WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #199 from cconlon/sslSessionGetPeerCertificates 

Return X509Certificate[] from SSLSession.getPeerCertificates()
pull/200/head
JacobBarthelmeh 2024-06-07 13:06:17 -06:00 committed by GitHub
parent 87412b0639 7486579741
commit bb12cc94a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
View File

@ -75,7 +75,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
* SSLSocket.getSession().getPeerCertificates() will return the peer * SSLSocket.getSession().getPeerCertificates() will return the peer
* certificate even on a resumed connection where the cert has not been * certificate even on a resumed connection where the cert has not been
* sent during the handshake. */ * sent during the handshake. */
private Certificate[] peerCerts = null; private X509Certificate[] peerCerts = null;
/** /**
* Is this object currently inside the WolfSSLAuthStore session cache table? * Is this object currently inside the WolfSSLAuthStore session cache table?
@ -456,7 +456,8 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
* ssl.getPeerCertificate() fails, then we return the cached cert if * ssl.getPeerCertificate() fails, then we return the cached cert if
* we have it. * we have it.
* *
* @return Certificate array of peer certs for session * @return Certificate array of peer certs for session. Actual subclass
* type returned is X509Certificate[] to match SunJSSE behavior
* *
* @throws SSLPeerUnverifiedException if handshake is not complete, * @throws SSLPeerUnverifiedException if handshake is not complete,
* or error getting certificates * or error getting certificates
@ -546,7 +547,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
cert.free(); cert.free();
/* cache peer cert for use by app in resumed session */ /* cache peer cert for use by app in resumed session */
this.peerCerts = new Certificate[] { exportCert }; this.peerCerts = new X509Certificate[] { exportCert };
return this.peerCerts.clone(); return this.peerCerts.clone();
} }

13
src/test/com/wolfssl/provider/jsse/test/WolfSSLSessionTest.java
View File

@ -25,6 +25,7 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.NoSuchProviderException; import java.security.NoSuchProviderException;
import java.security.Principal; import java.security.Principal;
import java.security.Provider; import java.security.Provider;
@ -276,6 +277,18 @@ public class WolfSSLSessionTest {
error("\t\t... failed"); error("\t\t... failed");
fail("unexpected cert type found"); fail("unexpected cert type found");
} }
/* Check that Certificate[] returned from getPeerCertificates()
* is actually of subclass type X509Certificate[]. If not and
* we try to cast back to it, we should get a
* ClassCastException */
try {
X509Certificate[] xCerts = (X509Certificate[])certs;
} catch (ClassCastException e) {
error("\t\t... failed");
fail("getPeerCertificates() did not return array of type " +
"X509Certificate[]");
}
} }
} catch (SSLPeerUnverifiedException e) { } catch (SSLPeerUnverifiedException e) {
error("\t\t... failed"); error("\t\t... failed");