From c2b841541c239fcea8dc04c45c065b44fec44501 Mon Sep 17 00:00:00 2001 From: Lai Jiang Date: Thu, 14 May 2020 09:38:33 -0400 Subject: [PATCH] Log information about SSL connection from the client (#586) --- .../handler/SslServerInitializer.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java index dc0525fca..759ef8ef1 100644 --- a/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java +++ b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java @@ -37,6 +37,7 @@ import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.util.function.Supplier; +import javax.net.ssl.SSLSession; /** * Adds a server side SSL handler to the channel pipeline. @@ -108,9 +109,21 @@ public class SslServerInitializer extends ChannelInitializer< .addListener( future -> { if (future.isSuccess()) { + SSLSession sslSession = sslHandler.engine().getSession(); X509Certificate clientCertificate = - (X509Certificate) - sslHandler.engine().getSession().getPeerCertificates()[0]; + (X509Certificate) sslSession.getPeerCertificates()[0]; + logger.atInfo().log( + "--SSL Information--\n" + + "Client Certificate Hash: %s\n" + + "SSL Protocol: %s\n" + + "Cipher Suite: %s\n" + + "Not Before: %s\n" + + "Not After: %s\n", + getCertificateHash(clientCertificate), + sslSession.getProtocol(), + sslSession.getCipherSuite(), + clientCertificate.getNotBefore(), + clientCertificate.getNotAfter()); try { clientCertificate.checkValidity(); } catch (CertificateNotYetValidException | CertificateExpiredException e) {