I"ve 3 ProtocolChainFilters:
protocolChain.addFilter(readFilter);
protocolChain.addFilter(asciiCommandParser);
protocolChain.addFilter(genericProtocolFilter);
the readFilter is the SSLFilter, the asciiCommandParser invokes the
HttpStreamReader that implements ProtocolParser<HttpRequest> (where I have
isExpectingMoreData, hasMoreBytesToParse, releaseBuffer, hasNextMessage,
getNextMessage and startBuffer).
and I have the genericProtocolFilter that processes the request.
If I implement the stuff with the SSLEngine+Certificates (that you posted
below) in the genericProtocolFilter it doesn't work (I don"t still know
why), but if I put it into the SSLFilter (extends SSLReadFilter) it works...
Thank you,
alaska
Oleksiy Stashok wrote:
>
> Hmm, not sure I understand the difference :)
> The same code doesn't work with regular SSLReadFilter?
> I mean this one:
>
>> sslEngine = ((WorkerThread)
>> Thread.currentThread()).getSSLEngine();
>> session = sslEngine.getSession();
>>
>> say("certificates " + session.getLocalCertificates());
>> say("certificates 0 " + session.getLocalCertificates()[0]);
>> say("principal " + session.getLocalPrincipal());
>>
>> X509Certificate[] cert = (X509Certificate[])
>> session.getLocalCertificates();
>>
>> Principal subject = cert[0].getSubjectDN();
>>
>> say("cert[0].getSubjectDN() " + subject);
>
> ?
>
> Thanks.
>
> WBR,
> Alexey.
>
>
> On Aug 20, 2009, at 17:28 , Alaska wrote:
>
>>
>> Hello Alexey,
>>
>> hier is my SSLFilter.
>> I used the code from the link and modificated for my issue:
>> http://osdir.com/ml/java.grizzly.user/2008-07/msg00211.html
>>
>> best regards,
>> alaska
>> +++++++++++++++++++++++++++=
>>
>>
>> package GrizzlySSL;
>>
>>
>> import java.security.Principal;
>> import com.sun.grizzly.Context;
>> import com.sun.grizzly.SSLSelectorHandler;
>> import com.sun.grizzly.filter.SSLReadFilter;
>> import com.sun.grizzly.util.WorkerThread;
>> //import org.apache.log4j.Logger;
>>
>> import javax.net.ssl.SSLEngine;
>> import javax.net.ssl.SSLSession;
>> import java.io.IOException;
>> import java.nio.channels.SelectionKey;
>> import java.nio.channels.SocketChannel;
>> import java.security.cert.X509Certificate;
>> import java.util.logging.Logger;
>>
>> public class SSLFilter extends SSLReadFilter {
>>
>> public static Logger logger =
>> Logger.getLogger(SSLFilter.class.getName());
>>
>> public SSLFilter() {
>> super();
>>
>> }
>>
>> public boolean execute(Context context) throws IOException {
>> WorkerThread workerThread = (WorkerThread)
>> Thread.currentThread();
>> SelectionKey selectionKey = context.getSelectionKey();
>> SSLEngine sslEngine = workerThread.getSSLEngine();
>> SSLSession session;
>>
>>
>> super.execute(context);
>> sslEngine = workerThread.getSSLEngine();
>> session = sslEngine.getSession();
>>
>> Object obj =
>> session.getValue(ClientConnectionHandler.class.getName());
>> ClientConnectionHandler handler;
>> if (obj == null || !(obj instanceof ClientConnectionHandler)) {
>>
>> SSLSelectorHandler selectorHandler = (SSLSelectorHandler)
>> context.getSelectorHandler();
>> handler = new ClientConnectionHandler(selectorHandler,
>> selectionKey, (SocketChannel) selectionKey.channel(), sslEngine);
>> session.putValue(ClientConnectionHandler.class.getName(),
>> handler);
>>
>> } else {
>> handler = (ClientConnectionHandler) obj;
>> }
>>
>> sslEngine = ((WorkerThread)
>> Thread.currentThread()).getSSLEngine();
>> session = sslEngine.getSession();
>>
>> say("certificates " + session.getLocalCertificates());
>> say("certificates 0 " + session.getLocalCertificates()[0]);
>> say("principal " + session.getLocalPrincipal());
>>
>> X509Certificate[] cert = (X509Certificate[])
>> session.getLocalCertificates();
>>
>> Principal subject = cert[0].getSubjectDN();
>>
>> say("cert[0].getSubjectDN() " + subject);
>>
>> return true;
>>
>> }
>>
>> private void say(String string) {
>> // logger.info(string);
>> System.out.println("SSLFilter "+string);
>> }
>> }
>> ++++++++++++++++++++++++++++++++++++++++++++++
>>
>>
>>
>>
>> Oleksiy Stashok wrote:
>>>
>>> Hi Alaska,
>>>
>>> you must share how you did that :))))
>>> What is the diff with regular SSLReadFilter?
>>>
>>> Thanks.
>>>
>>> WBR,
>>> Alexey.
>>>
>>> On Aug 20, 2009, at 16:45 , Alaska wrote:
>>>
>>>>
>>>> Hello Alexey,
>>>>
>>>> it seems to work now!
>>>> I made an own SSLFilter (extends SSLReadFilter) from where I can get
>>>> the
>>>> SSLEngine + Principals.
>>>> Thank you very much for your support!
>>>>
>>>> best regards,
>>>> alaska
>>>>
>>>>
>>>>
>>>>
>>>> Alaska wrote:
>>>>>
>>>>> Hello Alexey,
>>>>>
>>>>> i"ve just checked it up, the flag is set...
>>>>> however the error occurs...
>>>>>
>>>>> thank you,
>>>>> alaska
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Oleksiy Stashok wrote:
>>>>>>
>>>>>> Hi Alaska,
>>>>>>
>>>>>> I'm not big security expert :)
>>>>>> Just guess, you need to set flag, that you require client
>>>>>> authentication.
>>>>>> sslReadFilter.setNeedClientAuth(true);
>>>>>>
>>>>>> WBR,
>>>>>> Alexey.
>>>>>>
>>>>>>
>>>>>> On Aug 20, 2009, at 13:00 , Alaska wrote:
>>>>>>
>>>>>>>
>>>>>>> Hello Alexey,
>>>>>>>
>>>>>>> How can I get the principal from the client certificate?
>>>>>>> i tried something like:
>>>>>>>
>>>>>>> SSLEngine engine = ((WorkerThread)
>>>>>>> Thread.currentThread()).getSSLEngine();
>>>>>>>
>>>>>>> SSLSession session = engine.getSession();
>>>>>>>
>>>>>>> session.getPeerPrincipal();
>>>>>>>
>>>>>>> and I get the error:
>>>>>>>
>>>>>>>
>>>>>>> run:
>>>>>>> truststore file has been set
>>>>>>> keystoreUrl file has been set
>>>>>>> Aug 20, 2009 12:56:39 PM com.sun.grizzly.Controller start
>>>>>>> INFO: Starting Grizzly Framework 1.9.18-M1 - Thu Aug 20 12:56:39
>>>>>>> CEST 2009
>>>>>>> startBuffer
>>>>>>> startBuffer
>>>>>>> request GET / HTTP/1.1
>>>>>>> Host: localhost:1080
>>>>>>>
>>>>>>> Aug 20, 2009 12:56:45 PM com.sun.grizzly.DefaultProtocolChain
>>>>>>> executeProtocolFilter
>>>>>>> SEVERE: ProtocolChain exception
>>>>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>>>>> postExecute RequestControllerFilter
>>>>>>> at
>>>>>>> com
>>>>>>> .sun
>>>>>>> .net
>>>>>>> .ssl
>>>>>>> .internal
>>>>>>> .ssl.SSLSessionImpl.getPeerPrincipal(SSLSessionImpl.java:
>>>>>>> 471)
>>>>>>>
>>>>>>> Thank you!
>>>>>>> best regards,
>>>>>>> alaska
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25059961.html
>>>>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25063517.html
>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25064108.html
>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
>
>
--
View this message in context: http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25065135.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.