Class TlsUtils


  • public class TlsUtils
    extends Object
    Utility to extract information from X509 certificates.
    Since:
    5.7.0
    • Constructor Detail

      • TlsUtils

        public TlsUtils()
    • Method Detail

      • logPeerCertificateInfo

        public static void logPeerCertificateInfo​(SSLSession session)
        Log details on peer certificate and certification chain.

        The log level is debug. Common X509 extensions are displayed in a best-effort fashion, a hexadecimal dump is made for less commonly used extensions.

        Parameters:
        session - the SSLSession to extract the certificates from
      • peerCertificateInfo

        public static String peerCertificateInfo​(Certificate certificate,
                                                 String prefix)
        Get a string representation of certificate info.
        Parameters:
        certificate - the certificate to analyze
        prefix - the line prefix
        Returns:
        information about the certificate
      • extensionPrettyPrint

        public static String extensionPrettyPrint​(String oid,
                                                  byte[] derOctetString,
                                                  X509Certificate certificate)
        Human-readable representation of an X509 certificate extension.

        Common extensions are supported in a best-effort fashion, less commonly used extensions are displayed as an hexadecimal dump.

        Extensions come encoded as a DER Octet String, which itself can contain other DER-encoded objects, making a comprehensive support in this utility impossible.

        Parameters:
        oid - extension OID
        derOctetString - the extension value as a DER octet string
        certificate - the certificate
        Returns:
        the OID and the value
        See Also:
        A Layman's Guide to a Subset of ASN.1, BER, and DER, DER Encoding of ASN.1 Types
      • stripCRLF

        public static String stripCRLF​(String value)
        Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.
        Returns:
        sanitised string value