下面列出了javax.net.ssl.SSLSession#getLocalCertificates ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static Handshake get(SSLSession session) {
String cipherSuiteString = session.getCipherSuite();
if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null");
CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString);
String tlsVersionString = session.getProtocol();
if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null");
TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString);
Certificate[] peerCertificates;
try {
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException ignored) {
peerCertificates = null;
}
List<Certificate> peerCertificatesList = peerCertificates != null
? Util.immutableList(peerCertificates)
: Collections.<Certificate>emptyList();
Certificate[] localCertificates = session.getLocalCertificates();
List<Certificate> localCertificatesList = localCertificates != null
? Util.immutableList(localCertificates)
: Collections.<Certificate>emptyList();
return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList);
}
public static Handshake get(SSLSession session) {
String cipherSuiteString = session.getCipherSuite();
if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null");
CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString);
String tlsVersionString = session.getProtocol();
if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null");
TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString);
Certificate[] peerCertificates;
try {
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException ignored) {
peerCertificates = null;
}
List<Certificate> peerCertificatesList = peerCertificates != null
? Util.immutableList(peerCertificates)
: Collections.<Certificate>emptyList();
Certificate[] localCertificates = session.getLocalCertificates();
List<Certificate> localCertificatesList = localCertificates != null
? Util.immutableList(localCertificates)
: Collections.<Certificate>emptyList();
return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList);
}
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
sslConnectionInfos.setPeerHost(session.getPeerHost());
sslConnectionInfos.setPeerPort(session.getPeerPort());
sslConnectionInfos.setProtocol(session.getProtocol());
sslConnectionInfos.setCipherSuite(session.getCipherSuite());
Certificate[] locChain = session.getLocalCertificates();
if (locChain != null) {
X509Certificate[] clientCertificates = Arrays.copyOf(locChain, locChain.length, X509Certificate[].class);
sslConnectionInfos.setClientCertificates(clientCertificates);
}
try {
Certificate[] chain = session.getPeerCertificates();
if (chain != null) {
X509Certificate[] serverCertificates = Arrays.copyOf(chain, chain.length, X509Certificate[].class);
sslConnectionInfos.setServerCertificates(serverCertificates);
}
} catch (SSLPeerUnverifiedException e) {
// do nothing
}
}
/**
* Creates an instance.
*/
public Tls(SSLSession session) {
String cipherSuiteStandardName = session.getCipherSuite();
Certificate localCert = null;
Certificate remoteCert = null;
Certificate[] localCerts = session.getLocalCertificates();
if (localCerts != null) {
localCert = localCerts[0];
}
try {
Certificate[] peerCerts = session.getPeerCertificates();
if (peerCerts != null) {
// The javadoc of getPeerCertificate states that the peer's own certificate is the first
// element of the list.
remoteCert = peerCerts[0];
}
} catch (SSLPeerUnverifiedException e) {
// peer cert is not available
log.log(
Level.FINE,
String.format("Peer cert not available for peerHost=%s", session.getPeerHost()),
e);
}
this.cipherSuiteStandardName = cipherSuiteStandardName;
this.localCert = localCert;
this.remoteCert = remoteCert;
}
/**
* Creates an instance.
*/
public Tls(SSLSession session) {
String cipherSuiteStandardName = session.getCipherSuite();
Certificate localCert = null;
Certificate remoteCert = null;
Certificate[] localCerts = session.getLocalCertificates();
if (localCerts != null) {
localCert = localCerts[0];
}
try {
Certificate[] peerCerts = session.getPeerCertificates();
if (peerCerts != null) {
// The javadoc of getPeerCertificate states that the peer's own certificate is the first
// element of the list.
remoteCert = peerCerts[0];
}
} catch (SSLPeerUnverifiedException e) {
// peer cert is not available
log.log(
Level.FINE,
String.format("Peer cert not available for peerHost=%s", session.getPeerHost()),
e);
}
this.cipherSuiteStandardName = cipherSuiteStandardName;
this.localCert = localCert;
this.remoteCert = remoteCert;
}
public static SSLInfo getSSLInfo(final Settings settings, final Path configPath, final RestRequest request, PrincipalExtractor principalExtractor) throws SSLPeerUnverifiedException {
if(request == null || !(request instanceof Netty4HttpRequest)) {
return null;
}
final Netty4HttpRequest nettyHttpRequest = (Netty4HttpRequest) request;
final SslHandler sslhandler = (SslHandler) nettyHttpRequest.getChannel().pipeline().get("ssl_http");
if(sslhandler == null) {
return null;
}
final SSLEngine engine = sslhandler.engine();
final SSLSession session = engine.getSession();
X509Certificate[] x509Certs = null;
final String protocol = session.getProtocol();
final String cipher = session.getCipherSuite();
String principal = null;
boolean validationFailure = false;
if (engine.getNeedClientAuth() || engine.getWantClientAuth()) {
try {
final Certificate[] certs = session.getPeerCertificates();
if (certs != null && certs.length > 0 && certs[0] instanceof X509Certificate) {
x509Certs = Arrays.copyOf(certs, certs.length, X509Certificate[].class);
final X509Certificate[] x509CertsF = x509Certs;
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
validationFailure = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
return !validate(x509CertsF, settings, configPath);
}
});
if(validationFailure) {
throw new SSLPeerUnverifiedException("Unable to validate certificate (CRL)");
}
principal = principalExtractor == null?null: principalExtractor.extractPrincipal(x509Certs[0], Type.HTTP);
} else if (engine.getNeedClientAuth()) {
final ElasticsearchException ex = new ElasticsearchException("No client certificates found but such are needed (Security 9).");
throw ex;
}
} catch (final SSLPeerUnverifiedException e) {
if (engine.getNeedClientAuth() || validationFailure) {
throw e;
}
}
}
Certificate[] localCerts = session.getLocalCertificates();
return new SSLInfo(x509Certs, principal, protocol, cipher, localCerts==null?null:Arrays.copyOf(localCerts, localCerts.length, X509Certificate[].class));
}
public RecordedRequest(String requestLine, List<String> headers, List<Integer> chunkSizes,
int bodySize, byte[] body, int sequenceNumber, Socket socket) {
this.requestLine = requestLine;
this.headers = headers;
this.chunkSizes = chunkSizes;
this.bodySize = bodySize;
this.body = body;
this.sequenceNumber = sequenceNumber;
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
SSLSession session = sslSocket.getSession();
sslProtocol = session.getProtocol();
sslCipherSuite = session.getCipherSuite();
sslLocalPrincipal = session.getLocalPrincipal();
sslLocalCertificates = session.getLocalCertificates();
Principal peerPrincipal = null;
Certificate[] peerCertificates = null;
try {
peerPrincipal = session.getPeerPrincipal();
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// No-op: use nulls instead
}
sslPeerPrincipal = peerPrincipal;
sslPeerCertificates = peerCertificates;
} else {
sslProtocol = null;
sslCipherSuite = null;
sslLocalPrincipal = null;
sslLocalCertificates = null;
sslPeerPrincipal = null;
sslPeerCertificates = null;
}
if (requestLine != null) {
int methodEnd = requestLine.indexOf(' ');
int pathEnd = requestLine.indexOf(' ', methodEnd + 1);
this.method = requestLine.substring(0, methodEnd);
this.path = requestLine.substring(methodEnd + 1, pathEnd);
} else {
this.method = null;
this.path = null;
}
}