mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <jfarc...@apache.org>
Subject Re: Getting clients certificates
Date Thu, 11 Jan 2007 19:56:50 GMT
Hi Trustin,

Trustin Lee wrote:
> Hi Niklas,
> 
> On 1/12/07, Niklas Gustavsson <niklas@protocol7.com> wrote:
>> Hi
>>
>> When using MINA with a SSLFilter and client authentication, the client
>> would supply its certificate chain during the handshake. Is there
>> anyway I can retrive these within the MINA API? If using the old IO
>> sockets, you would get them by calling:
>> sslSocket.getSession().getPeerCertificates()
>>
>> I've been looking through the code without finding anything obvious.
> 
> Is there any example code that uses getPeerCertificates() to get some
> hint on *when* to provide the certificates?

For Servlet, the getPeerCertificate() can always be invoked after the 
initial handshake and after/before/inbetween the handling of HTTP POSTed 
bytes. The way you can handle it is by doing something like:

>     /**
>      * Get the peer certificate list by reinitiating a new handshake.
>      * @return Object[] An array of X509Certificate.
>      */
>     protected Object[] doPeerCertificateChain(boolean needClientAuth)
>             throws IOException {
>         Logger logger = SSLSelectorThread.logger();
>         final SSLWorkerThread workerThread =
>                 (SSLWorkerThread)Thread.currentThread();
>         Certificate[] certs=null;
>         try {
>             certs = sslEngine.getSession().getPeerCertificates();
>         } catch( Throwable t ) {
>             if ( logger.isLoggable(Level.FINE))
>                 logger.log(Level.FINE,"Error getting client certs",t);
>         }
> 
>         if (certs == null && needClientAuth){
>             sslEngine.getSession().invalidate();
>             sslEngine.setNeedClientAuth(true);
>             sslEngine.beginHandshake();
> 	      [....]
> 
>             handshake= true;
>             try{
>                 doHandshake(0); // selectNow()
>             [.....]
> 
>             try {
>                 certs = sslEngine.getSession().getPeerCertificates();
>             } catch( Throwable t ) {
>                 if ( logger.isLoggable(Level.FINE))
>                     logger.log(Level.FINE,"Error getting client certs",t);
>                                                                          


-- Jeanfrancois








> 
> Trustin

Mime
View raw message