The trouble is that I am not using a ServerConnector. I’m building a proxy
route with Camel and dropping in a bean on the route in order to extract
information about the connection. So I get a Camel Message, and extract a Jetty
Request from that:
Request servletRequest = camelMessage.getHeader(
"CamelHttpServletRequest", Request.class);
I’ll look in the customize() method and the Camel code to see if there’s some
clues to extracting the info I need.
Stephen W. Chappell
From: [email protected] [mailto:[email protected]]
On Behalf Of Joakim Erdfelt
Sent: Wednesday, July 08, 2015 2:43 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] Getting local and peer certificates from a request
Assuming your ServerConnector's setup is using the SecureRequestCustomizer, you
have several attributes you can use to look up the information.
example: ServerConnectorHttps.java (from
embedded-jetty-cookbook)<https://github.com/jetty-project/embedded-jetty-cookbook/blob/cbdc104f4fead48f969d1411f2755140693644da/src/main/java/org/eclipse/jetty/cookbook/ServerConnectorHttps.java#L40>
The
SecureRequestCustomizer<https://github.com/eclipse/jetty.project/blob/master/jetty-server/src/main/java/org/eclipse/jetty/server/SecureRequestCustomizer.java>
is what takes the raw SSL information from the connection and populates the
request attributes with information.
See the customize()
method<https://github.com/eclipse/jetty.project/blob/jetty-9.3.0.v20150612/jetty-server/src/main/java/org/eclipse/jetty/server/SecureRequestCustomizer.java#L80-L150>
for more details on what is being obtained and stored in the request
attributes.
If there's more you need, consider making your own custom
SecureRequestCustomizer for your installation.
Note that this is the way forward, esp now with HTTP/2 in the mix. The old
technique you were using isn't relevant in the world of physical vs virtual
connections.
--
Joakim Erdfelt <[email protected]<mailto:[email protected]>>
webtide.com<http://www.webtide.com/> -
eclipse.org/jetty<http://eclipse.org/jetty/> - cometd.org<http://cometd.org/>
Expert advice, services and support from from the Jetty & CometD experts
On Wed, Jul 8, 2015 at 11:21 AM,
<[email protected]<mailto:[email protected]>> wrote:
Hi –
I am porting some code from Jetty 7 to Jetty 9.2, and trying to extract both
local and peer certificates. In 7, I had some code that did this in a fairly
straightforward way …
void getTlsCerts(Request servletRequest) {
EndPoint endpoint = servletRequest.getConnection().getEndPoint();
SSLSession session = null;
if (endpoint instanceof SslEndPoint) {
session = ((SslEndPoint) endpoint).getSslEngine().getSession();
}
if (session != null) {
Certificate[] peerCerts = null;
Certificate[] localCerts = session.getLocalCertificates();
try {
peerCerts = session.getPeerCertificates();
}
catch (SSLPeerUnverifiedException e) {
log.debug("Peer unverified while attempting to extract peer
certificates.", e);
}
// do stuff with certs
}
But in Jetty 9, there’s no way that I can find to start with a Request and end
up with an SSLSession. I can get one of the certs using something like this:
X509Certificate[] certs =
(X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
But then how do I get the other?
Thanx, any help would be appreciated.
Stephen W. Chappell
_______________________________________________
jetty-users mailing list
[email protected]<mailto:[email protected]>
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
