Correctly throw SSLPeerUnverifiedException if peers identity has not been verified
Motivation: As stated in the SSLSession javadocs getPeer* methods need to throw a SSLPeerUnverifiedException if peers identity has not be verified. Modifications: - Correctly throw SSLPeerUnverifiedException - Add test for it. Result: Correctly behave like descripted in javadocs.
This commit is contained in:
parent
2dde3a386b
commit
6e3acfeb06
|
@ -1528,7 +1528,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||||
@Override
|
@Override
|
||||||
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
|
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
|
||||||
synchronized (OpenSslEngine.this) {
|
synchronized (OpenSslEngine.this) {
|
||||||
if (peerCerts == null) {
|
if (peerCerts == null || peerCerts.length == 0) {
|
||||||
throw new SSLPeerUnverifiedException("peer not verified");
|
throw new SSLPeerUnverifiedException("peer not verified");
|
||||||
}
|
}
|
||||||
return peerCerts;
|
return peerCerts;
|
||||||
|
@ -1544,7 +1544,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||||
@Override
|
@Override
|
||||||
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
|
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
|
||||||
synchronized (OpenSslEngine.this) {
|
synchronized (OpenSslEngine.this) {
|
||||||
if (x509PeerCerts == null) {
|
if (x509PeerCerts == null || x509PeerCerts.length == 0) {
|
||||||
throw new SSLPeerUnverifiedException("peer not verified");
|
throw new SSLPeerUnverifiedException("peer not verified");
|
||||||
}
|
}
|
||||||
return x509PeerCerts;
|
return x509PeerCerts;
|
||||||
|
@ -1554,9 +1554,8 @@ public final class OpenSslEngine extends SSLEngine {
|
||||||
@Override
|
@Override
|
||||||
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
|
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
|
||||||
Certificate[] peer = getPeerCertificates();
|
Certificate[] peer = getPeerCertificates();
|
||||||
if (peer == null || peer.length == 0) {
|
// No need for null or length > 0 is needed as this is done in getPeerCertificates()
|
||||||
return null;
|
// already.
|
||||||
}
|
|
||||||
return ((java.security.cert.X509Certificate) peer[0]).getSubjectX500Principal();
|
return ((java.security.cert.X509Certificate) peer[0]).getSubjectX500Principal();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,8 @@ import io.netty.handler.logging.LoggingHandler;
|
||||||
import io.netty.handler.ssl.OpenSsl;
|
import io.netty.handler.ssl.OpenSsl;
|
||||||
import io.netty.handler.ssl.SslContext;
|
import io.netty.handler.ssl.SslContext;
|
||||||
import io.netty.handler.ssl.SslContextBuilder;
|
import io.netty.handler.ssl.SslContextBuilder;
|
||||||
|
import io.netty.handler.ssl.SslHandler;
|
||||||
|
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
|
||||||
import io.netty.handler.ssl.SslProvider;
|
import io.netty.handler.ssl.SslProvider;
|
||||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||||
import io.netty.util.ReferenceCountUtil;
|
import io.netty.util.ReferenceCountUtil;
|
||||||
|
@ -39,6 +41,8 @@ import org.junit.runner.RunWith;
|
||||||
import org.junit.runners.Parameterized;
|
import org.junit.runners.Parameterized;
|
||||||
import org.junit.runners.Parameterized.Parameters;
|
import org.junit.runners.Parameterized.Parameters;
|
||||||
|
|
||||||
|
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||||
|
import javax.net.ssl.SSLSession;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
@ -209,5 +213,34 @@ public class SocketSslGreetingTest extends AbstractSocketTest {
|
||||||
exception.compareAndSet(null, cause);
|
exception.compareAndSet(null, cause);
|
||||||
ctx.close();
|
ctx.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void userEventTriggered(final ChannelHandlerContext ctx, final Object evt) throws Exception {
|
||||||
|
if (evt instanceof SslHandshakeCompletionEvent) {
|
||||||
|
final SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
|
||||||
|
if (event.isSuccess()) {
|
||||||
|
SSLSession session = ctx.pipeline().get(SslHandler.class).engine().getSession();
|
||||||
|
try {
|
||||||
|
session.getPeerCertificates();
|
||||||
|
fail();
|
||||||
|
} catch (SSLPeerUnverifiedException e) {
|
||||||
|
// expected
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
session.getPeerCertificateChain();
|
||||||
|
fail();
|
||||||
|
} catch (SSLPeerUnverifiedException e) {
|
||||||
|
// expected
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
session.getPeerPrincipal();
|
||||||
|
fail();
|
||||||
|
} catch (SSLPeerUnverifiedException e) {
|
||||||
|
// expected
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ctx.fireUserEventTriggered(evt);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user