[QFJ-821] Quickfix/J Server should validate SSL client certificates Created: 29/Dec/14  Updated: 13/Dec/16  Resolved: 26/Dec/15

Status: Closed
Project: QuickFIX/J
Component/s: Engine
Affects Version/s: 1.5.2
Fix Version/s: 1.6.3

Type: Improvement Priority: Major
Reporter: harnit Assignee: Marcin L
Resolution: Fixed Votes: 1
Labels: None
Environment:

O/S: Windows 8
Java: JDK 1.8.0_25

Issue Links:
Duplicate
is duplicated by QFJ-256 SSLContextFactory doesn't support cus... Closed

 Description   

In quickfix.mina.acceptor.AbstractSocketAcceptor we have sslFilter.setUseClientMode(false);

What we found is this means that the Quickfix/J server never validates the client certificates.

Can we please provide a configuration for this to enable needClientAuth?

 Comments   
Comment by harnit [ 29/Dec/14 ]

Sorry can not edit the above comment. Just read the SSLFilter javadoc, setUseClientMode(false) seems correct
What we are missing is a flag to enable the needClientAuth on the sslFilter to enable client certificate authentication

Is there any work planned for this?

Comment by Christoph John [ 30/Dec/14 ]

I have edited the issue description. No, currently there are no plans to implement it.

Comment by AE [ 06/Jul/15 ]

Hi Christoph, I am wondering if there have been any changes on this? I think there is value in allowing a quickfixj acceptor to authenticate the client connecting to it. Thanks.

Comment by Christoph John [ 07/Jul/15 ]

Hi, I do not doubt that this would be sensible but at the moment I have very little time to work on this and there are still some pull requests open to be merged. Best thing would be if someone submitted a pull request for this.

Comment by Marcin L [ 09/Dec/15 ]

https://github.com/quickfix-j/quickfixj/pull/49

Contains fixes for QFJ-838 and QFJ-854 as well as I wanted to execute full test suite.

Comment by Christoph John [ 19/Dec/15 ]

Great, thanks. Just merged.

Comment by Marcin [ 14/Jan/16 ]

Hello,

I can not build jar from current GITHUB source of quickfixj.

here is the "SSL" error in the output of mvn package:
====================================
Failed tests:
SSLCertificateTest.shouldFailWhenUsingEmptyServerTrustore:434 No SSL exception thrown
AcceptanceTestSuite$AcceptanceTest.run:80 message timeout: expected=

{34=2, 56=TW, 35=5, 58=Incorrect BeginString, 49=ISLD, 8=FIX.4.2, 9=74, 52=00000000-00:00:00.000, 10=0}

Tests in error:
SessionTest.testLogonIsFirstMessageOnAcceptor:490->setupFileStoreForQFJ357:814 » FileNotFound
SessionTest.testLogonLogoutOnAcceptor:536->setupFileStoreForQFJ357:814 » FileNotFound
SessionTest.testLogonOutsideSessionTimeIsRejected:767->setupFileStoreForQFJ357:814 » FileNotFound
SessionTest.testStartOfInitiatorInsideOfSessionTime:713->setupFileStoreForQFJ357:814 » FileNotFound
SessionTest.testStartOfInitiatorOutsideOfSessionTime:632->setupFileStoreForQFJ357:814 » FileNotFound
SleepycatStoreTest>AbstractMessageStoreTest.setUp:43 » Runtime java.io.IOExcep...
SleepycatStoreTest>AbstractMessageStoreTest.setUp:43 » Runtime java.io.IOExcep...
SleepycatStoreTest>AbstractMessageStoreTest.setUp:43 » Runtime java.io.IOExcep...
SleepycatStoreTest>AbstractMessageStoreTest.setUp:43 » Runtime java.io.IOExcep...
SleepycatStoreTest>AbstractMessageStoreTest.setUp:43 » Runtime java.io.IOExcep...

Tests run: 1333, Failures: 2, Errors: 10, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] QuickFIX/J Parent ................................. SUCCESS [0.493s]
[INFO] QuickFIX/J Code Generator Maven Plugin ............ SUCCESS [3:13.298s]
[INFO] QuickFIX/J Dictionary Generator ................... SUCCESS [9.434s]
[INFO] QuickFIX/J Core engine ............................ FAILURE [14:54.135s]
[INFO] QuickFIX/J Message classes for various FIX specs .. SKIPPED
[INFO] QuickFIX/J Message classes for FIX 4.0 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 4.1 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 4.2 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 4.3 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 4.4 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 5.0 ............ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 5.0 SP1 ........ SKIPPED
[INFO] QuickFIX/J Message classes for FIX 5.0 SP2 ........ SKIPPED
[INFO] QuickFIX/J Message classes for FIXT 1.1 ........... SKIPPED
[INFO] QuickFIX/J Message classes for all FIX specs ...... SKIPPED
[INFO] QuickFIX/J Examples ............................... SKIPPED
[INFO] QuickFIX/J Examples - Executor .................... SKIPPED
[INFO] QuickFIX/J Examples - Order Match ................. SKIPPED
[INFO] QuickFIX/J Examples - Banzai ...................... SKIPPED
[INFO] QuickFIX/J All runtime modules .................... SKIPPED
[INFO] QuickFIX/J Distribution ........................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 20:18.896s
[INFO] Finished at: Wed Jan 13 22:55:57 GST 2016
[INFO] Final Memory: 18M/340M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.19:test (default-test) on project quickfixj-core: There are test failures.
[ERROR]

Comment by Christoph John [ 14/Jan/16 ]

From what I can see in the lines where it is failing is that it tries to create files in the temporary directory. Do you have write access there?

But actually this belongs onto the quickfixj-users group: https://lists.sourceforge.net/lists/listinfo/quickfixj-users

Thanks

Generated at Wed May 08 02:54:11 UTC 2024 using JIRA 7.5.2#75007-sha1:9f5725bb824792b3230a5d8716f0c13e296a3cae.