187 if ((socket != null) && socket.isConnected() &&
188 (socket instanceof SSLSocket)) {
189
190 SSLSocket sslSocket = (SSLSocket)socket;
191 SSLSession session = sslSocket.getHandshakeSession();
192 if (session == null) {
193 throw new CertificateException("No handshake session");
194 }
195
196 // check endpoint identity
197 String identityAlg = sslSocket.getSSLParameters().
198 getEndpointIdentificationAlgorithm();
199 if (identityAlg != null && identityAlg.length() != 0) {
200 checkIdentity(session, chain[0], identityAlg, isClient,
201 getRequestedServerNames(socket));
202 }
203
204 // create the algorithm constraints
205 ProtocolVersion protocolVersion =
206 ProtocolVersion.valueOf(session.getProtocol());
207 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
208 if (session instanceof ExtendedSSLSession) {
209 ExtendedSSLSession extSession =
210 (ExtendedSSLSession)session;
211 String[] localSupportedSignAlgs =
212 extSession.getLocalSupportedSignatureAlgorithms();
213
214 constraints = new SSLAlgorithmConstraints(
215 sslSocket, localSupportedSignAlgs, false);
216 } else {
217 constraints =
218 new SSLAlgorithmConstraints(sslSocket, false);
219 }
220 } else {
221 constraints = new SSLAlgorithmConstraints(sslSocket, false);
222 }
223 }
224
225 X509Certificate[] trustedChain = null;
226 if (isClient) {
227 trustedChain = validate(v, chain, constraints, null);
239 Validator v = checkTrustedInit(chain, authType, isClient);
240
241 AlgorithmConstraints constraints = null;
242 if (engine != null) {
243 SSLSession session = engine.getHandshakeSession();
244 if (session == null) {
245 throw new CertificateException("No handshake session");
246 }
247
248 // check endpoint identity
249 String identityAlg = engine.getSSLParameters().
250 getEndpointIdentificationAlgorithm();
251 if (identityAlg != null && identityAlg.length() != 0) {
252 checkIdentity(session, chain[0], identityAlg, isClient,
253 getRequestedServerNames(engine));
254 }
255
256 // create the algorithm constraints
257 ProtocolVersion protocolVersion =
258 ProtocolVersion.valueOf(session.getProtocol());
259 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
260 if (session instanceof ExtendedSSLSession) {
261 ExtendedSSLSession extSession =
262 (ExtendedSSLSession)session;
263 String[] localSupportedSignAlgs =
264 extSession.getLocalSupportedSignatureAlgorithms();
265
266 constraints = new SSLAlgorithmConstraints(
267 engine, localSupportedSignAlgs, false);
268 } else {
269 constraints =
270 new SSLAlgorithmConstraints(engine, false);
271 }
272 } else {
273 constraints = new SSLAlgorithmConstraints(engine, false);
274 }
275 }
276
277 X509Certificate[] trustedChain = null;
278 if (isClient) {
279 trustedChain = validate(v, chain, constraints, null);
|
187 if ((socket != null) && socket.isConnected() &&
188 (socket instanceof SSLSocket)) {
189
190 SSLSocket sslSocket = (SSLSocket)socket;
191 SSLSession session = sslSocket.getHandshakeSession();
192 if (session == null) {
193 throw new CertificateException("No handshake session");
194 }
195
196 // check endpoint identity
197 String identityAlg = sslSocket.getSSLParameters().
198 getEndpointIdentificationAlgorithm();
199 if (identityAlg != null && identityAlg.length() != 0) {
200 checkIdentity(session, chain[0], identityAlg, isClient,
201 getRequestedServerNames(socket));
202 }
203
204 // create the algorithm constraints
205 ProtocolVersion protocolVersion =
206 ProtocolVersion.valueOf(session.getProtocol());
207 if (protocolVersion.useTLS12PlusSpec()) {
208 if (session instanceof ExtendedSSLSession) {
209 ExtendedSSLSession extSession =
210 (ExtendedSSLSession)session;
211 String[] localSupportedSignAlgs =
212 extSession.getLocalSupportedSignatureAlgorithms();
213
214 constraints = new SSLAlgorithmConstraints(
215 sslSocket, localSupportedSignAlgs, false);
216 } else {
217 constraints =
218 new SSLAlgorithmConstraints(sslSocket, false);
219 }
220 } else {
221 constraints = new SSLAlgorithmConstraints(sslSocket, false);
222 }
223 }
224
225 X509Certificate[] trustedChain = null;
226 if (isClient) {
227 trustedChain = validate(v, chain, constraints, null);
239 Validator v = checkTrustedInit(chain, authType, isClient);
240
241 AlgorithmConstraints constraints = null;
242 if (engine != null) {
243 SSLSession session = engine.getHandshakeSession();
244 if (session == null) {
245 throw new CertificateException("No handshake session");
246 }
247
248 // check endpoint identity
249 String identityAlg = engine.getSSLParameters().
250 getEndpointIdentificationAlgorithm();
251 if (identityAlg != null && identityAlg.length() != 0) {
252 checkIdentity(session, chain[0], identityAlg, isClient,
253 getRequestedServerNames(engine));
254 }
255
256 // create the algorithm constraints
257 ProtocolVersion protocolVersion =
258 ProtocolVersion.valueOf(session.getProtocol());
259 if (protocolVersion.useTLS12PlusSpec()) {
260 if (session instanceof ExtendedSSLSession) {
261 ExtendedSSLSession extSession =
262 (ExtendedSSLSession)session;
263 String[] localSupportedSignAlgs =
264 extSession.getLocalSupportedSignatureAlgorithms();
265
266 constraints = new SSLAlgorithmConstraints(
267 engine, localSupportedSignAlgs, false);
268 } else {
269 constraints =
270 new SSLAlgorithmConstraints(engine, false);
271 }
272 } else {
273 constraints = new SSLAlgorithmConstraints(engine, false);
274 }
275 }
276
277 X509Certificate[] trustedChain = null;
278 if (isClient) {
279 trustedChain = validate(v, chain, constraints, null);
|