Access SSL Session Peer Certificates

Question

Access SSL Session Peer Certificates

tom7t opened this issue 4 years ago · 4 comments

Hi all,

I'm looking for a way to access the peer certificates in the same way they are accessed on the HttpServerExchange here.

I have a fork of this repository working where I extend the (build-exchange-map ...) fn to include these certs on the request map, but wanted to double check the preferred way to accomplish this.

(defn build-exchange-map
  [^HttpServerExchange exchange]
  (let [headers (.getRequestHeaders exchange)
        ctype   (.getFirst headers Headers/CONTENT_TYPE)]
    {:peer-certs         (-> exchange .getConnection .getSslSessionInfo .getPeerCertificates)

     ...

     }))

It might make more sense to provide a mechanism for a consumer of the library to extend the request map given the HttpServerExchange, instead of having to submit a PR for each additional bit of data a given application might need from the exchange (or provide access to the exchange itself somewhere... is this already possible and I just haven't found it?)

Thanks,
Tom

Answer 1 · 2020-10-19T18:06:20.000Z

Yeah, adding exchange itself to the request map would be a useful escape hatch. I think it make sense to expose all the common things as well, and then allow the user to work with the exchange directly if they need something that's not in the API.

Answer 2 · 2020-10-19T18:12:53.000Z

Makes sense. If you have something in mind, we'd gladly welcome a PR!

Otherwise, I'll probably get to looking at this sometime over the holidays in end of December

Answer 3 · 2020-10-19T18:16:39.000Z

If adding the exchange directly to the request map is a reasonable approach, I'll submit a PR for that soon. Thanks guys!

Answer 4 · 2020-10-19T18:56:11.000Z

That'll do for now.

We can always look into a more modular design later. I think it's a very valid point