Package com.rabbitmq.client.impl

Class TlsUtils

java.lang.Object

com.rabbitmq.client.impl.TlsUtils

public class TlsUtils
extends Object

Utility to extract information from X509 certificates.

Since:

4.11.0

Constructor Summary

Constructors

Constructor	Description
TlsUtils()

Method Summary

Modifier and Type	Method	Description
static String	extensionPrettyPrint(String oid, byte[] derOctetString, X509Certificate certificate)	Human-readable representation of an X509 certificate extension.
static void	logPeerCertificateInfo(SSLSession session)	Log details on peer certificate and certification chain.
static String	peerCertificateInfo(Certificate certificate, String prefix)	Get a string representation of certificate info.
static String	stripCRLF(String value)	Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TlsUtils

public TlsUtils()

Method Detail

logPeerCertificateInfo

public static void logPeerCertificateInfo(SSLSession session)

Log details on peer certificate and certification chain.

The log level is debug. Common X509 extensions are displayed in a best-effort fashion, a hexadecimal dump is made for less commonly used extensions.

Parameters:

session - the SSLSession to extract the certificates from

peerCertificateInfo

public static String peerCertificateInfo(Certificate certificate,
                                         String prefix)

Get a string representation of certificate info.

Parameters:

certificate - the certificate to analyze

prefix - the line prefix

Returns:

information about the certificate

extensionPrettyPrint

public static String extensionPrettyPrint(String oid,
                                          byte[] derOctetString,
                                          X509Certificate certificate)

Human-readable representation of an X509 certificate extension.

Common extensions are supported in a best-effort fashion, less commonly used extensions are displayed as an hexadecimal dump.

Extensions come encoded as a DER Octet String, which itself can contain other DER-encoded objects, making a comprehensive support in this utility impossible.

Parameters:

oid - extension OID

derOctetString - the extension value as a DER octet string

certificate - the certificate

Returns:

the OID and the value

See Also:

A Layman's Guide to a Subset of ASN.1, BER, and DER, DER Encoding of ASN.1 Types

stripCRLF

public static String stripCRLF(String value)

Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.

Returns:

sanitised string value