Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Would like to get SSLSession from WebSocket on server to examine client certificates #890

Closed
doyledavidson opened this issue May 16, 2019 · 6 comments · Fixed by #893
Closed
Assignees
Milestone

Comments

@doyledavidson
Copy link
Contributor

I am using "TLS Client Certificates" when connecting to my WSS server. Everything works great with my own TrustManager supplied via a SSLContext set to require client authentication.

However i can find no formal mechanism to access the SSLSession from the WebSocket/WebSocketImpl. The WebSocketImpl has a channel which is implemented by the SSLSocketChannel that has an SSLEngine which has a getSession() method. Could you please add methods to expose the SSLSession from which I can get the peer certificates.

Obviously this is valid only for TLS connections.

Thanks for consideration!

Doyle

@marci4
Copy link
Collaborator

marci4 commented May 16, 2019

Hello @doyledavidson,

could you do me the favor and provide an repository with these client certificates working so I can figure out a good way on how to implement your request?

Thank you very much!

Best regards,
Marcel

@doyledavidson
Copy link
Contributor Author

Attached (I hope this works) is a zip with:
Working client and server source code with TLS support classes. Cert and trust key stores (.pkcf12 files) and a Windows batch file to recreate it it needed.
The client and server use the same key store for simplicity of demo.

I will be on vacation for the next week starting tomorrow, so please understand if I don't reply for a while.

Doyle
nate_client_cert.zip.zip

@doyledavidson
Copy link
Contributor Author

To be clear, if you put a break point in the onOpen() method in SimpleServer.java, I want to get to:
(WebSocket)conn->(SSLSocketChannel) channel->(SSLEngine)sslEngine->sess (SSLSession).

So something like a method on WebSocket interface:
SSLSession getSSLSession(); // may return null if not using TLS

Thanks again for consideration!

Doyle

@marci4
Copy link
Collaborator

marci4 commented May 20, 2019

Hello @doyledavidson,

thank you very much for your example.

Please check out #893 with my proposed solution!

Best regards,
Marcel

@doyledavidson
Copy link
Contributor Author

That looks good! I would just change the IllegalArgumentException to IllegalStateException in the getSSLSession() impl.

Thanks for looking into this!

@marci4
Copy link
Collaborator

marci4 commented May 28, 2019

@doyledavidson thank you for taking a look at my proposal. Changed it to IllegalStateException

@marci4 marci4 added this to the Release 1.4.1 milestone Jun 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants