java - WebSocket server get client certificate onOpen -


i have simple serverendpoint running on wildfly 10, configured wss mutual tls, client certificate required. have no problems in connecting endpoint, mutual authentication correctly done, can't access client certificate in onopen method. trying using getuserprincipal(), i'm getting null.

i need client certificate authorization purposes.

import java.io.ioexception; import java.security.principal;  import javax.servlet.http.httpsession; import javax.websocket.endpointconfig; import javax.websocket.onclose; import javax.websocket.onmessage; import javax.websocket.onopen; import javax.websocket.session; import javax.websocket.server.serverendpoint;  @serverendpoint(value = "/test", configurator = gethttpsessionconfigurator.class) public class testwebsocketendpoint {      private session wssession;     private httpsession httpsession;      @onopen     public void onopen(session session, endpointconfig config){         this.wssession = session;         this.httpsession = (httpsession) config.getuserproperties().get(httpsession.class.getname());         principal userprincipal = session.getuserprincipal();         system.out.println(session.getid() + " has opened connection");          try {             session.getbasicremote().sendtext("connection established");         } catch (ioexception ex) {             ex.printstacktrace();         }     }      /**      * when user sends message server, method intercept message      * , allow react it. message read string.      */     @onmessage     public void onmessage(string message, session session){         system.out.println("message " + session.getid() + ": " + message);         try {             session.getbasicremote().sendtext(message);         } catch (ioexception ex) {             ex.printstacktrace();         }     }      /**      * user closes connection.      *       * note: can't send messages client method      */     @onclose     public void onclose(session session){         system.out.println("session " +session.getid()+" has ended");     } }

gethttpsessionconfigurator:

import java.security.principal; import java.util.list; import java.util.map;  import javax.servlet.http.httpsession; import javax.websocket.handshakeresponse; import javax.websocket.server.handshakerequest; import javax.websocket.server.serverendpointconfig;  public class gethttpsessionconfigurator extends serverendpointconfig.configurator {     @override     public void modifyhandshake(serverendpointconfig config,                                  handshakerequest request,                                  handshakeresponse response)     {         httpsession httpsession = (httpsession)request.gethttpsession();         map<string, list<string>> map = request.getparametermap();         principal principal = request.getuserprincipal();         config.getuserproperties().put(httpsession.class.getname(),httpsession);     } }

requestlistener:

import java.security.principal; import java.security.cert.x509certificate;  import javax.servlet.servletrequestevent; import javax.servlet.servletrequestlistener; import javax.servlet.annotation.weblistener; import javax.servlet.http.httpservletrequest;  @weblistener public class requestlistener implements servletrequestlistener {      public void requestdestroyed(servletrequestevent sre) {         // todo auto-generated method stub      }      public void requestinitialized(servletrequestevent sre) {         ((httpservletrequest) sre.getservletrequest()).getsession();         principal p = ((httpservletrequest) sre.getservletrequest()).getuserprincipal();          boolean secure = ((httpservletrequest) sre.getservletrequest()).issecure();         string authtype = ((httpservletrequest) sre.getservletrequest()).getauthtype();          x509certificate[] certs = (x509certificate[]) ((httpservletrequest) sre.getservletrequest()).getattribute("javax.servlet.request.x509certificate");     }  }

the websocket client standalone application using tootallnate/java-websocket , connecting securely:

import java.io.bufferedreader; import java.io.fileinputstream; import java.io.filenotfoundexception; import java.io.ioexception; import java.io.inputstreamreader; import java.net.uri; import java.net.urisyntaxexception; import java.security.keymanagementexception; import java.security.keystore; import java.security.keystoreexception; import java.security.nosuchalgorithmexception; import java.security.securerandom; import java.security.unrecoverablekeyexception; import java.security.cert.certificate; import java.security.cert.certificateexception; import java.util.enumeration;  import javax.net.ssl.keymanager; import javax.net.ssl.keymanagerfactory; import javax.net.ssl.sslcontext; import javax.net.ssl.sslsocketfactory; import javax.net.ssl.trustmanager; import javax.net.ssl.trustmanagerfactory;  import org.apache.commons.logging.log; import org.apache.commons.logging.logfactory; import org.java_websocket.websocketimpl;  public class testclient {      private static final log log = logfactory.getlog(testclient.class);      public static void main(string[] args) throws urisyntaxexception {         websocketimpl.debug = true;          wsraclient wsraclient = new wsraclient(new uri("wss://localhost:8443/testwebsocket-0.0.1-snapshot/test"));          string keystorefile = "keystore.p12";         string keystorepassword = "keystore";          string truststorefile = "truststore.jks";         string truststorepassword = "truststore";           try {             sslcontext ssl = sslcontext.getinstance("tlsv1.2");              log.info("configuring ssl keystore");             keymanagerfactory kmf = keymanagerfactory.getinstance(keymanagerfactory.getdefaultalgorithm());              keystore store = keystore.getinstance(keystore.getdefaulttype());             log.debug("loading keystore");             store.load(new fileinputstream(keystorefile), keystorepassword.tochararray());             log.debug("number of keystore certificates: " + store.size());             enumeration<string> enumeration = store.aliases();             while(enumeration.hasmoreelements()) {                 string alias = enumeration.nextelement();                 log.debug("alias name: " + alias);                 certificate certificate = store.getcertificate(alias);                 log.debug(certificate.tostring());             }             kmf.init(store, keystorepassword.tochararray());             keymanager[] keymanagers = new keymanager[1];             keymanagers = kmf.getkeymanagers();              log.info("configuring ssl truststore");             trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm());             keystore truststore = keystore.getinstance(keystore.getdefaulttype());             log.debug("loading truststore");             truststore.load(new fileinputstream(truststorefile), truststorepassword.tochararray());             log.debug("number of truststore certificates: " + truststore.size());             enumeration = truststore.aliases();             while(enumeration.hasmoreelements()) {                 string alias = (string)enumeration.nextelement();                 log.debug("alias name: " + alias);                 certificate certificate = truststore.getcertificate(alias);                 log.debug(certificate.tostring());             }             tmf.init(truststore);             trustmanager[] trustmanagers = tmf.gettrustmanagers();              ssl.init(keymanagers, trustmanagers, new securerandom());              sslsocketfactory factory = ssl.getsocketfactory();// (sslsocketfactory) sslsocketfactory.getdefault();              wsraclient.setsocket(factory.createsocket());              wsraclient.connectblocking();              bufferedreader reader = new bufferedreader(new inputstreamreader(system.in));             while ( true ) {                 string line = reader.readline();                 if(line.equals("close")) {                     wsraclient.close();                 } else {                     wsraclient.send(line);                 }             }          } catch (nosuchalgorithmexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (keystoreexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (certificateexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (filenotfoundexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (ioexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (unrecoverablekeyexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (keymanagementexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         } catch (interruptedexception e) {             e.printstacktrace();             log.error(e);             system.exit(0);         }      }  }


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more