Menu
▾
▴
Re: [Quickfixj-users] SSL handshake callback and socket handle access
|
From: Christoph J. <chr...@ma...> - 2019-08-29 17:09:37
|
Maybe this helps a little: https://stackoverflow.com/questions/6813929/how-to-get-the-principal-after-a-successful-ssl-handshake-using-mina I cannot access the code currently but IIRC you could do something with a custom TrustManager. But do not remember exactly Cheers Chris Am 29. August 2019 16:41:59 MESZ schrieb Aaron Bedra <aar...@gm...>: >Thanks Chris. Yes, this is for the acceptor. The goal is to obtain the >client certificate subject dn as early as possible and verify that it >is >authorized, killing the connection if not. I'll dig further into the >MINA >session to see if I can get a handle to the socket. > >On Tue, Aug 27, 2019 at 3:25 PM Christoph John ><chr...@ma...> >wrote: > >> Hi, >> >> I did not understand if you want to do this from client code or do >you >> want to extend the acceptor? >> IMHO you can only get access to that lowlevel information using >> reflection. QFJ uses MINA for SSL communication and does not get >notified >> if the handshake is completed. >> If I am not mistaken you can get access to the MINA SslSession via a >> session attribute. >> For an example see here: >> >> >https://github.com/quickfix-j/quickfixj/blob/bab477e0959b7ab7338b6a37f20749bb0f0478c3/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L470 >> >> I hope I did not misunderstand your question. >> >> Cheers, >> Chris. >> >> >> On 27.08.19 19:30, Aaron Bedra wrote: >> >> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ >> QuickFIX/J Support: http://www.quickfixj.org/support/ >> >> >> Hello, >> >> I've been digging through the source code for acceptors to figure out >how >> to get a handle to the underlying socket as connections are >established. I >> have two things I would like to do with that handle. In my case I am >using >> SSL with client certificate authentication. All of that is working >properly >> with the basic configuration options. >> >> 1) Add a handshake completed listener. The basic structure looks like >> >> ((SSLSocket) >socket).addHandshakeCompletedListener(handshakeCompletedEvent >> -> { >> try { >> X509Certificate cert = >> (X509Certificate)handshakeCompletedEvent.getPeerCertificates()[0]; >> System.out.println(cert.getSubjectDN().getName()); >> } catch (SSLPeerUnverifiedException e) { >> e.printStackTrace(); >> } >> }); >> >> Ultimately there are some things I would like to extract from the >client >> certificate in order to authorize a connection and potentially kill >it once >> the certificate is available. >> >> 2) Extract a handle to the connection so it can be terminated. There >may >> be a reason to disable connections belonging to a session and I would >like >> to be able to wire up a mechanism to do that through the broader >management >> components of the platform. >> >> >> _______________________________________________ >> Quickfixj-users mailing >lis...@li...://lists.sourceforge.net/lists/listinfo/quickfixj-users >> >> >> -- >> Christoph John >> Software Engineering >> T +49 241 557...@ma... >> >> MACD GmbH >> Oppenhoffallee 103 >> 52066 Aachen, Germanywww.macd.com >> >> Amtsgericht Aachen: HRB 8151 >> Ust.-Id: DE 813021663 >> Geschäftsführer: George Macdonald >> >> |
