| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.felix.http.sslfilter.internal; |
| |
| import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.ATTR_SSL_CERTIFICATE; |
| import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT; |
| import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS; |
| import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.UTF_8; |
| import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.X_509; |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.InputStream; |
| import java.io.UnsupportedEncodingException; |
| import java.security.cert.CertificateException; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.X509Certificate; |
| import java.util.Collection; |
| import java.util.regex.Pattern; |
| |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletRequestWrapper; |
| |
| class SslFilterRequest extends HttpServletRequestWrapper |
| { |
| // The HTTP scheme prefix in an URL |
| private static final String HTTP_SCHEME_PREFIX = "http://"; |
| |
| // pattern to convert the header to a PEM certificate for parsing |
| // by replacing spaces with line breaks |
| private static final Pattern HEADER_TO_CERT = Pattern.compile("(?! CERTIFICATE)(?= ) "); |
| |
| @SuppressWarnings("unchecked") |
| SslFilterRequest(HttpServletRequest request, String clientCertHeader) throws CertificateException |
| { |
| super(request); |
| |
| // TODO jawi: perhaps we should make this class a little smarter wrt the given request: |
| // it now always assumes it should rewrite its URL, while this might not always be the |
| // case... |
| |
| if (clientCertHeader != null && !"".equals(clientCertHeader.trim())) |
| { |
| final String clientCert = HEADER_TO_CERT.matcher(clientCertHeader).replaceAll("\n"); |
| |
| try |
| { |
| CertificateFactory fac = CertificateFactory.getInstance(X_509); |
| |
| InputStream instream = new ByteArrayInputStream(clientCert.getBytes(UTF_8)); |
| |
| Collection<X509Certificate> certs = (Collection<X509Certificate>) fac.generateCertificates(instream); |
| request.setAttribute(ATTR_SSL_CERTIFICATE, certs.toArray(new X509Certificate[certs.size()])); |
| } |
| catch (UnsupportedEncodingException e) |
| { |
| // Any JRE should support UTF-8... |
| throw new InternalError("UTF-8 not supported?!"); |
| } |
| } |
| } |
| |
| void done() |
| { |
| getRequest().removeAttribute(ATTR_SSL_CERTIFICATE); |
| } |
| |
| public String getScheme() |
| { |
| return HTTPS; |
| } |
| |
| public boolean isSecure() |
| { |
| return true; |
| } |
| |
| public StringBuffer getRequestURL() |
| { |
| StringBuffer tmp = new StringBuffer(super.getRequestURL()); |
| // In case the request happened over http, simply insert an additional 's' |
| // to make the request appear to be done over https... |
| if (tmp.indexOf(HTTP_SCHEME_PREFIX) == 0) |
| { |
| tmp.insert(4, 's'); |
| } |
| return tmp; |
| } |
| |
| public int getServerPort() |
| { |
| int port; |
| |
| try |
| { |
| String fwdPort = getHeader(HDR_X_FORWARDED_PORT); |
| port = Integer.valueOf(fwdPort); |
| } |
| catch (Exception e) |
| { |
| // Use default port for the used protocol... |
| port = -1; |
| } |
| return port; |
| } |
| } |