Return SslInfo only if X509Certificate[] present

Issue: SPR-16842

spring-web/src/main/java/org/springframework/http/server/reactive/DefaultSslInfo.java

@@ -40,7 +40,7 @@ final class DefaultSslInfo implements SslInfo {
 	private final X509Certificate[] peerCertificates;
 
 
-	DefaultSslInfo(String sessionId, X509Certificate[] peerCertificates) {
+	DefaultSslInfo(@Nullable String sessionId, X509Certificate[] peerCertificates) {
 		Assert.notNull(peerCertificates, "No SSL certificates");
 		this.sessionId = sessionId;
 		this.peerCertificates = peerCertificates;

spring-web/src/main/java/org/springframework/http/server/reactive/ServletServerHttpRequest.java

@@ -57,10 +57,6 @@ import org.springframework.util.StringUtils;
  */
 class ServletServerHttpRequest extends AbstractServerHttpRequest {
 
-	private static final String X509_CERTIFICATE_ATTRIBUTE = "javax.servlet.request.X509Certificate";
-
-	private static final String SSL_SESSION_ID_ATTRIBUTE = "javax.servlet.request.ssl_session_id";
-
 	static final DataBuffer EOF_BUFFER = new DefaultDataBufferFactory().allocateBuffer(0);
 
 
@@ -178,12 +174,19 @@ class ServletServerHttpRequest extends AbstractServerHttpRequest {
 
 	@Nullable
 	protected SslInfo initSslInfo() {
-		if (!this.request.isSecure()) {
-			return null;
+		X509Certificate[] certificates = getX509Certificates();
+		return certificates != null ? new DefaultSslInfo(getSslSessionId(), certificates) : null;
+	}
+
+	@Nullable
+	private String getSslSessionId() {
+		return (String) this.request.getAttribute("javax.servlet.request.ssl_session_id");
 	}
-		return new DefaultSslInfo(
-				(String) request.getAttribute(SSL_SESSION_ID_ATTRIBUTE),
-				(X509Certificate[]) request.getAttribute(X509_CERTIFICATE_ATTRIBUTE));
+
+	@Nullable
+	private X509Certificate[] getX509Certificates() {
+		String name = "javax.servlet.request.X509Certificate";
+		return (X509Certificate[]) this.request.getAttribute(name);
 	}
 
 	@Override