Return the certificates in a list instead of an array. Added documentation.

cmitchell · cmitchell · commit e25016477910 · 2021-07-27T18:58:25.000-04:00
diff --git a/docs/asciidoc/context.adoc b/docs/asciidoc/context.adoc
@@ -659,6 +659,33 @@ get("/{foo}") { ctx ->
 In case of a request like `/bar?foo=baz`, `foo is: baz` will be returned since the query parameter
 takes precedence over the path parameter.
 
+==== Client Certificates
+
+If mutual TLS is enabled, you can access the client's certificates from the context. The first 
+certificate in the list is the peer certificate, followed by the ca certificates in the chain 
+(the order is preserved).
+
+.Java
+[source,java,role="primary"]
+----
+get("/{foo}", ctx -> {
+  List<Certificate> certificates = ctx.getClientCertificates(); <1>
+  Certificate peerCertificate = certificates.get(0);            <2>
+});
+----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+get("/{foo}") { ctx ->
+  val certificates = ctx.clientCertificates                     <1>
+  val peerCertificate = certificates.first()                    <2>
+}
+----
+
+<1> Get all of the certificates presented by the client during the SSL handshake.
+<2> Get only the peer certificate.
+
 include::value-api.adoc[]
 
 include::body.adoc[]
diff --git a/jooby/src/main/java/io/jooby/Context.java b/jooby/src/main/java/io/jooby/Context.java
@@ -633,7 +633,7 @@ public interface Context extends Registry {
    *
    * @return The certificates presented by the client for mutual TLS. Empty if ssl is not enabled, or client authentication is not required.
    */
-  @Nonnull Certificate[] getClientCertificates();
+  @Nonnull List<Certificate> getClientCertificates();
 
   /**
    * Server port for current request.
diff --git a/jooby/src/main/java/io/jooby/ForwardingContext.java b/jooby/src/main/java/io/jooby/ForwardingContext.java
@@ -268,7 +268,7 @@ public ForwardingContext(@Nonnull Context context) {
     return ctx.getProtocol();
   }
 
-  @Override @Nonnull public Certificate[] getClientCertificates() {
+  @Override @Nonnull public List<Certificate> getClientCertificates() {
     return ctx.getClientCertificates();
   }
 
diff --git a/modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyContext.java b/modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyContext.java
@@ -61,6 +61,7 @@
 import java.nio.charset.Charset;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
@@ -282,8 +283,8 @@ public JettyContext(Request request, Router router, int bufferSize, long maxRequ
     return request.getProtocol();
   }
 
-  @Nonnull @Override public Certificate[] getClientCertificates() {
-    return (Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+  @Nonnull @Override public List<Certificate> getClientCertificates() {
+    return Arrays.asList((Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"));
   }
 
   @Nonnull @Override public String getScheme() {
diff --git a/modules/jooby-netty/src/main/java/io/jooby/internal/netty/NettyContext.java b/modules/jooby-netty/src/main/java/io/jooby/internal/netty/NettyContext.java
@@ -32,6 +32,7 @@
 import java.nio.charset.Charset;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -288,16 +289,16 @@ boolean isHttpGet() {
     }
   }
 
-  @Nonnull @Override public Certificate[] getClientCertificates() {
+  @Nonnull @Override public List<Certificate> getClientCertificates() {
     SslHandler sslHandler = (SslHandler) ctx.channel().pipeline().get("ssl");
     if (sslHandler != null) {
       try {
-        return sslHandler.engine().getSession().getPeerCertificates();
+        return Arrays.asList(sslHandler.engine().getSession().getPeerCertificates());
       } catch (SSLPeerUnverifiedException x) {
          throw SneakyThrows.propagate(x);
       }
     }
-    return new Certificate[0];
+    return new ArrayList<Certificate>();
   }
 
   @Nonnull @Override public String getScheme() {
diff --git a/modules/jooby-test/src/main/java/io/jooby/MockContext.java b/modules/jooby-test/src/main/java/io/jooby/MockContext.java
@@ -541,8 +541,8 @@ public MockContext setResponseType(@Nonnull MediaType contentType, @Nullable Cha
     return "HTTP/1.1";
   }
 
-  @Nonnull @Override public Certificate[] getClientCertificates() {
-    return new Certificate[0];
+  @Nonnull @Override public List<Certificate> getClientCertificates() {
+    return new ArrayList<Certificate>();
   }
 
   @Nonnull @Override public String getScheme() {
diff --git a/modules/jooby-utow/src/main/java/io/jooby/internal/utow/UtowContext.java b/modules/jooby-utow/src/main/java/io/jooby/internal/utow/UtowContext.java
@@ -23,12 +23,15 @@
 import java.nio.channels.ReadableByteChannel;
 import java.nio.charset.Charset;
 import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Deque;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.Executor;
@@ -210,16 +213,16 @@ boolean isHttpGet() {
     return exchange.getProtocol().toString();
   }
 
-  @Nonnull @Override public Certificate[] getClientCertificates() {
+  @Nonnull @Override public List<Certificate> getClientCertificates() {
     SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
     if (ssl != null) {
       try {
-       return ssl.getPeerCertificates();
+       return Arrays.asList(ssl.getPeerCertificates());
       } catch (SSLPeerUnverifiedException | RenegotiationRequiredException x) {
         throw SneakyThrows.propagate(x);
       }
     }
-    return new Certificate[0];
+    return new ArrayList<Certificate>();
   }
 
   @Nonnull @Override public String getScheme() {

Original file line number	Diff line number	Diff line change
`@@ -633,7 +633,7 @@ public interface Context extends Registry {`
`633`	`633`	`*`
`634`	`634`	`* @return The certificates presented by the client for mutual TLS. Empty if ssl is not enabled, or client authentication is not required.`
`635`	`635`	`*/`
`636`		`- @Nonnull Certificate[] getClientCertificates();`
	`636`	`+ @Nonnull List<Certificate> getClientCertificates();`
`637`	`637`
`638`	`638`	`/**`
`639`	`639`	`* Server port for current request.`
Original file line number	Diff line number	Diff line change
`@@ -268,7 +268,7 @@ public ForwardingContext(@Nonnull Context context) {`
`268`	`268`	`return ctx.getProtocol();`
`269`	`269`	`}`
`270`	`270`
`271`		`- @Override @Nonnull public Certificate[] getClientCertificates() {`
	`271`	`+ @Override @Nonnull public List<Certificate> getClientCertificates() {`
`272`	`272`	`return ctx.getClientCertificates();`
`273`	`273`	`}`
`274`	`274`
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@`
`32`	`32`	`import java.nio.charset.Charset;`
`33`	`33`	`import java.security.cert.Certificate;`
`34`	`34`	`import java.util.ArrayList;`
	`35`	`+import java.util.Arrays;`
`35`	`36`	`import java.util.Collection;`
`36`	`37`	`import java.util.Collections;`
`37`	`38`	`import java.util.HashMap;`
`@@ -288,16 +289,16 @@ boolean isHttpGet() {`
`288`	`289`	`}`
`289`	`290`	`}`
`290`	`291`
`291`		`- @Nonnull @Override public Certificate[] getClientCertificates() {`
	`292`	`+ @Nonnull @Override public List<Certificate> getClientCertificates() {`
`292`	`293`	`SslHandler sslHandler = (SslHandler) ctx.channel().pipeline().get("ssl");`
`293`	`294`	`if (sslHandler != null) {`
`294`	`295`	`try {`
`295`		`- return sslHandler.engine().getSession().getPeerCertificates();`
	`296`	`+ return Arrays.asList(sslHandler.engine().getSession().getPeerCertificates());`
`296`	`297`	`} catch (SSLPeerUnverifiedException x) {`
`297`	`298`	`throw SneakyThrows.propagate(x);`
`298`	`299`	`}`
`299`	`300`	`}`
`300`		`- return new Certificate[0];`
	`301`	`+ return new ArrayList<Certificate>();`
`301`	`302`	`}`
`302`	`303`
`303`	`304`	`@Nonnull @Override public String getScheme() {`
Original file line number	Diff line number	Diff line change
`@@ -541,8 +541,8 @@ public MockContext setResponseType(@Nonnull MediaType contentType, @Nullable Cha`
`541`	`541`	`return "HTTP/1.1";`
`542`	`542`	`}`
`543`	`543`
`544`		`- @Nonnull @Override public Certificate[] getClientCertificates() {`
`545`		`- return new Certificate[0];`
	`544`	`+ @Nonnull @Override public List<Certificate> getClientCertificates() {`
	`545`	`+ return new ArrayList<Certificate>();`
`546`	`546`	`}`
`547`	`547`
`548`	`548`	`@Nonnull @Override public String getScheme() {`