Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
package com.yourcomany.util.net;
import org.springframework.integration.ip.tcp.connection.TcpConnectionInterceptorFactory;
import org.springframework.integration.ip.tcp.connection.TcpConnectionInterceptorSupport;
import org.springframework.integration.support.MessageBuilder;
import org.springframework.messaging.Message;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import java.security.cert.Certificate;
/**
* Intercepting TLS syslog messages for improved debugging
*/
public class TLSSyslogInterceptorFactory implements TcpConnectionInterceptorFactory {
public static final String TLS_CLIENT_CERTIFICATES = "tlsClientCertificates";
private TcpConnectionInterceptorSupport interceptor;
public TLSSyslogInterceptorFactory() {
interceptor = new TLSSyslogInterceptor();
}
@Override
public TcpConnectionInterceptorSupport getInterceptor() {
return interceptor;
}
/**
* Interceptor that reports TLS message details
*/
public static class TLSSyslogInterceptor extends TcpConnectionInterceptorSupport {
@Override
public boolean onMessage(Message<?> message) {
try {
SSLSession sslSession = getSslSession();
if (sslSession != null) {
Certificate[] certificates = getSslSession().getPeerCertificates();
if (certificates != null && certificates.length > 0) {
message = MessageBuilder.fromMessage(message)
.setHeader(TLS_CLIENT_CERTIFICATES, certificates).build();
}
}
} catch (SSLPeerUnverifiedException ex) {
// ignore exception when no certificate is provided - that's a valid usecase
} catch (Exception e) {
logger.error("Failed to get peer certificates", e);
}
return super.onMessage(message);
}
@Override
protected void publishConnectionOpenEvent() {
// do nothing
}
@Override
protected void publishConnectionCloseEvent() {
// do nothing
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment