Hello Alexey,
the code is in the attachment.
It is working without the Client Authentication (so if
SSLReadFilter.setNeedClientAuth(false) set), but I"d like to have the
clients Principal.
thank you,
alaska
http://www.nabble.com/file/p25133655/GrizzlySSL-clientAuth.zip
GrizzlySSL-clientAuth.zip
Oleksiy Stashok wrote:
>
> Hi,
>
> can you pls. send the sources, I'll try to reproduce the issue and see
> if I can help there.
>
> Thanks.
>
> WBR,
> Alexey.
>
> On Aug 25, 2009, at 12:30 , Alaska wrote:
>
>>
>> Hello!
>>
>> My goal is to implement the SSL Layer that is able to get the Client
>> authentication.
>> The client certificate is stored in the browser.
>>
>> Do you have any ideas why it is not working?
>>
>> I get the following error message:
>>
>>
>> Aug 25, 2009 12:20:11 PM com.sun.grizzly.Controller start
>> INFO: Starting Grizzly Framework 1.9.18-M1 - Tue Aug 25 12:20:11
>> CEST 2009
>> SSLFilter isNeedClientAuth true
>> Aug 25, 2009 12:20:17 PM com.sun.grizzly.DefaultProtocolChain
>> executeProtocolFilter
>> SEVERE: ProtocolChain exception
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> at
>> com
>> .sun
>> .net
>> .ssl
>> .internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:
>> 352)
>>
>> thank you,
>> alaska
>> ++++++++++++++++++++++++++++
>>
>> the SSLReadFilter is doing:
>>
>>
>> public class SSLFilter extends SSLReadFilter {
>>
>> public static Logger logger =
>> Logger.getLogger(SSLFilter.class.getName());
>>
>> public SSLFilter() {
>> super();
>>
>> }
>> public boolean execute(Context context) throws IOException {
>>
>> SSLSession session;
>>
>> this.setClientMode(false);
>> this.setNeedClientAuth(true);
>>
>> super.execute(context);
>>
>> say("isNeedClientAUth " + this.isNeedClientAuth());
>>
>> WorkerThread workerThread = (WorkerThread)
>> Thread.currentThread();
>> SelectionKey selectionKey = context.getSelectionKey();
>> SSLEngine sslEngine = workerThread.getSSLEngine();
>>
>> session = sslEngine.getSession();
>>
>> say("sslengine host " + sslEngine.getPeerHost());
>> say("port " + sslEngine.getPeerPort());
>> say("need auth? " + sslEngine.getNeedClientAuth());
>>
>>
>> X509Certificate[] cert = (X509Certificate[])
>> session.getPeerCertificates();
>>
>> Principal subject = cert[0].getSubjectDN();
>>
>> return true;
>> }
>> postexecute(){
>> ...
>> }
>> }
>> --
>> View this message in context:
>> http://www.nabble.com/Client-authentication-via-SSL-tp25131956p25131956.html
>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
>
>
--
View this message in context: http://www.nabble.com/Client-authentication-via-SSL-tp25131956p25133655.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.