io.undertow.server.SSLSessionInfo Java Examples
The following examples show how to use
io.undertow.server.SSLSessionInfo.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SSLInformationAssociationHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Return the chain of X509 certificates used to negotiate the SSL Session.
* <p>
* We convert JSSE's javax.security.cert.X509Certificate[] to servlet's java.security.cert.X509Certificate[]
*
* @param session the javax.net.ssl.SSLSession to use as the source of the cert chain.
* @return the chain of java.security.cert.X509Certificates used to
* negotiate the SSL connection. <br>
* Will be null if the chain is missing or empty.
*/
private X509Certificate[] getCerts(SSLSessionInfo session) {
try {
javax.security.cert.X509Certificate[] javaxCerts = session.getPeerCertificateChain();
if (javaxCerts == null || javaxCerts.length == 0) {
return null;
}
X509Certificate[] javaCerts = new X509Certificate[javaxCerts.length];
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
for (int i = 0; i < javaxCerts.length; i++) {
byte[] bytes = javaxCerts[i].getEncoded();
ByteArrayInputStream stream = new ByteArrayInputStream(bytes);
javaCerts[i] = (X509Certificate) cf.generateCertificate(stream);
}
return javaCerts;
} catch (Exception e) {
return null;
}
}
Example #2
| Source File: SSLInformationAssociationHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
ServletRequest request = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getServletRequest();
SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
if (ssl != null) {
String cipherSuite = ssl.getCipherSuite();
request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
request.setAttribute("javax.servlet.request.key_size", getKeyLength(cipherSuite));
request.setAttribute("javax.servlet.request.ssl_session_id", ssl.getSessionId());
X509Certificate[] certs = getCerts(ssl);
if (certs != null) {
request.setAttribute("javax.servlet.request.X509Certificate", certs);
}
}
next.handleRequest(exchange);
}
Example #3
| Source File: DatawaveAuthenticationMechanism.java From datawave with Apache License 2.0 | 6 votes |
|
private Certificate[] getPeerCertificates(HttpServerExchange exchange, SSLSessionInfo sslSession, SecurityContext securityContext)
throws SSLPeerUnverifiedException {
try {
return sslSession.getPeerCertificates();
} catch (RenegotiationRequiredException e) {
// we only renegotiate if authentication is required
if (forceRenegotiation && securityContext.isAuthenticationRequired()) {
try {
sslSession.renegotiate(exchange, SslClientAuthMode.REQUESTED);
return sslSession.getPeerCertificates();
} catch (IOException | RenegotiationRequiredException e1) {
// ignore
}
}
}
throw new SSLPeerUnverifiedException("");
}
Example #4
| Source File: ManagementHttpServer.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
private static boolean clientCertPotentiallyPossible(final SecurityRealm securityRealm, final HttpServerExchange exchange) {
if (securityRealm.getSupportedAuthenticationMechanisms().contains(AuthMechanism.CLIENT_CERT) == false) {
return false;
}
SSLSessionInfo session = exchange.getConnection().getSslSessionInfo();
if (session != null) {
try {
// todo: renegotiation?
return session.getPeerCertificates()[0] instanceof X509Certificate;
} catch (SSLPeerUnverifiedException | RenegotiationRequiredException e) {
}
}
return false;
}
Example #5
| Source File: SslSessionConfig.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public String findSessionId(final HttpServerExchange exchange) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession == null) {
if (fallbackSessionConfig != null) {
return fallbackSessionConfig.findSessionId(exchange);
}
} else {
synchronized (this) {
String sessionId = sessions.get(new Key(sslSession.getSessionId()));
if(sessionId != null) {
UndertowLogger.SESSION_LOGGER.tracef("Found SSL session id %s on %s", sessionId, exchange);
}
return sessionId;
}
}
return null;
}
Example #6
| Source File: SslSessionConfig.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void setSessionId(final HttpServerExchange exchange, final String sessionId) {
UndertowLogger.SESSION_LOGGER.tracef("Setting SSL session id %s on %s", sessionId, exchange);
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession == null) {
if (fallbackSessionConfig != null) {
fallbackSessionConfig.setSessionId(exchange, sessionId);
}
} else {
Key key = new Key(sslSession.getSessionId());
synchronized (this) {
sessions.put(key, sessionId);
reverse.put(sessionId, key);
}
}
}
Example #7
| Source File: SslSessionConfig.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void clearSession(final HttpServerExchange exchange, final String sessionId) {
UndertowLogger.SESSION_LOGGER.tracef("Clearing SSL session id %s on %s", sessionId, exchange);
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession == null) {
if (fallbackSessionConfig != null) {
fallbackSessionConfig.clearSession(exchange, sessionId);
}
} else {
synchronized (this) {
Key sid = reverse.remove(sessionId);
if (sid != null) {
sessions.remove(sid);
}
}
}
}
Example #8
| Source File: ClientCertAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
/*
* For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
* acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
* does not mandate success.
*/
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example #9
| Source File: SslSessionIdAttribute.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public String readAttribute(HttpServerExchange exchange) {
SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
if(ssl == null || ssl.getSessionId() == null) {
return null;
}
return FlexBase64.encodeString(ssl.getSessionId(), false);
}
Example #10
| Source File: SslCipherAttribute.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public String readAttribute(HttpServerExchange exchange) {
SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
if(ssl == null) {
return null;
}
return ssl.getCipherSuite();
}
Example #11
| Source File: SSLHeaderHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
HeaderMap requestHeaders = exchange.getRequestHeaders();
final String sessionId = requestHeaders.getFirst(SSL_SESSION_ID);
final String cipher = requestHeaders.getFirst(SSL_CIPHER);
String clientCert = requestHeaders.getFirst(SSL_CLIENT_CERT);
//the proxy client replaces \n with ' '
if (clientCert != null && clientCert.length() > 28) {
StringBuilder sb = new StringBuilder(clientCert.length() + 1);
sb.append(Certificates.BEGIN_CERT);
sb.append('\n');
sb.append(clientCert.replace(' ', '\n').substring(28, clientCert.length() - 26));//core certificate data
sb.append('\n');
sb.append(Certificates.END_CERT);
clientCert = sb.toString();
}
if (clientCert != null || sessionId != null || cipher != null) {
try {
SSLSessionInfo info = new BasicSSLSessionInfo(sessionId, cipher, clientCert);
exchange.setRequestScheme(HTTPS);
exchange.getConnection().setSslSessionInfo(info);
exchange.addExchangeCompleteListener(CLEAR_SSL_LISTENER);
} catch (java.security.cert.CertificateException | CertificateException e) {
UndertowLogger.REQUEST_LOGGER.debugf(e, "Could not create certificate from header %s", clientCert);
}
}
next.handleRequest(exchange);
}
Example #12
| Source File: UndertowHTTPHandler.java From cxf with Apache License 2.0 | 4 votes |
|
@Override
public void handleRequest(HttpServerExchange undertowExchange) throws Exception {
try {
// perform blocking operation on exchange
if (undertowExchange.isInIoThread()) {
undertowExchange.dispatch(this);
return;
}
HttpServletResponseImpl response = new HttpServletResponseImpl(undertowExchange,
(ServletContextImpl)servletContext);
HttpServletRequestImpl request = new HttpServletRequestImpl(undertowExchange,
(ServletContextImpl)servletContext);
if (request.getMethod().equals(METHOD_TRACE)) {
response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
ServletRequestContext servletRequestContext = new ServletRequestContext(((ServletContextImpl)servletContext)
.getDeployment(), request, response, null);
undertowExchange.putAttachment(ServletRequestContext.ATTACHMENT_KEY, servletRequestContext);
request.setAttribute("HTTP_HANDLER", this);
request.setAttribute("UNDERTOW_DESTINATION", undertowHTTPDestination);
SSLSessionInfo ssl = undertowExchange.getConnection().getSslSessionInfo();
if (ssl != null) {
request.setAttribute(SSL_CIPHER_SUITE_ATTRIBUTE, ssl.getCipherSuite());
try {
request.setAttribute(SSL_PEER_CERT_CHAIN_ATTRIBUTE, ssl.getPeerCertificates());
} catch (Exception e) {
// for some case won't have the peer certification
// do nothing
}
}
undertowHTTPDestination.doService(servletContext, request, response);
} catch (Throwable t) {
t.printStackTrace();
if (undertowExchange.isResponseChannelAvailable()) {
undertowExchange.setStatusCode(500);
final String errorPage = "<html><head><title>Error</title>"
+ "</head><body>Internal Error 500" + t.getMessage()
+ "</body></html>";
undertowExchange.getResponseHeaders().put(Headers.CONTENT_LENGTH,
Integer.toString(errorPage.length()));
undertowExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/html");
Sender sender = undertowExchange.getResponseSender();
sender.send(errorPage);
}
}
}
Example #13
| Source File: InVMConnection.java From thorntail with Apache License 2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
sslSessionInfo = sessionInfo;
}
Example #14
| Source File: InVMConnection.java From thorntail with Apache License 2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sslSessionInfo;
}
Example #15
| Source File: InVMConnection.java From thorntail with Apache License 2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
sslSessionInfo = sessionInfo;
}
Example #16
| Source File: InVMConnection.java From thorntail with Apache License 2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sslSessionInfo;
}
Example #17
| Source File: HttpServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
this.sslSessionInfo = sessionInfo;
}
Example #18
| Source File: HttpServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sslSessionInfo;
}
Example #19
| Source File: Http2ServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
this.sessionInfo = sessionInfo;
}
Example #20
| Source File: Http2ServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sessionInfo;
}
Example #21
| Source File: AjpServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
this.sslSessionInfo = sessionInfo;
}
Example #22
| Source File: AjpServerConnection.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sslSessionInfo;
}
Example #23
| Source File: ServletInitialHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public void setSslSessionInfo(SSLSessionInfo sessionInfo) {
sslSessionInfo = sessionInfo;
}
Example #24
| Source File: ServletInitialHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public SSLSessionInfo getSslSessionInfo() {
return sslSessionInfo;
}
