Re: Adding a secured() event in the IoHandler

Thu, 05 Apr 2018 03:16:25 -0700 

I always felt such an event was missing.

+1
ᐧ

On Thu, Apr 5, 2018 at 10:04 AM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:

> Hi guys,
>
> as a follow up of a discussion we have had with Jonathan, I would like
> to suggest we add the 'secured()' event in the IoHandler. Th idea is to
> make it simpler for MINA users to be informed when teh TLS handshake has
> been completed.
>
> Currently, one need to add the USE_NOTIFICATION attribute in the session
> before adding the SslFilter in the chain, in order to receive a
> SESSION_SECURED message. This is kind of convoluted solution, which
> requires to check for every received message if it's a SESSION_SECURED
> message in the messageReceived() method.
>
> Having a secured() event would eliminate this attribute, and this
> message, making app implementers life easier.
>
> Typically, in the Apache LDAP API, we implement the startTLS extended
> operation, which allows the caller to setup a secured communication over
> an existing connection. That forces us to write such code :
>
> ...
> ldapSession.setAttribute( SslFilter.USE_NOTIFICATION, Boolean.TRUE );
> ldapSession.setAttribute( "HANDSHAKE_FUTURE", handshakeFuture );
> ldapSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
> ...
>
> (the future is used to be informed when the TLS handshake has been
> completed)
>
> and in order to process the SESSION_SECURED message, we have to do :
>
> public void messageReceived( IoSession session, Object message ) throws
> Exception
> {
>     // Feed the response and store it into the session
>     if ( message instanceof SslFilter.SslFilterMessage )
>     {
>         // This is a SSL message telling if the session has been
> secured or not
>         HandshakeFuture handshakeFuture = ( HandshakeFuture )
> ldapSession.getAttribute( "HANDSHAKE_FUTURE" );
>
>         if ( message == SslFilter.SESSION_SECURED )
>         {
>             // SECURED
>             handshakeFuture.secured();
>         }
>         else
>         {
>             // UNSECURED
>             handshakeFuture.cancel();
>         }
>
>         ldapSession.removeAttribute( "HANDSHAKE_FUTURE" );
>
>         return;
>     }
>
> which is kind of complicated...
>
> wdyt ?
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>


-- 
Jeff MAURY


"Legacy code" often differs from its suggested alternative by actually
working and scaling.
 - Bjarne Stroustrup

http://www.jeffmaury.com
http://riadiscuss.jeffmaury.com
http://www.twitter.com/jeffmaury

Reply via email to