[jacorb-developer] Exracting certificates from an established Session
Alka Nand
alka.nand at gmail.com
Thu Apr 4 05:53:51 CEST 2013
We recently migrated from Orbix to jacORB. Our application is a Secure
application using SSL.
I have everything working well except I have one big issue. In addition to
SSL certificate validation during SSL Session establishment we also need to
validate the certificates for Revokation with an OCSP Server. In order to
do that I need to get the Certificates from the newly created SSL Session.
Can some one PLEASE point me to a way of doing that? Below is the code I
was using in Orbix.
In JACORB I get an error saying SecurityLevel2 is not implemented.
I have overloaded the SSLSessionListener and can get the certificates by
implementing the SessionCreated() method. However, I can not break the
SSLconnection in case of an error. This method does not have any return
value nor does it throw any exceptions. Actually, this method gets called
on a sperate thread so there is no guarantee that certifactes saved from
within this method will be available at the end of the narrow method.
Desperately need some help please.
In Orbix
// Security aware code. Call get_target_credentials
System.out.println("Calling get_target_credentials to find the
server's id");
org.omg.SecurityLevel2.SecurityManager security_manager;
X509Cert[] returned_certs = new X509Cert[]{};
try {
security_manager =
(org.omg.SecurityLevel2.SecurityManager)_myORB.resolve_initial_references("SecurityManager");
TargetCredentials server_credentials =
security_manager.get_target_credentials(neSessionFactory);
// From the target's CORBA credentials, we could obtain the
server's certificate DN
// Howevever, the following code shows how to obtain the actual
certificate chain
// which is converted to a java.security.cert.X509Certificate object
// from which information on the certificate can be obtained.
TLSTargetCredentials tls_server_credentials =
TLSTargetCredentialsHelper.narrow(server_credentials);
returned_certs = tls_server_credentials.get_x509_cert_chain();
} catch (InvalidName e1)
{
//Should never happen
e1.printStackTrace();
}
Thanks so much in advance.
--
alka
More information about the jacorb-developer
mailing list