List of usage examples for javax.net.ssl SSLSession getCipherSuite
public String getCipherSuite();
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.SSLConnectionSocketFactory.java
private void verifyHostname(final SSLSocket sslsock, final String hostname) throws IOException { try {// ww w . j a v a2 s. com SSLSession session = sslsock.getSession(); if (session == null) { // In our experience this only happens under IBM 1.4.x when // spurious (unrelated) certificates show up in the server' // chain. Hopefully this will unearth the real problem: final InputStream in = sslsock.getInputStream(); in.available(); // If ssl.getInputStream().available() didn't cause an // exception, maybe at least now the session is available? session = sslsock.getSession(); if (session == null) { // If it's still null, probably a startHandshake() will // unearth the real problem. sslsock.startHandshake(); session = sslsock.getSession(); } } if (session == null) { throw new SSLHandshakeException("SSL session not available"); } if (this.log.isDebugEnabled()) { this.log.debug("Secure session established"); this.log.debug(" negotiated protocol: " + session.getProtocol()); this.log.debug(" negotiated cipher suite: " + session.getCipherSuite()); try { final Certificate[] certs = session.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal peer = x509.getSubjectX500Principal(); this.log.debug(" peer principal: " + peer.toString()); final Collection<List<?>> altNames1 = x509.getSubjectAlternativeNames(); if (altNames1 != null) { final List<String> altNames = new ArrayList<String>(); for (final List<?> aC : altNames1) { if (!aC.isEmpty()) { altNames.add((String) aC.get(1)); } } this.log.debug(" peer alternative names: " + altNames); } final X500Principal issuer = x509.getIssuerX500Principal(); this.log.debug(" issuer principal: " + issuer.toString()); final Collection<List<?>> altNames2 = x509.getIssuerAlternativeNames(); if (altNames2 != null) { final List<String> altNames = new ArrayList<String>(); for (final List<?> aC : altNames2) { if (!aC.isEmpty()) { altNames.add((String) aC.get(1)); } } this.log.debug(" issuer alternative names: " + altNames); } } catch (Exception ignore) { } } if (!this.hostnameVerifier.verify(hostname, session)) { final Certificate[] certs = session.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + hostname + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")"); } // verifyHostName() didn't blowup - good! } catch (final IOException iox) { // close the socket before re-throwing the exception try { sslsock.close(); } catch (final Exception x) { /*ignore*/ } throw iox; } }
From source file:org.apache.pulsar.client.impl.ClientCnx.java
/** * verifies host name provided in x509 Certificate in tls session * * it matches hostname with below scenarios * * <pre>// w w w. java 2 s .c om * 1. Supports IPV4 and IPV6 host matching * 2. Supports wild card matching for DNS-name * eg: * HostName CN Result * 1. localhost localhost PASS * 2. localhost local* PASS * 3. pulsar1-broker.com pulsar*.com PASS * </pre> * * @param ctx * @return true if hostname is verified else return false */ private boolean verifyTlsHostName(String hostname, ChannelHandlerContext ctx) { ChannelHandler sslHandler = ctx.channel().pipeline().get("tls"); SSLSession sslSession = null; if (sslHandler != null) { sslSession = ((SslHandler) sslHandler).engine().getSession(); if (log.isDebugEnabled()) { log.debug("Verifying HostName for {}, Cipher {}, Protocols {}", hostname, sslSession.getCipherSuite(), sslSession.getProtocol()); } return hostnameVerifier.verify(hostname, sslSession); } return false; }
From source file:org.apache.tomcat.util.net.jsse.JSSESupport.java
public String getCipherSuite() throws IOException { // Look up the current SSLSession SSLSession session = ssl.getSession(); if (session == null) return null; return session.getCipherSuite(); }
From source file:org.apache.tomcat.util.net.jsse.JSSESupport.java
/** * Copied from <code>org.apache.catalina.valves.CertificateValve</code> *///from w ww . j a v a2 s . c om public Integer getKeySize() throws IOException { // Look up the current SSLSession SSLSession session = ssl.getSession(); SSLSupport.CipherData c_aux[] = ciphers; if (session == null) return null; Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY); if (keySize == null) { int size = 0; String cipherSuite = session.getCipherSuite(); for (int i = 0; i < c_aux.length; i++) { if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) { size = c_aux[i].keySize; break; } } keySize = new Integer(size); session.putValue(KEY_SIZE_KEY, keySize); } return keySize; }
From source file:org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.java
public void handshake(Socket socket) throws IOException { LOGGER.debug("TMSSLServerSocketFactory.handshake:"); // We do getSession instead of startHandshake() so we can call this multiple times SSLSession session = ((SSLSocket) socket).getSession(); if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL")) throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL"); if (!m_allowUnsafeLegacyRenegotiation) { // Prevent futher handshakes by removing all cipher suites ((SSLSocket) socket).setEnabledCipherSuites(new String[0]); }//from w w w . j a va 2 s.c om }