Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Getting local and peer certificates from a request
Assuming your ServerConnector's setup is using the SecureRequestCustomizer, you have several attributes you can use to look up the information.

example: ServerConnectorHttps.java (from embedded-jetty-cookbook) 

The SecureRequestCustomizer is what takes the raw SSL information from the connection and populates the request attributes with information.

See the customize() method for more details on what is being obtained and stored in the request attributes.
If there's more you need, consider making your own custom SecureRequestCustomizer for your installation.

Note that this is the way forward, esp now with HTTP/2 in the mix.  The old technique you were using isn't relevant in the world of physical vs virtual connections.



--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Wed, Jul 8, 2015 at 11:21 AM, <Stephen.CTR.Chappell@xxxxxxx> wrote:

Hi –

 

I am porting some code from Jetty 7 to Jetty 9.2, and trying to extract both local and peer certificates. In 7, I had some code that did this in a fairly straightforward way …

 

void getTlsCerts(Request servletRequest) {

       EndPoint endpoint = servletRequest.getConnection().getEndPoint();

        SSLSession session = null;

       

        if (endpoint instanceof SslEndPoint) {

                session = ((SslEndPoint) endpoint).getSslEngine().getSession();

        }

 

        if (session != null) {

            Certificate[] peerCerts = null;

            Certificate[] localCerts = session.getLocalCertificates();

            try {

                peerCerts = session.getPeerCertificates();

            }

            catch (SSLPeerUnverifiedException e) {

                log.debug("Peer unverified while attempting to extract peer certificates.", e);

            }

 

           // do stuff with certs

}

 

But in Jetty 9, there’s no way that I can find to start with a Request and end up with an SSLSession. I can get one of the certs using something like this:

 

                      X509Certificate[] certs = (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");

 

But then how do I get the other?

 

Thanx, any help would be appreciated.

 

Stephen W. Chappell


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top