activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Romano <francesco.rom...@abodata.com>
Subject Re: NIO+SSL How retrieve the SSL session certificate?
Date Mon, 27 Aug 2012 06:40:06 GMT
Nobody can help me?

Francesco

On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:

> Hi everybody.
> 
> In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate
from the "old" tcp and ssl to the new nio and nio+ssl protocols.
> I'm having an issue with the secure version of nio: in my authentication plugin I cannot
get the certificate associated with the ssl session (it worked in the old ssl version).
> 
> This is the old code in the authentication plugin:
> 
> public void addConnection(ConnectionContext context, ConnectionInfo info) 
> 			throws Exception {       
> 
> 		....
> 
> 		X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();
> 
> Now, with nio+ssl certChain is null.
> I looked in the sources and in the SSLTransport java class there are these two functions:
> 
> public void doConsume(Object command) {
>        // The instanceof can be avoided, but that would require modifying the
>        // Command clas tree and that would require too much effort right
>        // now.
>        if (command instanceof ConnectionInfo) {
>            ConnectionInfo connectionInfo = (ConnectionInfo)command;
>            connectionInfo.setTransportContext(getPeerCertificates());
>        } 
>        super.doConsume(command);
>    }
> 
>    /**
>     * @return peer certificate chain associated with the ssl socket
>     */
>    public X509Certificate[] getPeerCertificates() {
>    	
>        SSLSocket sslSocket = (SSLSocket)this.socket;
> 
>        SSLSession sslSession = sslSocket.getSession();
> 
>        X509Certificate[] clientCertChain;
>        try {
>            clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
>        } catch (SSLPeerUnverifiedException e) {
>        	clientCertChain = null;
>        }
>    	
>        return clientCertChain;
>    }
> 
> In the new NIOSSLTransport there is nothing about the certificates.
> I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..
> 
> How can I solve this problem?
> 
> Thank you
> Francesco Romano


Mime
View raw message