+ow.format.getTLSCertificates

nmaguiar · nmaguiar · commit 1d1e3fe85f77 · 2021-04-04T07:32:02.000+01:00
diff --git a/js/owrap.format.js b/js/owrap.format.js
@@ -1251,6 +1251,69 @@ OpenWrap.format.prototype.getPublicIP = function() {
 	return $rest().get("https://ifconfig.co/json");
 };
 
+/**
+ * <odoc>
+ * <key>ow.format.getTLSCertificates(aHost, aPort, withJava, aPath, aPass, aSoTimeout) : Array</key>
+ * Tries to retreive the TLS certificates from aHost, aPort (defaults to 443). Optionally if withJava=true the original certificate
+ * Java object will also be included. If the CA certificates is in a different location you can provide aPath and the corresponding aPass.
+ * Additionally you can specificy aSoTimeout (socket timeout in ms) which defaults to 10s.  
+ * </odoc>
+ */
+OpenWrap.format.prototype.getTLSCertificates = function(aHost, aPort, withJava, aPath, aPass, aSoTimeout) {
+    _$(aHost, "aHost").isString().$_();
+	aPort = _$(aPort, "aPort").isNumber().default(443);
+    aPath = _$(aPath, "aPath").isString().default(ow.format.getJavaHome() + "/lib/security/cacerts");
+	aPass = _$(aPass, "aPass").isString().default("changeit");
+	withJava = _$(withJava, "withJava").isBoolean().default(false);
+	aSoTimeout = _$(aSoTimeout, "aSoTimeout").isNumber().default(10000);
+
+    var context = javax.net.ssl.SSLContext.getInstance("TLS");
+    var tmf = javax.net.ssl.TrustManagerFactory.getInstance(javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm());
+    var ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+    ks.load(io.readFileStream(aPath), (new java.lang.String(aPass)).toCharArray());
+    tmf.init(ks);
+    var defaultTrustManager = tmf.getTrustManagers()[0];
+    var cchain;
+    var tm = new JavaAdapter(javax.net.ssl.X509TrustManager, {
+      getAcceptedIssuers: function() {
+        return new java.security.cert.X509Certificate();
+      },
+      checkClientTrusted: function() {
+        throw new javax.net.ssl.UnsupportedOperationException();
+      },
+      checkServerTrusted: function(chain, authType) {
+        cchain = chain;
+        defaultTrustManager.checkServerTrusted(chain, authType);
+      }
+    });
+    context.init(null, [tm], null);
+    var factory = context.getSocketFactory();
+
+    var socket = factory.createSocket(aHost, aPort);
+    socket.setSoTimeout(aSoTimeout);
+    try {
+      socket.startHandshake();
+    } catch(e) {
+    }
+    socket.close();
+
+    var sres = af.fromJavaArray(cchain);
+    var res = sres.map(r => {
+	  var rr = {
+		issuerDN    : r.getIssuerDN(),
+		subjectDN   : r.getSubjectDN(),
+		notBefore   : new Date( r.getNotBefore().toGMTString() ),
+		notAfter    : new Date( r.getNotAfter().toGMTString() )
+	  };
+      if (withJava) rr.javaObj = r;
+	  if (!isNull(r.getSubjectAlternativeNames())) rr.alternatives = af.fromJavaArray( r.getSubjectAlternativeNames().toArray() ).map(af.fromJavaArray);
+ 
+	  return rr;
+    });
+    
+	return res;
+};
+
 /**
  * <odoc>
  * <key>ow.format.testPublicPort(aPort) : Map</key>
