Refine search
X509Certificate x509Certificate = (X509Certificate) peerCertificates.get(c); message.append("\n ").append(pin(x509Certificate)) .append(": ").append(x509Certificate.getSubjectDN().getName()); message.append("\n ").append(pin); throw new SSLPeerUnverifiedException(message.toString());
/** * Returns the DN extracted from the server certificate. * * @param socket the SSL Socket * @return the extracted DN * @throws CertificateException if there is a problem parsing the certificate */ private static String extractPeerDNFromServerSSLSocket(Socket socket) throws CertificateException { String dn = null; if (socket instanceof SSLSocket) { final SSLSocket sslSocket = (SSLSocket) socket; try { final Certificate[] certChains = sslSocket.getSession().getPeerCertificates(); if (certChains != null && certChains.length > 0) { X509Certificate x509Certificate = convertAbstractX509Certificate(certChains[0]); dn = x509Certificate.getSubjectDN().getName().trim(); logger.debug("Extracted DN={} from server certificate", dn); } } catch (SSLPeerUnverifiedException e) { if (e.getMessage().equals(PEER_NOT_AUTHENTICATED_MSG)) { logger.error("The server did not present a certificate and thus the DN cannot" + " be extracted. Check that the other endpoint is providing a complete certificate chain"); } throw new CertificateException(e); } } return dn; }
@SuppressWarnings({"unchecked", "SuspiciousToArrayCall"}) // Reflection on List<Certificate>. @Override public List<Certificate> clean(List<Certificate> chain, String hostname) throws SSLPeerUnverifiedException { try { X509Certificate[] certificates = chain.toArray(new X509Certificate[chain.size()]); return (List<Certificate>) checkServerTrusted.invoke( x509TrustManagerExtensions, certificates, "RSA", hostname); } catch (InvocationTargetException e) { SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage()); exception.initCause(e); throw exception; } catch (IllegalAccessException e) { throw new AssertionError(e); } }
@Override public final SSLPeerUnverifiedException peerUnverified() { final SSLPeerUnverifiedException result = new SSLPeerUnverifiedException(String.format(getLoggingLocale(), peerUnverified$str())); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String servletPathMatchFailed = "UT000068: Servlet path match failed";
sslSocket.startHandshake(); SSLSession sslSocketSession = sslSocket.getSession(); Handshake unverifiedHandshake = Handshake.get(sslSocketSession); if (!peerCertificates.isEmpty()) { X509Certificate cert = (X509Certificate) peerCertificates.get(0); throw new SSLPeerUnverifiedException( "Hostname " + address.url().host() + " not verified:" + "\n certificate: " + CertificatePinner.pin(cert) + "\n DN: " + cert.getSubjectDN().getName() + "\n subjectAltNames: " + OkHostnameVerifier.allSubjectAltNames(cert)); } else { throw new SSLPeerUnverifiedException( "Hostname " + address.url().host() + " not verified (no certificates)");
public String getDn() throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = engine.getSession().getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); return cert.getSubjectDN().getName().trim(); }
SSLSession ss = s.getSession(); LOG.log(Level.FINEST, " Need client authentication = " + s.getNeedClientAuth()); LOG.log(Level.FINEST, " Want client authentication = " + s.getWantClientAuth()); LOG.log(Level.FINEST, " Use client mode = " + s.getUseClientMode()); LOG.log(Level.FINEST, " ID is " + new BigInteger(ss.getId())); LOG.log(Level.FINEST, " Session created in " + ss.getCreationTime()); LOG.log(Level.FINEST, " Session accessed in " + ss.getLastAccessedTime()); LOG.log(Level.FINEST, " Cipher suite = " + ss.getCipherSuite()); LOG.log(Level.FINEST, " Protocol = " + ss.getProtocol()); LOG.log(Level.FINEST, " LocalPrincipal = " + ss.getLocalPrincipal().getName()); try { LOG.log(Level.FINEST, " PeerPrincipal = " + ss.getPeerPrincipal().getName()); } catch (SSLPeerUnverifiedException e) { LOG.warning("Could not retrieve Peer principal information: " + e.getMessage()); cchain = ss.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { LOG.warning("Could not retrieve certeficate for peer: " + e.getMessage()); LOG.log(Level.FINEST, " " + ((X509Certificate) aCchain).getSubjectDN());
final InputStream in = sslsock.getInputStream(); in.available(); session = sslsock.getSession(); if (session == null) { this.log.debug(" negotiated protocol: " + session.getProtocol()); this.log.debug(" negotiated cipher suite: " + session.getCipherSuite()); final Certificate[] certs = session.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal peer = x509.getSubjectX500Principal(); final Collection<List<?>> altNames1 = x509.getSubjectAlternativeNames(); if (altNames1 != null) { final List<String> altNames = new ArrayList<String>(); final X500Principal issuer = x509.getIssuerX500Principal(); this.log.debug(" issuer principal: " + issuer.toString()); final Collection<List<?>> altNames2 = x509.getIssuerAlternativeNames(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + hostname + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")");
certificates = httpsConnection.getServerCertificates(); } catch (SSLPeerUnverifiedException e) { logger.error(e.getMessage(), e); throw new RuntimeException(e); certificate.checkValidity(); validity = "valid"; } catch (CertificateExpiredException e) { logger.info(" subject: {}", certificate.getSubjectDN().getName()); logger.info(" issuer: {}", certificate.getIssuerDN().getName()); logger.info(" expiration: {} - {} ({})", certificate.getNotBefore(), certificate.getNotAfter(), validity); logger.info(" trust anchor {}", checkTrustedCertStatus(certificate, trustManagers));
@Override public void handshakeCompleted(HandshakeCompletedEvent event) { SSLSession session = event.getSession(); String protocol = session.getProtocol(); String cipherSuite = session.getCipherSuite(); Log.d(TAG, "Handshake completed", new Throwable("This is not Error.")); Log.d(TAG, String.format("Connected with: %s/%s", protocol, cipherSuite)); String peerName = null; try { peerName = session.getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException e) { e.printStackTrace(); } Log.d(TAG, String.format("Peer name: %s\n", peerName)); } }
public static String peerDn(Socket theSocket) { if (isSSLSocket(theSocket)) { SSLSession ss = ((SSLSocket) theSocket).getSession(); try { return ss.getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException e) { LOG.log(Level.FINEST, "Could not get Peer Name: not verified: " + e.getMessage()); return null; } } else { return null; } }
String algorithm = session.getCipherSuite(); request.setState(ALGORITHM, algorithm); if (x509chain.length > 0) { request.setState(AuthFilter.STATE_AUTHUSER, x509chain[0].getSubjectDN().getName()); ex.printStackTrace();
SSLSession session = socket.getSession(); serverName = session.getPeerHost(); try { InetAddress addr = InetAddress.getByName(serverName); X509Certificate[] certs = session.getPeerCertificateChain(); if (certs==null || certs.length==0) throw new SSLPeerUnverifiedException("No server certificates found"); String dn = certs[0].getSubjectDN().getName(); throw new SSLPeerUnverifiedException("Invalid SSL server name. "+ "Expected '" + serverName + "', got '" + cn + "'");
private void verifyHostname(String hostname, SSLSession session) throws SSLPeerUnverifiedException { X509Certificate[] peerCerts = (X509Certificate[]) session.getPeerCertificates(); if (peerCerts == null || peerCerts.length == 0) { throw new SSLPeerUnverifiedException("No peer certificates"); LdapName DN; try { DN = new LdapName(serverCert.getSubjectX500Principal().getName(X500Principal.RFC2253)); throw new SSLPeerUnverifiedException("Invalid name in certificate"); throw new SSLPeerUnverifiedException("Common name not found"); throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified"); throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified"); throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified");
public boolean verify(String hostName, SSLSession session) { String hostNameFromCertificate = null; try { hostNameFromCertificate = session.getPeerPrincipal() .getName().substring(3, session.getPeerPrincipal().getName() .indexOf(',')); } catch (SSLPeerUnverifiedException e) { e.printStackTrace(); return false; } logger.info("Hostname verifier: host from url: " + hostName + " vs. host from certificate: "+ hostNameFromCertificate); return (hostName.equals(hostNameFromCertificate) || ("host/"+hostName) .equals(hostNameFromCertificate)); } };
final Certificate[] path = context.request().sslSession().getPeerCertificates(); detail.put("subject DN", deviceCert.getSubjectX500Principal().getName()); detail.put("not before", deviceCert.getNotBefore().toString()); detail.put("not after", deviceCert.getNotAfter().toString()); span.log(detail); } catch (SSLPeerUnverifiedException e) { LOG.debug("could not get client certificates: {}", e.getMessage()); handler.handle(Future.failedFuture(UNAUTHORIZED));
/** * Returns the {@code Principal} identifying the peer. * * @return the {@code Principal} identifying the peer. * @throws SSLPeerUnverifiedException * if the identity of the peer has not been verified. * @throws IllegalStateException * if no connection has been established yet. */ public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { Certificate[] certs = getServerCertificates(); if (certs == null || certs.length == 0 || (!(certs[0] instanceof X509Certificate))) { throw new SSLPeerUnverifiedException("No server's end-entity certificate"); } return ((X509Certificate) certs[0]).getSubjectX500Principal(); }
private Set<String> getCertificateIdentities(final SSLSession sslSession) throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = sslSession.getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); final Set<String> identities = CertificateUtils.getSubjectAlternativeNames(cert).stream() .map(CertificateUtils::extractUsername) .collect(Collectors.toSet()); return identities; } }
/** * Provide a value to initialize the volatile peerCertificateChain * field based on the native SSL_SESSION */ private javax.security.cert.X509Certificate[] createPeerCertificateChain() throws SSLPeerUnverifiedException { try { javax.security.cert.X509Certificate[] chain = new javax.security.cert.X509Certificate[peerCertificates.length]; for (int i = 0; i < peerCertificates.length; i++) { byte[] encoded = peerCertificates[i].getEncoded(); chain[i] = javax.security.cert.X509Certificate.getInstance(encoded); } return chain; } catch (CertificateEncodingException e) { SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage()); exception.initCause(exception); throw exception; } catch (CertificateException e) { SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage()); exception.initCause(exception); throw exception; } }
private void connectWithSNI(SSLSocket ssl, String host) throws SSLPeerUnverifiedException { // set reasonable SSL/TLS settings before the handshake: // - enable all supported protocols ssl.setEnabledProtocols(ssl.getSupportedProtocols()); MyLog.d(this, "Using documented SNI with host name " + host); sslSocketFactory.setHostname(ssl, host); // verify hostname and certificate SSLSession session = ssl.getSession(); if (!session.isValid()) { MyLog.i(this, "Invalid session to host:'" + host + "'"); } HostnameVerifier hostnameVerifier = secure ? new BrowserCompatHostnameVerifier() : new AllowAllHostnameVerifier(); if (!hostnameVerifier.verify(host, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } MyLog.i(this, "Established " + session.getProtocol() + " connection with " + session.getPeerHost() + " using " + session.getCipherSuite()); }