Hello Alexey,
hier is my SSLFilter.
I used the code from the link and modificated to my issue:
http://osdir.com/ml/java.grizzly.user/2008-07/msg00211.html
best regards,
alaska
+++++++++++++++++++++++++++=
package GrizzlySSL;
import java.security.Principal;
import com.sun.grizzly.Context;
import com.sun.grizzly.SSLSelectorHandler;
import com.sun.grizzly.filter.SSLReadFilter;
import com.sun.grizzly.util.WorkerThread;
//import org.apache.log4j.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import java.io.IOException;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
public class SSLFilter extends SSLReadFilter {
public static Logger logger =
Logger.getLogger(SSLFilter.class.getName());
public SSLFilter() {
super();
}
public boolean execute(Context context) throws IOException {
WorkerThread workerThread = (WorkerThread) Thread.currentThread();
SelectionKey selectionKey = context.getSelectionKey();
SSLEngine sslEngine = workerThread.getSSLEngine();
SSLSession session;
super.execute(context);
sslEngine = workerThread.getSSLEngine();
session = sslEngine.getSession();
Object obj =
session.getValue(ClientConnectionHandler.class.getName());
ClientConnectionHandler handler;
if (obj == null || !(obj instanceof ClientConnectionHandler)) {
SSLSelectorHandler selectorHandler = (SSLSelectorHandler)
context.getSelectorHandler();
handler = new ClientConnectionHandler(selectorHandler,
selectionKey, (SocketChannel) selectionKey.channel(), sslEngine);
session.putValue(ClientConnectionHandler.class.getName(),
handler);
} else {
handler = (ClientConnectionHandler) obj;
}
sslEngine = ((WorkerThread) Thread.currentThread()).getSSLEngine();
session = sslEngine.getSession();
say("certificates " + session.getLocalCertificates());
say("certificates 0 " + session.getLocalCertificates()[0]);
say("principal " + session.getLocalPrincipal());
X509Certificate[] cert = (X509Certificate[])
session.getLocalCertificates();
Principal subject = cert[0].getSubjectDN();
say("cert[0].getSubjectDN() " + subject);
return true;
}
private void say(String string) {
// logger.info(string);
System.out.println("SSLFilter "+string);
}
}
++++++++++++++++++++++++++++++++++++++++++++++
Oleksiy Stashok wrote:
>
> Hi Alaska,
>
> you must share how you did that :))))
> What is the diff with regular SSLReadFilter?
>
> Thanks.
>
> WBR,
> Alexey.
>
> On Aug 20, 2009, at 16:45 , Alaska wrote:
>
>>
>> Hello Alexey,
>>
>> it seems to work now!
>> I made an own SSLFilter (extends SSLReadFilter) from where I can get
>> the
>> SSLEngine + Principals.
>> Thank you very much for your support!
>>
>> best regards,
>> alaska
>>
>>
>>
>>
>> Alaska wrote:
>>>
>>> Hello Alexey,
>>>
>>> i"ve just checked it up, the flag is set...
>>> however the error occurs...
>>>
>>> thank you,
>>> alaska
>>>
>>>
>>>
>>>
>>> Oleksiy Stashok wrote:
>>>>
>>>> Hi Alaska,
>>>>
>>>> I'm not big security expert :)
>>>> Just guess, you need to set flag, that you require client
>>>> authentication.
>>>> sslReadFilter.setNeedClientAuth(true);
>>>>
>>>> WBR,
>>>> Alexey.
>>>>
>>>>
>>>> On Aug 20, 2009, at 13:00 , Alaska wrote:
>>>>
>>>>>
>>>>> Hello Alexey,
>>>>>
>>>>> How can I get the principal from the client certificate?
>>>>> i tried something like:
>>>>>
>>>>> SSLEngine engine = ((WorkerThread)
>>>>> Thread.currentThread()).getSSLEngine();
>>>>>
>>>>> SSLSession session = engine.getSession();
>>>>>
>>>>> session.getPeerPrincipal();
>>>>>
>>>>> and I get the error:
>>>>>
>>>>>
>>>>> run:
>>>>> truststore file has been set
>>>>> keystoreUrl file has been set
>>>>> Aug 20, 2009 12:56:39 PM com.sun.grizzly.Controller start
>>>>> INFO: Starting Grizzly Framework 1.9.18-M1 - Thu Aug 20 12:56:39
>>>>> CEST 2009
>>>>> startBuffer
>>>>> startBuffer
>>>>> request GET / HTTP/1.1
>>>>> Host: localhost:1080
>>>>>
>>>>> Aug 20, 2009 12:56:45 PM com.sun.grizzly.DefaultProtocolChain
>>>>> executeProtocolFilter
>>>>> SEVERE: ProtocolChain exception
>>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>>> postExecute RequestControllerFilter
>>>>> at
>>>>> com
>>>>> .sun
>>>>> .net
>>>>> .ssl
>>>>> .internal.ssl.SSLSessionImpl.getPeerPrincipal(SSLSessionImpl.java:
>>>>> 471)
>>>>>
>>>>> Thank you!
>>>>> best regards,
>>>>> alaska
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25059961.html
>>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>>
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25063517.html
>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
>
>
--
View this message in context: http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25064108.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.