powered by Jive Software

SSL Certificate Access from Openfire Plugin

I am trying to write an Openfire plugin and was wondering if there was any way to access a particular client’s X509 certificate used to initiate a connection to the server. I saw in the XMPP spec that there is some sort of requirement to throw away TLS negotiation information after you’re done negotiating but was hoping that a guru in the forums could tell me I read it wrong. Thanks for any help!

Ok, after a while of digging, I found that the LocalSession of the connection has a list of peer certificates available. I was able to get that through a SessionListener when I start a session. The rest of the issues stemmed from figuring out all the specific server settings to enable client authentication, as well as getting my Smack client properly responding to TLS requests by setting a PasswordHandler on the connection.

I am still looking for a way to get access to the cert earlier on, but this is a good start for me now anyways. Hope this helps short circuit other people’s searching a little.

SessionEventListener::sessionCreated(Session session) {

Certficate[] certs = ((LocalSession) session).getConnection().getPeerCertificates();

for(Certificate cert : certs) {

log.debug(“got a cert”);

}

}

Hope this is helpful.