src/main/java/com/sleepycat/je/rep/utilint/net/SSLDNMatcher.java - doris-thirdparty - Git at Google

 /*-
  * Copyright (C) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
  *
  * This file was distributed by Oracle as part of a version of Oracle Berkeley
  * DB Java Edition made available at:
  *
  * http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html
  *
  * Please see the LICENSE file included in the top-level directory of the
  * appropriate version of Oracle Berkeley DB Java Edition for a copy of the
  * license and additional information.
  */

 package com.sleepycat.je.rep.utilint.net;

 import java.security.Principal;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.security.auth.x500.X500Principal;

 import com.sleepycat.je.rep.net.InstanceParams;

 /**
  * This is an implementation of SSLAuthenticator which authenticates based
  * on the Distinguished Name (DN) in the SSL peer's certificate.  Matching
  * is done using Java regular expressions against the RFC1779-formatted DN.
  * This is typically used to match against the CN portion of the name.
  */

 class SSLDNMatcher {

     private final Pattern pattern;

     /**
      * Construct an SSLDNMatcher
      *
      * @param params The instantiation params.  The classParams must be
      * a pattern to be matched to a Distinguished Name in an SSL certificate.
      * The match pattern must be a valid Java regular expression.
      * @throws IllegalArgumentException if the pattern is not a valid
      * regular expression
      */
     SSLDNMatcher(InstanceParams params)
         throws IllegalArgumentException {

         this.pattern = compileRegex(params.getClassParams());
     }

     /*
      * Check whether the peer certificate matches the configured expression.
      */
     public boolean peerMatches(SSLSession sslSession) {
         Principal principal = null;
         try {
             principal = sslSession.getPeerPrincipal();
         } catch (SSLPeerUnverifiedException pue) {
             return false;
         }

         if (principal != null) {
             if (principal instanceof X500Principal) {
                 final X500Principal x500Principal = (X500Principal) principal;
                 final String name =
                     x500Principal.getName(X500Principal.RFC1779);
                 final Matcher m = pattern.matcher(name);
                 if (m.matches()) {
                     return true;
                 }
             }
         }
         return false;
     }

     private static Pattern compileRegex(String regex)
         throws IllegalArgumentException {
         try {
             return Pattern.compile(regex);
         } catch(PatternSyntaxException pse) {
             throw new IllegalArgumentException(
                 "pattern is invalid", pse);
         }
     }

     static void validateRegex(String regex)
         throws IllegalArgumentException {

         /* ignore the result */
         compileRegex(regex);
     }
 }
	/*-
	* Copyright (C) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
	*
	* This file was distributed by Oracle as part of a version of Oracle Berkeley
	* DB Java Edition made available at:
	*
	* http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html
	*
	* Please see the LICENSE file included in the top-level directory of the
	* appropriate version of Oracle Berkeley DB Java Edition for a copy of the
	* license and additional information.
	*/

	package com.sleepycat.je.rep.utilint.net;

	import java.security.Principal;
	import java.util.regex.Matcher;
	import java.util.regex.Pattern;
	import java.util.regex.PatternSyntaxException;
	import javax.net.ssl.SSLPeerUnverifiedException;
	import javax.net.ssl.SSLSession;
	import javax.security.auth.x500.X500Principal;

	import com.sleepycat.je.rep.net.InstanceParams;

	/**
	* This is an implementation of SSLAuthenticator which authenticates based
	* on the Distinguished Name (DN) in the SSL peer's certificate. Matching
	* is done using Java regular expressions against the RFC1779-formatted DN.
	* This is typically used to match against the CN portion of the name.
	*/

	class SSLDNMatcher {

	private final Pattern pattern;

	/**
	* Construct an SSLDNMatcher
	*
	* @param params The instantiation params. The classParams must be
	* a pattern to be matched to a Distinguished Name in an SSL certificate.
	* The match pattern must be a valid Java regular expression.
	* @throws IllegalArgumentException if the pattern is not a valid
	* regular expression
	*/
	SSLDNMatcher(InstanceParams params)
	throws IllegalArgumentException {

	this.pattern = compileRegex(params.getClassParams());
	}

	/*
	* Check whether the peer certificate matches the configured expression.
	*/
	public boolean peerMatches(SSLSession sslSession) {
	Principal principal = null;
	try {
	principal = sslSession.getPeerPrincipal();
	} catch (SSLPeerUnverifiedException pue) {
	return false;
	}

	if (principal != null) {
	if (principal instanceof X500Principal) {
	final X500Principal x500Principal = (X500Principal) principal;
	final String name =
	x500Principal.getName(X500Principal.RFC1779);
	final Matcher m = pattern.matcher(name);
	if (m.matches()) {
	return true;
	}
	}
	}
	return false;
	}

	private static Pattern compileRegex(String regex)
	throws IllegalArgumentException {
	try {
	return Pattern.compile(regex);
	} catch(PatternSyntaxException pse) {
	throw new IllegalArgumentException(
	"pattern is invalid", pse);
	}
	}

	static void validateRegex(String regex)
	throws IllegalArgumentException {

	/* ignore the result */
	compileRegex(regex);
	}
	}