Menu
▾
▴
Re: [Quickfixj-users] SSL handshake callback and socket handle access
|
From: Christoph J. <chr...@ma...> - 2019-09-02 13:05:48
|
Or could maybe this method be extended: https://github.com/quickfix-j/quickfixj/blob/bab477e0959b7ab7338b6a37f20749bb0f0478c3/quickfixj-core/src/main/java/quickfix/mina/ssl/X509TrustManagerWrapper.java#L58 Cheers, Chris. On 29.08.19 19:09, Christoph John wrote: > Maybe this helps a little: > https://stackoverflow.com/questions/6813929/how-to-get-the-principal-after-a-successful-ssl-handshake-using-mina > > I cannot access the code currently but IIRC you could do something with a custom TrustManager. But > do not remember exactly > > Cheers > Chris > > Am 29. August 2019 16:41:59 MESZ schrieb Aaron Bedra <aar...@gm...>: > > Thanks Chris. Yes, this is for the acceptor. The goal is to obtain the client certificate > subject dn as early as possible and verify that it is authorized, killing the connection if > not. I'll dig further into the MINA session to see if I can get a handle to the socket. > > On Tue, Aug 27, 2019 at 3:25 PM Christoph John <chr...@ma... > <mailto:chr...@ma...>> wrote: > > Hi, > > I did not understand if you want to do this from client code or do you want to extend the > acceptor? > IMHO you can only get access to that lowlevel information using reflection. QFJ uses MINA > for SSL communication and does not get notified if the handshake is completed. > If I am not mistaken you can get access to the MINA SslSession via a session attribute. > For an example see here: > https://github.com/quickfix-j/quickfixj/blob/bab477e0959b7ab7338b6a37f20749bb0f0478c3/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L470 > > I hope I did not misunderstand your question. > > Cheers, > Chris. > > > On 27.08.19 19:30, Aaron Bedra wrote: >> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/ >> QuickFIX/J Support:http://www.quickfixj.org/support/ >> >> >> >> Hello, >> >> I've been digging through the source code for acceptors to figure out how to get a handle >> to the underlying socket as connections are established. I have two things I would like >> to do with that handle. In my case I am using SSL with client certificate authentication. >> All of that is working properly with the basic configuration options. >> >> 1) Add a handshake completed listener. The basic structure looks like >> >> ((SSLSocket) socket).addHandshakeCompletedListener(handshakeCompletedEvent -> { >> try { >> X509Certificate cert = >> (X509Certificate)handshakeCompletedEvent.getPeerCertificates()[0]; >> System.out.println(cert.getSubjectDN().getName()); >> } catch (SSLPeerUnverifiedException e) { >> e.printStackTrace(); >> } >> }); >> >> Ultimately there are some things I would like to extract from the client certificate in >> order to authorize a connection and potentially kill it once the certificate is available. >> >> 2) Extract a handle to the connection so it can be terminated. There may be a reason to >> disable connections belonging to a session and I would like to be able to wire up a >> mechanism to do that through the broader management components of the platform. >> >> >> _______________________________________________ >> Quickfixj-users mailing list >> Qui...@li... <mailto:Qui...@li...> >> https://lists.sourceforge.net/lists/listinfo/quickfixj-users > > -- > Christoph John > Software Engineering > T +49 241 557080-28 > chr...@ma... <mailto:chr...@ma...> > > MACD GmbH > Oppenhoffallee 103 > 52066 Aachen, Germany > www.macd.com <http://www.macd.com> > > Amtsgericht Aachen: HRB 8151 > Ust.-Id: DE 813021663 > Geschäftsführer: George Macdonald > -- Christoph John Software Engineering T +49 241 557080-28 chr...@ma... MACD GmbH Oppenhoffallee 103 52066 Aachen, Germany www.macd.com Amtsgericht Aachen: HRB 8151 Ust.-Id: DE 813021663 Geschäftsführer: George Macdonald |
