summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service/src/main/java')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java13
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java8
2 files changed, 20 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index a8dbf66f537..bcc48ed56ae 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -135,6 +135,19 @@ public class ConnectorFactory {
Ssl sslConfig = connectorConfig.ssl();
final SslContextFactory factory = new SslContextFactory();
+ switch (sslConfig.clientAuth()) {
+ case NEED_AUTH:
+ factory.setNeedClientAuth(true);
+ break;
+ case WANT_AUTH:
+ factory.setWantClientAuth(true);
+ break;
+ }
+
+ if (!sslConfig.prng().isEmpty()) {
+ factory.setSecureRandomAlgorithm(sslConfig.prng());
+ }
+
if (!sslConfig.excludeProtocol().isEmpty()) {
final String[] prots = new String[sslConfig.excludeProtocol().size()];
for (int i = 0; i < prots.length; i++) {
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
index d137632f1fe..714d75f9d1e 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java
@@ -8,6 +8,7 @@ import com.yahoo.jdisc.service.CurrentContainer;
import javax.servlet.http.HttpServletRequest;
import java.net.InetSocketAddress;
import java.net.URI;
+import java.security.cert.X509Certificate;
import java.util.Enumeration;
import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection;
@@ -19,13 +20,15 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection;
class HttpRequestFactory {
public static HttpRequest newJDiscRequest(CurrentContainer container, HttpServletRequest servletRequest) {
- return HttpRequest.newServerRequest(
+ HttpRequest httpRequest = HttpRequest.newServerRequest(
container,
getUri(servletRequest),
HttpRequest.Method.valueOf(servletRequest.getMethod()),
HttpRequest.Version.fromString(servletRequest.getProtocol()),
new InetSocketAddress(servletRequest.getRemoteAddr(), servletRequest.getRemotePort()),
getConnection(servletRequest).getCreatedTimeStamp());
+ httpRequest.context().put("jdisc.request.X509Certificate", getCertChain(servletRequest));
+ return httpRequest;
}
public static URI getUri(HttpServletRequest servletRequest) {
@@ -93,4 +96,7 @@ class HttpRequestFactory {
}
}
+ private static X509Certificate[] getCertChain(HttpServletRequest servletRequest) {
+ return (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
+ }
}