pgyori commented on code in PR #6032:
URL: https://github.com/apache/nifi/pull/6032#discussion_r872569152
##########
nifi-nar-bundles/nifi-extension-utils/nifi-event-transport/src/main/java/org/apache/nifi/event/transport/netty/codec/SocketByteArrayMessageDecoder.java:
##########
@@ -38,7 +48,37 @@ public class SocketByteArrayMessageDecoder extends
MessageToMessageDecoder<byte[
protected void decode(final ChannelHandlerContext channelHandlerContext,
final byte[] bytes, final List<Object> decoded) {
final InetSocketAddress remoteAddress = (InetSocketAddress)
channelHandlerContext.channel().remoteAddress();
final String address = remoteAddress.getHostString();
- final ByteArrayMessage message = new ByteArrayMessage(bytes, address);
+
+ final SslSessionStatus sslSessionStatus =
getSslSessionStatus(channelHandlerContext);
+ final ByteArrayMessage message = new ByteArrayMessage(bytes, address,
sslSessionStatus);
+
decoded.add(message);
}
+
+ private SslSessionStatus getSslSessionStatus(final ChannelHandlerContext
channelHandlerContext) {
+ final Iterator<Map.Entry<String, ChannelHandler>> iterator =
channelHandlerContext.channel().pipeline().iterator();
+ while (iterator.hasNext()) {
+ final ChannelHandler channelHandler = iterator.next().getValue();
+ if (channelHandler instanceof SslHandler) {
+ return createSslSessionStatusFromSslHandler((SslHandler)
channelHandler);
+ }
+ }
+ return null;
+ }
+
+ private SslSessionStatus createSslSessionStatusFromSslHandler(final
SslHandler sslHandler) {
+ final SSLSession sslSession = sslHandler.engine().getSession();
+ try {
+ final Certificate[] certificates =
sslSession.getPeerCertificates();
+ if (certificates.length > 0) {
+ final X509Certificate certificate = (X509Certificate)
certificates[0];
+ final X500Principal subject =
certificate.getSubjectX500Principal();
+ final X500Principal issuer =
certificate.getIssuerX500Principal();
+ return new SslSessionStatus(subject, issuer);
+ }
+ } catch (SSLPeerUnverifiedException peerUnverifiedException) {
+ return null;
+ }
+ return null;
Review Comment:
Unfortunately there is no access to a logger in
SocketByteArrayMessageDecoder.
I refactored the method to have only one return statement, because I agree
that it looks cleaner. The catch clause is now empty, which I know is not nice,
but I'm not sure we can do anything in that block.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
