diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 12:45:04 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 12:45:04 +0100 |
commit | 4ab9e42a9c8e7d3ba763a0b985088bdf7019d305 (patch) | |
tree | f3a52332a2bd1d342903a186f661634234469539 | |
parent | 46ac5d90cc7196d13a1d26e7159ec45a2deba106 (diff) |
Expose client certificate chain in DiscFilterRequest
5 files changed, 21 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java index 93660a8711e..2cb68462005 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java @@ -11,6 +11,7 @@ import com.yahoo.jdisc.http.servlet.ServletOrJdiscHttpRequest; import java.net.InetSocketAddress; import java.net.URI; import java.security.Principal; +import java.security.cert.X509Certificate; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -21,6 +22,7 @@ import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Optional; import java.util.concurrent.TimeUnit; import java.util.regex.Pattern; @@ -369,6 +371,8 @@ public abstract class DiscFilterRequest { public abstract void setUserPrincipal(Principal principal); + public abstract Optional<X509Certificate[]> getClientCertificateChain(); + public void setUserRoles(String[] roles) { this.roles = roles; } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java index 07e3b97ba90..c161b374e83 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java @@ -3,13 +3,16 @@ package com.yahoo.jdisc.http.filter; import com.yahoo.jdisc.http.HttpHeaders; import com.yahoo.jdisc.http.HttpRequest; +import com.yahoo.jdisc.http.servlet.ServletRequest; import java.net.URI; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; import java.util.List; +import java.util.Optional; /** * JDisc implementation of a filter request. @@ -114,6 +117,11 @@ public class JdiscFilterRequest extends DiscFilterRequest { } @Override + public Optional<X509Certificate[]> getClientCertificateChain() { + return Optional.ofNullable((X509Certificate[]) parent.context().get(ServletRequest.JDISC_REQUEST_X509CERT)); + } + + @Override public void clearCookies() { parent.headers().remove(HttpHeaders.Names.COOKIE); } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java index 11c2baf0176..6f23f128b4e 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java @@ -7,10 +7,12 @@ import com.yahoo.jdisc.http.servlet.ServletRequest; import java.io.UnsupportedEncodingException; import java.net.URI; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Enumeration; import java.util.HashSet; import java.util.List; +import java.util.Optional; import java.util.Set; /** @@ -139,6 +141,11 @@ class ServletFilterRequest extends DiscFilterRequest { } @Override + public Optional<X509Certificate[]> getClientCertificateChain() { + return Optional.ofNullable((X509Certificate[]) parent.context().get(ServletRequest.SERVLET_REQUEST_X509CERT)); + } + + @Override public void removeHeaders(String name) { parent.removeHeaders(name); } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index 0491e200308..cc2cb0e1f91 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -116,7 +116,7 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog if (principal != null) { accessLogEntry.setUserPrincipal(principal); } - X509Certificate[] clientCert = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); + X509Certificate[] clientCert = (X509Certificate[]) request.getAttribute(ServletRequest.SERVLET_REQUEST_X509CERT); if (clientCert != null && clientCert.length > 0) { accessLogEntry.setSslPrincipal(clientCert[0].getSubjectX500Principal()); } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java index ea36237bc45..e6bb99d4647 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java @@ -39,6 +39,7 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection; public class ServletRequest extends HttpServletRequestWrapper implements ServletOrJdiscHttpRequest { public static final String JDISC_REQUEST_PRINCIPAL = "jdisc.request.principal"; public static final String JDISC_REQUEST_X509CERT = "jdisc.request.X509Certificate"; + public static final String SERVLET_REQUEST_X509CERT = "javax.servlet.request.X509Certificate"; private final HttpServletRequest request; private final HeaderFields headerFields; |