diff options
Diffstat (limited to 'jdisc_http_service/src/main/java')
2 files changed, 20 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index a8dbf66f537..bcc48ed56ae 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -135,6 +135,19 @@ public class ConnectorFactory { Ssl sslConfig = connectorConfig.ssl(); final SslContextFactory factory = new SslContextFactory(); + switch (sslConfig.clientAuth()) { + case NEED_AUTH: + factory.setNeedClientAuth(true); + break; + case WANT_AUTH: + factory.setWantClientAuth(true); + break; + } + + if (!sslConfig.prng().isEmpty()) { + factory.setSecureRandomAlgorithm(sslConfig.prng()); + } + if (!sslConfig.excludeProtocol().isEmpty()) { final String[] prots = new String[sslConfig.excludeProtocol().size()]; for (int i = 0; i < prots.length; i++) { diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java index d137632f1fe..714d75f9d1e 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java @@ -8,6 +8,7 @@ import com.yahoo.jdisc.service.CurrentContainer; import javax.servlet.http.HttpServletRequest; import java.net.InetSocketAddress; import java.net.URI; +import java.security.cert.X509Certificate; import java.util.Enumeration; import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection; @@ -19,13 +20,15 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection; class HttpRequestFactory { public static HttpRequest newJDiscRequest(CurrentContainer container, HttpServletRequest servletRequest) { - return HttpRequest.newServerRequest( + HttpRequest httpRequest = HttpRequest.newServerRequest( container, getUri(servletRequest), HttpRequest.Method.valueOf(servletRequest.getMethod()), HttpRequest.Version.fromString(servletRequest.getProtocol()), new InetSocketAddress(servletRequest.getRemoteAddr(), servletRequest.getRemotePort()), getConnection(servletRequest).getCreatedTimeStamp()); + httpRequest.context().put("jdisc.request.X509Certificate", getCertChain(servletRequest)); + return httpRequest; } public static URI getUri(HttpServletRequest servletRequest) { @@ -93,4 +96,7 @@ class HttpRequestFactory { } } + private static X509Certificate[] getCertChain(HttpServletRequest servletRequest) { + return (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate"); + } } |