/** * Return the list of certificates identifying the peer during the * handshake. * * @return the list of certificates identifying the peer with the peer's * identity certificate followed by CAs. * @throws SSLPeerUnverifiedException * if the identity of the peer has not been verified. */ public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return session.getPeerCertificates(); }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
@Nullable private static X509Certificate[] initCertificates(SSLSession session) { Certificate[] certificates; try { certificates = session.getPeerCertificates(); } catch (Throwable ex) { return null; } List<X509Certificate> result = new ArrayList<>(certificates.length); for (Certificate certificate : certificates) { if (certificate instanceof X509Certificate) { result.add((X509Certificate) certificate); } } return (!result.isEmpty() ? result.toArray(new X509Certificate[0]) : null); }
private X509Certificate getCertificateFromSession(SSLSession sslSession) throws SSLPeerUnverifiedException { Certificate[] peerCerts = sslSession.getPeerCertificates(); Certificate peerCert = peerCerts[0]; if (peerCert instanceof X509Certificate) { return (X509Certificate) peerCert; } throw new IllegalStateException( "Required java.security.cert.X509Certificate, found: " + peerCert); }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
SSLSocketFactory ssf = (SSLSocketFactory) sslContext.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) ssf.createSocket("untrusted.host.example", 443); SSLSession sslSession = sslSocket.getSession(); sslSession.getPeerCertificates();
@Nullable private static X509Certificate[] initCertificates(SSLSession session) { Certificate[] certificates; try { certificates = session.getPeerCertificates(); } catch (Throwable ex) { return null; } List<X509Certificate> result = new ArrayList<>(certificates.length); for (Certificate certificate : certificates) { if (certificate instanceof X509Certificate) { result.add((X509Certificate) certificate); } } return (!result.isEmpty() ? result.toArray(new X509Certificate[0]) : null); }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
public final boolean verify(String host, SSLSession session) { try { Certificate[] certs = session.getPeerCertificates(); X509Certificate x509 = (X509Certificate) certs[0]; verify(host, x509); return true; } catch(SSLException e) { return false; } }
public final void verify(String host, SSLSocket ssl) throws IOException { if(host == null) { throw new NullPointerException("host to verify is null"); } SSLSession session = ssl.getSession(); Certificate[] certs = session.getPeerCertificates(); X509Certificate x509 = (X509Certificate) certs[0]; verify(host, x509); }
public final boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
@Override public Certificate[] getPeerCertificates() { try { SSLSession sslSession = (SSLSession) ioSession.getAttribute(SslFilter.SSL_SESSION); if (sslSession != null) { return sslSession.getPeerCertificates(); } } catch (SSLPeerUnverifiedException e) { if (Log.isTraceEnabled()) { // This is perfectly acceptable when mutual authentication is not enforced by Openfire configuration. Log.trace( "Peer does not offer certificates in session: " + session, e); } } return new Certificate[0]; }
@Override public boolean verify(final String host, final SSLSession session) { try { final Certificate[] certs = session.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; verify(host, x509); return true; } catch (final SSLException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } return false; } }
public String getDn() throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = engine.getSession().getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); return cert.getSubjectDN().getName().trim(); }
public static Handshake get(SSLSession session) throws IOException { String cipherSuiteString = session.getCipherSuite(); if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null"); if ("SSL_NULL_WITH_NULL_NULL".equals(cipherSuiteString)) { throw new IOException("cipherSuite == SSL_NULL_WITH_NULL_NULL"); } CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString); String tlsVersionString = session.getProtocol(); if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null"); if ("NONE".equals(tlsVersionString)) throw new IOException("tlsVersion == NONE"); TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString); Certificate[] peerCertificates; try { peerCertificates = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException ignored) { peerCertificates = null; } List<Certificate> peerCertificatesList = peerCertificates != null ? Util.immutableList(peerCertificates) : Collections.emptyList(); Certificate[] localCertificates = session.getLocalCertificates(); List<Certificate> localCertificatesList = localCertificates != null ? Util.immutableList(localCertificates) : Collections.emptyList(); return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList); }
private Set<String> getCertificateIdentities(final SSLSession sslSession) throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = sslSession.getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); final Set<String> identities = CertificateUtils.getSubjectAlternativeNames(cert).stream() .map(CertificateUtils::extractUsername) .collect(Collectors.toSet()); return identities; } }
private Set<String> getCertificateIdentities(final SSLSession sslSession) throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = sslSession.getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); final Set<String> identities = CertificateUtils.getSubjectAlternativeNames(cert).stream() .map(CertificateUtils::extractUsername) .collect(Collectors.toSet()); return identities; } }
@Override public Certificate[] getPeerCertificates() { if (tlsStreamHandler != null) { try { return tlsStreamHandler.getSSLSession().getPeerCertificates(); } catch (SSLPeerUnverifiedException e ) { // Perfectly valid when client-auth is 'want', a problem when it is 'need'. Log.debug( "Peer certificates have not been verified - there are no certificates to return for: {}", tlsStreamHandler.getSSLSession().getPeerHost(), e ); } } return new Certificate[0]; }
public static Handshake get(SSLSession session) { String cipherSuiteString = session.getCipherSuite(); if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null"); CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString); String tlsVersionString = session.getProtocol(); if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null"); TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString); Certificate[] peerCertificates; try { peerCertificates = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException ignored) { peerCertificates = null; } List<Certificate> peerCertificatesList = peerCertificates != null ? Util.immutableList(peerCertificates) : Collections.<Certificate>emptyList(); Certificate[] localCertificates = session.getLocalCertificates(); List<Certificate> localCertificatesList = localCertificates != null ? Util.immutableList(localCertificates) : Collections.<Certificate>emptyList(); return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList); }