UNDERTOW-561 the Ajp connector only publish the client certificate no…

…t the full chain
undertow-io · Oct 17, 2015 · c4ad58c · c4ad58c
1 parent 2841d94
commit c4ad58c
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/core/src/main/java/io/undertow/server/BasicSSLSessionInfo.java b/core/src/main/java/io/undertow/server/BasicSSLSessionInfo.java
@@ -29,7 +29,7 @@
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.cert.Certificate;
+import java.util.Collection;
 
 /**
  * Basic SSL session information. This information is generally provided by a front end proxy.
@@ -40,8 +40,8 @@ public class BasicSSLSessionInfo implements SSLSessionInfo {
 
     private final byte[] sessionId;
     private final String cypherSuite;
-    private final java.security.cert.Certificate peerCertificate;
-    private final X509Certificate certificate;
+    private final java.security.cert.Certificate[] peerCertificate;
+    private final X509Certificate[] certificate;
 
     /**
      *
@@ -59,8 +59,14 @@ public BasicSSLSessionInfo(byte[] sessionId, String cypherSuite, String certific
             java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
             byte[] certificateBytes = certificate.getBytes(StandardCharsets.US_ASCII);
             ByteArrayInputStream stream = new ByteArrayInputStream(certificateBytes);
-            peerCertificate = cf.generateCertificate(stream);
-            this.certificate = X509Certificate.getInstance(certificateBytes);
+            Collection<? extends java.security.cert.Certificate> certCol = cf.generateCertificates(stream);
+            this.peerCertificate = new java.security.cert.Certificate[certCol.size()];
+            this.certificate = new X509Certificate[certCol.size()];
+            int i=0;
+            for(java.security.cert.Certificate cert : certCol) {
+                this.peerCertificate[i] = cert;
+                this.certificate[i++] = X509Certificate.getInstance(cert.getEncoded());
+            }
         } else {
             this.peerCertificate = null;
             this.certificate = null;
@@ -98,15 +104,15 @@ public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnve
         if (certificate == null) {
             throw UndertowMessages.MESSAGES.peerUnverified();
         }
-        return new Certificate[]{peerCertificate};
+        return peerCertificate;
     }
 
     @Override
     public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
         if (certificate == null) {
             throw UndertowMessages.MESSAGES.peerUnverified();
         }
-        return new X509Certificate[]{certificate};
+        return certificate;
     }
 
     @Override