is synchronized)
@@ -366,6 +386,15 @@
             }
         }
 
+        if (!IS_HOSTNAME_VERIFICATION_DISABLED) {
+            if (socket instanceof SSLSocketImpl) {
+                boolean enabled = ((SSLSocketImpl)socket).trySetHostnameVerification("LDAPS");
+                if (debug) {
+                    System.out.println("Connection: enabling endpoint identification: " + enabled);
+                }
+            }
+        }
+
         return socket;
     }