Home/ Questions/Q 7684597
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T19:03:55+00:00

In short, I’m doing 2-way SSL and the client certificate is used to identify

  • 0

In short, I’m doing 2-way SSL and the client certificate is used to identify my end user. The SSLHandler does a fine job of that, and the SSLHandler knows all about that principal. How do I share that information with other handlers so they can do their job throughout the channel pipeline?

Here is where my SSLHandler extension finds the user principal…

class MySslHandler extends SSLHandler{ ….

public void messageReceived(
        ChannelHandlerContext ctx, MessageEvent e) throws Exception{
    logger.info("messageReceived");
    super.messageReceived(ctx, e);
        try{
                System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! " + getPrincipalCertificate().getSubjectDN().toString());
                        }
                        catch(Throwable t){
                            logger.error("Unable to see principal ", t);
                        }        

}    
/**
 * 
 * @return Return the user certificate of the principal
 * @throws SSLPeerUnverifiedException  if the peer is not yet verified
 */
public X509Certificate getPrincipalCertificate() throws SSLPeerUnverifiedException{
    return getEngine().getSession().getPeerCertificateChain()[0];
}

}

I presumably should add information to the ChannelHandlerContext so it’s then available for the duration of the SSL Session and to all my other handlers, but I can’t figure out how to do that. Is this the wrong approach? Any suggestions?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you need to share it between ChannelHandlers you need to use a static ChannelLocal instance. Ths is needed as ChannelHandlerContext is per ChannelHandler.

    See http://netty.io/docs/stable/api/org/jboss/netty/channel/ChannelLocal.html

    • 0