Xinwen Deng / aem-src

InternalForwardedRequestCustomizer.java 2.96 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  org.eclipse.jetty.http.HttpFields
 *  org.eclipse.jetty.server.Connector
 *  org.eclipse.jetty.server.ForwardedRequestCustomizer
 *  org.eclipse.jetty.server.HttpConfiguration
 *  org.eclipse.jetty.server.Request
 */
package com.adobe.granite.jetty.ssl.internal;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Request;

public class InternalForwardedRequestCustomizer
extends ForwardedRequestCustomizer {
    private static final String ATTR_SSL_CERTIFICATE = "javax.servlet.request.X509Certificate";
    private static final String SSL_FORWARD_HEADER = "X-Forwarded-SSL";
    private static final String SSL_FORWARD_VALUE = "on";
    private static final String SSL_CLIENT_HEADER = "X-Forwarded-SSL-Certificate";
    private static final Pattern HEADER_TO_CERT = Pattern.compile("(?! CERTIFICATE)(?= ) ");
    private static final String UTF_8 = "UTF-8";
    private static final String X_509 = "X.509";

    public void customize(Connector connector, HttpConfiguration config, Request request) {
        String clientCertHeader;
        super.customize(connector, config, request);
        HttpFields httpFields = request.getHttpFields();
        String forwardedProto = this.getLeftMostFieldValue(httpFields, "X-Forwarded-SSL");
        if (forwardedProto != null && "on".equalsIgnoreCase(forwardedProto)) {
            request.setScheme(config.getSecureScheme());
            request.setSecure(true);
        }
        if ((clientCertHeader = this.getLeftMostFieldValue(httpFields, "X-Forwarded-SSL-Certificate")) != null && !"".equals(clientCertHeader.trim())) {
            String clientCert = HEADER_TO_CERT.matcher(clientCertHeader).replaceAll("\n");
            try {
                CertificateFactory fac = CertificateFactory.getInstance("X.509");
                ByteArrayInputStream instream = new ByteArrayInputStream(clientCert.getBytes("UTF-8"));
                Collection<? extends Certificate> certs = fac.generateCertificates(instream);
                request.setAttribute("javax.servlet.request.X509Certificate", (Object)certs.toArray(new X509Certificate[certs.size()]));
            }
            catch (UnsupportedEncodingException e) {
                throw new InternalError("UTF-8 not supported?!");
            }
            catch (CertificateException e) {
                throw new InternalError("Certificate Exception");
            }
        }
    }
}