diff options
author | Gordon Sim <gsim@apache.org> | 2016-03-08 21:27:56 +0000 |
---|---|---|
committer | Gordon Sim <gsim@apache.org> | 2016-03-08 21:27:56 +0000 |
commit | 3e8743ce7832cd70c330b4def6434a5c91e76e03 (patch) | |
tree | ddc00e9f586e13bafaca3578140db255b5175b48 | |
parent | 2386a3f4ed6131d2bf276ad00a2f524ee350f889 (diff) | |
download | qpid-python-3e8743ce7832cd70c330b4def6434a5c91e76e03.tar.gz |
QPID-7130: [PATCH 1/5] qpid::messaging::Connection::getAuthenticatedUsername()
now returns certificate nickname as authenticated username instead of dummy
hardcoded string when using SSL authentication.
Patch from Domen Vrankar <dome.vrankar@halcom.si>
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1734159 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/client/SslConnector.cpp | 2 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp | 63 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/sys/ssl/SslSocket.h | 1 |
3 files changed, 45 insertions, 21 deletions
diff --git a/qpid/cpp/src/qpid/client/SslConnector.cpp b/qpid/cpp/src/qpid/client/SslConnector.cpp index d5d2433060..aa6020e272 100644 --- a/qpid/cpp/src/qpid/client/SslConnector.cpp +++ b/qpid/cpp/src/qpid/client/SslConnector.cpp @@ -421,7 +421,7 @@ void SslConnector::disconnected(AsynchIO&) { const SecuritySettings* SslConnector::getSecuritySettings() { securitySettings.ssf = socket.getKeyLen(); - securitySettings.authid = "dummy";//set to non-empty string to enable external authentication + securitySettings.authid = socket.getLocalAuthId(); return &securitySettings; } diff --git a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp index 179d7ce1cd..16909f906c 100644 --- a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp +++ b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp @@ -79,6 +79,43 @@ std::string getDomainFromSubject(std::string subject) } return domain; } + +struct LocalCertificateGetter +{ + LocalCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {} + CERTCertificate* operator()() const {return SSL_LocalCertificate(socket);} + PRFileDesc* socket; +}; +struct PeerCertificateGetter +{ + PeerCertificateGetter(PRFileDesc* nssSocket) : socket(nssSocket) {} + CERTCertificate* operator()() const {return SSL_PeerCertificate(socket);} + PRFileDesc* socket; +}; +template<typename CertificateGetter> +std::string getAuthId(CertificateGetter certificateGetter) +{ + std::string authId; + CERTCertificate* cert = certificateGetter(); + if (cert) { + char *cn = CERT_GetCommonName(&(cert->subject)); + if (cn) { + authId = std::string(cn); + /* + * The NSS function CERT_GetDomainComponentName only returns + * the last component of the domain name, so we have to parse + * the subject manually to extract the full domain. + */ + std::string domain = getDomainFromSubject(cert->subjectName); + if (!domain.empty()) { + authId += DOMAIN_SEPARATOR; + authId += domain; + } + } + CERT_DestroyCertificate(cert); + } + return authId; +} } SslSocket::SslSocket(const std::string& certName, bool clientAuth) : @@ -361,26 +398,12 @@ int SslSocket::getKeyLen() const std::string SslSocket::getClientAuthId() const { - std::string authId; - CERTCertificate* cert = SSL_PeerCertificate(nssSocket); - if (cert) { - char *cn = CERT_GetCommonName(&(cert->subject)); - if (cn) { - authId = std::string(cn); - /* - * The NSS function CERT_GetDomainComponentName only returns - * the last component of the domain name, so we have to parse - * the subject manually to extract the full domain. - */ - std::string domain = getDomainFromSubject(cert->subjectName); - if (!domain.empty()) { - authId += DOMAIN_SEPARATOR; - authId += domain; - } - } - CERT_DestroyCertificate(cert); - } - return authId; + return getAuthId(PeerCertificateGetter(nssSocket)); +} + +std::string SslSocket::getLocalAuthId() const +{ + return getAuthId(LocalCertificateGetter(nssSocket)); } }}} // namespace qpid::sys::ssl diff --git a/qpid/cpp/src/qpid/sys/ssl/SslSocket.h b/qpid/cpp/src/qpid/sys/ssl/SslSocket.h index 692a0d3967..a18efdd15a 100644 --- a/qpid/cpp/src/qpid/sys/ssl/SslSocket.h +++ b/qpid/cpp/src/qpid/sys/ssl/SslSocket.h @@ -68,6 +68,7 @@ public: int getKeyLen() const; std::string getClientAuthId() const; + std::string getLocalAuthId() const; protected: mutable PRFileDesc* nssSocket; |