I'd like to get the server certificate(s) of the LDAPS server I am
connecting to so I can send an OCSP request off to validate the
certificate(s). This is very easy with https as HttpsUrlConnection has
a method to get the certs (getServerCertificates() ). Is there
anything similar for getting the certs of the LDAPS connection?
The client-authenticated LDAPS connection is set up by setting a bunch
of system and context variables.
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12"); (or PKCS11
for hardware)
System.setProperty("javax.net.ssl.keyStore", <insert path here>);
(NONE for PKCS11 keystoretype)
System.setProperty("javax.net.ssl.trustStore", <insert path here>);
System.setProperty("javax.net.ssl.keyStorePassword", <insert password
here>);
System.setProperty("java.naming.factory.initial",
"com.sun.jndi.ldap.LdapCtxFactory");
Hashtable<String, String> env = new Hashtable<String, String> ();
env.put(Context.PROVIDER_URL, <insert ldap server url>);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.version", "3");
DirContext ctx = new InitialDirContext(env);
I then use the context to talk to the server.
I don't see a way to get the server's credentials (certificate) from
the context through the java API. If anyone has any ideas on this I'd
appreciate the help.
Thanks,
Dave
|
