1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server;
20
21 import java.security.cert.X509Certificate;
22
23 import javax.net.ssl.SSLEngine;
24 import javax.net.ssl.SSLSession;
25
26 import org.eclipse.jetty.http.HttpScheme;
27 import org.eclipse.jetty.io.ssl.SslConnection;
28 import org.eclipse.jetty.io.ssl.SslConnection.DecryptedEndPoint;
29 import org.eclipse.jetty.util.TypeUtil;
30 import org.eclipse.jetty.util.log.Log;
31 import org.eclipse.jetty.util.log.Logger;
32 import org.eclipse.jetty.util.ssl.SslContextFactory;
33
34 public class SecureRequestCustomizer implements HttpConfiguration.Customizer
35 {
36 private static final Logger LOG = Log.getLogger(SecureRequestCustomizer.class);
37
38
39
40
41 public static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
42
43
44 @Override
45 public void customize(Connector connector, HttpConfiguration channelConfig, Request request)
46 {
47 if (request.getHttpChannel().getEndPoint() instanceof DecryptedEndPoint)
48 {
49 request.setScheme(HttpScheme.HTTPS.asString());
50 request.setSecure(true);
51 SslConnection.DecryptedEndPoint ssl_endp = (DecryptedEndPoint)request.getHttpChannel().getEndPoint();
52 SslConnection sslConnection = ssl_endp.getSslConnection();
53 SSLEngine sslEngine=sslConnection.getSSLEngine();
54 customize(sslEngine,request);
55 }
56
57 }
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82 public void customize(SSLEngine sslEngine, Request request)
83 {
84 request.setScheme(HttpScheme.HTTPS.asString());
85 SSLSession sslSession = sslEngine.getSession();
86
87 try
88 {
89 String cipherSuite=sslSession.getCipherSuite();
90 Integer keySize;
91 X509Certificate[] certs;
92 String idStr;
93
94 CachedInfo cachedInfo=(CachedInfo)sslSession.getValue(CACHED_INFO_ATTR);
95 if (cachedInfo!=null)
96 {
97 keySize=cachedInfo.getKeySize();
98 certs=cachedInfo.getCerts();
99 idStr=cachedInfo.getIdStr();
100 }
101 else
102 {
103 keySize=new Integer(SslContextFactory.deduceKeyLength(cipherSuite));
104 certs=SslContextFactory.getCertChain(sslSession);
105 byte[] bytes = sslSession.getId();
106 idStr = TypeUtil.toHexString(bytes);
107 cachedInfo=new CachedInfo(keySize,certs,idStr);
108 sslSession.putValue(CACHED_INFO_ATTR,cachedInfo);
109 }
110
111 if (certs!=null)
112 request.setAttribute("javax.servlet.request.X509Certificate",certs);
113
114 request.setAttribute("javax.servlet.request.cipher_suite",cipherSuite);
115 request.setAttribute("javax.servlet.request.key_size",keySize);
116 request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
117 }
118 catch (Exception e)
119 {
120 LOG.warn(Log.EXCEPTION,e);
121 }
122 }
123
124 @Override
125 public String toString()
126 {
127 return String.format("%s@%x",this.getClass().getSimpleName(),hashCode());
128 }
129
130
131
132
133
134
135
136
137 private static class CachedInfo
138 {
139 private final X509Certificate[] _certs;
140 private final Integer _keySize;
141 private final String _idStr;
142
143 CachedInfo(Integer keySize, X509Certificate[] certs,String idStr)
144 {
145 this._keySize=keySize;
146 this._certs=certs;
147 this._idStr=idStr;
148 }
149
150 X509Certificate[] getCerts()
151 {
152 return _certs;
153 }
154
155 Integer getKeySize()
156 {
157 return _keySize;
158 }
159
160 String getIdStr()
161 {
162 return _idStr;
163 }
164 }
165
166
167
168 }