Chapter 21 Using SSL in ActiveX Clients
The CtsSecurity.SSLSession and CtsSecurity.SSLSessionInfo classes allow you to determine whether SSL is used on connections from a proxy to the server, and if so, retrieve the SSL session settings. The code below illustrates the sequence of calls:
... deleted code to set ORB ssl properties,
create session, instantiate proxy myComp ...
Dim sslSess As CtsSecurity.SSLSession
Dim sslSessInfo As CtsSecurity.SSLSessionInfo
sslSess = myComp.Narrow_("CtsSecurity/SSLSession")
On Error Go To noSSLError
Set sslSessInfo = _
sslSess.getSessionInfo.Narrow_( _
"CtsSecurity/SSLSessionInfo")
noSSLError:
... an error raised by getSessionInfo most likely
means that the proxy does not use SSL ...
You can narrow the proxy for any CORBA object to CtsSecurity/SSLSession to obtain information about the session in which the proxy was created. When narrowing the SSLSession proxy to CTSSecurity/SSLSessionInfo, the proxy server raises an error if the session is not using SSL.
The SSLSessionInfo methods allow you to determine the SSL session properties, such as the server's address, the client certificate in use, the server certificate in use, and so forth. For more information, see the generated Interface Repository documentation for the CtsSecurity::SSLSessionInfo interface.
The Visual Basic fragment below prints a description of the SSL session in which a SesssionManager::Session proxy was created:
Public Function SessionDetails( _
title As String, _
obj As JaguarTypeLibary.Object _
)
Me.Caption = title
Call clearOutput
output (title & ":" & vbCrLf)
Dim sslSess As CtsSecurity.SSLSession
Dim sslSessInfo As CtsSecurity.SSLSessionInfo
Dim host, port, prop As String
Dim inError As Boolean
inError = False
On Error GoTo errorGetSession
Set sslSess = obj.Narrow_("CtsSecurity/SSLSession")
Set sslSessInfo = sslSess. _
getSessionInfo.Narrow_("CtsSecurity/SSLSessionInfo")
On Error GoTo errorGetProperties
host = sslSessInfo.getProperty("host")
port = sslSessInfo.getProperty("port")
output ("Connected to " & host & ":" & port & vbCrLf)
prop = sslSessInfo.getProperty("cipherSuite")
output ("Negotiated CipherSuite: " & prop & vbCrLf)
' Print the server certificate details
On Error GoTo errorGetServerCert
Dim cert As CtsSecurity.X509Certificate
Set cert = sslSessInfo.getPeerCertificate().Narrow_("CtsSecurity/X509Certificate")
output (vbCrLf & "Server certificate info:" & vbCrLf)
output (certInfo(cert))
' Print the client certificate details
On Error GoTo errorGetClientCert
Set cert = sslSessInfo.
getCertificate().Narrow_("CtsSecurity/X509Certificate")
output (vbCrLf & "Personal certificate info:" & vbCrLf)
output (certInfo(cert))
inError = True ' Fall through error cases
' Error handling code. Labels are in reverse order of the
' On Error activations.
' Code to handle errors when retrieving the client certificate.
' Sessions will not have a client certificate unless mutual
' authentication is used. So, this is not necessarily an error.
errorGetClientCert:
If Not inError Then
inError = True
output (vbCrLf & "No personal certificate in use." & vbCrLf)
End If
' Code to handle errors raised when getting the server certificate.
' If a connection uses SSL, it should at least have a server certificate,
' so errors raised are likely due to coding errors.
errorGetServerCert:
If Not inError Then
inError = True
output (vbCrLf & "** Error retrieving server certificate properties. **" _
& vbCrLf)
End If
' Code for errors raised when retrieving session properties. Any error
' raised is likely due to a coding error.
errorGetProperties:
If Not inError Then
inError = True
output ("Error retrieving SSL session properties." & vbCrLf)
End If
' Code for errors raised when retrieving the session information.
' Errors here most likely mean that the connection does not use SSL.
errorGetSession:
If Not inError Then
inError = True
output ("SSL not used on this connection.")
End If
' All error handlers must fall through to here.
Me.Show
End Function
The example above calls the following function to print a description of an SSL certificate represented in a CtsSecurity::X509Certificate instance:
Private Function certInfo( _
cert As CtsSecurity.X509Certificate _
) As String Dim description As String
Dim prop As String
description = ""
prop = cert.getSubjectDN()
description = description _
& " Subject name: " & prop & vbCrLf
prop = cert.getIssuerDN()
description = description _
& " Issuer name: " & prop & vbCrLf
description = description _
& " Not valid before: " & Format(cert.getNotBefore()) & vbCrLf
description = description _
& " Not valid after: " & Format(cert.getNotAfter()) & vbCrLf
certInfo = description
End Function
| Copyright © 2000 Sybase, Inc. All rights reserved. |
| |