Log information about SSL connection from the client (#586)

This commit is contained in:
Lai Jiang 2020-05-14 09:38:33 -04:00 committed by GitHub
parent f4f4e80862
commit c2b841541c

View file

@ -37,6 +37,7 @@ import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException; import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.function.Supplier; import java.util.function.Supplier;
import javax.net.ssl.SSLSession;
/** /**
* Adds a server side SSL handler to the channel pipeline. * Adds a server side SSL handler to the channel pipeline.
@ -108,9 +109,21 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
.addListener( .addListener(
future -> { future -> {
if (future.isSuccess()) { if (future.isSuccess()) {
SSLSession sslSession = sslHandler.engine().getSession();
X509Certificate clientCertificate = X509Certificate clientCertificate =
(X509Certificate) (X509Certificate) sslSession.getPeerCertificates()[0];
sslHandler.engine().getSession().getPeerCertificates()[0]; logger.atInfo().log(
"--SSL Information--\n"
+ "Client Certificate Hash: %s\n"
+ "SSL Protocol: %s\n"
+ "Cipher Suite: %s\n"
+ "Not Before: %s\n"
+ "Not After: %s\n",
getCertificateHash(clientCertificate),
sslSession.getProtocol(),
sslSession.getCipherSuite(),
clientCertificate.getNotBefore(),
clientCertificate.getNotAfter());
try { try {
clientCertificate.checkValidity(); clientCertificate.checkValidity();
} catch (CertificateNotYetValidException | CertificateExpiredException e) { } catch (CertificateNotYetValidException | CertificateExpiredException e) {