diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-04-08 15:32:04 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-04-08 15:40:15 +0200 |
commit | 440de4cd80bf0640445ba854efc12942b2344b3a (patch) | |
tree | c435d38b3e4f75ed4b7c2b79940ca4cfafaae81c /jdisc_http_service/src/main/java | |
parent | 7ed8e0eda85d186d6a8250112a4a52a6a7cbc9ad (diff) |
Report expired client certificate as a separate metric
Diffstat (limited to 'jdisc_http_service/src/main/java')
2 files changed, 5 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java index c5f42ff9cc5..04db58f6d07 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java @@ -110,6 +110,7 @@ public class JettyHttpServer extends AbstractServerProvider { String CONTENT_SIZE = "jdisc.http.request.content_size"; String SSL_HANDSHAKE_FAILURE_MISSING_CLIENT_CERT = "jdisc.http.ssl.handshake.failure.missing_client_cert"; + String SSL_HANDSHAKE_FAILURE_EXPIRED_CLIENT_CERT = "jdisc.http.ssl.handshake.failure.expired_client_cert"; String SSL_HANDSHAKE_FAILURE_INVALID_CLIENT_CERT = "jdisc.http.ssl.handshake.failure.invalid_client_cert"; String SSL_HANDSHAKE_FAILURE_INCOMPATIBLE_PROTOCOLS = "jdisc.http.ssl.handshake.failure.incompatible_protocols"; String SSL_HANDSHAKE_FAILURE_INCOMPATIBLE_CIPHERS = "jdisc.http.ssl.handshake.failure.incompatible_ciphers"; diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java index 886071243ba..75df82036a2 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java @@ -56,6 +56,10 @@ class SslHandshakeFailedListener implements SslHandshakeListener { MISSING_CLIENT_CERT( Metrics.SSL_HANDSHAKE_FAILURE_MISSING_CLIENT_CERT, "Empty server certificate chain"), + EXPIRED_CLIENT_CERTIFICATE( + Metrics.SSL_HANDSHAKE_FAILURE_EXPIRED_CLIENT_CERT, + // Note: this pattern will match certificates with too late notBefore as well + "PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"), INVALID_CLIENT_CERT( Metrics.SSL_HANDSHAKE_FAILURE_INVALID_CLIENT_CERT, "PKIX path (building|validation) failed: .+"); |