Java Code Examples for javax.net.ssl.SSLSession#getLocalCertificates()
The following examples show how to use
javax.net.ssl.SSLSession#getLocalCertificates() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Handshake.java From styT with Apache License 2.0 | 6 votes |
|
public static Handshake get(SSLSession session) {
String cipherSuiteString = session.getCipherSuite();
if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null");
CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString);
String tlsVersionString = session.getProtocol();
if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null");
TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString);
Certificate[] peerCertificates;
try {
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException ignored) {
peerCertificates = null;
}
List<Certificate> peerCertificatesList = peerCertificates != null
? Util.immutableList(peerCertificates)
: Collections.<Certificate>emptyList();
Certificate[] localCertificates = session.getLocalCertificates();
List<Certificate> localCertificatesList = localCertificates != null
? Util.immutableList(localCertificates)
: Collections.<Certificate>emptyList();
return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList);
}
Example 2
| Source File: Handshake.java From AndroidProjects with MIT License | 6 votes |
|
public static Handshake get(SSLSession session) {
String cipherSuiteString = session.getCipherSuite();
if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null");
CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString);
String tlsVersionString = session.getProtocol();
if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null");
TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString);
Certificate[] peerCertificates;
try {
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException ignored) {
peerCertificates = null;
}
List<Certificate> peerCertificatesList = peerCertificates != null
? Util.immutableList(peerCertificates)
: Collections.<Certificate>emptyList();
Certificate[] localCertificates = session.getLocalCertificates();
List<Certificate> localCertificatesList = localCertificates != null
? Util.immutableList(localCertificates)
: Collections.<Certificate>emptyList();
return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList);
}
Example 3
| Source File: RetrieveSslInfosHandshakeListener.java From keystore-explorer with GNU General Public License v3.0 | 6 votes |
|
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
sslConnectionInfos.setPeerHost(session.getPeerHost());
sslConnectionInfos.setPeerPort(session.getPeerPort());
sslConnectionInfos.setProtocol(session.getProtocol());
sslConnectionInfos.setCipherSuite(session.getCipherSuite());
Certificate[] locChain = session.getLocalCertificates();
if (locChain != null) {
X509Certificate[] clientCertificates = Arrays.copyOf(locChain, locChain.length, X509Certificate[].class);
sslConnectionInfos.setClientCertificates(clientCertificates);
}
try {
Certificate[] chain = session.getPeerCertificates();
if (chain != null) {
X509Certificate[] serverCertificates = Arrays.copyOf(chain, chain.length, X509Certificate[].class);
sslConnectionInfos.setServerCertificates(serverCertificates);
}
} catch (SSLPeerUnverifiedException e) {
// do nothing
}
}
Example 4
| Source File: InternalChannelz.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
|
/**
* Creates an instance.
*/
public Tls(SSLSession session) {
String cipherSuiteStandardName = session.getCipherSuite();
Certificate localCert = null;
Certificate remoteCert = null;
Certificate[] localCerts = session.getLocalCertificates();
if (localCerts != null) {
localCert = localCerts[0];
}
try {
Certificate[] peerCerts = session.getPeerCertificates();
if (peerCerts != null) {
// The javadoc of getPeerCertificate states that the peer's own certificate is the first
// element of the list.
remoteCert = peerCerts[0];
}
} catch (SSLPeerUnverifiedException e) {
// peer cert is not available
log.log(
Level.FINE,
String.format("Peer cert not available for peerHost=%s", session.getPeerHost()),
e);
}
this.cipherSuiteStandardName = cipherSuiteStandardName;
this.localCert = localCert;
this.remoteCert = remoteCert;
}
Example 5
| Source File: InternalChannelz.java From grpc-java with Apache License 2.0 | 5 votes |
|
/**
* Creates an instance.
*/
public Tls(SSLSession session) {
String cipherSuiteStandardName = session.getCipherSuite();
Certificate localCert = null;
Certificate remoteCert = null;
Certificate[] localCerts = session.getLocalCertificates();
if (localCerts != null) {
localCert = localCerts[0];
}
try {
Certificate[] peerCerts = session.getPeerCertificates();
if (peerCerts != null) {
// The javadoc of getPeerCertificate states that the peer's own certificate is the first
// element of the list.
remoteCert = peerCerts[0];
}
} catch (SSLPeerUnverifiedException e) {
// peer cert is not available
log.log(
Level.FINE,
String.format("Peer cert not available for peerHost=%s", session.getPeerHost()),
e);
}
this.cipherSuiteStandardName = cipherSuiteStandardName;
this.localCert = localCert;
this.remoteCert = remoteCert;
}
Example 6
| Source File: SSLRequestHelper.java From deprecated-security-ssl with Apache License 2.0 | 4 votes |
|
public static SSLInfo getSSLInfo(final Settings settings, final Path configPath, final RestRequest request, PrincipalExtractor principalExtractor) throws SSLPeerUnverifiedException {
if(request == null || !(request instanceof Netty4HttpRequest)) {
return null;
}
final Netty4HttpRequest nettyHttpRequest = (Netty4HttpRequest) request;
final SslHandler sslhandler = (SslHandler) nettyHttpRequest.getChannel().pipeline().get("ssl_http");
if(sslhandler == null) {
return null;
}
final SSLEngine engine = sslhandler.engine();
final SSLSession session = engine.getSession();
X509Certificate[] x509Certs = null;
final String protocol = session.getProtocol();
final String cipher = session.getCipherSuite();
String principal = null;
boolean validationFailure = false;
if (engine.getNeedClientAuth() || engine.getWantClientAuth()) {
try {
final Certificate[] certs = session.getPeerCertificates();
if (certs != null && certs.length > 0 && certs[0] instanceof X509Certificate) {
x509Certs = Arrays.copyOf(certs, certs.length, X509Certificate[].class);
final X509Certificate[] x509CertsF = x509Certs;
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
validationFailure = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
return !validate(x509CertsF, settings, configPath);
}
});
if(validationFailure) {
throw new SSLPeerUnverifiedException("Unable to validate certificate (CRL)");
}
principal = principalExtractor == null?null: principalExtractor.extractPrincipal(x509Certs[0], Type.HTTP);
} else if (engine.getNeedClientAuth()) {
final ElasticsearchException ex = new ElasticsearchException("No client certificates found but such are needed (Security 9).");
throw ex;
}
} catch (final SSLPeerUnverifiedException e) {
if (engine.getNeedClientAuth() || validationFailure) {
throw e;
}
}
}
Certificate[] localCerts = session.getLocalCertificates();
return new SSLInfo(x509Certs, principal, protocol, cipher, localCerts==null?null:Arrays.copyOf(localCerts, localCerts.length, X509Certificate[].class));
}
Example 7
| Source File: RecordedRequest.java From j2objc with Apache License 2.0 | 4 votes |
|
public RecordedRequest(String requestLine, List<String> headers, List<Integer> chunkSizes,
int bodySize, byte[] body, int sequenceNumber, Socket socket) {
this.requestLine = requestLine;
this.headers = headers;
this.chunkSizes = chunkSizes;
this.bodySize = bodySize;
this.body = body;
this.sequenceNumber = sequenceNumber;
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
SSLSession session = sslSocket.getSession();
sslProtocol = session.getProtocol();
sslCipherSuite = session.getCipherSuite();
sslLocalPrincipal = session.getLocalPrincipal();
sslLocalCertificates = session.getLocalCertificates();
Principal peerPrincipal = null;
Certificate[] peerCertificates = null;
try {
peerPrincipal = session.getPeerPrincipal();
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// No-op: use nulls instead
}
sslPeerPrincipal = peerPrincipal;
sslPeerCertificates = peerCertificates;
} else {
sslProtocol = null;
sslCipherSuite = null;
sslLocalPrincipal = null;
sslLocalCertificates = null;
sslPeerPrincipal = null;
sslPeerCertificates = null;
}
if (requestLine != null) {
int methodEnd = requestLine.indexOf(' ');
int pathEnd = requestLine.indexOf(' ', methodEnd + 1);
this.method = requestLine.substring(0, methodEnd);
this.path = requestLine.substring(methodEnd + 1, pathEnd);
} else {
this.method = null;
this.path = null;
}
}
