InitialContext - LDAP properties

Hi All,

I need a clarrification on InitialContext properties:

weblogic.jndi.Environment env = new weblogic.jndi.Environment();
env.setProviderUrl(jndi_url);
System.setProperty("weblogic.StdoutDebugEnabled", rb.getString("Debug.StdoutDebugEnabled"));
InputStream key = new FileInputStream(rb.getString("SSL.KeyStore.Key"));
InputStream cert = new FileInputStream(rb.getString("SSL.KeyStore.Cert"));
env.setSSLClientCertificate(new InputStream[] {key, cert});
env.setSSLClientKeyPassword(rb.getString("SSL.KeyStore.KeyPassword"));
Context ctx = env.getInitialContext();

I am converting above code into vendor neutral(removing weblogic related stuff)

Hashtable props = new Hashtable();
props.put(Context.PROVIDER_URL,jndi_url);
props.put(Context.SECURITY_PRINCIPAL,rb.getString("SSL.KeyStore.Cert")); // ERROR, it's failing here
props.put(Context.SECURITY_CREDENTIALS,rb.getString("SSL.KeyStore.KeyPassword"));
Context ctx = new InitialContext(props);


Here I dont understand one thing, in the first part of the code, they are passing key and cert values in setSSLClientCertificate method, in the second part of code do i need to pass those values to any method ? I did some reading on this, we need to pass user releated information into SECURITY_PRINCIPAL constant. how is it looks like ?

Now my question is, can we reuse Key/Cert or do i need to have entirely new set of code ? Requesting to clarify.

Thanks,
Kumar

You got it wrong. The CONTEXT_SECURITY_PRINCIPAL will be for the user or bind DN and the SECURITY_CREDENTIALS will be for the password to connect to the LDAP. To use SSL as the communication protocol, you just need to set the system properties, e.g.
-Djavax.net.ssl.keyStore=MyKeystoreFile -Djavax.net.ssl.keyStorePassword=mysecret

For more info, you can read this

Hope this helps.

Thanks Freddy, the link you provided not working, could you please send the correct one.
where we need to set the system properties ?

OK. Fixed the link. You can specify it programmatically by using
System.setProperty("javax.net.ssl.keyStore", "keystore.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "password");

Or you can add the java option in the startWebLogic.sh, e.g.
java --Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=password

Freddy,
i think i got you upto some extent, still missing some concept, i read that material, may be becuase of confusion

1)You have specified about .jks file and password, but i need to pass user information aswell, to get the InitialContext object. ultimately i am looking for InitialContext object using SSL.
2)i got 2 more files, CERTIFICATE(.pem) and PRIVATE KEY(.key), do i need them any more.

Could you please clarify.