[Freeipa-devel] java & startTLS session closure

Alon Bar-Lev alonbl at redhat.com
Sat Sep 1 23:27:12 UTC 2012 

Hello,

Not sure that it is IPA issue, however this happens to me when using IPA and not other LDAP servers.

I am using the following program, which should work as far as java documentation outlines, and while trying to close the TLS session, the tls.close() function is not returning.

Have someone bump into this?

Using:
fedora 17 repositories.
freeipa-server-2.2.0-1.fc17.x86_64

Regards,
Alon Bar-Lev

---
LDAP1.java
$ javac LDAP1.java && java LDAP1
BEFORE tls.close()
---

import java.io.*;
import java.net.*;
import java.util.*;
import java.security.cert.*;

import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import javax.net.*;
import javax.net.ssl.*;

public class LDAP1 {

	public static SSLSocketFactory createUnsecureSocketFactory(String protocol) {
		// Install the all-trusting trust manager
		try {
			SSLContext sc = SSLContext.getInstance(protocol);
			sc.init(
				null,
				new TrustManager[]{
					new X509TrustManager() {
						public java.security.cert.X509Certificate[] getAcceptedIssuers() {
							return new java.security.cert.X509Certificate[] {};
						}
						public void checkClientTrusted(
							java.security.cert.X509Certificate[] certs, String authType) {
						}
						public void checkServerTrusted(
							java.security.cert.X509Certificate[] certs, String authType) {
						}
					}
				},
				null
			);
			return sc.getSocketFactory();
		}
		catch(Exception e) {
			throw new RuntimeException(e);
		}
	}

	public static void main(String args[]) throws Exception {
		String url = args[0];

		LdapContext ctx = null;
		StartTlsResponse tls = null;

		try {
			Hashtable<String, String> env = new Hashtable<String, String>();
			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
			env.put(Context.PROVIDER_URL, url);

			ctx = new InitialLdapContext(env, null);

			tls = (StartTlsResponse)ctx.extendedOperation(
				new StartTlsRequest()
			);

			SSLSession session = tls.negotiate(
				/*
				 * DEBUG-BEGIN
				 * this is required for debug only
				 * disable certificate validation
				 */
				createUnsecureSocketFactory("TLSv1")
				/* DEBUG-END */
			);
		}
		finally {
System.out.println("BEFORE tls.close()");
			if (tls != null) {
				tls.close();
			}
System.out.println("AFTER tls.close()");
			if (ctx != null) {
				ctx.close();
			}
		}
	}
}

More information about the Freeipa-devel mailing list