Chapter 7 Using SSL in ActiveX Clients
The CtsSecurity.SSLSession and CtsSecurity.SSLSessionInfo classes allow you to determine whether SSL is used on connections from a proxy to the server, and if so, retrieve the SSL session settings. The code below illustrates the sequence of calls:
... deleted code to set ORB ssl properties, create session, instantiate proxy myComp ... Dim sslSess As CtsSecurity.SSLSession Dim sslSessInfo As CtsSecurity.SSLSessionInfo sslSess = myComp.Narrow_("CtsSecurity/SSLSession") On Error Go To noSSLError Set sslSessInfo = _ sslSess.getSessionInfo.Narrow_( _ "CtsSecurity/SSLSessionInfo") noSSLError: ... an error raised by getSessionInfo most likely means that the proxy does not use SSL ...
You can narrow the proxy for any CORBA object to CtsSecurity/SSLSession to obtain information about the session in which the proxy was created. When narrowing the SSLSession proxy to CTSSecurity/SSLSessionInfo, the proxy server raises an error if the session is not using SSL.
The SSLSessionInfo methods allow you to determine the SSL session properties, such as the server's address, the client certificate in use, the server certificate in use, and so forth. For more information, see the generated Interface Repository documentation for the CtsSecurity::SSLSessionInfo interface.
The Visual Basic fragment below prints a description of the SSL session in which a SesssionManager::Session proxy was created:
Public Function SessionDetails( _ title As String, _ obj As JaguarTypeLibary.Object _ ) Me.Caption = title Call clearOutput output (title & ":" & vbCrLf) Dim sslSess As CtsSecurity.SSLSession Dim sslSessInfo As CtsSecurity.SSLSessionInfo Dim host, port, prop As String Dim inError As Boolean inError = False On Error GoTo errorGetSession Set sslSess = obj.Narrow_("CtsSecurity/SSLSession") Set sslSessInfo = sslSess. _ getSessionInfo.Narrow_("CtsSecurity/SSLSessionInfo") On Error GoTo errorGetProperties host = sslSessInfo.getProperty("host") port = sslSessInfo.getProperty("port") output ("Connected to " & host & ":" & port & vbCrLf) prop = sslSessInfo.getProperty("cipherSuite") output ("Negotiated CipherSuite: " & prop & vbCrLf) ' Print the server certificate details On Error GoTo errorGetServerCert Dim cert As CtsSecurity.X509Certificate Set cert = sslSessInfo.getPeerCertificate().Narrow_("CtsSecurity/X509Certificate") output (vbCrLf & "Server certificate info:" & vbCrLf) output (certInfo(cert)) ' Print the client certificate details On Error GoTo errorGetClientCert Set cert = sslSessInfo. getCertificate().Narrow_("CtsSecurity/X509Certificate") output (vbCrLf & "Personal certificate info:" & vbCrLf) output (certInfo(cert))
inError = True ' Fall through error cases
' Error handling code. Labels are in reverse order of the ' On Error activations.
' Code to handle errors when retrieving the client certificate. ' Sessions will not have a client certificate unless mutual ' authentication is used. So, this is not necessarily an error. errorGetClientCert: If Not inError Then inError = True output (vbCrLf & "No personal certificate in use." & vbCrLf) End If
' Code to handle errors raised when getting the server certificate. ' If a connection uses SSL, it should at least have a server certificate, ' so errors raised are likely due to coding errors. errorGetServerCert: If Not inError Then inError = True output (vbCrLf & "** Error retrieving server certificate properties. **" _ & vbCrLf) End If
' Code for errors raised when retrieving session properties. Any error ' raised is likely due to a coding error. errorGetProperties: If Not inError Then inError = True output ("Error retrieving SSL session properties." & vbCrLf) End If
' Code for errors raised when retrieving the session information. ' Errors here most likely mean that the connection does not use SSL. errorGetSession: If Not inError Then inError = True output ("SSL not used on this connection.") End If ' All error handlers must fall through to here. Me.Show End Function
The previous example calls the following function to print a description of an SSL certificate represented in a CtsSecurity::X509Certificate instance:
Private Function certInfo( _ cert As CtsSecurity.X509Certificate _ ) As String Dim description As String Dim prop As String description = "" prop = cert.getSubjectDN() description = description _ & " Subject name: " & prop & vbCrLf prop = cert.getIssuerDN() description = description _ & " Issuer name: " & prop & vbCrLf description = description _ & " Not valid before: " & Format(cert.getNotBefore()) & vbCrLf description = description _ & " Not valid after: " & Format(cert.getNotAfter()) & vbCrLf certInfo = description End Function
Copyright © 2002 Sybase, Inc. All rights reserved. |