From 6d6a96ba6bdf81636c0c869e01e5a06fbb3b2a83 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Wed, 10 Apr 2019 10:53:27 +0200
Subject: Add ssl session id and cipher suite to access log

---
 .../com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java    | 8 ++++++++
 .../main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java    | 2 ++
 2 files changed, 10 insertions(+)

(limited to 'jdisc_http_service')

diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
index 5c3298a7aff..9a10c70ceab 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
@@ -87,6 +87,14 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog
             if (clientCert != null && clientCert.length > 0) {
                 accessLogEntry.setSslPrincipal(clientCert[0].getSubjectX500Principal());
             }
+            String sslSessionId = (String) request.getAttribute(ServletRequest.SERVLET_REQUEST_SSL_SESSION_ID);
+            if (sslSessionId != null) {
+                accessLogEntry.addKeyValue("ssl-session-id", sslSessionId);
+            }
+            String cipherSuite = (String) request.getAttribute(ServletRequest.SERVLET_REQUEST_CIPHER_SUITE);
+            if (cipherSuite != null) {
+                accessLogEntry.addKeyValue("cipher-suite", cipherSuite);
+            }
 
             final long startTime = request.getTimeStamp();
             final long endTime = System.currentTimeMillis();
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
index 2eb7f432ec2..65c8e153164 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
@@ -39,6 +39,8 @@ public class ServletRequest extends HttpServletRequestWrapper implements Servlet
     public static final String JDISC_REQUEST_PRINCIPAL = "jdisc.request.principal";
     public static final String JDISC_REQUEST_X509CERT = "jdisc.request.X509Certificate";
     public static final String SERVLET_REQUEST_X509CERT = "javax.servlet.request.X509Certificate";
+    public static final String SERVLET_REQUEST_SSL_SESSION_ID = "javax.servlet.request.ssl_session_id";
+    public static final String SERVLET_REQUEST_CIPHER_SUITE = "javax.servlet.request.cipher_suite";
 
     private final HttpServletRequest request;
     private final HeaderFields headerFields;
-- 
cgit v1.2.3