Created
August 19, 2021 06:30
-
-
Save Glamdring/7334c2115bf2aa3eeee713382579de31 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.yourcomany.util.net; | |
| import org.springframework.integration.ip.tcp.connection.TcpConnectionInterceptorFactory; | |
| import org.springframework.integration.ip.tcp.connection.TcpConnectionInterceptorSupport; | |
| import org.springframework.integration.support.MessageBuilder; | |
| import org.springframework.messaging.Message; | |
| import javax.net.ssl.SSLPeerUnverifiedException; | |
| import javax.net.ssl.SSLSession; | |
| import java.security.cert.Certificate; | |
| /** | |
| * Intercepting TLS syslog messages for improved debugging | |
| */ | |
| public class TLSSyslogInterceptorFactory implements TcpConnectionInterceptorFactory { | |
| public static final String TLS_CLIENT_CERTIFICATES = "tlsClientCertificates"; | |
| private TcpConnectionInterceptorSupport interceptor; | |
| public TLSSyslogInterceptorFactory() { | |
| interceptor = new TLSSyslogInterceptor(); | |
| } | |
| @Override | |
| public TcpConnectionInterceptorSupport getInterceptor() { | |
| return interceptor; | |
| } | |
| /** | |
| * Interceptor that reports TLS message details | |
| */ | |
| public static class TLSSyslogInterceptor extends TcpConnectionInterceptorSupport { | |
| @Override | |
| public boolean onMessage(Message<?> message) { | |
| try { | |
| SSLSession sslSession = getSslSession(); | |
| if (sslSession != null) { | |
| Certificate[] certificates = getSslSession().getPeerCertificates(); | |
| if (certificates != null && certificates.length > 0) { | |
| message = MessageBuilder.fromMessage(message) | |
| .setHeader(TLS_CLIENT_CERTIFICATES, certificates).build(); | |
| } | |
| } | |
| } catch (SSLPeerUnverifiedException ex) { | |
| // ignore exception when no certificate is provided - that's a valid usecase | |
| } catch (Exception e) { | |
| logger.error("Failed to get peer certificates", e); | |
| } | |
| return super.onMessage(message); | |
| } | |
| @Override | |
| protected void publishConnectionOpenEvent() { | |
| // do nothing | |
| } | |
| @Override | |
| protected void publishConnectionCloseEvent() { | |
| // do nothing | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment