EXTERNAL (ssl) c2s auth

Im trying to implement EXTERNAL auth for clients in Openfire. This should be fairly easy to do- in SASLAuthentication just add an if case for client connections in the doExternalAuthentication method. But, Ive run into two road blocks:

  1. It seems the server is not really requesting the client send an SSL cert. Im not 100% certain of this, but it appears that way. The NIOConnection class is forign to me; I do

But NIOConnection looks to work a bit differently. Any hints? Ideally Openfire would only request a client cert unless some property was set to require one.

  1. After the connection is established, I need to determine who the peer is by the certificate. In the past Ive done this:
SSLSession session = socket.getSession();
String principal = session.getPeerPrincipal().getName();

Buit this NIOConnection thing is confusing me. Is there a good way to get this info without modifying NIOConnection?