Return X500Principal from getPeerPrincipal() and getLocalPrincipal()

JeremiahM37 · JeremiahM37 · commit 5a66faf54c0f · 2026-03-06T15:24:28.000Z
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
@@ -321,8 +321,7 @@ protected synchronized void cacheRequestedServerNamesFromNetData() {
         List<SNIServerName> names;
         WolfSSLImplementSSLSession session;
 
-        if (this.engineHelper == null ||
-            this.engineHelper.getUseClientMode()) {
+        if (this.engineHelper == null || this.engineHelper.getUseClientMode()) {
             return;
         }
 
@@ -1199,8 +1198,7 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
                 default:
                     /* Throw SSLHandshakeException if handshake not finished */
                     if (!this.handshakeFinished) {
-                        SSLHandshakeException hse =
-                            new SSLHandshakeException(
+                        SSLHandshakeException hse = new SSLHandshakeException(
                             "SSL/TLS handshake error in read: " + ret +
                             " , err = " + err);
                         if (this.engineHelper != null) {
@@ -1482,8 +1480,7 @@ else if (hs == SSLEngineResult.HandshakeStatus.NEED_WRAP &&
                                 for (int pos = 0;
                                         pos < this.pendingAppDataLen;) {
                                     if (idx2 + ofst >= length) break;
-                                    int space =
-                                        out[idx2 + ofst].remaining();
+                                    int space = out[idx2 + ofst].remaining();
                                     if (space == 0) { idx2++; continue; }
                                     int sz2 = Math.min(space,
                                         this.pendingAppDataLen - pos);
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -866,8 +866,7 @@ private boolean isTls13CipherSuite(String suite) {
         }
 
         return suite.startsWith("TLS_AES_") ||
-            suite.startsWith("TLS_CHACHA20_") ||
-            suite.startsWith("TLS_SM4_");
+            suite.startsWith("TLS_CHACHA20_") || suite.startsWith("TLS_SM4_");
     }
 
     private String[] getEffectiveProtocolsForCiphers(String[] protocols,
@@ -948,8 +947,7 @@ else if ("TLSv1.2".equals(proto) || "DTLSv1.2".equals(proto) ||
         return protocols;
     }
 
-    private void applyConfiguredCipherProtocolSettings()
-        throws SSLException {
+    private void applyConfiguredCipherProtocolSettings() throws SSLException {
 
         String[] suites;
         String[] protocols;
@@ -1081,8 +1079,7 @@ private void setLocalServerNames(SSLEngine engine) {
         /* SSLEngine(host, port) should send SNI by default if no explicit
          * server names were configured and SNI extension is enabled. */
         boolean isEngineConnectionWithHost = this.clientMode &&
-                engine != null &&
-                this.hostname != null &&
+                engine != null && this.hostname != null &&
                 this.params.getServerNames() == null;
 
         /* Enable SNI if explicitly requested via property, if
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@@ -673,12 +673,11 @@ public Certificate[] getLocalCertificates() {
     public synchronized Principal getPeerPrincipal()
         throws SSLPeerUnverifiedException {
 
-        /* Use standard Java X509Certificate.getSubjectDN()
-         * for X500Name equals() compatibility */
+        /* Return X500Principal for proper equals() symmetry */
         Certificate[] certs = getPeerCertificates();
         if (certs != null && certs.length > 0 &&
             certs[0] instanceof X509Certificate) {
-            return ((X509Certificate) certs[0]).getSubjectDN();
+            return ((X509Certificate) certs[0]).getSubjectX500Principal();
         }
         throw new SSLPeerUnverifiedException("No peer certificate");
     }
@@ -699,7 +698,7 @@ public Principal getLocalPrincipal() {
         if (certs.length > 0){
             /* When chain of certificates exceeds one,
              * the user certifcate is the first */
-            localPrincipal = certs[0].getSubjectDN();
+            localPrincipal = certs[0].getSubjectX500Principal();
         }
 
         /* free native resources earlier than garbage collection if
@@ -1137,8 +1136,7 @@ public synchronized List<SNIServerName> getRequestedServerNames()
         byte[] sniRequestArr = null;
 
         if (this.ssl == null) {
-            if (this.sniServerNames != null &&
-                !this.sniServerNames.isEmpty()) {
+            if (this.sniServerNames != null && !this.sniServerNames.isEmpty()) {
                 return Collections.unmodifiableList(
                     new ArrayList<SNIServerName>(this.sniServerNames));
             }
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java
@@ -310,8 +310,7 @@ else if (sock != null) {
             }
         } catch (Exception e) {
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                () -> "Hostname verification error: " +
-                e.getMessage());
+                () -> "Hostname verification error: " + e.getMessage());
             this.verifyException = e;
             return 0;
         } finally {
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java
@@ -2629,10 +2629,9 @@ public X509Certificate[] getAcceptedIssuers() {
 
             cliToSer.flip();
             if (cliToSer.hasRemaining() &&
-                (server.getHandshakeStatus() ==
-                    HandshakeStatus.NEED_UNWRAP ||
+                (server.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ||
                  server.getHandshakeStatus() ==
-                    HandshakeStatus.NOT_HANDSHAKING)) {
+                     HandshakeStatus.NOT_HANDSHAKING)) {
                 try {
                     server.unwrap(cliToSer, sink);
                 } catch (SSLException e) {
@@ -2651,10 +2650,9 @@ public X509Certificate[] getAcceptedIssuers() {
 
             serToCli.flip();
             if (serToCli.hasRemaining() &&
-                (client.getHandshakeStatus() ==
-                    HandshakeStatus.NEED_UNWRAP ||
+                (client.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ||
                  client.getHandshakeStatus() ==
-                    HandshakeStatus.NOT_HANDSHAKING)) {
+                     HandshakeStatus.NOT_HANDSHAKING)) {
                 try {
                     client.unwrap(serToCli, sink);
                 } catch (SSLHandshakeException e) {
@@ -2701,8 +2699,7 @@ public void testCloseNotifyTLS13HandshakeStatus()
         }
 
         SSLEngine server = this.ctx.createSSLEngine();
-        SSLEngine client =
-            this.ctx.createSSLEngine("wolfSSL test", 11111);
+        SSLEngine client = this.ctx.createSSLEngine("wolfSSL test", 11111);
 
         server.setUseClientMode(false);
         server.setNeedClientAuth(false);
@@ -2794,8 +2791,7 @@ public void testBufferUnderflowPartialRecord()
 
         this.ctx = tf.createSSLContext("TLS", engineProvider);
         SSLEngine server = this.ctx.createSSLEngine();
-        SSLEngine client =
-            this.ctx.createSSLEngine("wolfSSL test", 11111);
+        SSLEngine client = this.ctx.createSSLEngine("wolfSSL test", 11111);
 
         server.setUseClientMode(false);
         server.setNeedClientAuth(false);
@@ -2812,16 +2808,13 @@ public void testBufferUnderflowPartialRecord()
         }
 
         /* Client wraps some application data */
-        String testData =
-            "Hello from client for underflow test";
-        ByteBuffer appBuf =
-            ByteBuffer.wrap(testData.getBytes());
+        String testData = "Hello from client for underflow test";
+        ByteBuffer appBuf = ByteBuffer.wrap(testData.getBytes());
         ByteBuffer netBuf = ByteBuffer.allocateDirect(
             client.getSession().getPacketBufferSize());
 
         SSLEngineResult result = client.wrap(appBuf, netBuf);
-        if (result.getStatus() !=
-            SSLEngineResult.Status.OK) {
+        if (result.getStatus() != SSLEngineResult.Status.OK) {
             error("\t... failed");
             fail("wrap failed: " + result.getStatus());
         }
@@ -2835,22 +2828,19 @@ public void testBufferUnderflowPartialRecord()
 
         /* Create a partial record (only first 3 bytes of the
          * TLS record header, less than the 5-byte header) */
-        ByteBuffer partialBuf =
-            ByteBuffer.allocateDirect(3);
+        ByteBuffer partialBuf = ByteBuffer.allocateDirect(3);
         byte[] partial = new byte[3];
         netBuf.get(partial);
         partialBuf.put(partial);
         partialBuf.flip();
 
         ByteBuffer outBuf = ByteBuffer.allocate(
-            server.getSession()
-                .getApplicationBufferSize());
+            server.getSession().getApplicationBufferSize());
 
         /* Unwrap partial record: BUFFER_UNDERFLOW expected */
         result = server.unwrap(partialBuf, outBuf);
 
-        if (result.getStatus() !=
-            SSLEngineResult.Status.BUFFER_UNDERFLOW) {
+        if (result.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW) {
             error("\t... failed");
             fail("expected BUFFER_UNDERFLOW for partial " +
                  "TLS record, got " + result.getStatus());
@@ -2878,8 +2868,7 @@ public void testBufferOverflowSmallOutput()
 
         this.ctx = tf.createSSLContext("TLS", engineProvider);
         SSLEngine server = this.ctx.createSSLEngine();
-        SSLEngine client =
-            this.ctx.createSSLEngine("wolfSSL test", 11111);
+        SSLEngine client = this.ctx.createSSLEngine("wolfSSL test", 11111);
 
         server.setUseClientMode(false);
         server.setNeedClientAuth(false);
@@ -2917,8 +2906,7 @@ public void testBufferOverflowSmallOutput()
 
         result = server.unwrap(netCopy, tinyOut);
 
-        if (result.getStatus() !=
-            SSLEngineResult.Status.BUFFER_OVERFLOW) {
+        if (result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW) {
             error("\t... failed");
             fail("expected BUFFER_OVERFLOW for small output buffer, " +
                  "got " + result.getStatus());
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java
@@ -870,8 +870,7 @@ public int CloseConnection(SSLEngine server, SSLEngine client,
         if (!s.toString().equals("NEED_WRAP") ||
                 !result.getStatus().name().equals("CLOSED") ) {
             throw new SSLException(
-                "Bad status: HS=" + s +
-                " status=" + result.getStatus());
+                "Bad status: HS=" + s + " status=" + result.getStatus());
         }
 
         /* server wraps its own close_notify */

Original file line number	Diff line number	Diff line change
`@@ -870,8 +870,7 @@ public int CloseConnection(SSLEngine server, SSLEngine client,`
`870`	`870`	`if (!s.toString().equals("NEED_WRAP") \|\|`
`871`	`871`	`!result.getStatus().name().equals("CLOSED") ) {`
`872`	`872`	`throw new SSLException(`
`873`		`- "Bad status: HS=" + s +`
`874`		`- " status=" + result.getStatus());`
	`873`	`+ "Bad status: HS=" + s + " status=" + result.getStatus());`
`875`	`874`	`}`
`876`	`875`
`877`	`876`	`/* server wraps its own close_notify */`