You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2016/03/08 22:27:56 UTC
svn commit: r1734159 - in /qpid/trunk/qpid/cpp/src/qpid:
client/SslConnector.cpp sys/ssl/SslSocket.cpp sys/ssl/SslSocket.h
Author: gsim
Date: Tue Mar 8 21:27:56 2016
New Revision: 1734159
URL: http://svn.apache.org/viewvc?rev=1734159&view=rev
Log:
QPID-7130: [PATCH 1/5] qpid::messaging::Connection::getAuthenticatedUsername()
now returns certificate nickname as authenticated username instead of dummy
hardcoded string when using SSL authentication.
Patch from Domen Vrankar <do...@halcom.si>
Modified:
qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h
Modified: qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/client/SslConnector.cpp Tue Mar 8 21:27:56 2016
@@ -421,7 +421,7 @@ void SslConnector::disconnected(AsynchIO
const SecuritySettings* SslConnector::getSecuritySettings()
{
securitySettings.ssf = socket.getKeyLen();
- securitySettings.authid = "dummy";//set to non-empty string to enable external authentication
+ securitySettings.authid = socket.getLocalAuthId();
return &securitySettings;
}
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp Tue Mar 8 21:27:56 2016
@@ -79,6 +79,43 @@ std::string getDomainFromSubject(std::st
}
return domain;
}
+
+struct LocalCertificateGetter
+{
+ LocalCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {}
+ CERTCertificate* operator()() const {return SSL_LocalCertificate(socket);}
+ PRFileDesc* socket;
+};
+struct PeerCertificateGetter
+{
+ PeerCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {}
+ CERTCertificate* operator()() const {return SSL_PeerCertificate(socket);}
+ PRFileDesc* socket;
+};
+template<typename CertificateGetter>
+std::string getAuthId(CertificateGetter certificateGetter)
+{
+ std::string authId;
+ CERTCertificate* cert = certificateGetter();
+ if (cert) {
+ char *cn = CERT_GetCommonName(&(cert->subject));
+ if (cn) {
+ authId = std::string(cn);
+ /*
+ * The NSS function CERT_GetDomainComponentName only returns
+ * the last component of the domain name, so we have to parse
+ * the subject manually to extract the full domain.
+ */
+ std::string domain = getDomainFromSubject(cert->subjectName);
+ if (!domain.empty()) {
+ authId += DOMAIN_SEPARATOR;
+ authId += domain;
+ }
+ }
+ CERT_DestroyCertificate(cert);
+ }
+ return authId;
+}
}
SslSocket::SslSocket(const std::string& certName, bool clientAuth) :
@@ -361,26 +398,12 @@ int SslSocket::getKeyLen() const
std::string SslSocket::getClientAuthId() const
{
- std::string authId;
- CERTCertificate* cert = SSL_PeerCertificate(nssSocket);
- if (cert) {
- char *cn = CERT_GetCommonName(&(cert->subject));
- if (cn) {
- authId = std::string(cn);
- /*
- * The NSS function CERT_GetDomainComponentName only returns
- * the last component of the domain name, so we have to parse
- * the subject manually to extract the full domain.
- */
- std::string domain = getDomainFromSubject(cert->subjectName);
- if (!domain.empty()) {
- authId += DOMAIN_SEPARATOR;
- authId += domain;
- }
- }
- CERT_DestroyCertificate(cert);
- }
- return authId;
+ return getAuthId(PeerCertificateGetter(nssSocket));
+}
+
+std::string SslSocket::getLocalAuthId() const
+{
+ return getAuthId(LocalCertificateGetter(nssSocket));
}
}}} // namespace qpid::sys::ssl
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h?rev=1734159&r1=1734158&r2=1734159&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.h Tue Mar 8 21:27:56 2016
@@ -68,6 +68,7 @@ public:
int getKeyLen() const;
std::string getClientAuthId() const;
+ std::string getLocalAuthId() const;
protected:
mutable PRFileDesc* nssSocket;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org