Package com.rabbitmq.client.impl

Class TlsUtils

  • public class TlsUtils
extends java.lang.Object
    Utility to extract information from X509 certificates.
    Since:
    5.7.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.util.Map<java.lang.String,​java.lang.String> EXTENDED_KEY_USAGE  
      private static java.util.Map<java.lang.String,​java.util.function.BiFunction<byte[],​java.security.cert.X509Certificate,​java.lang.String>> EXTENSIONS  
      private static java.util.List<java.lang.String> KEY_USAGE  
      private static org.slf4j.Logger LOGGER  
      private static java.lang.String PARSING_ERROR  

    • Constructor Summary

      Constructors 
      Constructor Description
      TlsUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String authorityKeyIdentifier​(byte[] derOctetString)  
      private static java.lang.String basicConstraints​(byte[] derOctetString)  
      private static java.lang.String extendedKeyUsage​(byte[] derOctetString, java.security.cert.X509Certificate certificate)  
      static java.lang.String extensionPrettyPrint​(java.lang.String oid, byte[] derOctetString, java.security.cert.X509Certificate certificate)
      Human-readable representation of an X509 certificate extension.
      private static java.lang.String extensions​(java.security.cert.X509Certificate certificate)  
      private static java.lang.String hexDump​(int start, byte[] derOctetString)  
      private static java.lang.String keyUsageBitString​(boolean[] keyUsage, byte[] derOctetString)  
      static void logPeerCertificateInfo​(javax.net.ssl.SSLSession session)
      Log details on peer certificate and certification chain.
      private static java.lang.String octetStringHexDump​(byte[] derOctetString)  
      static java.lang.String peerCertificateInfo​(java.security.cert.Certificate certificate, java.lang.String prefix)
      Get a string representation of certificate info.
      private static java.lang.String sans​(java.security.cert.X509Certificate c, java.lang.String separator)  
      static java.lang.String stripCRLF​(java.lang.String value)
      Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER

      • KEY_USAGE

        private static final java.util.List<java.lang.String> KEY_USAGE

      • EXTENDED_KEY_USAGE

        private static final java.util.Map<java.lang.String,​java.lang.String> EXTENDED_KEY_USAGE

      • PARSING_ERROR

        private static java.lang.String PARSING_ERROR

      • EXTENSIONS

        private static final java.util.Map<java.lang.String,​java.util.function.BiFunction<byte[],​java.security.cert.X509Certificate,​java.lang.String>> EXTENSIONS

    • Constructor Detail

      • TlsUtils

        public TlsUtils()

    • Method Detail

      • logPeerCertificateInfo

        public static void logPeerCertificateInfo​(javax.net.ssl.SSLSession session)
        Log details on peer certificate and certification chain.

        The log level is debug. Common X509 extensions are displayed in a best-effort fashion, a hexadecimal dump is made for less commonly used extensions.

        Parameters:
        session - the SSLSession to extract the certificates from

      • peerCertificateInfo

        public static java.lang.String peerCertificateInfo​(java.security.cert.Certificate certificate,
                                                   java.lang.String prefix)
        Get a string representation of certificate info.
        Parameters:
        certificate - the certificate to analyze
        prefix - the line prefix
        Returns:
        information about the certificate

      • sans

        private static java.lang.String sans​(java.security.cert.X509Certificate c,
                                     java.lang.String separator)
                              throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException

      • extensionPrettyPrint

        public static java.lang.String extensionPrettyPrint​(java.lang.String oid,
                                                    byte[] derOctetString,
                                                    java.security.cert.X509Certificate certificate)
        Human-readable representation of an X509 certificate extension.

        Common extensions are supported in a best-effort fashion, less commonly used extensions are displayed as an hexadecimal dump.

        Extensions come encoded as a DER Octet String, which itself can contain other DER-encoded objects, making a comprehensive support in this utility impossible.

        Parameters:
        oid - extension OID
        derOctetString - the extension value as a DER octet string
        certificate - the certificate
        Returns:
        the OID and the value
        See Also:
        A Layman's Guide to a Subset of ASN.1, BER, and DER, DER Encoding of ASN.1 Types

      • stripCRLF

        public static java.lang.String stripCRLF​(java.lang.String value)
        Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.
        Returns:
        sanitised string value

      • extensions

        private static java.lang.String extensions​(java.security.cert.X509Certificate certificate)

      • octetStringHexDump

        private static java.lang.String octetStringHexDump​(byte[] derOctetString)

      • hexDump

        private static java.lang.String hexDump​(int start,
                                        byte[] derOctetString)

      • keyUsageBitString

        private static java.lang.String keyUsageBitString​(boolean[] keyUsage,
                                                  byte[] derOctetString)

      • basicConstraints

        private static java.lang.String basicConstraints​(byte[] derOctetString)

      • authorityKeyIdentifier

        private static java.lang.String authorityKeyIdentifier​(byte[] derOctetString)

      • extendedKeyUsage

        private static java.lang.String extendedKeyUsage​(byte[] derOctetString,
                                                 java.security.cert.X509Certificate certificate)