Re: NIO+SSL How retrieve the SSL session certificate?

Tue, 28 Aug 2012 00:53:53 -0700 

Ok.
I submitted a bug in jira (AMQ-3996): 
https://issues.apache.org/jira/browse/AMQ-3996

Francesco


On Aug 27, 2012, at 7:31 PM, Claudio Corsi wrote:

> Francesco,
> 
> This is a bug and you should create a jira issue for this so that it can get 
> fixed.
> 
> --Claudio
> 
> 
> 
>> ________________________________
>> From: Francesco Romano <francesco.rom...@abodata.com>
>> To: users@activemq.apache.org 
>> Sent: Monday, August 27, 2012 2:40 AM
>> Subject: Re: NIO+SSL How retrieve the SSL session certificate?
>> 
>> Nobody can help me?
>> 
>> Francesco
>> 
>> On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
>> 
>>> Hi everybody.
>>> 
>>> In order to mitigate the number of threads created by ActiveMQ, I'm trying 
>>> to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
>>> I'm having an issue with the secure version of nio: in my authentication 
>>> plugin I cannot get the certificate associated with the ssl session (it 
>>> worked in the old ssl version).
>>> 
>>> This is the old code in the authentication plugin:
>>> 
>>> public void addConnection(ConnectionContext context, ConnectionInfo info) 
>>>             throws Exception {      
>>> 
>>>         ....
>>> 
>>>         X509Certificate[] certChain = 
>>> (X509Certificate[])info.getTransportContext();
>>> 
>>> Now, with nio+ssl certChain is null.
>>> I looked in the sources and in the SSLTransport java class there are these 
>>> two functions:
>>> 
>>> public void doConsume(Object command) {
>>>         // The instanceof can be avoided, but that would require modifying 
>>> the
>>>         // Command clas tree and that would require too much effort right
>>>         // now.
>>>         if (command instanceof ConnectionInfo) {
>>>             ConnectionInfo connectionInfo = (ConnectionInfo)command;
>>>             connectionInfo.setTransportContext(getPeerCertificates());
>>>         } 
>>>         super.doConsume(command);
>>>     }
>>> 
>>>     /**
>>>      * @return peer certificate chain associated with the ssl socket
>>>      */
>>>     public X509Certificate[] getPeerCertificates() {
>>>         
>>>         SSLSocket sslSocket = (SSLSocket)this.socket;
>>> 
>>>         SSLSession sslSession = sslSocket.getSession();
>>> 
>>>         X509Certificate[] clientCertChain;
>>>         try {
>>>             clientCertChain = 
>>> (X509Certificate[])sslSession.getPeerCertificates();
>>>         } catch (SSLPeerUnverifiedException e) {
>>>             clientCertChain = null;
>>>         }
>>>         
>>>         return clientCertChain;
>>>     }
>>> 
>>> In the new NIOSSLTransport there is nothing about the certificates.
>>> I tried to add the old code, but obviously it does not work (the sslSession 
>>> has not certificates)..
>>> 
>>> How can I solve this problem?
>>> 
>>> Thank you
>>> Francesco Romano
>> 
>> 
>>

Reply via email to