zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-29 19:47:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

Log information about SSL connection from the client (#586)

Browse source
This commit is contained in:
Lai Jiang 2020-05-14 09:38:33 -04:00 committed by GitHub
parent f4f4e80862
commit c2b841541c
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
View file

@ -37,6 +37,7 @@ import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.function.Supplier;
import javax.net.ssl.SSLSession;
/**
* Adds a server side SSL handler to the channel pipeline.
@ -108,9 +109,21 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
.addListener(
future -> {
if (future.isSuccess()) {
SSLSession sslSession = sslHandler.engine().getSession();
X509Certificate clientCertificate =
(X509Certificate)
sslHandler.engine().getSession().getPeerCertificates()[0];
(X509Certificate) sslSession.getPeerCertificates()[0];
logger.atInfo().log(
"--SSL Information--\n"
+ "Client Certificate Hash: %s\n"
+ "SSL Protocol: %s\n"
+ "Cipher Suite: %s\n"
+ "Not Before: %s\n"
+ "Not After: %s\n",
getCertificateHash(clientCertificate),
sslSession.getProtocol(),
sslSession.getCipherSuite(),
clientCertificate.getNotBefore(),
clientCertificate.getNotAfter());
try {
clientCertificate.checkValidity();
} catch (CertificateNotYetValidException | CertificateExpiredException e) {