Class TlsUtils

java.lang.Object
com.rabbitmq.client.impl.TlsUtils
public class TlsUtils extends Object
Utility to extract information from X509 certificates.
Since:
5.7.0

  • Field Details

  • Constructor Details

    • TlsUtils

      public TlsUtils()

  • Method Details

    • logPeerCertificateInfo

      public static void logPeerCertificateInfo(SSLSession session)
      Log details on peer certificate and certification chain.

      The log level is debug. Common X509 extensions are displayed in a best-effort fashion, a hexadecimal dump is made for less commonly used extensions.

      Parameters:
      session - the SSLSession to extract the certificates from

    • peerCertificateInfo

      public static String peerCertificateInfo(Certificate certificate, String prefix)
      Get a string representation of certificate info.
      Parameters:
      certificate - the certificate to analyze
      prefix - the line prefix
      Returns:
      information about the certificate

    • sans

      private static String sans(X509Certificate c, String separator) throws CertificateParsingException
      Throws:
      CertificateParsingException

    • extensionPrettyPrint

      public static String extensionPrettyPrint(String oid, byte[] derOctetString, X509Certificate certificate)
      Human-readable representation of an X509 certificate extension.

      Common extensions are supported in a best-effort fashion, less commonly used extensions are displayed as an hexadecimal dump.

      Extensions come encoded as a DER Octet String, which itself can contain other DER-encoded objects, making a comprehensive support in this utility impossible.

      Parameters:
      oid - extension OID
      derOctetString - the extension value as a DER octet string
      certificate - the certificate
      Returns:
      the OID and the value
      See Also:

    • stripCRLF

      public static String stripCRLF(String value)
      Strips carriage return (CR) and line feed (LF) characters to mitigate CWE-117.
      Returns:
      sanitised string value

    • extensions

      private static String extensions(X509Certificate certificate)

    • octetStringHexDump

      private static String octetStringHexDump(byte[] derOctetString)

    • hexDump

      private static String hexDump(int start, byte[] derOctetString)

    • keyUsageBitString

      private static String keyUsageBitString(boolean[] keyUsage, byte[] derOctetString)

    • basicConstraints

      private static String basicConstraints(byte[] derOctetString)

    • authorityKeyIdentifier

      private static String authorityKeyIdentifier(byte[] derOctetString)

    • extendedKeyUsage

      private static String extendedKeyUsage(byte[] derOctetString, X509Certificate certificate)