| Re: [jetty-users] Getting local and peer certificates from a request |
|
The trouble is that I am not using a ServerConnector. I’m building a proxy route with Camel and dropping in a bean on the route in order to extract information about the
connection. So I get a Camel Message, and extract a Jetty Request from that: Request servletRequest = camelMessage.getHeader( "CamelHttpServletRequest", Request.class); I’ll look in the customize() method and the Camel code to see if there’s some clues to extracting the info I need. Stephen W. Chappell From: jetty-users-bounces@xxxxxxxxxxx [mailto:jetty-users-bounces@xxxxxxxxxxx]
On Behalf Of Joakim Erdfelt Assuming your ServerConnector's setup is using the SecureRequestCustomizer, you have several attributes you can use to look up the information. The
SecureRequestCustomizer is what takes the raw SSL information from the connection and populates the request attributes with information. See the
customize() method for more details on what is being obtained and stored in the request attributes. If there's more you need, consider making your own custom SecureRequestCustomizer for your installation. Note that this is the way forward, esp now with HTTP/2 in the mix. The old technique you were using isn't relevant in the world of physical vs virtual connections.
-- Joakim Erdfelt <joakim@xxxxxxxxxxx> Expert advice, services and support from from the Jetty & CometD experts On Wed, Jul 8, 2015 at 11:21 AM, <Stephen.CTR.Chappell@xxxxxxx> wrote: Hi – I am porting some code from Jetty 7 to Jetty 9.2, and trying to extract both local and peer certificates. In 7, I had some code that did this in a fairly straightforward way … void getTlsCerts(Request servletRequest) { EndPoint endpoint = servletRequest.getConnection().getEndPoint(); SSLSession session = null;
if (endpoint instanceof SslEndPoint) { session = ((SslEndPoint) endpoint).getSslEngine().getSession();
} if (session != null) { Certificate[] peerCerts = null; Certificate[] localCerts = session.getLocalCertificates(); try { peerCerts = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { log.debug("Peer unverified while attempting to extract peer certificates.", e); } // do stuff with certs } But in Jetty 9, there’s no way that I can find to start with a Request and end up with an SSLSession. I can get one of the certs using something like this: X509Certificate[] certs = (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate"); But then how do I get the other? Thanx, any help would be appreciated. Stephen W. Chappell
|