private X509Certificate getClientCert(HttpsExchange pHttpsExchange) { try { Certificate[] peerCerts = pHttpsExchange.getSSLSession().getPeerCertificates(); return peerCerts != null && peerCerts.length > 0 ? (X509Certificate) peerCerts[0] : null; } catch (SSLPeerUnverifiedException e) { throw new SecurityException("SSL Peer couldn't be verified"); } }
@Override public void handle(HttpExchange httpExchange) throws IOException { wasInvoked = true; HttpsExchange exchange = (HttpsExchange) httpExchange; for (Map.Entry<String, List<String>> entry : headers.entrySet()) { for (String value : entry.getValue()) { exchange.getResponseHeaders().add(entry.getKey(), value); } } exchange.getResponseHeaders().add("Access-Control-Allow-Origin", "*"); exchange.sendResponseHeaders(200, responseBody.length()); OutputStream os = exchange.getResponseBody(); os.write(responseBody.getBytes()); os.flush(); os.close(); httpExchange.close(); } }
private void checkCertForAllowedPrincipals(HttpsExchange pHttpsExchange) { if (allowedPrincipals != null) { X500Principal certPrincipal; try { certPrincipal = (X500Principal) pHttpsExchange.getSSLSession().getPeerPrincipal(); Set<Rdn> certPrincipalRdns = getPrincipalRdns(certPrincipal); boolean matchFound = false; for (LdapName principal : allowedPrincipals) { if (certPrincipalRdns.containsAll(principal.getRdns())) { matchFound = true; break; } } if (!matchFound) { throw new SecurityException("Principal " + certPrincipal + " not allowed"); } } catch (SSLPeerUnverifiedException e) { throw new SecurityException("SSLPeer unverified"); } catch (ClassCastException e) { throw new SecurityException("Internal: Invalid Principal class provided " + e); } } }
@Override public Result authenticate(HttpExchange httpExchange) { if( !(httpExchange instanceof HttpsExchange) ) { return new Failure(500); } try { HttpsExchange httpsExchange = (HttpsExchange) httpExchange; X509Certificate certificate = getClientCert(httpsExchange); if (certificate == null) { return new Failure(401); } checkCertForClientUsage(certificate); checkCertForAllowedPrincipals(httpsExchange); String name=""; try { name = httpsExchange.getSSLSession().getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException ignore) { } return new Success(new HttpPrincipal(name, "ssl")); } catch (SecurityException e) { return new Failure(403); } }
private X509Certificate getClientCert(HttpsExchange pHttpsExchange) { try { Certificate[] peerCerts = pHttpsExchange.getSSLSession().getPeerCertificates(); return peerCerts != null && peerCerts.length > 0 ? (X509Certificate) peerCerts[0] : null; } catch (SSLPeerUnverifiedException e) { throw new SecurityException("SSL Peer couldn't be verified"); } }
private void checkCertForAllowedPrincipals(HttpsExchange pHttpsExchange) { if (allowedPrincipals != null) { X500Principal certPrincipal; try { certPrincipal = (X500Principal) pHttpsExchange.getSSLSession().getPeerPrincipal(); Set<Rdn> certPrincipalRdns = getPrincipalRdns(certPrincipal); boolean matchFound = false; for (LdapName principal : allowedPrincipals) { if (certPrincipalRdns.containsAll(principal.getRdns())) { matchFound = true; break; } } if (!matchFound) { throw new SecurityException("Principal " + certPrincipal + " not allowed"); } } catch (SSLPeerUnverifiedException e) { throw new SecurityException("SSLPeer unverified"); } catch (ClassCastException e) { throw new SecurityException("Internal: Invalid Principal class provided " + e); } } }
public void handle(HttpExchange t) throws IOException { HttpsExchange ts = (HttpsExchange) t; SSLSession sess = ts.getSSLSession();
@Override public Result authenticate(HttpExchange httpExchange) { if( !(httpExchange instanceof HttpsExchange) ) { return new Failure(500); } try { HttpsExchange httpsExchange = (HttpsExchange) httpExchange; X509Certificate certificate = getClientCert(httpsExchange); if (certificate == null) { return new Failure(401); } checkCertForClientUsage(certificate); checkCertForAllowedPrincipals(httpsExchange); String name=""; try { name = httpsExchange.getSSLSession().getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException ignore) { } return new Success(new HttpPrincipal(name, "ssl")); } catch (SecurityException e) { return new Failure(403); } }