Search code examples
javassljettyjetty-12

Porting from Jetty 11 to Jetty 12: how to get SSL connection info?

With Jetty 11 I was able to get info about SSL session and client certificate by:

SSLSession sslSession = (SSLSession)request.getAttribute("org.eclipse.jetty.servlet.request.ssl_session");
java.security.cert.X509Certificate client_certs[] = (java.security.cert.X509Certificate[])request.getAttribute("jakarta.servlet.request.X509Certificate");

But with Jetty 12 I see only two request attributes:

  • org.eclipse.jetty.server.Request.Cookies
  • org.eclipse.jetty.server.x509 with server certificate

I am interested in attributes like:

  • ssl_protocol=TLSv1.3
  • ssl_cipher=TLS_CHACHA20_POLY1305_SHA256
  • ssl_client_i_dn=CN=xyz
  • x_ssl_client_cert=-----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgICA3wwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCUEwx ...

How can I get those attributes with Jetty 12?

Solution

  • The ForwardedRequestCustomizer and SecureRequestCustomizer does the work of pulling the information out and making it available via the Request object.

    Eg:

    HttpConnectionFactory http = new HttpConnectionFactory();
http.getHttpConfiguration().addCustomizer(new ForwardedRequestCustomizer());
http.getHttpConfiguration().addCustomizer(new SecureRequestCustomizer());
ServerConnector connector = new ServerConnector(server, http);

    The Request object will be populated with the details you are looking for.

    request.getAttribute("jakarta.servlet.request.cipher_suite");
request.getAttribute("jakarta.servlet.request.ssl_session_id");
request.getAttribute("org.eclipse.jetty.server.cipher");
request.getAttribute("org.eclipse.jetty.server.keySize");
request.getAttribute("org.eclipse.jetty.server.sslSessionId");
request.getAttribute("org.eclipse.jetty.server.peerCertificates");
request.getAttribute("org.eclipse.jetty.server.x509");
request.getAttribute("org.eclipse.jetty.server.sslSession");
request.getAttribute("org.eclipse.jetty.server.sslSessionData");
request.getConnectionMetaData().getRemoteSocketAddress();
request.getConnectionMetaData().getServerAuthority();
request.isSecure();
request.getHttpURI();
request.getHeaders(); // updates the `Host` or `:authority` fields

    Alternatively, you can pull it out of the jetty-core Request object.

    EndPoint endPoint = request.getConnectionMetaData().getConnection().getEndPoint();
if (endPoint instanceof SslEndPoint sslEndPoint)
{
    SslConnection sslConnection = sslEndPoint.getSslConnection();
    SSLEngine sslEngine = sslConnection.getSSLEngine();
    // TODO: get information out of the sslEngine
}