1 /*
2 * Copyright 1997-2003 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26 package javax.net.ssl;
27
28 import java.util.EventObject;
29 import java.security.cert.Certificate;
30 import java.security.Principal;
31 import java.security.cert.X509Certificate;
32 import javax.security.auth.x500.X500Principal;
33
34 /**
35 * This event indicates that an SSL handshake completed on a given
36 * SSL connection. All of the core information about that handshake's
37 * result is captured through an "SSLSession" object. As a convenience,
38 * this event class provides direct access to some important session
39 * attributes.
40 *
41 * <P> The source of this event is the SSLSocket on which handshaking
42 * just completed.
43 *
44 * @see SSLSocket
45 * @see HandshakeCompletedListener
46 * @see SSLSession
47 *
48 * @since 1.4
49 * @author David Brownell
50 */
51 public class HandshakeCompletedEvent extends EventObject
52 {
53 private static final long serialVersionUID = 7914963744257769778L;
54
55 private transient SSLSession session;
56
57 /**
58 * Constructs a new HandshakeCompletedEvent.
59 *
60 * @param sock the SSLSocket acting as the source of the event
61 * @param s the SSLSession this event is associated with
62 */
63 public HandshakeCompletedEvent(SSLSocket sock, SSLSession s)
64 {
65 super(sock);
66 session = s;
67 }
68
69
70 /**
71 * Returns the session that triggered this event.
72 *
73 * @return the <code>SSLSession</code> for this handshake
74 */
75 public SSLSession getSession()
76 {
77 return session;
78 }
79
80
81 /**
82 * Returns the cipher suite in use by the session which was produced
83 * by the handshake. (This is a convenience method for
84 * getting the ciphersuite from the SSLsession.)
85 *
86 * @return the name of the cipher suite negotiated during this session.
87 */
88 public String getCipherSuite()
89 {
90 return session.getCipherSuite();
91 }
92
93
94 /**
95 * Returns the certificate(s) that were sent to the peer during
96 * handshaking.
97 * Note: This method is useful only when using certificate-based
98 * cipher suites.
99 *
100 * When multiple certificates are available for use in a
101 * handshake, the implementation chooses what it considers the
102 * "best" certificate chain available, and transmits that to
103 * the other side. This method allows the caller to know
104 * which certificate chain was actually used.
105 *
106 * @return an ordered array of certificates, with the local
107 * certificate first followed by any
108 * certificate authorities. If no certificates were sent,
109 * then null is returned.
110 * @see #getLocalPrincipal()
111 */
112 public java.security.cert.Certificate [] getLocalCertificates()
113 {
114 return session.getLocalCertificates();
115 }
116
117
118 /**
119 * Returns the identity of the peer which was established as part
120 * of defining the session.
121 * Note: This method can be used only when using certificate-based
122 * cipher suites; using it with non-certificate-based cipher suites,
123 * such as Kerberos, will throw an SSLPeerUnverifiedException.
124 *
125 * @return an ordered array of the peer certificates,
126 * with the peer's own certificate first followed by
127 * any certificate authorities.
128 * @exception SSLPeerUnverifiedException if the peer is not verified.
129 * @see #getPeerPrincipal()
130 */
131 public java.security.cert.Certificate [] getPeerCertificates()
132 throws SSLPeerUnverifiedException
133 {
134 return session.getPeerCertificates();
135 }
136
137
138 /**
139 * Returns the identity of the peer which was identified as part
140 * of defining the session.
141 * Note: This method can be used only when using certificate-based
142 * cipher suites; using it with non-certificate-based cipher suites,
143 * such as Kerberos, will throw an SSLPeerUnverifiedException.
144 *
145 * <p><em>Note: this method exists for compatibility with previous
146 * releases. New applications should use
147 * {@link #getPeerCertificates} instead.</em></p>
148 *
149 * @return an ordered array of peer X.509 certificates,
150 * with the peer's own certificate first followed by any
151 * certificate authorities. (The certificates are in
152 * the original JSSE
153 * {@link javax.security.cert.X509Certificate} format).
154 * @exception SSLPeerUnverifiedException if the peer is not verified.
155 * @see #getPeerPrincipal()
156 */
157 public javax.security.cert.X509Certificate [] getPeerCertificateChain()
158 throws SSLPeerUnverifiedException
159 {
160 return session.getPeerCertificateChain();
161 }
162
163 /**
164 * Returns the identity of the peer which was established as part of
165 * defining the session.
166 *
167 * @return the peer's principal. Returns an X500Principal of the
168 * end-entity certiticate for X509-based cipher suites, and
169 * KerberosPrincipal for Kerberos cipher suites.
170 *
171 * @throws SSLPeerUnverifiedException if the peer's identity has not
172 * been verified
173 *
174 * @see #getPeerCertificates()
175 * @see #getLocalPrincipal()
176 *
177 * @since 1.5
178 */
179 public Principal getPeerPrincipal()
180 throws SSLPeerUnverifiedException
181 {
182 Principal principal;
183 try {
184 principal = session.getPeerPrincipal();
185 } catch (AbstractMethodError e) {
186 // if the provider does not support it, fallback to peer certs.
187 // return the X500Principal of the end-entity cert.
188 Certificate[] certs = getPeerCertificates();
189 principal = (X500Principal)
190 ((X509Certificate)certs[0]).getSubjectX500Principal();
191 }
192 return principal;
193 }
194
195 /**
196 * Returns the principal that was sent to the peer during handshaking.
197 *
198 * @return the principal sent to the peer. Returns an X500Principal
199 * of the end-entity certificate for X509-based cipher suites, and
200 * KerberosPrincipal for Kerberos cipher suites. If no principal was
201 * sent, then null is returned.
202 *
203 * @see #getLocalCertificates()
204 * @see #getPeerPrincipal()
205 *
206 * @since 1.5
207 */
208 public Principal getLocalPrincipal()
209 {
210 Principal principal;
211 try {
212 principal = session.getLocalPrincipal();
213 } catch (AbstractMethodError e) {
214 principal = null;
215 // if the provider does not support it, fallback to local certs.
216 // return the X500Principal of the end-entity cert.
217 Certificate[] certs = getLocalCertificates();
218 if (certs != null) {
219 principal = (X500Principal)
220 ((X509Certificate)certs[0]).getSubjectX500Principal();
221 }
222 }
223 return principal;
224 }
225
226 /**
227 * Returns the socket which is the source of this event.
228 * (This is a convenience function, to let applications
229 * write code without type casts.)
230 *
231 * @return the socket on which the connection was made.
232 */
233 public SSLSocket getSocket()
234 {
235 return (SSLSocket) getSource();
236 }
237 }
Save This Page