Examples with X509 org.eclipse.jetty.util.ssl.X509 used on opensource projects

Example 1 with X509

use of org.eclipse.jetty.util.ssl.X509 in project jetty.project by eclipse.

the class SecureRequestCustomizer method customize.

/**
     * <p>
     * Customizes the request attributes to be set for SSL requests.
     * </p>
     * <p>
     * The requirements of the Servlet specs are:
     * </p>
     * <ul>
     * <li>an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).</li>
     * <li>an attribute named "javax.servlet.request.cipher_suite" of type String.</li>
     * <li>an attribute named "javax.servlet.request.key_size" of type Integer.</li>
     * <li>an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This
     * is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of
     * trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate
     * the first, and so on.</li>
     * </ul>
     * 
     * @param sslEngine
     *            the sslEngine to be customized.
     * @param request
     *            HttpRequest to be customized.
     */
protected void customize(SSLEngine sslEngine, Request request) {
    SSLSession sslSession = sslEngine.getSession();
    if (_sniHostCheck) {
        String name = request.getServerName();
        X509 x509 = (X509) sslSession.getValue(SniX509ExtendedKeyManager.SNI_X509);
        if (x509 != null && !x509.matches(name)) {
            LOG.warn("Host {} does not match SNI {}", name, x509);
            throw new BadMessageException(400, "Host does not match SNI");
        }
        if (LOG.isDebugEnabled())
            LOG.debug("Host {} matched SNI {}", name, x509);
    }
    try {
        String cipherSuite = sslSession.getCipherSuite();
        Integer keySize;
        X509Certificate[] certs;
        String idStr;
        CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR);
        if (cachedInfo != null) {
            keySize = cachedInfo.getKeySize();
            certs = cachedInfo.getCerts();
            idStr = cachedInfo.getIdStr();
        } else {
            keySize = SslContextFactory.deduceKeyLength(cipherSuite);
            certs = SslContextFactory.getCertChain(sslSession);
            byte[] bytes = sslSession.getId();
            idStr = TypeUtil.toHexString(bytes);
            cachedInfo = new CachedInfo(keySize, certs, idStr);
            sslSession.putValue(CACHED_INFO_ATTR, cachedInfo);
        }
        if (certs != null)
            request.setAttribute("javax.servlet.request.X509Certificate", certs);
        request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
        request.setAttribute("javax.servlet.request.key_size", keySize);
        request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
        String sessionAttribute = getSslSessionAttribute();
        if (sessionAttribute != null && !sessionAttribute.isEmpty())
            request.setAttribute(sessionAttribute, sslSession);
    } catch (Exception e) {
        LOG.warn(Log.EXCEPTION, e);
    }
}