You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@avro.apache.org by "Pritchard, Charles X. -ND" <Ch...@disney.com> on 2013/10/08 20:26:30 UTC
Getting the SSL Client DN
Avro RPC has a nice example of using Netty ChannelPipeline with an SSL handler. Are there any examples of actually pulling data from that interaction?
I'd like to be able to access the client certificate. It seems like this would be somewhere around addRPCPlugin but I just don't quite see how I'd get the client SSL context.
-Charles
Re: Getting the SSL Client DN
Posted by "Pritchard, Charles X. -ND" <Ch...@disney.com>.
Didn't get a reply on this, thought I'd ask again.
Has anyone used a client SSL cert with Avro rpc methods?
Exposing the DN from the client certificate into the environment would be handy.
On Oct 8, 2013, at 11:26 AM, Charles Pritchard <Ch...@disney.com> wrote:
> Avro RPC has a nice example of using Netty ChannelPipeline with an SSL handler. Are there any examples of actually pulling data from that interaction?
>
> I'd like to be able to access the client certificate. It seems like this would be somewhere around addRPCPlugin but I just don't quite see how I'd get the client SSL context.
>
>
> -Charles
Re: Getting the SSL Client DN
Posted by "Dr. Massimiliano Pala" <mp...@datafascia.com>.
Hi Charles,
On Thu, Oct 17, 2013 at 5:28 PM, Pritchard, Charles X. -ND <
Charles.X.Pritchard.-ND@disney.com> wrote:
> No, I haven't setup a local TLS channel.
>
> There's a more complex example here from Flume's use of an avro protocol:
>
> https://github.com/apache/flume/blob/flume-1.5/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
>
> See: AdvancedChannelPipelineFactory
> It's based on the example you were reading.
>
Thanks, I will take a look at that.
Cheers,
Max
Re: Getting the SSL Client DN
Posted by "Pritchard, Charles X. -ND" <Ch...@disney.com>.
No, I haven't setup a local TLS channel.
There's a more complex example here from Flume's use of an avro protocol:
https://github.com/apache/flume/blob/flume-1.5/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
See: AdvancedChannelPipelineFactory
It's based on the example you were reading.
I did see some Netty examples using those methods -- it seems like state somewhere needs to be set around the time that the client certificate is checked.
The flume example pops back over to avro rpc NettyServer with its pipeline factory, but also uses SpecificResponder, and I haven't found a great point in which I might inject data,
as I am trying to add information from the SSL cert into the message being sent over the wire.
-Charles
On Oct 17, 2013, at 2:07 PM, "Dr. Pala" <mp...@datafascia.com>> wrote:
Hi Charles,
I am trying to work on an implementation that uses Netty + TLS - I managed to have my code to set it up and there are several methods you have to override in your implementation for the class that implements the X509TrustManager interface, in particular:
* public void checkClientTrusted(X509Certificate[] certs, String s);
* public void checkServerTrusted(X509Certificate[] certs, String s);
* public X509Certificate[] getAcceptedIssuers();
Is that what you were looking for ?
BTW, did you manage to successfully setup a TLS channel ? I can not find working examples for that. I sent a message to the list this morning about this (with some sample code), but I don't see it in the list, yet (Subject: Re: AVRO and SSL/TLS IPC calls).
Cheers,
Max
On 10/08/2013 02:26 PM, Pritchard, Charles X. -ND wrote:
Avro RPC has a nice example of using Netty ChannelPipeline with an SSL handler. Are there any examples of actually pulling data from that interaction?
I'd like to be able to access the client certificate. It seems like this would be somewhere around addRPCPlugin but I just don't quite see how I'd get the client SSL context.
--
Best Regards,
Dr. Massimiliano Pala
Senior Security Research Scientist
DataFASCIA
Re: Getting the SSL Client DN
Posted by "Dr. Pala" <mp...@datafascia.com>.
Hi Charles,
I am trying to work on an implementation that uses Netty + TLS - I
managed to have my code to set it up and there are several methods you
have to override in your implementation for the class that implements
the X509TrustManager interface, in particular:
* public void checkClientTrusted(X509Certificate[] certs, String s);
* public void checkServerTrusted(X509Certificate[] certs, String s);
* public X509Certificate[] getAcceptedIssuers();
Is that what you were looking for ?
BTW, did you manage to successfully setup a TLS channel ? I can not find
working examples for that. I sent a message to the list this morning
about this (with some sample code), but I don't see it in the list, yet
(Subject: Re: AVRO and SSL/TLS IPC calls).
Cheers,
Max
On 10/08/2013 02:26 PM, Pritchard, Charles X. -ND wrote:
> Avro RPC has a nice example of using Netty ChannelPipeline with an SSL handler. Are there any examples of actually pulling data from that interaction?
>
> I'd like to be able to access the client certificate. It seems like this would be somewhere around addRPCPlugin but I just don't quite see how I'd get the client SSL context.
--
Best Regards,
Dr. Massimiliano Pala
Senior Security Research Scientist
DataFASCIA