You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2015/01/01 19:53:31 UTC
svn commit: r1648917 -
/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
Author: olegk
Date: Thu Jan 1 18:53:31 2015
New Revision: 1648917
URL: http://svn.apache.org/r1648917
Log:
SSL session debug logs
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?rev=1648917&r1=1648916&r2=1648917&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java Thu Jan 1 18:53:31 2015
@@ -34,6 +34,8 @@ import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.List;
import javax.net.SocketFactory;
@@ -45,6 +47,8 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.auth.x500.X500Principal;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
@@ -148,6 +152,8 @@ public class SSLConnectionSocketFactory
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= StrictHostnameVerifier.INSTANCE;
+ private final Log log = LogFactory.getLog(getClass());
+
/**
* @since 4.4
*/
@@ -326,6 +332,9 @@ public class SSLConnectionSocketFactory
if (connectTimeout > 0 && sock.getSoTimeout() == 0) {
sock.setSoTimeout(connectTimeout);
}
+ if (this.log.isDebugEnabled()) {
+ this.log.debug("Connecting socket to " + remoteAddress + " with timeout " + connectTimeout);
+ }
sock.connect(remoteAddress, connectTimeout);
} catch (final IOException ex) {
try {
@@ -337,6 +346,7 @@ public class SSLConnectionSocketFactory
// Setup SSL layering if necessary
if (sock instanceof SSLSocket) {
final SSLSocket sslsock = (SSLSocket) sock;
+ this.log.debug("Starting handshake");
sslsock.startHandshake();
verifyHostname(sslsock, host.getHostName());
return sock;
@@ -372,7 +382,14 @@ public class SSLConnectionSocketFactory
if (supportedCipherSuites != null) {
sslsock.setEnabledCipherSuites(supportedCipherSuites);
}
+
+ if (this.log.isDebugEnabled()) {
+ this.log.debug("Enabled protocols: " + Arrays.asList(sslsock.getEnabledProtocols()));
+ this.log.debug("Enabled cipher suites:" + Arrays.asList(sslsock.getEnabledCipherSuites()));
+ }
+
prepareSocket(sslsock);
+ this.log.debug("Starting handshake");
sslsock.startHandshake();
verifyHostname(sslsock, target);
return sslsock;
@@ -400,6 +417,42 @@ public class SSLConnectionSocketFactory
if (session == null) {
throw new SSLHandshakeException("SSL session not available");
}
+
+ if (this.log.isDebugEnabled()) {
+ this.log.debug("Secure session established");
+ this.log.debug(" negotiated protocol: " + session.getProtocol());
+ this.log.debug(" negotiated cipher suite: " + session.getCipherSuite());
+
+ try {
+
+ final Certificate[] certs = session.getPeerCertificates();
+ final X509Certificate x509 = (X509Certificate) certs[0];
+ final X500Principal peer = x509.getSubjectX500Principal();
+
+ this.log.debug(" peer principal: " + peer.toString());
+ final Collection<List<?>> altNames1 = x509.getSubjectAlternativeNames();
+ if (altNames1 != null) {
+ for (final List<?> aC : altNames1) {
+ if (!aC.isEmpty()) {
+ this.log.debug(" peer alternative name: " + aC.get(1));
+ }
+ }
+ }
+
+ final X500Principal issuer = x509.getIssuerX500Principal();
+ this.log.debug(" issuer principal: " + issuer.toString());
+ final Collection<List<?>> altNames2 = x509.getIssuerAlternativeNames();
+ if (altNames2 != null) {
+ for (final List<?> aC : altNames2) {
+ if (!aC.isEmpty()) {
+ this.log.debug(" issuer alternative name: " + aC.get(1));
+ }
+ }
+ }
+ } catch (Exception ignore) {
+ }
+ }
+
if (!this.hostnameVerifier.verify(hostname, session)) {
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];