1 package org.eclipse.jetty.server.ssl;
2
3 import java.io.ByteArrayInputStream;
4 import java.io.IOException;
5 import java.security.cert.X509Certificate;
6
7 import javax.net.ssl.SSLEngine;
8 import javax.net.ssl.SSLPeerUnverifiedException;
9 import javax.net.ssl.SSLSession;
10 import javax.net.ssl.SSLSocket;
11
12 import org.eclipse.jetty.http.HttpSchemes;
13 import org.eclipse.jetty.io.EndPoint;
14 import org.eclipse.jetty.io.bio.SocketEndPoint;
15 import org.eclipse.jetty.io.nio.SslSelectChannelEndPoint;
16 import org.eclipse.jetty.server.Request;
17 import org.eclipse.jetty.util.TypeUtil;
18 import org.eclipse.jetty.util.log.Log;
19
20 public class SslCertificates
21 {
22
23
24
25 static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
26
27 public static X509Certificate[] getCertChain(SSLSession sslSession)
28 {
29 try
30 {
31 javax.security.cert.X509Certificate javaxCerts[]=sslSession.getPeerCertificateChain();
32 if (javaxCerts==null||javaxCerts.length==0)
33 return null;
34
35 int length=javaxCerts.length;
36 X509Certificate[] javaCerts=new X509Certificate[length];
37
38 java.security.cert.CertificateFactory cf=java.security.cert.CertificateFactory.getInstance("X.509");
39 for (int i=0; i<length; i++)
40 {
41 byte bytes[]=javaxCerts[i].getEncoded();
42 ByteArrayInputStream stream=new ByteArrayInputStream(bytes);
43 javaCerts[i]=(X509Certificate)cf.generateCertificate(stream);
44 }
45
46 return javaCerts;
47 }
48 catch (SSLPeerUnverifiedException pue)
49 {
50 return null;
51 }
52 catch (Exception e)
53 {
54 Log.warn(Log.EXCEPTION,e);
55 return null;
56 }
57 }
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86 public static void customize(SSLSession sslSession, EndPoint endpoint, Request request) throws IOException
87 {
88 request.setScheme(HttpSchemes.HTTPS);
89
90 try
91 {
92 String cipherSuite=sslSession.getCipherSuite();
93 Integer keySize;
94 X509Certificate[] certs;
95 String idStr;
96
97 CachedInfo cachedInfo=(CachedInfo)sslSession.getValue(CACHED_INFO_ATTR);
98 if (cachedInfo!=null)
99 {
100 keySize=cachedInfo.getKeySize();
101 certs=cachedInfo.getCerts();
102 idStr=cachedInfo.getIdStr();
103 }
104 else
105 {
106 keySize=new Integer(ServletSSL.deduceKeyLength(cipherSuite));
107 certs=SslCertificates.getCertChain(sslSession);
108 byte[] bytes = sslSession.getId();
109 idStr = TypeUtil.toHexString(bytes);
110 cachedInfo=new CachedInfo(keySize,certs,idStr);
111 sslSession.putValue(CACHED_INFO_ATTR,cachedInfo);
112 }
113
114 if (certs!=null)
115 request.setAttribute("javax.servlet.request.X509Certificate",certs);
116
117 request.setAttribute("javax.servlet.request.cipher_suite",cipherSuite);
118 request.setAttribute("javax.servlet.request.key_size",keySize);
119 request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
120 }
121 catch (Exception e)
122 {
123 Log.warn(Log.EXCEPTION,e);
124 }
125 }
126
127
128
129
130
131
132
133
134 private static class CachedInfo
135 {
136 private final X509Certificate[] _certs;
137 private final Integer _keySize;
138 private final String _idStr;
139
140 CachedInfo(Integer keySize, X509Certificate[] certs,String idStr)
141 {
142 this._keySize=keySize;
143 this._certs=certs;
144 this._idStr=idStr;
145 }
146
147 X509Certificate[] getCerts()
148 {
149 return _certs;
150 }
151
152 Integer getKeySize()
153 {
154 return _keySize;
155 }
156
157 String getIdStr()
158 {
159 return _idStr;
160 }
161 }
162
163 }