On Thu, 2013-05-30 at 15:07 -0400, Sachin Nikumbh wrote:
> Hi Oleg,
>
> Thanks for your reply. I started digging through the Apache async client
> code and have come with a way to access the server certificate immediately
> after the SSL handshake in the verify method of SSLSetupHandler, To achieve
> this, I created my own MySSLLayeringStrategy class that
> extends SSLLayeringStrategy as shows below :
>
> ********************************************************
> class MySSLLayeringStrategy extends SSLLayeringStrategy{
>
> private SSLContext sslContext;
>
> public MySSLLayeringStrategy(SSLContext context){
> super(context);
> this.sslContext = context;
> }
>
> protected void initializeEngine(final SSLEngine engine) {
> super.initializeEngine(engine);
> }
>
> protected void verifySession(final IOSession iosession,
> final SSLSession sslsession) throws SSLException {
> super.verifySession(iosession, sslsession);
> }
>
> public SSLIOSession layer(final IOSession iosession) {
> SSLIOSession ssliosession = new SSLIOSession(iosession,
> SSLMode.CLIENT, this.sslContext,
> new MySSLSetupHandler());
> iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
> return ssliosession;
> }
>
> class MySSLSetupHandler implements SSLSetupHandler {
>
> public void initalize(
> final SSLEngine sslengine) throws SSLException {
> initializeEngine(sslengine);
> }
>
> public void verify(
> final IOSession iosession,
> final SSLSession sslsession) throws SSLException {
>
> verifySession(iosession, sslsession);
>
> // Now that basic hostname verification is done, perform
> extra authorization based on peer DN
> String peerDN = sslsession.getPeerPrincipal().getName();
> if ( !authorizedPeer(peerDN) ){
> throw new RuntimeException("Authorization failed");
> }
> }
> }
> }
> ********************************************************
>
> Now, I am using MySSLLayeringStrategy to create AsyncScheme
>
> ********************************************************
> AsyncScheme scheme = new AsyncScheme( "https", 443, new
> MySSLLayeringStrategy(sslContext) );
> ********************************************************
>
> This seems to be doing the job but the exception thrown in the verify
> method causes the DefaultHttpAsyncClient instance to close abnormally as I
> can see from the exception thrown:
>
Why are throwing a RuntimeException exception for what is clearly an SSL
issue?
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
