Merge pull request #199 from cconlon/sslSessionGetPeerCertificates

Return X509Certificate[] from SSLSession.getPeerCertificates()
2024-06-07 13:06:17 -06:00 · 2024-06-07 13:06:17 -06:00 · bb12cc94a0
parent 87412b0639 7486579741
commit bb12cc94a0
2 changed files with 17 additions and 3 deletions
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@ -75,7 +75,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
     * SSLSocket.getSession().getPeerCertificates() will return the peer
     * certificate even on a resumed connection where the cert has not been
     * sent during the handshake. */
-    private Certificate[] peerCerts = null;
+    private X509Certificate[] peerCerts = null;

    /**
     * Is this object currently inside the WolfSSLAuthStore session cache table?
@ -456,7 +456,8 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
     * ssl.getPeerCertificate() fails, then we return the cached cert if
     * we have it.
     *
-     * @return Certificate array of peer certs for session
+     * @return Certificate array of peer certs for session. Actual subclass
+     *         type returned is X509Certificate[] to match SunJSSE behavior
     *
     * @throws SSLPeerUnverifiedException if handshake is not complete,
     *         or error getting certificates
@ -546,7 +547,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
        cert.free();

        /* cache peer cert for use by app in resumed session */
-        this.peerCerts = new Certificate[] { exportCert };
+        this.peerCerts = new X509Certificate[] { exportCert };

        return this.peerCerts.clone();
    }
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSessionTest.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSessionTest.java
@ -25,6 +25,7 @@ import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;

 import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 import java.security.NoSuchProviderException;
 import java.security.Principal;
 import java.security.Provider;
@ -276,6 +277,18 @@ public class WolfSSLSessionTest {
                    error("\t\t... failed");
                    fail("unexpected cert type found");
                }
+
+                /* Check that Certificate[] returned from getPeerCertificates()
+                 * is actually of subclass type X509Certificate[]. If not and
+                 * we try to cast back to it, we should get a
+                 * ClassCastException */
+                try {
+                    X509Certificate[] xCerts = (X509Certificate[])certs;
+                } catch (ClassCastException e) {
+                    error("\t\t... failed");
+                    fail("getPeerCertificates() did not return array of type " +
+                         "X509Certificate[]");
+                }
            }
        } catch (SSLPeerUnverifiedException e) {
            error("\t\t... failed");