DEVHIDE
Login Or Sign up

Porting from Jetty 11 to Jetty 12: how to get SSL connection info?

247 Views Asked by At

With Jetty 11 I was able to get info about SSL session and client certificate by:

SSLSession sslSession = (SSLSession)request.getAttribute("org.eclipse.jetty.servlet.request.ssl_session");
java.security.cert.X509Certificate client_certs[] = (java.security.cert.X509Certificate[])request.getAttribute("jakarta.servlet.request.X509Certificate");

But with Jetty 12 I see only two request attributes:

  • org.eclipse.jetty.server.Request.Cookies
  • org.eclipse.jetty.server.x509 with server certificate

I am interested in attributes like:

  • ssl_protocol=TLSv1.3
  • ssl_cipher=TLS_CHACHA20_POLY1305_SHA256
  • ssl_client_i_dn=CN=xyz
  • x_ssl_client_cert=-----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgICA3wwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCUEwx ...

How can I get those attributes with Jetty 12?

java ssl jetty jetty-12
Original Q&A
1

There are 1 best solutions below

2
Joakim Erdfelt On BEST ANSWER

The ForwardedRequestCustomizer and SecureRequestCustomizer does the work of pulling the information out and making it available via the Request object.

Eg:

HttpConnectionFactory http = new HttpConnectionFactory();
http.getHttpConfiguration().addCustomizer(new ForwardedRequestCustomizer());
http.getHttpConfiguration().addCustomizer(new SecureRequestCustomizer());
ServerConnector connector = new ServerConnector(server, http);

The Request object will be populated with the details you are looking for.

request.getAttribute("jakarta.servlet.request.cipher_suite");
request.getAttribute("jakarta.servlet.request.ssl_session_id");
request.getAttribute("org.eclipse.jetty.server.cipher");
request.getAttribute("org.eclipse.jetty.server.keySize");
request.getAttribute("org.eclipse.jetty.server.sslSessionId");
request.getAttribute("org.eclipse.jetty.server.peerCertificates");
request.getAttribute("org.eclipse.jetty.server.x509");
request.getAttribute("org.eclipse.jetty.server.sslSession");
request.getAttribute("org.eclipse.jetty.server.sslSessionData");
request.getConnectionMetaData().getRemoteSocketAddress();
request.getConnectionMetaData().getServerAuthority();
request.isSecure();
request.getHttpURI();
request.getHeaders(); // updates the `Host` or `:authority` fields

Alternatively, you can pull it out of the jetty-core Request object.

EndPoint endPoint = request.getConnectionMetaData().getConnection().getEndPoint();
if (endPoint instanceof SslEndPoint sslEndPoint)
{
    SslConnection sslConnection = sslEndPoint.getSslConnection();
    SSLEngine sslEngine = sslConnection.getSSLEngine();
    // TODO: get information out of the sslEngine
}

Related Questions in JAVA

Related Questions in SSL

Related Questions in JETTY

Related Questions in JETTY-12

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.