Hello everyone.
I am working with CXF DOSGi for the first time. The task at the moment is
to build a declarative services component which registeres an endpoint and
an interceptor. The endpoint will run on an 2way SSL enabled connection,
and the interceptor should read the incomming client certificate. SO far I
managed to get an endpoint working through a declarative services endpoint,
and i got one way SSL working (Maybe 2way as well, we will get to that).
Now i am trying to add an interceptor, which should read the incomming
client certificate.
And that is where i fail. The interceptor does not seem to be working. It
does not log anything, neither in the constructor or in the handleMessage
method.
Can someone please take a look and tell my where my mistake is? The
interceptor should be called before the end endpoint methods are invoked,
whenever the REST service is called. But right now i can call the endpoint
methods just fine though SSL, but the interceptor is never called, which
makes it hard for me to know if 2way SSL is currently working or not.
I don't expect 1 and 2way SSL to have anything at all to do with this, but
i am mentioning it because i'm ignorant (Just in case) :)
Versions:
CXF 3.1.6
CXF-DOSGI 1.8.0
My interceptor:
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class CertificateInterceptor extends AbstractPhaseInterceptor {
private static final Logger LOGGER =
LoggerFactory.getLogger(CertificateInterceptor.class);
public CertificateInterceptor() {
super(Phase.RECEIVE);
LOGGER.debug("Starting certificate interceptor");
}
public void handleMessage(Message message) throws Fault {
LOGGER.debug("Handling message: "+message.getId());
TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
.get(TLSSessionInfo.class);
if (tlsSessionInfo != null) {
Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
if (peerCerts != null) {
for (int i = 0; i < peerCerts.length; i++) {
X509Certificate x509certificate = (X509Certificate) peerCerts[i];
LOGGER.info("Retrieved certificate: " +
x509certificate.getSubjectDN().getName() + " pubkey: " +
x509certificate.getPublicKey());
}
}
} else {
LOGGER.info("NO x509certificate");
}
}
}
My endpoint:
@Component(property = {
"service.exported.interfaces=*", "service.exported.configs=org.apache.cxf.rs
",
"org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
"org.apache.cxf.rs.in.interceptors=com.polis.licensing.server.rest.interceptor.CertificateInterceptor"})
public class LicenseServiceEndpoint implements LicenseServiceRest{
public static final String endpoint = "/polis/licenseservice";
private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
ArrayList<>();
private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
ArrayList<>();
...Various endpoint-methods...
@Activate
public void activate(BundleContext context) throws Exception{
registerProvider(context, new CertificateRequestProvider()); //<--- This is
a messagebodyreader/writer. It should be irrelevant for this question
}
@Deactivate
public void deactivate(BundleContext context) throws Exception{
for(int i = readerRefs.size()-1 ; i>=0 ; i--){
readerRefs.get(i).unregister();
readerRefs.remove(i);
}
for(int i = writerRefs.size()-1 ; i>=0 ; i--){
writerRefs.get(i).unregister();
writerRefs.remove(i);
}
}
private <E extends MessageBodyReader & MessageBodyWriter> void
registerProvider(BundleContext context, E provider){
readerRefs.add(context.registerService(MessageBodyReader.class, provider,
null));
writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
null));
}
}
Thank you in advance for your usual helpful demeanor:)
-Martin
