The PKIServerSocketListener has been fixed to obtain the correct client IP address from SSL socket.
https://pagure.io/dogtagpki/issue/2602 Pushed to master under trivial rule. -- Endi S. Dewata
>From 0aebe0b9192d5c549cc3350926ecf42276dbccb0 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 13 Apr 2017 08:13:26 +0200 Subject: [PATCH] Fixed ClientIP field in SSL session audit log. The PKIServerSocketListener has been fixed to obtain the correct client IP address from SSL socket. https://pagure.io/dogtagpki/issue/2602 Change-Id: I7d3b2dc14d6f442830ee5911613a0e9fc360cfba --- .../cms/src/org/dogtagpki/server/PKIServerSocketListener.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java index 7016bc8ea02e216c8aca010d68b071001f97a698..093776f6f88a9224a6d3ba7d6c42011f1689a04d 100644 --- a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java +++ b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java @@ -18,8 +18,6 @@ package org.dogtagpki.server; import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.net.SocketAddress; import java.security.Principal; import org.mozilla.jss.crypto.X509Certificate; @@ -45,8 +43,7 @@ public class PKIServerSocketListener implements SSLSocketListener { try { SSLSocket socket = event.getSocket(); - SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); - InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress clientAddress = socket.getInetAddress(); InetAddress serverAddress = socket.getLocalAddress(); String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); @@ -85,8 +82,7 @@ public class PKIServerSocketListener implements SSLSocketListener { try { SSLSocket socket = event.getSocket(); - SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); - InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress clientAddress = socket.getInetAddress(); InetAddress serverAddress = socket.getLocalAddress(); String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); @@ -139,8 +135,7 @@ public class PKIServerSocketListener implements SSLSocketListener { try { SSLSocket socket = event.getSocket(); - SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); - InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress clientAddress = socket.getInetAddress(); InetAddress serverAddress = socket.getLocalAddress(); String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel