From 610737bc3082eb39bf0116bfa8dac91ee146af00 Mon Sep 17 00:00:00 2001
From: Justin Bertram <jbertram@apache.org>
Date: Wed, 26 Jul 2017 14:21:23 -0500
Subject: [PATCH] ARTEMIS-1306 clarify identity for authn failures

---
 .../artemis/core/security/impl/SecurityStoreImpl.java    | 9 ++++++++-
 .../artemis/core/server/ActiveMQMessageBundle.java       | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
index 957a318dd9..9d769db15c 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
@@ -16,6 +16,7 @@
  */
 package org.apache.activemq.artemis.core.security.impl;
 
+import javax.security.cert.X509Certificate;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -142,7 +143,13 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
                notificationService.sendNotification(notification);
             }
 
-            throw ActiveMQMessageBundle.BUNDLE.unableToValidateUser();
+            String certSubjectDN = "unavailable";
+            X509Certificate[] certs = CertificateUtil.getCertsFromConnection(connection);
+            if (certs != null && certs.length > 0 && certs[0] != null) {
+               certSubjectDN = certs[0].getSubjectDN().getName();
+            }
+
+            throw ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection.getRemoteAddress(), user, certSubjectDN);
          }
 
          return validatedUser;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java
index 8c9eb66e00..6d571a847c 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java
@@ -157,8 +157,8 @@ public interface ActiveMQMessageBundle {
    @Message(id = 119030, value = "large-message not initialized on server")
    ActiveMQIllegalStateException largeMessageNotInitialised();
 
-   @Message(id = 119031, value = "Unable to validate user", format = Message.Format.MESSAGE_FORMAT)
-   ActiveMQSecurityException unableToValidateUser();
+   @Message(id = 119031, value = "Unable to validate user from {0}. Username: {1}; SSL certificate subject DN: {2}", format = Message.Format.MESSAGE_FORMAT)
+   ActiveMQSecurityException unableToValidateUser(String remoteAddress, String user, String certMessage);
 
    @Message(id = 119032, value = "User: {0} does not have permission=''{1}'' on address {2}", format = Message.Format.MESSAGE_FORMAT)
    ActiveMQSecurityException userNoPermissions(String username, CheckType checkType, String saddress);