Nobody can help me?
Francesco
On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
> Hi everybody.
>
> In order to mitigate the number of threads created by ActiveMQ, I'm trying to
> migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
> I'm having an issue with the secure version of nio: in my authentication
> plugin I cannot get the certificate associated with the ssl session (it
> worked in the old ssl version).
>
> This is the old code in the authentication plugin:
>
> public void addConnection(ConnectionContext context, ConnectionInfo info)
> throws Exception {
>
> ....
>
> X509Certificate[] certChain =
> (X509Certificate[])info.getTransportContext();
>
> Now, with nio+ssl certChain is null.
> I looked in the sources and in the SSLTransport java class there are these
> two functions:
>
> public void doConsume(Object command) {
> // The instanceof can be avoided, but that would require modifying the
> // Command clas tree and that would require too much effort right
> // now.
> if (command instanceof ConnectionInfo) {
> ConnectionInfo connectionInfo = (ConnectionInfo)command;
> connectionInfo.setTransportContext(getPeerCertificates());
> }
> super.doConsume(command);
> }
>
> /**
> * @return peer certificate chain associated with the ssl socket
> */
> public X509Certificate[] getPeerCertificates() {
>
> SSLSocket sslSocket = (SSLSocket)this.socket;
>
> SSLSession sslSession = sslSocket.getSession();
>
> X509Certificate[] clientCertChain;
> try {
> clientCertChain =
> (X509Certificate[])sslSession.getPeerCertificates();
> } catch (SSLPeerUnverifiedException e) {
> clientCertChain = null;
> }
>
> return clientCertChain;
> }
>
> In the new NIOSSLTransport there is nothing about the certificates.
> I tried to add the old code, but obviously it does not work (the sslSession
> has not certificates)..
>
> How can I solve this problem?
>
> Thank you
> Francesco Romano
