Assuming your ServerConnector's setup is using the SecureRequestCustomizer, you have several attributes you can use to look up the information.
example: ServerConnectorHttps.java (from embedded-jetty-cookbook) <https://github.com/jetty-project/embedded-jetty-cookbook/blob/cbdc104f4fead48f969d1411f2755140693644da/src/main/java/org/eclipse/jetty/cookbook/ServerConnectorHttps.java#L40> The SecureRequestCustomizer <https://github.com/eclipse/jetty.project/blob/master/jetty-server/src/main/java/org/eclipse/jetty/server/SecureRequestCustomizer.java> is what takes the raw SSL information from the connection and populates the request attributes with information. See the customize() method <https://github.com/eclipse/jetty.project/blob/jetty-9.3.0.v20150612/jetty-server/src/main/java/org/eclipse/jetty/server/SecureRequestCustomizer.java#L80-L150> for more details on what is being obtained and stored in the request attributes. If there's more you need, consider making your own custom SecureRequestCustomizer for your installation. Note that this is the way forward, esp now with HTTP/2 in the mix. The old technique you were using isn't relevant in the world of physical vs virtual connections. -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> - eclipse.org/jetty - cometd.org Expert advice, services and support from from the Jetty & CometD experts On Wed, Jul 8, 2015 at 11:21 AM, <[email protected]> wrote: > Hi – > > > > I am porting some code from Jetty 7 to Jetty 9.2, and trying to extract > both local and peer certificates. In 7, I had some code that did this in a > fairly straightforward way … > > > > void getTlsCerts(Request servletRequest) { > > EndPoint endpoint = servletRequest.getConnection().getEndPoint(); > > SSLSession session = null; > > > > if (endpoint instanceof SslEndPoint) { > > session = ((SslEndPoint) > endpoint).getSslEngine().getSession(); > > } > > > > if (session != null) { > > Certificate[] peerCerts = null; > > Certificate[] localCerts = session.getLocalCertificates(); > > try { > > peerCerts = session.getPeerCertificates(); > > } > > catch (SSLPeerUnverifiedException e) { > > log.debug("Peer unverified while attempting to extract > peer certificates.", e); > > } > > > > // do stuff with certs > > } > > > > But in Jetty 9, there’s no way that I can find to start with a Request and > end up with an SSLSession. I can get one of the certs using something like > this: > > > > X509Certificate[] certs = > (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate"); > > > > But then how do I get the other? > > > > Thanx, any help would be appreciated. > > > > *Stephen W. Chappell* > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
