You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Francesco Romano <fr...@abodata.com> on 2012/08/21 13:34:33 UTC
NIO+SSL How retrieve the SSL session certificate?
Hi everybody.
In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
I'm having an issue with the secure version of nio: in my authentication plugin I cannot get the certificate associated with the ssl session (it worked in the old ssl version).
This is the old code in the authentication plugin:
public void addConnection(ConnectionContext context, ConnectionInfo info)
throws Exception {
....
X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();
Now, with nio+ssl certChain is null.
I looked in the sources and in the SSLTransport java class there are these two functions:
public void doConsume(Object command) {
// The instanceof can be avoided, but that would require modifying the
// Command clas tree and that would require too much effort right
// now.
if (command instanceof ConnectionInfo) {
ConnectionInfo connectionInfo = (ConnectionInfo)command;
connectionInfo.setTransportContext(getPeerCertificates());
}
super.doConsume(command);
}
/**
* @return peer certificate chain associated with the ssl socket
*/
public X509Certificate[] getPeerCertificates() {
SSLSocket sslSocket = (SSLSocket)this.socket;
SSLSession sslSession = sslSocket.getSession();
X509Certificate[] clientCertChain;
try {
clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
clientCertChain = null;
}
return clientCertChain;
}
In the new NIOSSLTransport there is nothing about the certificates.
I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..
How can I solve this problem?
Thank you
Francesco Romano
Re: NIO+SSL How retrieve the SSL session certificate?
Posted by Francesco Romano <fr...@abodata.com>.
Ok.
I submitted a bug in jira (AMQ-3996): https://issues.apache.org/jira/browse/AMQ-3996
Francesco
On Aug 27, 2012, at 7:31 PM, Claudio Corsi wrote:
> Francesco,
>
> This is a bug and you should create a jira issue for this so that it can get fixed.
>
> --Claudio
>
>
>
>> ________________________________
>> From: Francesco Romano <fr...@abodata.com>
>> To: users@activemq.apache.org
>> Sent: Monday, August 27, 2012 2:40 AM
>> Subject: Re: NIO+SSL How retrieve the SSL session certificate?
>>
>> Nobody can help me?
>>
>> Francesco
>>
>> On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
>>
>>> Hi everybody.
>>>
>>> In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
>>> I'm having an issue with the secure version of nio: in my authentication plugin I cannot get the certificate associated with the ssl session (it worked in the old ssl version).
>>>
>>> This is the old code in the authentication plugin:
>>>
>>> public void addConnection(ConnectionContext context, ConnectionInfo info)
>>> throws Exception {
>>>
>>> ....
>>>
>>> X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();
>>>
>>> Now, with nio+ssl certChain is null.
>>> I looked in the sources and in the SSLTransport java class there are these two functions:
>>>
>>> public void doConsume(Object command) {
>>> // The instanceof can be avoided, but that would require modifying the
>>> // Command clas tree and that would require too much effort right
>>> // now.
>>> if (command instanceof ConnectionInfo) {
>>> ConnectionInfo connectionInfo = (ConnectionInfo)command;
>>> connectionInfo.setTransportContext(getPeerCertificates());
>>> }
>>> super.doConsume(command);
>>> }
>>>
>>> /**
>>> * @return peer certificate chain associated with the ssl socket
>>> */
>>> public X509Certificate[] getPeerCertificates() {
>>>
>>> SSLSocket sslSocket = (SSLSocket)this.socket;
>>>
>>> SSLSession sslSession = sslSocket.getSession();
>>>
>>> X509Certificate[] clientCertChain;
>>> try {
>>> clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
>>> } catch (SSLPeerUnverifiedException e) {
>>> clientCertChain = null;
>>> }
>>>
>>> return clientCertChain;
>>> }
>>>
>>> In the new NIOSSLTransport there is nothing about the certificates.
>>> I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..
>>>
>>> How can I solve this problem?
>>>
>>> Thank you
>>> Francesco Romano
>>
>>
>>
Re: NIO+SSL How retrieve the SSL session certificate?
Posted by Claudio Corsi <cl...@yahoo.com>.
Francesco,
This is a bug and you should create a jira issue for this so that it can get fixed.
--Claudio
>________________________________
> From: Francesco Romano <fr...@abodata.com>
>To: users@activemq.apache.org
>Sent: Monday, August 27, 2012 2:40 AM
>Subject: Re: NIO+SSL How retrieve the SSL session certificate?
>
>Nobody can help me?
>
>Francesco
>
>On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
>
>> Hi everybody.
>>
>> In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
>> I'm having an issue with the secure version of nio: in my authentication plugin I cannot get the certificate associated with the ssl session (it worked in the old ssl version).
>>
>> This is the old code in the authentication plugin:
>>
>> public void addConnection(ConnectionContext context, ConnectionInfo info)
>> throws Exception {
>>
>> ....
>>
>> X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();
>>
>> Now, with nio+ssl certChain is null.
>> I looked in the sources and in the SSLTransport java class there are these two functions:
>>
>> public void doConsume(Object command) {
>> // The instanceof can be avoided, but that would require modifying the
>> // Command clas tree and that would require too much effort right
>> // now.
>> if (command instanceof ConnectionInfo) {
>> ConnectionInfo connectionInfo = (ConnectionInfo)command;
>> connectionInfo.setTransportContext(getPeerCertificates());
>> }
>> super.doConsume(command);
>> }
>>
>> /**
>> * @return peer certificate chain associated with the ssl socket
>> */
>> public X509Certificate[] getPeerCertificates() {
>>
>> SSLSocket sslSocket = (SSLSocket)this.socket;
>>
>> SSLSession sslSession = sslSocket.getSession();
>>
>> X509Certificate[] clientCertChain;
>> try {
>> clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
>> } catch (SSLPeerUnverifiedException e) {
>> clientCertChain = null;
>> }
>>
>> return clientCertChain;
>> }
>>
>> In the new NIOSSLTransport there is nothing about the certificates.
>> I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..
>>
>> How can I solve this problem?
>>
>> Thank you
>> Francesco Romano
>
>
>
>
Re: NIO+SSL How retrieve the SSL session certificate?
Posted by Francesco Romano <fr...@abodata.com>.
Nobody can help me?
Francesco
On Aug 21, 2012, at 1:34 PM, Francesco Romano wrote:
> Hi everybody.
>
> In order to mitigate the number of threads created by ActiveMQ, I'm trying to migrate from the "old" tcp and ssl to the new nio and nio+ssl protocols.
> I'm having an issue with the secure version of nio: in my authentication plugin I cannot get the certificate associated with the ssl session (it worked in the old ssl version).
>
> This is the old code in the authentication plugin:
>
> public void addConnection(ConnectionContext context, ConnectionInfo info)
> throws Exception {
>
> ....
>
> X509Certificate[] certChain = (X509Certificate[])info.getTransportContext();
>
> Now, with nio+ssl certChain is null.
> I looked in the sources and in the SSLTransport java class there are these two functions:
>
> public void doConsume(Object command) {
> // The instanceof can be avoided, but that would require modifying the
> // Command clas tree and that would require too much effort right
> // now.
> if (command instanceof ConnectionInfo) {
> ConnectionInfo connectionInfo = (ConnectionInfo)command;
> connectionInfo.setTransportContext(getPeerCertificates());
> }
> super.doConsume(command);
> }
>
> /**
> * @return peer certificate chain associated with the ssl socket
> */
> public X509Certificate[] getPeerCertificates() {
>
> SSLSocket sslSocket = (SSLSocket)this.socket;
>
> SSLSession sslSession = sslSocket.getSession();
>
> X509Certificate[] clientCertChain;
> try {
> clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
> } catch (SSLPeerUnverifiedException e) {
> clientCertChain = null;
> }
>
> return clientCertChain;
> }
>
> In the new NIOSSLTransport there is nothing about the certificates.
> I tried to add the old code, but obviously it does not work (the sslSession has not certificates)..
>
> How can I solve this problem?
>
> Thank you
> Francesco Romano