You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2016/03/08 22:27:56 UTC

svn commit: r1734159 - in /qpid/trunk/qpid/cpp/src/qpid: client/SslConnector.cpp sys/ssl/SslSocket.cpp sys/ssl/SslSocket.h

Author: gsim
Date: Tue Mar  8 21:27:56 2016
New Revision: 1734159

URL: http://svn.apache.org/viewvc?rev=1734159&view=rev
Log:
QPID-7130: [PATCH 1/5] qpid::messaging::Connection::getAuthenticatedUsername()
 now returns certificate nickname as authenticated username instead of dummy
 hardcoded string when using SSL authentication.

Patch from Domen Vrankar <do...@halcom.si>

Modified:
    qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp
    qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
    qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h

Modified: qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp Tue Mar  8 21:27:56 2016
@@ -421,7 +421,7 @@ void SslConnector::disconnected(AsynchIO
 const SecuritySettings* SslConnector::getSecuritySettings()
 {
     securitySettings.ssf = socket.getKeyLen();
-    securitySettings.authid = "dummy";//set to non-empty string to enable external authentication
+    securitySettings.authid = socket.getLocalAuthId();
     return &securitySettings;
 }
 

Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp Tue Mar  8 21:27:56 2016
@@ -79,6 +79,43 @@ std::string getDomainFromSubject(std::st
     }
     return domain;
 }
+
+struct LocalCertificateGetter
+{
+    LocalCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {}
+    CERTCertificate* operator()() const {return SSL_LocalCertificate(socket);}
+    PRFileDesc* socket;
+};
+struct PeerCertificateGetter
+{
+    PeerCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {}
+    CERTCertificate* operator()() const {return SSL_PeerCertificate(socket);}
+    PRFileDesc* socket;
+};
+template<typename CertificateGetter>
+std::string getAuthId(CertificateGetter certificateGetter)
+{
+    std::string authId;
+    CERTCertificate* cert = certificateGetter();
+    if (cert) {
+        char *cn = CERT_GetCommonName(&(cert->subject));
+        if (cn) {
+            authId = std::string(cn);
+            /*
+             * The NSS function CERT_GetDomainComponentName only returns
+             * the last component of the domain name, so we have to parse
+             * the subject manually to extract the full domain.
+             */
+            std::string domain = getDomainFromSubject(cert->subjectName);
+            if (!domain.empty()) {
+                authId += DOMAIN_SEPARATOR;
+                authId += domain;
+            }
+        }
+        CERT_DestroyCertificate(cert);
+    }
+    return authId;
+}
 }
 
 SslSocket::SslSocket(const std::string& certName, bool clientAuth) :
@@ -361,26 +398,12 @@ int SslSocket::getKeyLen() const
 
 std::string SslSocket::getClientAuthId() const
 {
-    std::string authId;
-    CERTCertificate* cert = SSL_PeerCertificate(nssSocket);
-    if (cert) {
-        char *cn = CERT_GetCommonName(&(cert->subject));
-        if (cn) {
-            authId = std::string(cn);
-            /*
-             * The NSS function CERT_GetDomainComponentName only returns
-             * the last component of the domain name, so we have to parse
-             * the subject manually to extract the full domain.
-             */
-            std::string domain = getDomainFromSubject(cert->subjectName);
-            if (!domain.empty()) {
-                authId += DOMAIN_SEPARATOR;
-                authId += domain;
-            }
-        }
-        CERT_DestroyCertificate(cert);
-    }
-    return authId;
+    return getAuthId(PeerCertificateGetter(nssSocket));
+}
+
+std::string SslSocket::getLocalAuthId() const
+{
+    return getAuthId(LocalCertificateGetter(nssSocket));
 }
 
 }}} // namespace qpid::sys::ssl

Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h Tue Mar  8 21:27:56 2016
@@ -68,6 +68,7 @@ public:
 
     int getKeyLen() const;
     std::string getClientAuthId() const;
+    std::string getLocalAuthId() const;
 
 protected:
     mutable PRFileDesc* nssSocket;



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org