diff options
Diffstat (limited to 'jrt/src/com/yahoo/jrt/TlsCryptoSocket.java')
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 31d76bc7362..e9f72ee12e0 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -8,13 +8,19 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import java.io.IOException; import java.nio.ByteBuffer; import java.nio.channels.ClosedChannelException; import java.nio.channels.SocketChannel; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; +import java.util.Optional; import java.util.logging.Logger; +import static java.util.stream.Collectors.toList; import static javax.net.ssl.SSLEngineResult.HandshakeStatus; import static javax.net.ssl.SSLEngineResult.Status; @@ -211,6 +217,22 @@ public class TlsCryptoSocket implements CryptoSocket { return wrapBuffer.bytes() > 0 ? FlushResult.NEED_WRITE : FlushResult.DONE; } + @Override + public Optional<SecurityContext> securityContext() { + try { + if (handshakeState != HandshakeState.COMPLETED) { + return Optional.empty(); + } + List<X509Certificate> peerCertificateChain = + Arrays.stream(sslEngine.getSession().getPeerCertificates()) + .map(X509Certificate.class::cast) + .collect(toList()); + return Optional.of(new SecurityContext(peerCertificateChain)); + } catch (SSLPeerUnverifiedException e) { // unverified peer: non-certificate based ciphers or peer did not provide a certificate + return Optional.of(new SecurityContext(List.of())); // secure connection, but peer does not have a certificate chain. + } + } + private boolean handshakeWrap() throws IOException { SSLEngineResult result = sslEngineWrap(NULL_BUFFER); switch (result.getStatus()) { |