下面列出了javax.net.ssl.SSLEngine#getPeerHost ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
if (sslEngine != null) {
X509ExtendedTrustManager trustManager = null;
String peer = null;
if (sslEngine.getPeerHost() != null) {
peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
}
if (trustManager != null) {
logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
return trustManager;
} else {
logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
}
}
return getLinkedTrustMananger(chain);
}
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
if (sslEngine != null) {
X509ExtendedTrustManager trustManager = null;
String peer = null;
if (sslEngine.getPeerHost() != null) {
peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
}
if (trustManager != null) {
logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
return trustManager;
} else {
logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
}
}
return getLinkedTrustMananger(chain);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1, SSLEngine arg2)
throws CertificateException {
logger.debug("check ssl server trusted certificate : {} {} sslEngine={} ", arg0[0].getSubjectDN(), arg1,
arg2.toString());
String peerHost = arg2.getPeerHost();
Principal pri = arg0[0].getSubjectDN();
String serverHost = pri.getName().substring(3);
if (StringUtils.isEmpty(serverHost) || !serverHost.equals(peerHost)) {
throw new CertificateException("untrust server host : " + serverHost);
}
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1, SSLEngine arg2)
throws CertificateException {
logger.debug("check ssl server trusted certificate : {} {} sslEngine={} ", arg0[0].getSubjectDN(), arg1,
arg2.toString());
String peerHost = arg2.getPeerHost();
Principal pri = arg0[0].getSubjectDN();
String serverHost = pri.getName().substring(3);
if (StringUtils.isEmpty(serverHost) || !serverHost.equals(peerHost)) {
throw new CertificateException("untrust server host : " + serverHost);
}
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1, SSLEngine arg2)
throws CertificateException {
logger.debug("check ssl server trusted certificate : {} {} sslEngine={} ", arg0[0].getSubjectDN(), arg1,
arg2.toString());
String peerHost = arg2.getPeerHost();
Principal pri = arg0[0].getSubjectDN();
String serverHost = pri.getName().substring(3);
if (StringUtils.isEmpty(serverHost) || !serverHost.equals(peerHost)) {
throw new CertificateException("untrust server host : " + serverHost);
}
}