Search in sources :

Example 81 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class HostNameSSLSocketVerifier method getHostFromURI.

/**
 * Extracts the host from the URI with the given string representation.  Note
 * that the Java URI parser doesn't like hostnames that have wildcards, so we
 * have to handle them specially.
 *
 * @param  uriString  The string representation of the URI to parse.  It must
 *                    not be {@code null}.
 *
 * @return  The host extracted from the provided URI, or {@code null} if none
 *          is available (e.g., because the URI is malformed).
 */
@Nullable()
private static String getHostFromURI(@NotNull final String uriString) {
    final URI uri;
    try {
        uri = new URI(uriString);
    } catch (final Exception e) {
        Debug.debugException(e);
        return null;
    }
    final String uriHost = uri.getHost();
    if (uriHost != null) {
        return uriHost;
    }
    // return null.
    if (!uriString.contains("*")) {
        return null;
    }
    // If Java was at least able to parse the scheme, and if the URI starts with
    // that scheme, then we can go ahead with our own parsing attempt.
    final String scheme = uri.getScheme();
    if ((scheme == null) || scheme.isEmpty() || (!uriString.toLowerCase().startsWith(scheme))) {
        return null;
    }
    // Strip the scheme from the beginning of the URI.  Note that the scheme
    // probably won't contain the "://", so strip that separately.
    String paredDownURI = uriString.substring(scheme.length());
    if (paredDownURI.startsWith("://")) {
        paredDownURI = paredDownURI.substring(3);
    }
    // If the pared down URI contains a slash (which would separate the hostport
    // section from the path), then strip that off and everything after it.
    final int slashPos = paredDownURI.indexOf('/');
    if (slashPos >= 0) {
        paredDownURI = paredDownURI.substring(0, slashPos);
    }
    // If the pared down URI contains a colon (which would separate the host
    // from the port), then strip that off and everything after it.
    final int colonPos = paredDownURI.indexOf(':');
    if (colonPos >= 0) {
        paredDownURI = paredDownURI.substring(0, colonPos);
    }
    // If there's anything left, then it should be the host.
    if (!paredDownURI.isEmpty()) {
        return paredDownURI;
    }
    return null;
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) URI(java.net.URI) LDAPException(com.unboundid.ldap.sdk.LDAPException) Nullable(com.unboundid.util.Nullable)

Example 82 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class FileArgument method getFileBytes.

/**
 * Reads the contents of the file specified as the value to this argument.  If
 * there are multiple values for this argument, then the file specified as the
 * first value will be used.
 *
 * @return  A byte array containing the contents of the target file, or
 *          {@code null} if no values were provided.
 *
 * @throws  IOException  If the specified file does not exist or a problem
 *                       occurs while reading the contents of the file.
 */
@Nullable()
public byte[] getFileBytes() throws IOException {
    final InputStream inputStream = getFileInputStream();
    if (inputStream == null) {
        return null;
    }
    try {
        final ByteStringBuffer buffer = new ByteStringBuffer();
        buffer.readFrom(inputStream);
        return buffer.toByteArray();
    } finally {
        inputStream.close();
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ByteStringBuffer(com.unboundid.util.ByteStringBuffer) Nullable(com.unboundid.util.Nullable)

Example 83 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class WrapperKeyManager method chooseEngineClientAlias.

/**
 * Retrieves the nickname of the certificate that a client should use to
 * authenticate to a server.
 *
 * @param  keyType  The list of key algorithm names that may be used.
 * @param  issuers  The list of acceptable issuer certificate subjects.  It
 *                  may be {@code null} if any issuer may be used.
 * @param  engine   The SSL engine to be used.  It may be {@code null} if the
 *                  certificate may be for any engine.
 *
 * @return  The nickname of the certificate to use, or {@code null} if no
 *          appropriate certificate is found.
 */
@Override()
@Nullable()
public final synchronized String chooseEngineClientAlias(@NotNull final String[] keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
    if (certificateAlias == null) {
        for (final X509KeyManager m : keyManagers) {
            if (m instanceof X509ExtendedKeyManager) {
                final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
                final String alias = em.chooseEngineClientAlias(keyType, issuers, engine);
                if (alias != null) {
                    return alias;
                }
            } else {
                final String alias = m.chooseClientAlias(keyType, issuers, null);
                if (alias != null) {
                    return alias;
                }
            }
        }
        return null;
    } else {
        for (final String s : keyType) {
            for (final X509KeyManager m : keyManagers) {
                final String[] aliases = m.getClientAliases(s, issuers);
                if (aliases != null) {
                    for (final String alias : aliases) {
                        if (alias.equals(certificateAlias)) {
                            return certificateAlias;
                        }
                    }
                }
            }
        }
        return null;
    }
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Nullable(com.unboundid.util.Nullable)

Example 84 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class WrapperKeyManager method chooseEngineServerAlias.

/**
 * Retrieves the nickname of the certificate that a server should use to
 * authenticate to a client.
 *
 * @param  keyType  The key algorithm name that may be used.
 * @param  issuers  The list of acceptable issuer certificate subjects.  It
 *                  may be {@code null} if any issuer may be used.
 * @param  engine   The SSL engine to be used.  It may be {@code null} if the
 *                  certificate may be for any engine.
 *
 * @return  The nickname of the certificate to use, or {@code null} if no
 *          appropriate certificate is found.
 */
@Override()
@Nullable()
public final synchronized String chooseEngineServerAlias(@NotNull final String keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
    if (certificateAlias == null) {
        for (final X509KeyManager m : keyManagers) {
            if (m instanceof X509ExtendedKeyManager) {
                final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
                final String alias = em.chooseEngineServerAlias(keyType, issuers, engine);
                if (alias != null) {
                    return alias;
                }
            } else {
                final String alias = m.chooseServerAlias(keyType, issuers, null);
                if (alias != null) {
                    return alias;
                }
            }
        }
        return null;
    } else {
        for (final X509KeyManager m : keyManagers) {
            final String[] aliases = m.getServerAliases(keyType, issuers);
            if (aliases != null) {
                for (final String alias : aliases) {
                    if (alias.equals(certificateAlias)) {
                        return certificateAlias;
                    }
                }
            }
        }
        return null;
    }
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Nullable(com.unboundid.util.Nullable)

Example 85 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class JVMDefaultTrustManager method findIssuer.

/**
 * Finds the issuer for the provided certificate, if it is in the JVM-default
 * trust store.
 *
 * @param  cert         The certificate for which to find the issuer.  It must
 *                      have already been retrieved from the JVM-default trust
 *                      store.
 * @param  currentDate  The current date to use when verifying validity.
 *
 * @return  The issuer for the provided certificate, or {@code null} if the
 *          provided certificate is self-signed.
 *
 * @throws  CertificateException  If the provided certificate is not
 *                                self-signed but its issuer could not be
 *                                found, or if the issuer certificate is
 *                                not currently valid.
 */
@Nullable()
private X509Certificate findIssuer(@NotNull final X509Certificate cert, @NotNull final Date currentDate) throws CertificateException {
    try {
        // More fully decode the provided certificate so that we can better
        // examine it.
        final com.unboundid.util.ssl.cert.X509Certificate c = new com.unboundid.util.ssl.cert.X509Certificate(cert.getEncoded());
        // If the certificate is self-signed, then it doesn't have an issuer.
        if (c.isSelfSigned()) {
            return null;
        }
        // so, then use it to try to find the issuer.
        for (final X509CertificateExtension e : c.getExtensions()) {
            if (e instanceof AuthorityKeyIdentifierExtension) {
                final AuthorityKeyIdentifierExtension akie = (AuthorityKeyIdentifierExtension) e;
                final ASN1OctetString authorityKeyID = new ASN1OctetString(akie.getKeyIdentifier().getValue());
                final com.unboundid.util.ssl.cert.X509Certificate issuer = trustedCertsByKeyID.get(authorityKeyID);
                if ((issuer != null) && issuer.isWithinValidityWindow(currentDate)) {
                    c.verifySignature(issuer);
                    return (X509Certificate) issuer.toCertificate();
                }
            }
        }
    } catch (final Exception e) {
        Debug.debugException(e);
    }
    throw new CertificateException(ERR_JVM_DEFAULT_TRUST_MANAGER_CANNOT_FIND_ISSUER.get(String.valueOf(cert.getSubjectDN())));
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) X509CertificateExtension(com.unboundid.util.ssl.cert.X509CertificateExtension) AuthorityKeyIdentifierExtension(com.unboundid.util.ssl.cert.AuthorityKeyIdentifierExtension) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateException(java.security.cert.CertificateException) Nullable(com.unboundid.util.Nullable)

Aggregations

Nullable (com.unboundid.util.Nullable)149 ArrayList (java.util.ArrayList)47 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)42 Entry (com.unboundid.ldap.sdk.Entry)30 LDAPException (com.unboundid.ldap.sdk.LDAPException)30 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)21 Attribute (com.unboundid.ldap.sdk.Attribute)21 ASN1Element (com.unboundid.asn1.ASN1Element)20 Filter (com.unboundid.ldap.sdk.Filter)20 SearchResult (com.unboundid.ldap.sdk.SearchResult)18 IOException (java.io.IOException)16 ReadOnlyEntry (com.unboundid.ldap.sdk.ReadOnlyEntry)14 File (java.io.File)14 DN (com.unboundid.ldap.sdk.DN)12 ArgumentException (com.unboundid.util.args.ArgumentException)10 RDN (com.unboundid.ldap.sdk.RDN)9 LDIFException (com.unboundid.ldif.LDIFException)8 ChangeLogEntry (com.unboundid.ldap.sdk.ChangeLogEntry)7 Modification (com.unboundid.ldap.sdk.Modification)7 LDIFModifyChangeRecord (com.unboundid.ldif.LDIFModifyChangeRecord)7