hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sachin Nikumbh <saniku...@gmail.com>
Subject Re: HTTP async client and accessing server certificate (SSL)
Date Fri, 31 May 2013 16:17:05 GMT
Throwing an SSLException was the right thing to do. Now, everything is
working as expected.

Thanks a lot
Sachin


On Fri, May 31, 2013 at 4:59 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Thu, 2013-05-30 at 15:07 -0400, Sachin Nikumbh wrote:
> > Hi Oleg,
> >
> > Thanks for your reply. I started digging through the Apache async client
> > code and have come with a way to access the server certificate
> immediately
> > after the SSL handshake in the verify method of SSLSetupHandler, To
> achieve
> > this, I created my own MySSLLayeringStrategy class that
> > extends SSLLayeringStrategy as shows below :
> >
> > ********************************************************
> > class MySSLLayeringStrategy extends SSLLayeringStrategy{
> >
> >         private SSLContext sslContext;
> >
> >         public MySSLLayeringStrategy(SSLContext context){
> >             super(context);
> >             this.sslContext = context;
> >         }
> >
> >         protected void initializeEngine(final SSLEngine engine) {
> >             super.initializeEngine(engine);
> >         }
> >
> >         protected void verifySession(final IOSession iosession,
> >                           final SSLSession sslsession) throws
> SSLException {
> >             super.verifySession(iosession, sslsession);
> >         }
> >
> >         public SSLIOSession layer(final IOSession iosession) {
> >             SSLIOSession ssliosession = new SSLIOSession(iosession,
> > SSLMode.CLIENT, this.sslContext,
> >                     new MySSLSetupHandler());
> >             iosession.setAttribute(SSLIOSession.SESSION_KEY,
> ssliosession);
> >             return ssliosession;
> >         }
> >
> >         class MySSLSetupHandler implements SSLSetupHandler {
> >
> >             public void initalize(
> >                     final SSLEngine sslengine) throws SSLException {
> >                 initializeEngine(sslengine);
> >             }
> >
> >             public void verify(
> >                     final IOSession iosession,
> >                     final SSLSession sslsession) throws SSLException {
> >
> >                 verifySession(iosession, sslsession);
> >
> >                 // Now that basic hostname verification is done, perform
> > extra authorization based on peer DN
> >                 String peerDN = sslsession.getPeerPrincipal().getName();
> >                 if ( !authorizedPeer(peerDN) ){
> >                     throw new RuntimeException("Authorization failed");
> >                 }
> >             }
> >         }
> >     }
> > ********************************************************
> >
> > Now, I am using MySSLLayeringStrategy to create AsyncScheme
> >
> > ********************************************************
> > AsyncScheme scheme = new AsyncScheme( "https", 443, new
> > MySSLLayeringStrategy(sslContext) );
> > ********************************************************
> >
> > This seems to be doing the job but the exception thrown in the verify
> > method causes the DefaultHttpAsyncClient instance to close abnormally as
> I
> > can see from the exception thrown:
> >
>
> Why are throwing a RuntimeException exception for what is clearly an SSL
> issue?
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message