Browse Source

Return SslInfo only if X509Certificate[] present

Issue: SPR-16842
pull/1838/head
Rossen Stoyanchev 7 years ago
parent
commit
a158ff4c3d
  1. 2
      spring-web/src/main/java/org/springframework/http/server/reactive/DefaultSslInfo.java
  2. 21
      spring-web/src/main/java/org/springframework/http/server/reactive/ServletServerHttpRequest.java

2
spring-web/src/main/java/org/springframework/http/server/reactive/DefaultSslInfo.java

@ -40,7 +40,7 @@ final class DefaultSslInfo implements SslInfo { @@ -40,7 +40,7 @@ final class DefaultSslInfo implements SslInfo {
private final X509Certificate[] peerCertificates;
DefaultSslInfo(String sessionId, X509Certificate[] peerCertificates) {
DefaultSslInfo(@Nullable String sessionId, X509Certificate[] peerCertificates) {
Assert.notNull(peerCertificates, "No SSL certificates");
this.sessionId = sessionId;
this.peerCertificates = peerCertificates;

21
spring-web/src/main/java/org/springframework/http/server/reactive/ServletServerHttpRequest.java

@ -57,10 +57,6 @@ import org.springframework.util.StringUtils; @@ -57,10 +57,6 @@ import org.springframework.util.StringUtils;
*/
class ServletServerHttpRequest extends AbstractServerHttpRequest {
private static final String X509_CERTIFICATE_ATTRIBUTE = "javax.servlet.request.X509Certificate";
private static final String SSL_SESSION_ID_ATTRIBUTE = "javax.servlet.request.ssl_session_id";
static final DataBuffer EOF_BUFFER = new DefaultDataBufferFactory().allocateBuffer(0);
@ -178,12 +174,19 @@ class ServletServerHttpRequest extends AbstractServerHttpRequest { @@ -178,12 +174,19 @@ class ServletServerHttpRequest extends AbstractServerHttpRequest {
@Nullable
protected SslInfo initSslInfo() {
if (!this.request.isSecure()) {
return null;
X509Certificate[] certificates = getX509Certificates();
return certificates != null ? new DefaultSslInfo(getSslSessionId(), certificates) : null;
}
@Nullable
private String getSslSessionId() {
return (String) this.request.getAttribute("javax.servlet.request.ssl_session_id");
}
return new DefaultSslInfo(
(String) request.getAttribute(SSL_SESSION_ID_ATTRIBUTE),
(X509Certificate[]) request.getAttribute(X509_CERTIFICATE_ATTRIBUTE));
@Nullable
private X509Certificate[] getX509Certificates() {
String name = "javax.servlet.request.X509Certificate";
return (X509Certificate[]) this.request.getAttribute(name);
}
@Override

Loading…
Cancel
Save