@Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { checkPeerCertificatesPresent(); return peerCertificates[0].getSubjectX500Principal(); }
/** * Configures the peer information once it has been received by the handshake. */ void onPeerCertificatesReceived( String peerHost, int peerPort, X509Certificate[] peerCertificates) { configurePeer(peerHost, peerPort, peerCertificates); }
/** * Returns the last time this SSL session was accessed. Accessing * here is to mean that a new connection with the same SSL context data was * established. * * @return the session's last access time in milliseconds since the epoch */ // TODO(nathanmittler): Does lastAccessedTime need to account for session reuse? @Override public long getLastAccessedTime() { return lastAccessedTime == 0 ? getCreationTime() : lastAccessedTime; }
ConscryptFileDescriptorSocket(String hostname, int port, SSLParametersImpl sslParameters) throws IOException { super(hostname, port); this.sslParameters = sslParameters; this.ssl = newSsl(sslParameters, this); activeSession = new ActiveSession(ssl, sslParameters.getSessionContext()); }
@Override public final void verifyCertificateChain(byte[][] certChain, String authMethod) throws CertificateException { try { if (certChain == null || certChain.length == 0) { throw new CertificateException("Peer sent no certificate"); } X509Certificate[] peerCertChain = SSLUtils.decodeX509CertificateChain(certChain); X509TrustManager x509tm = sslParameters.getX509TrustManager(); if (x509tm == null) { throw new CertificateException("No X.509 TrustManager"); } // Update the peer information on the session. activeSession.onPeerCertificatesReceived(getHostnameOrIP(), getPort(), peerCertChain); if (getUseClientMode()) { Platform.checkServerTrusted(x509tm, peerCertChain, authMethod, this); } else { String authType = peerCertChain[0].getPublicKey().getAlgorithm(); Platform.checkClientTrusted(x509tm, peerCertChain, authType, this); } } catch (CertificateException e) { throw e; } catch (Exception e) { throw new CertificateException(e); } }
activeSession.onPeerCertificateAvailable(getPeerHost(), getPeerPort());
@Override public SSLSessionContext getSessionContext() { return isValid() ? sessionContext : null; }
ConscryptFileDescriptorSocket(SSLParametersImpl sslParameters) throws IOException { this.sslParameters = sslParameters; this.ssl = newSsl(sslParameters, this); activeSession = new ActiveSession(ssl, sslParameters.getSessionContext()); }
@Override public void verifyCertificateChain(byte[][] certChain, String authMethod) throws CertificateException { try { if (certChain == null || certChain.length == 0) { throw new CertificateException("Peer sent no certificate"); } X509Certificate[] peerCertChain = SSLUtils.decodeX509CertificateChain(certChain); X509TrustManager x509tm = sslParameters.getX509TrustManager(); if (x509tm == null) { throw new CertificateException("No X.509 TrustManager"); } // Update the peer information on the session. activeSession.onPeerCertificatesReceived(getPeerHost(), getPeerPort(), peerCertChain); if (getUseClientMode()) { Platform.checkServerTrusted(x509tm, peerCertChain, authMethod, this); } else { String authType = peerCertChain[0].getPublicKey().getAlgorithm(); Platform.checkClientTrusted(x509tm, peerCertChain, authType, this); } } catch (CertificateException e) { throw e; } catch (Exception e) { throw new CertificateException(e); } }
activeSession.onPeerCertificateAvailable(getPeerHost(), getPeerPort());
@Override public SSLSessionContext getSessionContext() { return isValid() ? sessionContext : null; }
ConscryptFileDescriptorSocket(String hostname, int port, SSLParametersImpl sslParameters) throws IOException { super(hostname, port); this.sslParameters = sslParameters; this.ssl = newSsl(sslParameters, this); activeSession = new ActiveSession(ssl, sslParameters.getSessionContext()); }
@Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { checkPeerCertificatesPresent(); return peerCertificates[0].getSubjectX500Principal(); }
/** * Configures the peer information once it has been received by the handshake. */ void onPeerCertificatesReceived( String peerHost, int peerPort, X509Certificate[] peerCertificates) { configurePeer(peerHost, peerPort, peerCertificates); }
@Override public void verifyCertificateChain(byte[][] certChain, String authMethod) throws CertificateException { try { if (certChain == null || certChain.length == 0) { throw new CertificateException("Peer sent no certificate"); } X509Certificate[] peerCertChain = SSLUtils.decodeX509CertificateChain(certChain); X509TrustManager x509tm = sslParameters.getX509TrustManager(); if (x509tm == null) { throw new CertificateException("No X.509 TrustManager"); } // Update the peer information on the session. activeSession.onPeerCertificatesReceived(getPeerHost(), getPeerPort(), peerCertChain); if (getUseClientMode()) { Platform.checkServerTrusted(x509tm, peerCertChain, authMethod, this); } else { String authType = peerCertChain[0].getPublicKey().getAlgorithm(); Platform.checkClientTrusted(x509tm, peerCertChain, authType, this); } } catch (CertificateException e) { throw e; } catch (Exception e) { throw new CertificateException(e); } }
activeSession.onPeerCertificateAvailable(getHostnameOrIP(), getPort()); } catch (CertificateException e) { SSLHandshakeException wrapper = new SSLHandshakeException(e.getMessage());
/** * Returns the last time this SSL session was accessed. Accessing * here is to mean that a new connection with the same SSL context data was * established. * * @return the session's last access time in milliseconds since the epoch */ // TODO(nathanmittler): Does lastAccessedTime need to account for session reuse? @Override public long getLastAccessedTime() { return lastAccessedTime == 0 ? getCreationTime() : lastAccessedTime; }
ConscryptFileDescriptorSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException { super(address, port, clientAddress, clientPort); this.sslParameters = sslParameters; this.ssl = newSsl(sslParameters, this); activeSession = new ActiveSession(ssl, sslParameters.getSessionContext()); }
@Override public X509Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { checkPeerCertificatesPresent(); return peerCertificates.clone(); }
/** * Updates the cached peer certificate after the handshake has completed * (or entered False Start). */ void onPeerCertificateAvailable(String peerHost, int peerPort) throws CertificateException { synchronized (ssl) { id = null; this.localCertificates = ssl.getLocalCertificates(); if (this.peerCertificates == null) { // When resuming a session, the cert_verify_callback (which calls // onPeerCertificatesReceived) isn't called by BoringSSL during the handshake // because it presumes the certs were verified in the previous connection on that // session, leaving us without the peer certificates. If that happens, fetch them // explicitly. configurePeer(peerHost, peerPort, ssl.getPeerCertificates()); } } }