Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  //
  //  ========================================================================
  //  Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
  //  ------------------------------------------------------------------------
  //  All rights reserved. This program and the accompanying materials
  //  are made available under the terms of the Eclipse Public License v1.0
  //  and Apache License v2.0 which accompanies this distribution.
  //
  //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //
 
 package org.eclipse.jetty.server.ssl;
 
 
 
 
 public class SslCertificates
 {
     private static final Logger LOG = Log.getLogger(SslCertificates.class);

    
The name of the SSLSession attribute that will contain any cached information.
 
     static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
 
     public static X509Certificate[] getCertChain(SSLSession sslSession)
     {
         try
         {
             javax.security.cert.X509Certificate javaxCerts[]=sslSession.getPeerCertificateChain();
             if (javaxCerts==null||javaxCerts.length==0)
                 return null;
 
             int length=javaxCerts.length;
             X509Certificate[] javaCerts=new X509Certificate[length];
 
             java.security.cert.CertificateFactory cf=java.security.cert.CertificateFactory.getInstance("X.509");
             for (int i=0; i<lengthi++)
             {
                 byte bytes[]=javaxCerts[i].getEncoded();
                 ByteArrayInputStream stream=new ByteArrayInputStream(bytes);
                 javaCerts[i]=(X509Certificate)cf.generateCertificate(stream);
             }
 
             return javaCerts;
         }
         catch (SSLPeerUnverifiedException pue)
         {
             return null;
         }
         catch (Exception e)
         {
             .warn(.,e);
             return null;
         }
     }
     
 
     /* ------------------------------------------------------------ */
    
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
  • an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
  • an attribute named "javax.servlet.request.cipher_suite" of type String.
  • an attribute named "javax.servlet.request.key_size" of type Integer.
  • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters:
endpoint The Socket the request arrived on. This should be a org.eclipse.jetty.io.bio.SocketEndPoint wrapping a javax.net.ssl.SSLSocket.
request HttpRequest to be customised.
    public static void customize(SSLSession sslSessionEndPoint endpointRequest requestthrows IOException
    {
        request.setScheme(.);
        try
        {
            String cipherSuite=sslSession.getCipherSuite();
            Integer keySize;
            X509Certificate[] certs;
            String idStr;
            CachedInfo cachedInfo=(CachedInfo)sslSession.getValue();
            if (cachedInfo!=null)
            {
                keySize=cachedInfo.getKeySize();
                certs=cachedInfo.getCerts();
                idStr=cachedInfo.getIdStr();
            }
            else
            {
                keySize=new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certs=SslCertificates.getCertChain(sslSession);
                byte[] bytes = sslSession.getId();
                idStr = TypeUtil.toHexString(bytes);
                cachedInfo=new CachedInfo(keySize,certs,idStr);
                sslSession.putValue(,cachedInfo);
            }
            if (certs!=null)
                request.setAttribute("javax.servlet.request.X509Certificate",certs);
            request.setAttribute("javax.servlet.request.cipher_suite",cipherSuite);
            request.setAttribute("javax.servlet.request.key_size",keySize);
            request.setAttribute("javax.servlet.request.ssl_session_id"idStr);
        }
        catch (Exception e)
        {
            .warn(.,e);
        }
    }
    /* ------------------------------------------------------------ */
    /* ------------------------------------------------------------ */
    /* ------------------------------------------------------------ */
    
Simple bundle of information that is cached in the SSLSession. Stores the effective keySize and the client certificate chain.
    private static class CachedInfo
    {
        private final X509Certificate[] _certs;
        private final Integer _keySize;
        private final String _idStr;
        CachedInfo(Integer keySizeX509Certificate[] certs,String idStr)
        {
            this.=keySize;
            this.=certs;
            this.=idStr;
        }
        X509Certificate[] getCerts()
        {
            return ;
        }
        Integer getKeySize()
        {
            return ;
        }
        
        String getIdStr()
        {
            return ;
        }
    }
New to GrepCode? Check out our FAQ X