Re: [Quickfixj-users] SSL handshake callback and socket handle access

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks Chris. Yes, this is for the acceptor. The goal is to obtain the
client certificate subject dn as early as possible and verify that it is
authorized, killing the connection if not. I'll dig further into the MINA
session to see if I can get a handle to the socket.

On Tue, Aug 27, 2019 at 3:25 PM Christoph John <chr...@ma...>
wrote:

> Hi,
>
> I did not understand if you want to do this from client code or do you
> want to extend the acceptor?
> IMHO you can only get access to that lowlevel information using
> reflection. QFJ uses MINA for SSL communication and does not get notified
> if the handshake is completed.
> If I am not mistaken you can get access to the MINA SslSession via a
> session attribute.
> For an example see here:
>
> https://github.com/quickfix-j/quickfixj/blob/bab477e0959b7ab7338b6a37f20749bb0f0478c3/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L470
>
> I hope I did not misunderstand your question.
>
> Cheers,
> Chris.
>
>
> On 27.08.19 19:30, Aaron Bedra wrote:
>
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hello,
>
> I've been digging through the source code for acceptors to figure out how
> to get a handle to the underlying socket as connections are established. I
> have two things I would like to do with that handle. In my case I am using
> SSL with client certificate authentication. All of that is working properly
> with the basic configuration options.
>
> 1) Add a handshake completed listener. The basic structure looks like
>
> ((SSLSocket) socket).addHandshakeCompletedListener(handshakeCompletedEvent
> -> {
>             try {
>                 X509Certificate cert =
> (X509Certificate)handshakeCompletedEvent.getPeerCertificates()[0];
>                 System.out.println(cert.getSubjectDN().getName());
>             } catch (SSLPeerUnverifiedException e) {
>                 e.printStackTrace();
>             }
>         });
>
> Ultimately there are some things I would like to extract from the client
> certificate in order to authorize a connection and potentially kill it once
> the certificate is available.
>
> 2) Extract a handle to the connection so it can be terminated. There may
> be a reason to disable connections belonging to a session and I would like
> to be able to wire up a mechanism to do that through the broader management
> components of the platform.
>
>
> _______________________________________________
> Quickfixj-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
>
> --
> Christoph John
> Software Engineering
> T +49 241 557...@ma...
>
> MACD GmbH
> Oppenhoffallee 103
> 52066 Aachen, Germanywww.macd.com
>
> Amtsgericht Aachen: HRB 8151
> Ust.-Id: DE 813021663
> Geschäftsführer: George Macdonald
>
>