directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janusz Nykiel <>
Subject [mina] SSLFilter fires SESSION_SECURED twice
Date Tue, 29 Nov 2005 00:14:37 GMT
I am currently developing a simple instant messaging application (client 
and server AND a webapp, but the role of the webapp is irrelevant to the 
topic). It's basically a toy project. Yesterday I checked out and built 
the latest 0.9 MINA. Looking at the SumUp example, I managed to code a 
simple message-based protocol.

I want the communication to be encrypted. I want clients to authenticate 
with client certificates. I created sample certificates, key- and 
truststores for the server and an example client, added properly 
configured SSLFilters to filter chains and it worked. The problem is, I 
also want to authorize the clients with their certificates (i.e. 
retrieve user ID corresponding to the certificate, without having to 
embed the user ID in, for example, the certificate subject DN field).

The peer (client) certificate chain is stored in a SSLSession object. By 
the time the sessionOpened method of the IoHandler is called, the 
SSLSession does not yet exist. The SSLFilter can fire the 
SESSION_SECURED/SESSION_UNSECURED special messages, so it's possible to 
perform the authorization in the messageReceived method. I set the 
SSLFilter.USE_NOTIFICATION attribute in sessionCreated. Every time, the 
SESSION_SECURED message is fired twice by the SSLFilter, consecutively, 
with very similar stack traces. The SSLSession retrieved with 
sslFilter.getSSLSession(session) - where sslFilter is an instance of the 
filter and session is the IoSession passed to messageReceived - is the 
same for both messages. Technically, you can live with that, but either 
I'm missing something important, or it's a bug :) I checked whether it 
has to to with client authentication being enabled but no, with server 
authentication only the problem still occurs.
Relevant source code fragments:

Server main:

SSLContext ctx = prepareServerSslContext();
SSLFilter filt = new SSLFilter(ctx);
reg.getAcceptor(TransportType.SOCKET).getFilterChain().addLast("ssl", filt);

Client main:

IoConnector conn = new SocketConnector();
SSLFilter filt = new SSLFilter(prepareClientSslContext());
conn.getFilterChain().addLast("ssl", filt);

Server SessionHandler sessionCreated:

	new ProtocolCodecFilter(
		new NetworkProtocolCodecFactory())); // it's my class
session.setAttribute(SSLFilter.USE_NOTIFICATION, true);

Server SessionHandler messageReceived:

if (message == SSLFilter.SESSION_SECURED) {
	SSLSession sslSession = sslFilter.getSSLSession(session); some stuff with sslSession.getPeerCertificates()
	// this code gets executed twice when it shouldn't
else { the normal protocol communication

I'd greatly appreciate an answer. My source already looks ugly and 
having to code around this problem certainly wouldn't help :)

Janusz Nykiel;

View raw message