javax.net.ssl.SSLPeerUnverifiedException Java Examples
The following examples show how to use
javax.net.ssl.SSLPeerUnverifiedException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SslUtil.java From CapturePacket with MIT License | 6 votes |
/** * Returns the X509Certificate for the server this session is connected to. The certificate may be null. * * @param sslSession SSL session connected to upstream server * @return the X.509 certificate from the upstream server, or null if no certificate is available */ public static X509Certificate getServerCertificate(SSLSession sslSession) { Certificate[] peerCertificates; try { peerCertificates = sslSession.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { peerCertificates = null; } if (peerCertificates != null && peerCertificates.length > 0) { Certificate peerCertificate = peerCertificates[0]; if (peerCertificate != null && peerCertificate instanceof X509Certificate) { return (X509Certificate) peerCertificates[0]; } } // no X.509 certificate was found for this server return null; }
Example #2
Source File: MySqlHostVerifier.java From r2dbc-mysql with Apache License 2.0 | 6 votes |
private static void matchDns(String hostname, List<San> sans) throws SSLPeerUnverifiedException { String host = hostname.toLowerCase(Locale.ROOT); if (host.isEmpty() || host.charAt(0) == '.' || host.endsWith("..")) { // Invalid hostname throw new SSLPeerUnverifiedException(String.format("Certificate for '%s' cannot match the Subject Alternative Names because it is invalid name", hostname)); } for (San san : sans) { if (san.getType() == San.DNS && matchHost(host, san.getValue().toLowerCase(Locale.ROOT))) { if (logger.isDebugEnabled()) { logger.debug("Certificate for '{}' matched by DNS name '{}' of the Subject Alternative Names", host, san.getValue()); } return; } } throw new SSLPeerUnverifiedException(String.format("Certificate for '%s' does not match any of the Subject Alternative Names: %s", hostname, sans)); }
Example #3
Source File: ValidatingDispatcher.java From deprecated-security-ssl with Apache License 2.0 | 6 votes |
protected void checkRequest(final RestRequest request, final RestChannel channel) { if(SSLRequestHelper.containsBadHeader(threadContext, "_opendistro_security_ssl_")) { final ElasticsearchException exception = ExceptionUtils.createBadHeaderException(); errorHandler.logError(exception, request, 1); throw exception; } try { if(SSLRequestHelper.getSSLInfo(settings, configPath, request, null) == null) { logger.error("Not an SSL request"); throw new ElasticsearchSecurityException("Not an SSL request", RestStatus.INTERNAL_SERVER_ERROR); } } catch (SSLPeerUnverifiedException e) { logger.error("No client certificates found but such are needed (Security 8)."); errorHandler.logError(e, request, 0); throw ExceptionsHelper.convertToElastic(e); } }
Example #4
Source File: AbstractDelegateHttpsURLConnection.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
/** * Returns the server's certificate chain, or throws * SSLPeerUnverified Exception if * the server did not authenticate. */ public java.security.cert.Certificate[] getServerCertificates() throws SSLPeerUnverifiedException { if (cachedResponse != null) { List<java.security.cert.Certificate> l = ((SecureCacheResponse)cachedResponse).getServerCertificateChain(); if (l == null) { return null; } else { return l.toArray(new java.security.cert.Certificate[0]); } } if (http == null) { throw new IllegalStateException("connection not yet open"); } else { return (((HttpsClient)http).getServerCertificates ()); } }
Example #5
Source File: ChannelHandlerCallBack.java From WeCross with Apache License 2.0 | 6 votes |
private PublicKey fetchCertificate(ChannelHandlerContext ctx) throws SSLPeerUnverifiedException { SslHandler sslhandler = (SslHandler) ctx.channel().pipeline().get(SslHandler.class); logger.info(String.valueOf(ctx.channel().pipeline().names())); X509Certificate cert = sslhandler.engine().getSession().getPeerCertificateChain()[0]; PublicKey publicKey = cert.getPublicKey(); Principal principal = cert.getSubjectDN(); logger.info( " algorithm: {}, format: {}, class name: {}", publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName()); logger.info( " encoded: {}, hex encoded: {}", publicKey.getEncoded(), bytesToHex(publicKey.getEncoded())); logger.info( " principal name: {} ,principal class name: {}", principal.getName(), principal.getClass().getName()); return publicKey; }
Example #6
Source File: SSLSessionImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
/** * Returns the identity of the peer which was established as part of * defining the session. * * @return the peer's principal. Returns an X500Principal of the * end-entity certificate for X509-based cipher suites, and * Principal for Kerberos cipher suites. * * @throws SSLPeerUnverifiedException if the peer's identity has not * been verified */ @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) { if (peerPrincipal == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } else { // Eliminate dependency on KerberosPrincipal return peerPrincipal; } } if (peerCerts == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } return peerCerts[0].getSubjectX500Principal(); }
Example #7
Source File: MySqlHostVerifier.java From r2dbc-mysql with Apache License 2.0 | 6 votes |
private static void matchDns(String hostname, List<San> sans) throws SSLPeerUnverifiedException { String host = hostname.toLowerCase(Locale.ROOT); if (host.isEmpty() || host.charAt(0) == '.' || host.endsWith("..")) { // Invalid hostname throw new SSLPeerUnverifiedException(String.format("Certificate for '%s' cannot match the Subject Alternative Names because it is invalid name", hostname)); } for (San san : sans) { if (san.getType() == San.DNS && matchHost(host, san.getValue().toLowerCase(Locale.ROOT))) { if (logger.isDebugEnabled()) { logger.debug("Certificate for '{}' matched by DNS name '{}' of the Subject Alternative Names", host, san.getValue()); } return; } } throw new SSLPeerUnverifiedException(String.format("Certificate for '%s' does not match any of the Subject Alternative Names: %s", hostname, sans)); }
Example #8
Source File: SSLSessionImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
/** * Return the cert chain presented by the peer in the * java.security.cert format. * Note: This method can be used only when using certificate-based * cipher suites; using it with non-certificate-based cipher suites, * such as Kerberos, will throw an SSLPeerUnverifiedException. * * @return array of peer X.509 certs, with the peer's own cert * first in the chain, and with the "root" CA last. */ @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { // // clone to preserve integrity of session ... caller can't // change record of peer identity even by accident, much // less do it intentionally. // if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) { throw new SSLPeerUnverifiedException("no certificates expected" + " for Kerberos cipher suites"); } if (peerCerts == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } // Certs are immutable objects, therefore we don't clone them. // But do need to clone the array, so that nothing is inserted // into peerCerts. return (java.security.cert.Certificate[])peerCerts.clone(); }
Example #9
Source File: AbstractDelegateHttpsURLConnection.java From openjsse with GNU General Public License v2.0 | 6 votes |
/** * Returns the server's certificate chain, or throws * SSLPeerUnverified Exception if * the server did not authenticate. */ public java.security.cert.Certificate[] getServerCertificates() throws SSLPeerUnverifiedException { if (cachedResponse != null) { List<java.security.cert.Certificate> l = ((SecureCacheResponse)cachedResponse) .getServerCertificateChain(); if (l == null) { return null; } else { return l.toArray(new java.security.cert.Certificate[0]); } } if (http == null) { throw new IllegalStateException("connection not yet open"); } else { return (((HttpsClient)http).getServerCertificates ()); } }
Example #10
Source File: ConnectionSSLSessionInfo.java From quarkus-http with Apache License 2.0 | 6 votes |
@Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException, RenegotiationRequiredException { if (unverified != null) { throw unverified; } if (renegotiationRequiredException != null) { throw renegotiationRequiredException; } try { return session.getPeerCertificateChain(); } catch (SSLPeerUnverifiedException e) { // try { // SslClientAuthMode sslClientAuthMode = channel.getOption(Options.SSL_CLIENT_AUTH_MODE); // if (sslClientAuthMode == SslClientAuthMode.NOT_REQUESTED) { // renegotiationRequiredException = RENEGOTIATION_REQUIRED_EXCEPTION; // throw renegotiationRequiredException; // } // } catch (IOException e1) { // //ignore, will not actually happen // } unverified = PEER_UNVERIFIED_EXCEPTION; throw unverified; } }
Example #11
Source File: ConnectionSSLSessionInfo.java From quarkus-http with Apache License 2.0 | 6 votes |
@Override public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException, RenegotiationRequiredException { if (unverified != null) { throw unverified; } if (renegotiationRequiredException != null) { throw renegotiationRequiredException; } try { return session.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { // try { // SslClientAuthMode sslClientAuthMode = channel.getOption(Options.SSL_CLIENT_AUTH_MODE); // if (sslClientAuthMode == SslClientAuthMode.NOT_REQUESTED) { // renegotiationRequiredException = RENEGOTIATION_REQUIRED_EXCEPTION; // throw renegotiationRequiredException; // } // } catch (IOException e1) { // //ignore, will not actually happen // } unverified = PEER_UNVERIFIED_EXCEPTION; throw unverified; } }
Example #12
Source File: DatawaveAuthenticationMechanism.java From datawave with Apache License 2.0 | 6 votes |
private Certificate[] getPeerCertificates(HttpServerExchange exchange, SSLSessionInfo sslSession, SecurityContext securityContext) throws SSLPeerUnverifiedException { try { return sslSession.getPeerCertificates(); } catch (RenegotiationRequiredException e) { // we only renegotiate if authentication is required if (forceRenegotiation && securityContext.isAuthenticationRequired()) { try { sslSession.renegotiate(exchange, SslClientAuthMode.REQUESTED); return sslSession.getPeerCertificates(); } catch (IOException | RenegotiationRequiredException e1) { // ignore } } } throw new SSLPeerUnverifiedException(""); }
Example #13
Source File: SSLSessionImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
/** * Returns the identity of the peer which was established as part of * defining the session. * * @return the peer's principal. Returns an X500Principal of the * end-entity certificate for X509-based cipher suites, and * Principal for Kerberos cipher suites. * * @throws SSLPeerUnverifiedException if the peer's identity has not * been verified */ @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) { if (peerPrincipal == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } else { // Eliminate dependency on KerberosPrincipal return peerPrincipal; } } if (peerCerts == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } return peerCerts[0].getSubjectX500Principal(); }
Example #14
Source File: MtlsAuthenticationMechanism.java From quarkus with Apache License 2.0 | 6 votes |
@Override public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) { HttpServerRequest request = context.request(); if (!request.isSSL()) { return Uni.createFrom().nullItem(); } Certificate certificate; try { certificate = request.sslSession().getPeerCertificates()[0]; } catch (SSLPeerUnverifiedException e) { return Uni.createFrom().nullItem(); } return identityProviderManager .authenticate(new CertificateAuthenticationRequest( new CertificateCredential(X509Certificate.class.cast(certificate)))); }
Example #15
Source File: OkHttpTlsUpgrader.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
/** * Upgrades given Socket to be a SSLSocket. * * @throws IOException if an IO error was encountered during the upgrade handshake. * @throws RuntimeException if the upgrade negotiation failed. */ public static SSLSocket upgrade(SSLSocketFactory sslSocketFactory, HostnameVerifier hostnameVerifier, Socket socket, String host, int port, ConnectionSpec spec) throws IOException { Preconditions.checkNotNull(sslSocketFactory, "sslSocketFactory"); Preconditions.checkNotNull(socket, "socket"); Preconditions.checkNotNull(spec, "spec"); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, host, port, true /* auto close */); spec.apply(sslSocket, false); String negotiatedProtocol = OkHttpProtocolNegotiator.get().negotiate( sslSocket, host, spec.supportsTlsExtensions() ? TLS_PROTOCOLS : null); Preconditions.checkState( TLS_PROTOCOLS.contains(Protocol.get(negotiatedProtocol)), "Only " + TLS_PROTOCOLS + " are supported, but negotiated protocol is %s", negotiatedProtocol); if (hostnameVerifier == null) { hostnameVerifier = OkHostnameVerifier.INSTANCE; } if (!hostnameVerifier.verify(canonicalizeHost(host), sslSocket.getSession())) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } return sslSocket; }
Example #16
Source File: AbstractInteropTest.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
/** Helper for asserting TLS info in SSLSession {@link io.grpc.ServerCall#getAttributes()} */ protected void assertX500SubjectDn(String tlsInfo) { TestServiceGrpc.TestServiceBlockingStub stub = blockingStub.withDeadlineAfter(5, TimeUnit.SECONDS); stub.unaryCall(SimpleRequest.getDefaultInstance()); List<Certificate> certificates; SSLSession sslSession = serverCallCapture.get().getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION); try { certificates = Arrays.asList(sslSession.getPeerCertificates()); } catch (SSLPeerUnverifiedException e) { // Should never happen throw new AssertionError(e); } X509Certificate x509cert = (X509Certificate) certificates.get(0); assertEquals(1, certificates.size()); assertEquals(tlsInfo, x509cert.getSubjectDN().toString()); }
Example #17
Source File: Http2OkHttpTest.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
@Test public void wrongHostNameFailHostnameVerification() throws Exception { ManagedChannel channel = createChannelBuilder() .overrideAuthority(GrpcUtil.authorityFromHostAndPort( BAD_HOSTNAME, getPort())) .build(); TestServiceGrpc.TestServiceBlockingStub blockingStub = TestServiceGrpc.newBlockingStub(channel); Throwable actualThrown = null; try { blockingStub.emptyCall(Empty.getDefaultInstance()); } catch (Throwable t) { actualThrown = t; } assertNotNull("The rpc should have been failed due to hostname verification", actualThrown); Throwable cause = Throwables.getRootCause(actualThrown); assertTrue( "Failed by unexpected exception: " + cause, cause instanceof SSLPeerUnverifiedException); channel.shutdown(); }
Example #18
Source File: AbstractDelegateHttpsURLConnection.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
/** * Returns the server's certificate chain, or throws * SSLPeerUnverified Exception if * the server did not authenticate. */ public java.security.cert.Certificate[] getServerCertificates() throws SSLPeerUnverifiedException { if (cachedResponse != null) { List<java.security.cert.Certificate> l = ((SecureCacheResponse)cachedResponse).getServerCertificateChain(); if (l == null) { return null; } else { return l.toArray(new java.security.cert.Certificate[0]); } } if (http == null) { throw new IllegalStateException("connection not yet open"); } else { return (((HttpsClient)http).getServerCertificates ()); } }
Example #19
Source File: SSLSessionImpl.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
/** * Return the cert chain presented by the peer in the * java.security.cert format. * Note: This method can be used only when using certificate-based * cipher suites; using it with non-certificate-based cipher suites, * such as Kerberos, will throw an SSLPeerUnverifiedException. * * @return array of peer X.509 certs, with the peer's own cert * first in the chain, and with the "root" CA last. */ @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { // // clone to preserve integrity of session ... caller can't // change record of peer identity even by accident, much // less do it intentionally. // if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) { throw new SSLPeerUnverifiedException("no certificates expected" + " for Kerberos cipher suites"); } if (peerCerts == null) { throw new SSLPeerUnverifiedException("peer not authenticated"); } // Certs are immutable objects, therefore we don't clone them. // But do need to clone the array, so that nothing is inserted // into peerCerts. return (java.security.cert.Certificate[])peerCerts.clone(); }
Example #20
Source File: SSLSessionImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
/** * Return the cert chain presented by the peer. * Note: This method can be used only when using certificate-based * cipher suites; using it with non-certificate-based cipher suites, * such as Kerberos, will throw an SSLPeerUnverifiedException. * * @return array of peer X.509 certs, with the peer's own cert * first in the chain, and with the "root" CA last. */ public X509Certificate[] getCertificateChain() throws SSLPeerUnverifiedException { /* * clone to preserve integrity of session ... caller can't * change record of peer identity even by accident, much * less do it intentionally. */ if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) { throw new SSLPeerUnverifiedException("no certificates expected" + " for Kerberos cipher suites"); } if (peerCerts != null) { return peerCerts.clone(); } else { throw new SSLPeerUnverifiedException("peer not authenticated"); } }
Example #21
Source File: MySqlHostVerifier.java From r2dbc-mysql with Apache License 2.0 | 5 votes |
private static void matchIpv4(String ip, List<San> sans) throws SSLPeerUnverifiedException { for (San san : sans) { // IP must be case sensitive. if (San.IP == san.getType() && ip.equals(san.getValue())) { if (logger.isDebugEnabled()) { logger.debug("Certificate for '{}' matched by IPv4 value '{}' of the Subject Alternative Names", ip, san.getValue()); } return; } } throw new SSLPeerUnverifiedException(String.format("Certificate for '%s' does not match any of the Subject Alternative Names: %s", ip, sans)); }
Example #22
Source File: OpenSSLEngine.java From Tomcat8-Source-Read with MIT License | 5 votes |
@Deprecated @Override public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { // these are lazy created to reduce memory overhead javax.security.cert.X509Certificate[] c = x509PeerCerts; if (c == null) { byte[][] chain; synchronized (OpenSSLEngine.this) { if (destroyed || SSL.isInInit(ssl) != 0) { throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); } chain = SSL.getPeerCertChain(ssl); } if (chain == null) { throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); } javax.security.cert.X509Certificate[] peerCerts = new javax.security.cert.X509Certificate[chain.length]; for (int i = 0; i < peerCerts.length; i++) { try { peerCerts[i] = javax.security.cert.X509Certificate.getInstance(chain[i]); } catch (javax.security.cert.CertificateException e) { throw new IllegalStateException(e); } } c = x509PeerCerts = peerCerts; } return c; }
Example #23
Source File: DatawaveAuthenticationMechanismTest.java From datawave with Apache License 2.0 | 5 votes |
@Test public void testSSLWithoutPeerCerts() throws Exception { httpRequestHeaders.add(SUBJECT_DN_HEADER, testUserCert.getSubjectDN().toString()); httpRequestHeaders.add(ISSUER_DN_HEADER, testUserCert.getIssuerDN().toString()); String expectedID = normalizeDN(testUserCert.getSubjectDN().getName()) + "<" + normalizeDN(testUserCert.getIssuerDN().getName()) + ">"; expect(httpServerExchange.getConnection()).andReturn(serverConnection); expect(serverConnection.getSslSessionInfo()).andReturn(sslSessionInfo); expect(sslSessionInfo.getPeerCertificates()).andThrow(new SSLPeerUnverifiedException("no client cert")); expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders).times(2); expect(securityContext.getIdentityManager()).andReturn(identityManager); expect(identityManager.verify(eq(expectedID), isA(Credential.class))).andReturn(account); securityContext.authenticationComplete(account, "DATAWAVE-AUTH", false); long requestStartTime = System.nanoTime(); expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders); expect(httpServerExchange.getRequestStartTime()).andReturn(requestStartTime); expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders); replayAll(); AuthenticationMechanismOutcome outcome = datawaveAuthenticationMechanism.authenticate(httpServerExchange, securityContext); assertEquals(AuthenticationMechanismOutcome.AUTHENTICATED, outcome); assertFalse(httpResponseHeaders.contains(DatawaveAuthenticationMechanism.HEADER_PROXIED_ENTITIES_ACCEPTED)); verifyAll(); }
Example #24
Source File: AbstractDelegateHttpsURLConnection.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
/** * Returns the server's principal, or throws SSLPeerUnverifiedException * if the server did not authenticate. */ Principal getPeerPrincipal() throws SSLPeerUnverifiedException { if (cachedResponse != null) { return ((SecureCacheResponse)cachedResponse).getPeerPrincipal(); } if (http == null) { throw new IllegalStateException("connection not yet open"); } else { return (((HttpsClient)http).getPeerPrincipal()); } }
Example #25
Source File: SslClientCertificateHandler.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
@Override public void userEventTriggered(final ChannelHandlerContext ctx, final Object evt) throws Exception { if (!(evt instanceof SslHandshakeCompletionEvent)) { super.userEventTriggered(ctx, evt); return; } final SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) evt; if (!sslHandshakeCompletionEvent.isSuccess()) { log.trace("Handshake failed", sslHandshakeCompletionEvent.cause()); return; } final Channel channel = ctx.channel(); try { final SslHandler sslHandler = (SslHandler) channel.pipeline().get(ChannelHandlerNames.SSL_HANDLER); final SSLSession session = sslHandler.engine().getSession(); final Certificate[] peerCertificates = session.getPeerCertificates(); final SslClientCertificate sslClientCertificate = new SslClientCertificateImpl(peerCertificates); channel.attr(ChannelAttributes.AUTH_CERTIFICATE).set(sslClientCertificate); } catch (final SSLPeerUnverifiedException e) { handleSslPeerUnverifiedException(channel, e); } catch (final ClassCastException e2) { eventLog.clientWasDisconnected(channel, "SSL handshake failed"); channel.close(); throw new RuntimeException("Not able to get SslHandler from pipeline", e2); } channel.pipeline().remove(this); }
Example #26
Source File: SetupViewModel.java From lttrs-android with Apache License 2.0 | 5 votes |
private static boolean isEndpointProblem(Throwable t) { return t instanceof InvalidSessionResourceException || t instanceof EndpointNotFoundException || t instanceof ConnectException || t instanceof SocketTimeoutException || t instanceof SSLHandshakeException || t instanceof SSLPeerUnverifiedException; }
Example #27
Source File: MqttTransportHandler.java From Groza with Apache License 2.0 | 5 votes |
private X509Certificate getX509Certificate() { try { X509Certificate[] certChain = sslHandler.engine().getSession().getPeerCertificateChain(); if (certChain.length > 0) { return certChain[0]; } } catch (SSLPeerUnverifiedException e) { log.warn(e.getMessage()); return null; } return null; }
Example #28
Source File: StartTlsResponseImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
private static Principal getPeerPrincipal(SSLSession session) throws SSLPeerUnverifiedException { Principal principal; try { principal = session.getPeerPrincipal(); } catch (AbstractMethodError e) { // if the JSSE provider does not support it, return null, since // we need it only for Kerberos. principal = null; } return principal; }
Example #29
Source File: ReferenceCountedOpenSslEngine.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { Certificate[] peer = getPeerCertificates(); // No need for null or length > 0 is needed as this is done in getPeerCertificates() // already. return ((java.security.cert.X509Certificate) peer[0]).getSubjectX500Principal(); }
Example #30
Source File: ReferenceCountedOpenSslEngine.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Override public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { synchronized (ReferenceCountedOpenSslEngine.this) { if (isEmpty(peerCerts)) { throw new SSLPeerUnverifiedException("peer not verified"); } return peerCerts.clone(); } }