use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.
the class HostNameSSLSocketVerifier method getHostFromURI.
/**
* Extracts the host from the URI with the given string representation. Note
* that the Java URI parser doesn't like hostnames that have wildcards, so we
* have to handle them specially.
*
* @param uriString The string representation of the URI to parse. It must
* not be {@code null}.
*
* @return The host extracted from the provided URI, or {@code null} if none
* is available (e.g., because the URI is malformed).
*/
@Nullable()
private static String getHostFromURI(@NotNull final String uriString) {
final URI uri;
try {
uri = new URI(uriString);
} catch (final Exception e) {
Debug.debugException(e);
return null;
}
final String uriHost = uri.getHost();
if (uriHost != null) {
return uriHost;
}
// return null.
if (!uriString.contains("*")) {
return null;
}
// If Java was at least able to parse the scheme, and if the URI starts with
// that scheme, then we can go ahead with our own parsing attempt.
final String scheme = uri.getScheme();
if ((scheme == null) || scheme.isEmpty() || (!uriString.toLowerCase().startsWith(scheme))) {
return null;
}
// Strip the scheme from the beginning of the URI. Note that the scheme
// probably won't contain the "://", so strip that separately.
String paredDownURI = uriString.substring(scheme.length());
if (paredDownURI.startsWith("://")) {
paredDownURI = paredDownURI.substring(3);
}
// If the pared down URI contains a slash (which would separate the hostport
// section from the path), then strip that off and everything after it.
final int slashPos = paredDownURI.indexOf('/');
if (slashPos >= 0) {
paredDownURI = paredDownURI.substring(0, slashPos);
}
// If the pared down URI contains a colon (which would separate the host
// from the port), then strip that off and everything after it.
final int colonPos = paredDownURI.indexOf(':');
if (colonPos >= 0) {
paredDownURI = paredDownURI.substring(0, colonPos);
}
// If there's anything left, then it should be the host.
if (!paredDownURI.isEmpty()) {
return paredDownURI;
}
return null;
}
use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.
the class FileArgument method getFileBytes.
/**
* Reads the contents of the file specified as the value to this argument. If
* there are multiple values for this argument, then the file specified as the
* first value will be used.
*
* @return A byte array containing the contents of the target file, or
* {@code null} if no values were provided.
*
* @throws IOException If the specified file does not exist or a problem
* occurs while reading the contents of the file.
*/
@Nullable()
public byte[] getFileBytes() throws IOException {
final InputStream inputStream = getFileInputStream();
if (inputStream == null) {
return null;
}
try {
final ByteStringBuffer buffer = new ByteStringBuffer();
buffer.readFrom(inputStream);
return buffer.toByteArray();
} finally {
inputStream.close();
}
}
use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.
the class WrapperKeyManager method chooseEngineClientAlias.
/**
* Retrieves the nickname of the certificate that a client should use to
* authenticate to a server.
*
* @param keyType The list of key algorithm names that may be used.
* @param issuers The list of acceptable issuer certificate subjects. It
* may be {@code null} if any issuer may be used.
* @param engine The SSL engine to be used. It may be {@code null} if the
* certificate may be for any engine.
*
* @return The nickname of the certificate to use, or {@code null} if no
* appropriate certificate is found.
*/
@Override()
@Nullable()
public final synchronized String chooseEngineClientAlias(@NotNull final String[] keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
if (certificateAlias == null) {
for (final X509KeyManager m : keyManagers) {
if (m instanceof X509ExtendedKeyManager) {
final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
final String alias = em.chooseEngineClientAlias(keyType, issuers, engine);
if (alias != null) {
return alias;
}
} else {
final String alias = m.chooseClientAlias(keyType, issuers, null);
if (alias != null) {
return alias;
}
}
}
return null;
} else {
for (final String s : keyType) {
for (final X509KeyManager m : keyManagers) {
final String[] aliases = m.getClientAliases(s, issuers);
if (aliases != null) {
for (final String alias : aliases) {
if (alias.equals(certificateAlias)) {
return certificateAlias;
}
}
}
}
}
return null;
}
}
use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.
the class WrapperKeyManager method chooseEngineServerAlias.
/**
* Retrieves the nickname of the certificate that a server should use to
* authenticate to a client.
*
* @param keyType The key algorithm name that may be used.
* @param issuers The list of acceptable issuer certificate subjects. It
* may be {@code null} if any issuer may be used.
* @param engine The SSL engine to be used. It may be {@code null} if the
* certificate may be for any engine.
*
* @return The nickname of the certificate to use, or {@code null} if no
* appropriate certificate is found.
*/
@Override()
@Nullable()
public final synchronized String chooseEngineServerAlias(@NotNull final String keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
if (certificateAlias == null) {
for (final X509KeyManager m : keyManagers) {
if (m instanceof X509ExtendedKeyManager) {
final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
final String alias = em.chooseEngineServerAlias(keyType, issuers, engine);
if (alias != null) {
return alias;
}
} else {
final String alias = m.chooseServerAlias(keyType, issuers, null);
if (alias != null) {
return alias;
}
}
}
return null;
} else {
for (final X509KeyManager m : keyManagers) {
final String[] aliases = m.getServerAliases(keyType, issuers);
if (aliases != null) {
for (final String alias : aliases) {
if (alias.equals(certificateAlias)) {
return certificateAlias;
}
}
}
}
return null;
}
}
use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.
the class JVMDefaultTrustManager method findIssuer.
/**
* Finds the issuer for the provided certificate, if it is in the JVM-default
* trust store.
*
* @param cert The certificate for which to find the issuer. It must
* have already been retrieved from the JVM-default trust
* store.
* @param currentDate The current date to use when verifying validity.
*
* @return The issuer for the provided certificate, or {@code null} if the
* provided certificate is self-signed.
*
* @throws CertificateException If the provided certificate is not
* self-signed but its issuer could not be
* found, or if the issuer certificate is
* not currently valid.
*/
@Nullable()
private X509Certificate findIssuer(@NotNull final X509Certificate cert, @NotNull final Date currentDate) throws CertificateException {
try {
// More fully decode the provided certificate so that we can better
// examine it.
final com.unboundid.util.ssl.cert.X509Certificate c = new com.unboundid.util.ssl.cert.X509Certificate(cert.getEncoded());
// If the certificate is self-signed, then it doesn't have an issuer.
if (c.isSelfSigned()) {
return null;
}
// so, then use it to try to find the issuer.
for (final X509CertificateExtension e : c.getExtensions()) {
if (e instanceof AuthorityKeyIdentifierExtension) {
final AuthorityKeyIdentifierExtension akie = (AuthorityKeyIdentifierExtension) e;
final ASN1OctetString authorityKeyID = new ASN1OctetString(akie.getKeyIdentifier().getValue());
final com.unboundid.util.ssl.cert.X509Certificate issuer = trustedCertsByKeyID.get(authorityKeyID);
if ((issuer != null) && issuer.isWithinValidityWindow(currentDate)) {
c.verifySignature(issuer);
return (X509Certificate) issuer.toCertificate();
}
}
}
} catch (final Exception e) {
Debug.debugException(e);
}
throw new CertificateException(ERR_JVM_DEFAULT_TRUST_MANAGER_CANNOT_FIND_ISSUER.get(String.valueOf(cert.getSubjectDN())));
}
Aggregations