|
What this is
Other links
The source code/* * Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net.jsse; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateFactory; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.security.cert.X509Certificate; import org.apache.tomcat.util.net.SSLSupport; /* JSSESupport Concrete implementation class for JSSE Support classes. This will only work with JDK 1.2 and up since it depends on JDK 1.2's certificate support @author EKR @author Craig R. McClanahan Parts cribbed from JSSECertCompat Parts cribbed from CertificatesValve */ class JSSESupport implements SSLSupport { private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(JSSESupport.class); protected SSLSocket ssl; JSSESupport(SSLSocket sock){ ssl=sock; } public String getCipherSuite() throws IOException { // Look up the current SSLSession SSLSession session = ssl.getSession(); if (session == null) return null; return session.getCipherSuite(); } public Object[] getPeerCertificateChain() throws IOException { return getPeerCertificateChain(false); } protected java.security.cert.X509Certificate [] getX509Certificates(SSLSession session) throws IOException { X509Certificate jsseCerts[] = null; try{ jsseCerts = session.getPeerCertificateChain(); } catch (Throwable ex){ // Get rid of the warning in the logs when no Client-Cert is // available } if(jsseCerts == null) jsseCerts = new X509Certificate[0]; java.security.cert.X509Certificate [] x509Certs = new java.security.cert.X509Certificate[jsseCerts.length]; for (int i = 0; i < x509Certs.length; i++) { try { byte buffer[] = jsseCerts[i].getEncoded(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(buffer); x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream); if(log.isTraceEnabled()) log.trace("Cert #" + i + " = " + x509Certs[i]); } catch(Exception ex) { log.info("Error translating " + jsseCerts[i], ex); return null; } } if ( x509Certs.length < 1 ) return null; return x509Certs; } public Object[] getPeerCertificateChain(boolean force) throws IOException { // Look up the current SSLSession SSLSession session = ssl.getSession(); if (session == null) return null; // Convert JSSE's certificate format to the ones we need X509Certificate [] jsseCerts = null; try { jsseCerts = session.getPeerCertificateChain(); } catch(Exception bex) { // ignore. } if (jsseCerts == null) jsseCerts = new X509Certificate[0]; if(jsseCerts.length <= 0 && force) { session.invalidate(); handShake(); session = ssl.getSession(); } return getX509Certificates(session); } protected void handShake() throws IOException { ssl.setNeedClientAuth(true); ssl.startHandshake(); } /** * Copied from |
... this post is sponsored by my books ... | |
![]() #1 New Release! |
![]() FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.