Expose client certificate chain as request attribute

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-09-19 13:13:25 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-09-19 13:18:46 +0200
commit: bd56cc7007feb7585f34a335dcc0692ee5e3cf1e (patch)
tree: ae73a6ef7a20563b58919d289a7ad82806f524b5 /jdisc_http_service
parent: d825bb328c94e138ea87301282c85cc4edb5e585 (diff)
2 files changed, 15 insertions, 4 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
index d137632f1fe..714d75f9d1e 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
@@ -8,6 +8,7 @@ import com.yahoo.jdisc.service.CurrentContainer;
 import javax.servlet.http.HttpServletRequest;
 import java.net.InetSocketAddress;
 import java.net.URI;
+import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
 import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection;
@@ -19,13 +20,15 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection;
 class HttpRequestFactory {
 
     public static HttpRequest newJDiscRequest(CurrentContainer container, HttpServletRequest servletRequest) {
-        return HttpRequest.newServerRequest(
+        HttpRequest httpRequest = HttpRequest.newServerRequest(
                 container,
                 getUri(servletRequest),
                 HttpRequest.Method.valueOf(servletRequest.getMethod()),
                 HttpRequest.Version.fromString(servletRequest.getProtocol()),
                 new InetSocketAddress(servletRequest.getRemoteAddr(), servletRequest.getRemotePort()),
                 getConnection(servletRequest).getCreatedTimeStamp());
+        httpRequest.context().put("jdisc.request.X509Certificate", getCertChain(servletRequest));
+        return httpRequest;
     }
 
     public static URI getUri(HttpServletRequest servletRequest) {
@@ -93,4 +96,7 @@ class HttpRequestFactory {
         }
     }
 
+    private static X509Certificate[] getCertChain(HttpServletRequest servletRequest) {
+        return (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
+    }
 }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactoryTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactoryTest.java
index 862c85c187e..476718ac906 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactoryTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactoryTest.java
@@ -70,9 +70,14 @@ public class HttpRequestFactoryTest {
 
         @Override
         public Object getAttribute(String name) {
-            HttpConnection connection = mock(HttpConnection.class);
-            when(connection.getCreatedTimeStamp()).thenReturn(System.currentTimeMillis());
-            return connection;
+            switch (name) {
+                case "org.eclipse.jetty.server.HttpConnection":
+                    HttpConnection connection = mock(HttpConnection.class);
+                    when(connection.getCreatedTimeStamp()).thenReturn(System.currentTimeMillis());
+                    return connection;
+                default:
+                    return null;
+            }
         }
 
         @Override
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-09-19 13:13:25 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-09-19 13:18:46 +0200
commit	bd56cc7007feb7585f34a335dcc0692ee5e3cf1e (patch)
tree	ae73a6ef7a20563b58919d289a7ad82806f524b5 /jdisc_http_service
parent	d825bb328c94e138ea87301282c85cc4edb5e585 (diff)