Re: NIO+SSL How retrieve the SSL session certificate?

Mon, 27 Aug 2012 10:31:54 -0700 

Francesco,

This is a bug and you should create a jira issue for this so that it can get 
fixed.

--Claudio



>________________________________
> From: Francesco Romano <francesco.rom...@abodata.com>
>To: users@activemq.apache.org 
>Sent: Monday, August 27, 2012 2:40 AM
>Subject: Re: NIO+SSL How retrieve the SSL session certificate?
> 
>Nobody can help me?
>
>Francesco
>
>On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
>
>> Hi everybody.
>> 
>> In order to mitigate the number of threads created by ActiveMQ, I'm trying 
>> to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
>> I'm having an issue with the secure version of nio: in my authentication 
>> plugin I cannot get the certificate associated with the ssl session (it 
>> worked in the old ssl version).
>> 
>> This is the old code in the authentication plugin:
>> 
>> public void addConnection(ConnectionContext context, ConnectionInfo info) 
>>             throws Exception {      
>> 
>>         ....
>> 
>>         X509Certificate[] certChain = 
>> (X509Certificate[])info.getTransportContext();
>> 
>> Now, with nio+ssl certChain is null.
>> I looked in the sources and in the SSLTransport java class there are these 
>> two functions:
>> 
>> public void doConsume(Object command) {
>>        // The instanceof can be avoided, but that would require modifying the
>>        // Command clas tree and that would require too much effort right
>>        // now.
>>        if (command instanceof ConnectionInfo) {
>>            ConnectionInfo connectionInfo = (ConnectionInfo)command;
>>            connectionInfo.setTransportContext(getPeerCertificates());
>>        } 
>>        super.doConsume(command);
>>    }
>> 
>>    /**
>>     * @return peer certificate chain associated with the ssl socket
>>     */
>>    public X509Certificate[] getPeerCertificates() {
>>        
>>        SSLSocket sslSocket = (SSLSocket)this.socket;
>> 
>>        SSLSession sslSession = sslSocket.getSession();
>> 
>>        X509Certificate[] clientCertChain;
>>        try {
>>            clientCertChain = 
>>(X509Certificate[])sslSession.getPeerCertificates();
>>        } catch (SSLPeerUnverifiedException e) {
>>            clientCertChain = null;
>>        }
>>        
>>        return clientCertChain;
>>    }
>> 
>> In the new NIOSSLTransport there is nothing about the certificates.
>> I tried to add the old code, but obviously it does not work (the sslSession 
>> has not certificates)..
>> 
>> How can I solve this problem?
>> 
>> Thank you
>> Francesco Romano
>
>
>
>

Reply via email to