org.apache.tomcat.util.net.jsse: class: JSSE14Support

org.apache.tomcat.util.net.jsse
class: JSSE14Support [javadoc | source]

java.lang.Object
   org.apache.tomcat.util.net.jsse.JSSESupport
      org.apache.tomcat.util.net.jsse.JSSE14Support

All Implemented Interfaces:
SSLSupport

Field Summary
Listener	listener

Fields inherited from org.apache.tomcat.util.net.jsse.JSSESupport:
ssl, session, listener

Constructor:
public JSSE14Support(SSLSocket sock) { super(sock); sock.addHandshakeCompletedListener(listener); }
public JSSE14Support(SSLEngine sslEngine) { super(sslEngine); }

Constructor:

 public JSSE14Support(SSLSocket sock) {
        super(sock);
        sock.addHandshakeCompletedListener(listener);
}

 public JSSE14Support(SSLEngine sslEngine) {
        super(sslEngine);
}

Method from org.apache.tomcat.util.net.jsse.JSSE14Support Summary:
getX509Certificates, handShake

Methods from org.apache.tomcat.util.net.jsse.JSSESupport:
getCipherSuite, getKeySize, getPeerCertificateChain, getPeerCertificateChain, getSessionId, getX509Certificates, handShake

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.tomcat.util.net.jsse.JSSE14Support Detail:
protected X509Certificate[] getX509Certificates(SSLSession session) throws IOException { Certificate [] certs=null; try { certs = session.getPeerCertificates(); } catch( Throwable t ) { logger.debug("Error getting client certs",t); return null; } if( certs==null ) return null; X509Certificate [] x509Certs = new X509Certificate[certs.length]; for(int i=0; i < certs.length; i++) { if( certs[i] instanceof X509Certificate ) { // always currently true with the JSSE 1.1.x x509Certs[i] = (X509Certificate)certs[i]; } else { try { byte [] buffer = certs[i].getEncoded(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(buffer); x509Certs[i] = (X509Certificate) cf.generateCertificate(stream); } catch(Exception ex) { logger.info("Error translating cert " + certs[i], ex); return null; } } if(logger.isTraceEnabled()) logger.trace("Cert #" + i + " = " + x509Certs[i]); } if(x509Certs.length < 1) return null; return x509Certs; } Return the X509certificates or null if we can't get them. XXX We should allow unverified certificates
protected void handShake() throws IOException { ssl.setNeedClientAuth(true); synchronousHandshake(ssl); }

Method from org.apache.tomcat.util.net.jsse.JSSE14Support Detail:

 protected X509Certificate[] getX509Certificates(SSLSession session) throws IOException {
        Certificate [] certs=null;
        try {
	    certs = session.getPeerCertificates();
        } catch( Throwable t ) {
            logger.debug("Error getting client certs",t);
            return null;
        }
        if( certs==null ) return null;
        X509Certificate [] x509Certs = new X509Certificate[certs.length];
	for(int i=0; i <  certs.length; i++) {
	    if( certs[i] instanceof X509Certificate ) {
		// always currently true with the JSSE 1.1.x
		x509Certs[i] = (X509Certificate)certs[i];
	    } else {
		try {
		    byte [] buffer = certs[i].getEncoded();
		    CertificateFactory cf =
			CertificateFactory.getInstance("X.509");
		    ByteArrayInputStream stream =
			new ByteArrayInputStream(buffer);
		    x509Certs[i] = (X509Certificate)
			cf.generateCertificate(stream);
		} catch(Exception ex) { 
		    logger.info("Error translating cert " + certs[i], ex);
		    return null;
		}
	    }
	    if(logger.isTraceEnabled())
		logger.trace("Cert #" + i + " = " + x509Certs[i]);
	}
	if(x509Certs.length <  1)
	    return null;
	return x509Certs;
}

Return the X509certificates or null if we can't get them. XXX We should allow unverified certificates

 protected  void handShake() throws IOException {
        ssl.setNeedClientAuth(true);
        synchronousHandshake(ssl);
}