throwEnhancedCertificateException() — netty Function Reference
Architecture documentation for the throwEnhancedCertificateException() function in EnhancingX509ExtendedTrustManager.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD 2eeb261a_bf22_8fb6_3cda_596b5ab85a9f["throwEnhancedCertificateException()"] c5d2be08_7d10_3353_b854_1b0eee00afa0["EnhancingX509ExtendedTrustManager"] 2eeb261a_bf22_8fb6_3cda_596b5ab85a9f -->|defined in| c5d2be08_7d10_3353_b854_1b0eee00afa0 7cb09430_ae31_2f23_9ea0_20866ef3f4bf["checkServerTrusted()"] 7cb09430_ae31_2f23_9ea0_20866ef3f4bf -->|calls| 2eeb261a_bf22_8fb6_3cda_596b5ab85a9f style 2eeb261a_bf22_8fb6_3cda_596b5ab85a9f fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
handler/src/main/java/io/netty/handler/ssl/EnhancingX509ExtendedTrustManager.java lines 108–162
private static void throwEnhancedCertificateException(CertificateException e, X509Certificate[] chain,
SSLSession session) throws CertificateException {
// Matching the message is the best we can do sadly.
String message = e.getMessage();
if (message != null &&
(message.startsWith("No subject alternative") || message.startsWith("No name matching"))) {
StringBuilder sb = new StringBuilder(128);
sb.append(message);
// Some exception messages from sun.security.util.HostnameChecker may end with a dot that we don't need
if (message.charAt(message.length() - 1) == '.') {
sb.setLength(sb.length() - 1);
}
if (session != null) {
sb.append(" for SNIHostName=").append(getSNIHostName(session))
.append(" and peerHost=").append(session.getPeerHost());
}
sb.append(" in the chain of ").append(chain.length).append(" certificate(s):");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
Collection<List<?>> collection = cert.getSubjectAlternativeNames();
sb.append(' ').append(i + 1).append(". subjectAlternativeNames=[");
if (collection != null) {
boolean hasNames = false;
for (List<?> altNames : collection) {
if (altNames.size() < 2) {
// We expect at least a pair of 'nameType:value' in that list.
continue;
}
final int nameType = ((Integer) altNames.get(0)).intValue();
if (nameType == ALTNAME_DNS) {
sb.append("DNS");
} else if (nameType == ALTNAME_IP) {
sb.append("IP");
} else if (nameType == ALTNAME_URI) {
// URI names are common in some environments with gRPC services that use SPIFFEs.
// Though the hostname matcher won't be looking at them, having them there can help
// debugging cases where hostname verification was enabled when it shouldn't be.
sb.append("URI");
} else {
continue;
}
sb.append(':').append((String) altNames.get(1)).append(SEPARATOR);
hasNames = true;
}
if (hasNames) {
// Strip of the last separator
sb.setLength(sb.length() - SEPARATOR.length());
}
}
sb.append("], CN=").append(getCommonName(cert)).append('.');
}
throw new CertificateException(sb.toString(), e);
}
throw e;
}Domain
Subdomains
Called By
Source
Frequently Asked Questions
What does throwEnhancedCertificateException() do?
throwEnhancedCertificateException() is a function in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/EnhancingX509ExtendedTrustManager.java.
Where is throwEnhancedCertificateException() defined?
throwEnhancedCertificateException() is defined in handler/src/main/java/io/netty/handler/ssl/EnhancingX509ExtendedTrustManager.java at line 108.
What calls throwEnhancedCertificateException()?
throwEnhancedCertificateException() is called by 1 function(s): checkServerTrusted.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free