Examples with Nullable com.unboundid.util.Nullable used on opensource projects

Example 81 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class HostNameSSLSocketVerifier method getHostFromURI.

/**
 * Extracts the host from the URI with the given string representation.  Note
 * that the Java URI parser doesn't like hostnames that have wildcards, so we
 * have to handle them specially.
 *
 * @param  uriString  The string representation of the URI to parse.  It must
 *                    not be {@code null}.
 *
 * @return  The host extracted from the provided URI, or {@code null} if none
 *          is available (e.g., because the URI is malformed).
 */
@Nullable()
private static String getHostFromURI(@NotNull final String uriString) {
    final URI uri;
    try {
        uri = new URI(uriString);
    } catch (final Exception e) {
        Debug.debugException(e);
        return null;
    }
    final String uriHost = uri.getHost();
    if (uriHost != null) {
        return uriHost;
    }
    // return null.
    if (!uriString.contains("*")) {
        return null;
    }
    // If Java was at least able to parse the scheme, and if the URI starts with
    // that scheme, then we can go ahead with our own parsing attempt.
    final String scheme = uri.getScheme();
    if ((scheme == null) || scheme.isEmpty() || (!uriString.toLowerCase().startsWith(scheme))) {
        return null;
    }
    // Strip the scheme from the beginning of the URI.  Note that the scheme
    // probably won't contain the "://", so strip that separately.
    String paredDownURI = uriString.substring(scheme.length());
    if (paredDownURI.startsWith("://")) {
        paredDownURI = paredDownURI.substring(3);
    }
    // If the pared down URI contains a slash (which would separate the hostport
    // section from the path), then strip that off and everything after it.
    final int slashPos = paredDownURI.indexOf('/');
    if (slashPos >= 0) {
        paredDownURI = paredDownURI.substring(0, slashPos);
    }
    // If the pared down URI contains a colon (which would separate the host
    // from the port), then strip that off and everything after it.
    final int colonPos = paredDownURI.indexOf(':');
    if (colonPos >= 0) {
        paredDownURI = paredDownURI.substring(0, colonPos);
    }
    // If there's anything left, then it should be the host.
    if (!paredDownURI.isEmpty()) {
        return paredDownURI;
    }
    return null;
}

Example 82 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class FileArgument method getFileBytes.

/**
 * Reads the contents of the file specified as the value to this argument.  If
 * there are multiple values for this argument, then the file specified as the
 * first value will be used.
 *
 * @return  A byte array containing the contents of the target file, or
 *          {@code null} if no values were provided.
 *
 * @throws  IOException  If the specified file does not exist or a problem
 *                       occurs while reading the contents of the file.
 */
@Nullable()
public byte[] getFileBytes() throws IOException {
    final InputStream inputStream = getFileInputStream();
    if (inputStream == null) {
        return null;
    }
    try {
        final ByteStringBuffer buffer = new ByteStringBuffer();
        buffer.readFrom(inputStream);
        return buffer.toByteArray();
    } finally {
        inputStream.close();
    }
}

Example 83 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class WrapperKeyManager method chooseEngineClientAlias.

/**
 * Retrieves the nickname of the certificate that a client should use to
 * authenticate to a server.
 *
 * @param  keyType  The list of key algorithm names that may be used.
 * @param  issuers  The list of acceptable issuer certificate subjects.  It
 *                  may be {@code null} if any issuer may be used.
 * @param  engine   The SSL engine to be used.  It may be {@code null} if the
 *                  certificate may be for any engine.
 *
 * @return  The nickname of the certificate to use, or {@code null} if no
 *          appropriate certificate is found.
 */
@Override()
@Nullable()
public final synchronized String chooseEngineClientAlias(@NotNull final String[] keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
    if (certificateAlias == null) {
        for (final X509KeyManager m : keyManagers) {
            if (m instanceof X509ExtendedKeyManager) {
                final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
                final String alias = em.chooseEngineClientAlias(keyType, issuers, engine);
                if (alias != null) {
                    return alias;
                }
            } else {
                final String alias = m.chooseClientAlias(keyType, issuers, null);
                if (alias != null) {
                    return alias;
                }
            }
        }
        return null;
    } else {
        for (final String s : keyType) {
            for (final X509KeyManager m : keyManagers) {
                final String[] aliases = m.getClientAliases(s, issuers);
                if (aliases != null) {
                    for (final String alias : aliases) {
                        if (alias.equals(certificateAlias)) {
                            return certificateAlias;
                        }
                    }
                }
            }
        }
        return null;
    }
}

Example 84 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class WrapperKeyManager method chooseEngineServerAlias.

/**
 * Retrieves the nickname of the certificate that a server should use to
 * authenticate to a client.
 *
 * @param  keyType  The key algorithm name that may be used.
 * @param  issuers  The list of acceptable issuer certificate subjects.  It
 *                  may be {@code null} if any issuer may be used.
 * @param  engine   The SSL engine to be used.  It may be {@code null} if the
 *                  certificate may be for any engine.
 *
 * @return  The nickname of the certificate to use, or {@code null} if no
 *          appropriate certificate is found.
 */
@Override()
@Nullable()
public final synchronized String chooseEngineServerAlias(@NotNull final String keyType, @Nullable final Principal[] issuers, @Nullable final SSLEngine engine) {
    if (certificateAlias == null) {
        for (final X509KeyManager m : keyManagers) {
            if (m instanceof X509ExtendedKeyManager) {
                final X509ExtendedKeyManager em = (X509ExtendedKeyManager) m;
                final String alias = em.chooseEngineServerAlias(keyType, issuers, engine);
                if (alias != null) {
                    return alias;
                }
            } else {
                final String alias = m.chooseServerAlias(keyType, issuers, null);
                if (alias != null) {
                    return alias;
                }
            }
        }
        return null;
    } else {
        for (final X509KeyManager m : keyManagers) {
            final String[] aliases = m.getServerAliases(keyType, issuers);
            if (aliases != null) {
                for (final String alias : aliases) {
                    if (alias.equals(certificateAlias)) {
                        return certificateAlias;
                    }
                }
            }
        }
        return null;
    }
}

Example 85 with Nullable

use of com.unboundid.util.Nullable in project ldapsdk by pingidentity.

the class JVMDefaultTrustManager method findIssuer.

/**
 * Finds the issuer for the provided certificate, if it is in the JVM-default
 * trust store.
 *
 * @param  cert         The certificate for which to find the issuer.  It must
 *                      have already been retrieved from the JVM-default trust
 *                      store.
 * @param  currentDate  The current date to use when verifying validity.
 *
 * @return  The issuer for the provided certificate, or {@code null} if the
 *          provided certificate is self-signed.
 *
 * @throws  CertificateException  If the provided certificate is not
 *                                self-signed but its issuer could not be
 *                                found, or if the issuer certificate is
 *                                not currently valid.
 */
@Nullable()
private X509Certificate findIssuer(@NotNull final X509Certificate cert, @NotNull final Date currentDate) throws CertificateException {
    try {
        // More fully decode the provided certificate so that we can better
        // examine it.
        final com.unboundid.util.ssl.cert.X509Certificate c = new com.unboundid.util.ssl.cert.X509Certificate(cert.getEncoded());
        // If the certificate is self-signed, then it doesn't have an issuer.
        if (c.isSelfSigned()) {
            return null;
        }
        // so, then use it to try to find the issuer.
        for (final X509CertificateExtension e : c.getExtensions()) {
            if (e instanceof AuthorityKeyIdentifierExtension) {
                final AuthorityKeyIdentifierExtension akie = (AuthorityKeyIdentifierExtension) e;
                final ASN1OctetString authorityKeyID = new ASN1OctetString(akie.getKeyIdentifier().getValue());
                final com.unboundid.util.ssl.cert.X509Certificate issuer = trustedCertsByKeyID.get(authorityKeyID);
                if ((issuer != null) && issuer.isWithinValidityWindow(currentDate)) {
                    c.verifySignature(issuer);
                    return (X509Certificate) issuer.toCertificate();
                }
            }
        }
    } catch (final Exception e) {
        Debug.debugException(e);
    }
    throw new CertificateException(ERR_JVM_DEFAULT_TRUST_MANAGER_CANNOT_FIND_ISSUER.get(String.valueOf(cert.getSubjectDN())));
}