Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Getting local and peer certificates from a request

The trouble is that I am not using a ServerConnector. I’m building a proxy route with Camel and dropping in a bean on the route in order to extract information about the connection. So I get a Camel Message, and extract a Jetty Request from that:

 

        Request servletRequest = camelMessage.getHeader(

                "CamelHttpServletRequest", Request.class);

 

I’ll look in the customize() method and the Camel code to see if there’s some clues to extracting the info I need.

 

Stephen W. Chappell

 

From: jetty-users-bounces@xxxxxxxxxxx [mailto:jetty-users-bounces@xxxxxxxxxxx] On Behalf Of Joakim Erdfelt
Sent: Wednesday, July 08, 2015 2:43 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] Getting local and peer certificates from a request

 

Assuming your ServerConnector's setup is using the SecureRequestCustomizer, you have several attributes you can use to look up the information.

 

 

The SecureRequestCustomizer is what takes the raw SSL information from the connection and populates the request attributes with information.

 

See the customize() method for more details on what is being obtained and stored in the request attributes.

If there's more you need, consider making your own custom SecureRequestCustomizer for your installation.

 

Note that this is the way forward, esp now with HTTP/2 in the mix.  The old technique you were using isn't relevant in the world of physical vs virtual connections.

 

 


--

Joakim Erdfelt <joakim@xxxxxxxxxxx>

Expert advice, services and support from from the Jetty & CometD experts

 

On Wed, Jul 8, 2015 at 11:21 AM, <Stephen.CTR.Chappell@xxxxxxx> wrote:

Hi –

 

I am porting some code from Jetty 7 to Jetty 9.2, and trying to extract both local and peer certificates. In 7, I had some code that did this in a fairly straightforward way …

 

void getTlsCerts(Request servletRequest) {

       EndPoint endpoint = servletRequest.getConnection().getEndPoint();

        SSLSession session = null;

       

        if (endpoint instanceof SslEndPoint) {

                session = ((SslEndPoint) endpoint).getSslEngine().getSession();

        }

 

        if (session != null) {

            Certificate[] peerCerts = null;

            Certificate[] localCerts = session.getLocalCertificates();

            try {

                peerCerts = session.getPeerCertificates();

            }

            catch (SSLPeerUnverifiedException e) {

                log.debug("Peer unverified while attempting to extract peer certificates.", e);

            }

 

           // do stuff with certs

}

 

But in Jetty 9, there’s no way that I can find to start with a Request and end up with an SSLSession. I can get one of the certs using something like this:

 

                      X509Certificate[] certs = (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");

 

But then how do I get the other?

 

Thanx, any help would be appreciated.

 

Stephen W. Chappell


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

 


Back to the top