activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Romano <francesco.rom...@abodata.com>
Subject NIO+SSL How retrieve the SSL session certificate?
Date Tue, 21 Aug 2012 11:34:33 GMT
Hi everybody.

In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate from
the "old" tcp and ssl to the new nio and nio+ssl protocols.
I'm having an issue with the secure version of nio: in my authentication plugin I cannot get
the certificate associated with the ssl session (it worked in the old ssl version).

This is the old code in the authentication plugin:

public void addConnection(ConnectionContext context, ConnectionInfo info) 
			throws Exception {       

		....

		X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();

Now, with nio+ssl certChain is null.
I looked in the sources and in the SSLTransport java class there are these two functions:

public void doConsume(Object command) {
        // The instanceof can be avoided, but that would require modifying the
        // Command clas tree and that would require too much effort right
        // now.
        if (command instanceof ConnectionInfo) {
            ConnectionInfo connectionInfo = (ConnectionInfo)command;
            connectionInfo.setTransportContext(getPeerCertificates());
        } 
        super.doConsume(command);
    }
    
    /**
     * @return peer certificate chain associated with the ssl socket
     */
    public X509Certificate[] getPeerCertificates() {
    	
        SSLSocket sslSocket = (SSLSocket)this.socket;

        SSLSession sslSession = sslSocket.getSession();

        X509Certificate[] clientCertChain;
        try {
            clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
        	clientCertChain = null;
        }
    	
        return clientCertChain;
    }

In the new NIOSSLTransport there is nothing about the certificates.
I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..

How can I solve this problem?

Thank you
Francesco Romano
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message