Package com.rabbitmq.client.impl

Class TlsUtils

java.lang.Object
com.rabbitmq.client.impl.TlsUtils
public class TlsUtils extends Object
Utility to extract information from X509 certificates.
Since:
5.7.0

  • Constructor Details

    • TlsUtils

      public TlsUtils()

  • Method Details

    • logPeerCertificateInfo

      public static void logPeerCertificateInfo(SSLSession session)
      Log details on peer certificate and certification chain.

      The log level is debug. Common X509 extensions are displayed in a best-effort fashion, a hexadecimal dump is made for less commonly used extensions.

      Parameters:
      session - the SSLSession to extract the certificates from

    • peerCertificateInfo

      public static String peerCertificateInfo(Certificate certificate, String prefix)
      Get a string representation of certificate info.
      Parameters:
      certificate - the certificate to analyze
      prefix - the line prefix
      Returns:
      information about the certificate

    • extensionPrettyPrint

      public static String extensionPrettyPrint(String oid, byte[] derOctetString, X509Certificate certificate)
      Human-readable representation of an X509 certificate extension.

      Common extensions are supported in a best-effort fashion, less commonly used extensions are displayed as an hexadecimal dump.

      Extensions come encoded as a DER Octet String, which itself can contain other DER-encoded objects, making a comprehensive support in this utility impossible.

      Parameters:
      oid - extension OID
      derOctetString - the extension value as a DER octet string
      certificate - the certificate
      Returns:
      the OID and the value
      See Also:

    • stripCRLF

      public static String stripCRLF(String value)
      Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.
      Returns:
      sanitised string value