Java Code Examples for org.apache.tomcat.jni.SSL#getPeerCertChain()

The following examples show how to use org.apache.tomcat.jni.SSL#getPeerCertChain() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OpenSslEngine.java    From netty4.0.27Learn with Apache License 2.0 6 votes vote down vote up 
@Override
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    X509Certificate[] c = x509PeerCerts;
    if (c == null) {
        if (SSL.isInInit(ssl) != 0) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        byte[][] chain = SSL.getPeerCertChain(ssl);
        if (chain == null) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        X509Certificate[] peerCerts = new X509Certificate[chain.length];
        for (int i = 0; i < peerCerts.length; i++) {
            try {
                peerCerts[i] = X509Certificate.getInstance(chain[i]);
            } catch (CertificateException e) {
                throw new IllegalStateException(e);
            }
        }
        c = x509PeerCerts = peerCerts;
    }
    return c;
}
Example 2
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up 
@Deprecated
@Override
public javax.security.cert.X509Certificate[] getPeerCertificateChain()
        throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    javax.security.cert.X509Certificate[] c = x509PeerCerts;
    if (c == null) {
        byte[][] chain;
        synchronized (OpenSSLEngine.this) {
            if (destroyed || SSL.isInInit(ssl) != 0) {
                throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
            }
            chain = SSL.getPeerCertChain(ssl);
        }
        if (chain == null) {
            throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
        }
        javax.security.cert.X509Certificate[] peerCerts =
                new javax.security.cert.X509Certificate[chain.length];
        for (int i = 0; i < peerCerts.length; i++) {
            try {
                peerCerts[i] = javax.security.cert.X509Certificate.getInstance(chain[i]);
            } catch (javax.security.cert.CertificateException e) {
                throw new IllegalStateException(e);
            }
        }
        c = x509PeerCerts = peerCerts;
    }
    return c;
}
Example 3
Source File: OpenSslEngine.java    From netty4.0.27Learn with Apache License 2.0 5 votes vote down vote up 
private Certificate[] initPeerCertChain() throws SSLPeerUnverifiedException {
    byte[][] chain = SSL.getPeerCertChain(ssl);
    byte[] clientCert;
    if (!clientMode) {
        // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
        // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
        //
        // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
        clientCert = SSL.getPeerCertificate(ssl);
    } else {
        clientCert = null;
    }

    if (chain == null && clientCert == null) {
        throw new SSLPeerUnverifiedException("peer not verified");
    }
    int len = 0;
    if (chain != null) {
        len += chain.length;
    }

    int i = 0;
    Certificate[] peerCerts;
    if (clientCert != null) {
        len++;
        peerCerts = new Certificate[len];
        peerCerts[i++] = new OpenSslX509Certificate(clientCert);
    } else {
        peerCerts = new Certificate[len];
    }
    if (chain != null) {
        int a = 0;
        for (; i < peerCerts.length; i++) {
            peerCerts[i] = new OpenSslX509Certificate(chain[a++]);
        }
    }
    return peerCerts;
}
Example 4
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up 
@Override
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    Certificate[] c = peerCerts;
    if (c == null) {
        byte[] clientCert;
        byte[][] chain;
        synchronized (OpenSSLEngine.this) {
            if (destroyed || SSL.isInInit(ssl) != 0) {
                throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
            }
            chain = SSL.getPeerCertChain(ssl);
            if (!clientMode) {
                // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
                // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
                //
                // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
                clientCert = SSL.getPeerCertificate(ssl);
            } else {
                clientCert = null;
            }
        }
        if (chain == null && clientCert == null) {
            return null;
        }
        int len = 0;
        if (chain != null) {
            len += chain.length;
        }

        int i = 0;
        Certificate[] certificates;
        if (clientCert != null) {
            len++;
            certificates = new Certificate[len];
            certificates[i++] = new OpenSSLX509Certificate(clientCert);
        } else {
            certificates = new Certificate[len];
        }
        if (chain != null) {
            int a = 0;
            for (; i < certificates.length; i++) {
                certificates[i] = new OpenSSLX509Certificate(chain[a++]);
            }
        }
        c = peerCerts = certificates;
    }
    return c;
}