/** * Returns the DN extracted from the server certificate. * * @param socket the SSL Socket * @return the extracted DN * @throws CertificateException if there is a problem parsing the certificate */ private static String extractPeerDNFromServerSSLSocket(Socket socket) throws CertificateException { String dn = null; if (socket instanceof SSLSocket) { final SSLSocket sslSocket = (SSLSocket) socket; try { final Certificate[] certChains = sslSocket.getSession().getPeerCertificates(); if (certChains != null && certChains.length > 0) { X509Certificate x509Certificate = convertAbstractX509Certificate(certChains[0]); dn = x509Certificate.getSubjectDN().getName().trim(); logger.debug("Extracted DN={} from server certificate", dn); } } catch (SSLPeerUnverifiedException e) { if (e.getMessage().equals(PEER_NOT_AUTHENTICATED_MSG)) { logger.error("The server did not present a certificate and thus the DN cannot" + " be extracted. Check that the other endpoint is providing a complete certificate chain"); } throw new CertificateException(e); } } return dn; }
if (e.getMessage().equals(PEER_NOT_AUTHENTICATED_MSG)) { logger.error("The incoming request did not contain client certificates and thus the DN cannot" + " be extracted. Check that the other endpoint is providing a complete client certificate chain");
private Subject createSubject() throws IOException { try { Certificate[] chain = engine.getSession().getPeerCertificates(); CertPath certPath = cf.generateCertPath(asList(chain)); return new Subject(false, Collections.<Principal>emptySet(), singleton(certPath), emptySet()); } catch (SSLPeerUnverifiedException e) { throw new IOException("Failed to establish identity of SSL peer: " + e.getMessage(), e); } catch (CertificateException e) { throw new IOException("Certificate failure: " + e.getMessage(), e); } } }
public static String peerDn(Socket theSocket) { if (isSSLSocket(theSocket)) { SSLSession ss = ((SSLSocket) theSocket).getSession(); try { return ss.getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException e) { LOG.log(Level.FINEST, "Could not get Peer Name: not verified: " + e.getMessage()); return null; } } else { return null; } }
public static String peerDn(Socket theSocket) { if (isSSLSocket(theSocket)) { SSLSession ss = ((SSLSocket) theSocket).getSession(); try { return ss.getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException e) { LOG.log(Level.FINEST, "Could not get Peer Name: not verified: " + e.getMessage()); return null; } } else { return null; } }
public CertInfo(NetSocket netSocket) { try { this.certs = netSocket.peerCertificateChain(); } catch(SSLPeerUnverifiedException e) { logger.error(e.getMessage(), e); } }
public CertInfo(ServerWebSocket webSocket) { try { this.certs = webSocket.peerCertificateChain(); } catch(SSLPeerUnverifiedException e) { logger.error(e.getMessage(), e); } }
public void handshakeCompleted(HandshakeCompletedEvent event) { try { localCertificateChain = event.getLocalCertificates(); try { peerCertificateChain = event.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { logger.debug("Cannot get peer certificate chain: "+ e.getMessage()); } } finally { handshakeComplete.countDown(); } }
public void handshakeCompleted(HandshakeCompletedEvent event) { try { localCertificateChain = event.getLocalCertificates(); try { peerCertificateChain = event.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { logger.debug("Cannot get peer certificate chain: "+ e.getMessage()); } } finally { latch.countDown(); } } }
/** * {@inheritDoc} */ @Override public Set<Credential> extract(SSLSession source) { Set<Credential> credentials = new HashSet<Credential>(); try { credentials.add(new ConfidentialityCredential(source.isValid())); credentials.add(new PrincipalCredential(source.getPeerPrincipal())); credentials.add(new CertificateCredential(source.getPeerCertificates()[0])); } catch (SSLPeerUnverifiedException e) { throw BaseSecurityMessages.MESSAGES.unableToExtractCredentials(e.getMessage(), e); } return credentials; }
/** * {@inheritDoc} */ @Override public Set<Credential> extract(SSLSession source) { Set<Credential> credentials = new HashSet<Credential>(); try { credentials.add(new ConfidentialityCredential(source.isValid())); credentials.add(new PrincipalCredential(source.getPeerPrincipal())); credentials.add(new CertificateCredential(source.getPeerCertificates()[0])); } catch (SSLPeerUnverifiedException e) { throw BaseSecurityMessages.MESSAGES.unableToExtractCredentials(e.getMessage(), e); } return credentials; }
@Override public final void parseCredentials(final RoutingContext context, final Handler<AsyncResult<JsonObject>> handler) { Objects.requireNonNull(context); Objects.requireNonNull(handler); if (context.request().isSSL()) { try { final Certificate[] path = context.request().sslSession().getPeerCertificates(); final SpanContext currentSpan = TracingHandler.serverSpanContext(context); auth.validateClientCertificate(path, currentSpan).setHandler(handler); } catch (SSLPeerUnverifiedException e) { // client certificate has not been validated LOG.debug("could not retrieve client certificate from request: {}", e.getMessage()); handler.handle(Future.failedFuture(UNAUTHORIZED)); } } else { handler.handle(Future.failedFuture(UNAUTHORIZED)); } }
@Override public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) { try { localCertificateChain = handshakeCompletedEvent.getLocalCertificates(); try { peerCertificateChain = handshakeCompletedEvent.getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { logger.debug("Cannot get peer certificate chain: " + e.getMessage()); } } finally { sslSocketHandshakeComplete.release(); } }
@Override public Future<JsonObject> parseCredentials(final MqttContext context) { Objects.requireNonNull(context); if (context.deviceEndpoint().isSsl()) { try { final Certificate[] path = context.deviceEndpoint().sslSession().getPeerCertificates(); final SpanContext currentSpan = context.getTracingContext(); return auth.validateClientCertificate(path, currentSpan); } catch (SSLPeerUnverifiedException e) { // client certificate has not been validated log.debug("could not retrieve client certificate from device endpoint: {}", e.getMessage()); return Future.failedFuture(UNAUTHORIZED); } } else { return Future.failedFuture(UNAUTHORIZED); } } }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { LOG.debug("initializing SASL authenticator"); this.protonConnection = protonConnection; this.sasl = transport.sasl(); sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(AuthenticationConstants.MECHANISM_PLAIN, AuthenticationConstants.MECHANISM_EXTERNAL); if (socket.isSsl()) { LOG.trace("Client connected through a secured port"); try { peerCertificateChain = socket.sslSession().getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { LOG.debug("Device's Identity cannot be verified: " + e.getMessage()); } } }
public void checkTransportStateReference(TransportStateReference tmStateReference) { tmStateReference.setTransport(DTLSTM.this); if (tmStateReference.getTransportSecurityLevel().equals(SecurityLevel.undefined)) { tmStateReference.setTransportSecurityLevel(SecurityLevel.authPriv); } OctetString securityName = tmStateReference.getSecurityName(); if (securityCallback != null) { try { securityName = securityCallback.getSecurityName( (X509Certificate[]) sslEngine.getSession().getPeerCertificates()); } catch (SSLPeerUnverifiedException e) { logger.error("SSL peer '" + getPeerAddress() + "' is not verified by security callback "+ securityCallback+" : " + e.getMessage(), e); sslEngine.setEnableSessionCreation(false); } } else if (securityName == null) { logger.warn("No security callback configured to match DTLS peer certificate to local security name"); } tmStateReference.setSecurityName(securityName); }
public void checkTransportStateReference() { if (tmStateReference == null) { tmStateReference = new TransportStateReference(TLSTM.this, getPeerAddress(), new OctetString(), SecurityLevel.authPriv, SecurityLevel.authPriv, true, sessionID); OctetString securityName = null; if (securityCallback != null) { try { securityName = securityCallback.getSecurityName( (X509Certificate[]) sslEngine.getSession().getPeerCertificates()); } catch (SSLPeerUnverifiedException e) { logger.error("SSL peer '" + getPeerAddress() + "' is not verified: " + e.getMessage(), e); sslEngine.setEnableSessionCreation(false); } } tmStateReference.setSecurityName(securityName); } else if (tmStateReference.getTransportSecurityLevel().equals(SecurityLevel.undefined)) { tmStateReference.setTransportSecurityLevel(SecurityLevel.authPriv); } }
@Override public boolean intercept(final Packet packet, final RemotingConnection connection) throws ActiveMQException { if (packet.getType() == PacketImpl.SESS_SEND) { try { if (connection.getTransportConnection() instanceof NettyConnection) { System.out.println("Passed through...."); NettyConnection nettyConnection = (NettyConnection) connection.getTransportConnection(); SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl"); Assert.assertNotNull(sslHandler); Assert.assertNotNull(sslHandler.engine().getSession()); Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain()); } } catch (SSLPeerUnverifiedException e) { Assert.fail(e.getMessage()); } } return true; } }
@Override public boolean intercept(final Packet packet, final RemotingConnection connection) throws ActiveMQException { if (packet.getType() == PacketImpl.SESS_SEND) { try { if (connection.getTransportConnection() instanceof NettyConnection) { System.out.println("Passed through...."); NettyConnection nettyConnection = (NettyConnection) connection.getTransportConnection(); SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl"); Assert.assertNotNull(sslHandler); Assert.assertNotNull(sslHandler.engine().getSession()); Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain()); } } catch (SSLPeerUnverifiedException e) { Assert.fail(e.getMessage()); } } return true; } }
@Override public boolean intercept(final Packet packet, final RemotingConnection connection) throws ActiveMQException { if (packet.getType() == PacketImpl.SESS_SEND) { try { if (connection.getTransportConnection() instanceof NettyConnection) { System.out.println("Passed through...."); NettyConnection nettyConnection = (NettyConnection) connection.getTransportConnection(); SslHandler sslHandler = (SslHandler) nettyConnection.getChannel().pipeline().get("ssl"); Assert.assertNotNull(sslHandler); Assert.assertNotNull(sslHandler.engine().getSession()); Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain()); } } catch (SSLPeerUnverifiedException e) { Assert.fail(e.getMessage()); } } return true; } }