Example 26 with SSLHandshakeException
use of javax.net.ssl.SSLHandshakeException in project okhttp by square.
the class ClientAuthTest method missingClientAuthFailsForNeeds.
@Test
public void missingClientAuthFailsForNeeds() throws Exception {
OkHttpClient client = buildClient(null, clientIntermediateCa);
SSLSocketFactory socketFactory = buildServerSslSocketFactory(ClientAuth.NEEDS);
server.useHttps(socketFactory, false);
Call call = client.newCall(new Request.Builder().url(server.url("/")).build());
try {
call.execute();
fail();
} catch (SSLHandshakeException expected) {
} catch (SocketException expected) {
// JDK 9
}
}
Also used :
Call(okhttp3.Call)
SocketException(java.net.SocketException)
OkHttpClient(okhttp3.OkHttpClient)
Request(okhttp3.Request)
DelegatingSSLSocketFactory(okhttp3.DelegatingSSLSocketFactory)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Test(org.junit.Test)
Example 27 with SSLHandshakeException
use of javax.net.ssl.SSLHandshakeException in project cordova-android-chromeview by thedracle.
the class RouteSelector method connectFailed.
/**
* Clients should invoke this method when they encounter a connectivity
* failure on a connection returned by this route selector.
*/
public void connectFailed(Connection connection, IOException failure) {
Route failedRoute = connection.getRoute();
if (failedRoute.getProxy().type() != Proxy.Type.DIRECT && proxySelector != null) {
// Tell the proxy selector when we fail to connect on a fresh connection.
proxySelector.connectFailed(uri, failedRoute.getProxy().address(), failure);
}
failedRoutes.add(failedRoute);
if (!(failure instanceof SSLHandshakeException)) {
// If the problem was not related to SSL then it will also fail with
// a different Tls mode therefore we can be proactive about it.
failedRoutes.add(failedRoute.flipTlsMode());
}
}
Also used :
Route(com.squareup.okhttp.Route)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Example 28 with SSLHandshakeException
use of javax.net.ssl.SSLHandshakeException in project XobotOS by xamarin.
the class OpenSSLSocketImpl method startHandshake.
/**
* Perform the handshake
*
* @param full If true, disable handshake cutthrough for a fully synchronous handshake
*/
public synchronized void startHandshake(boolean full) throws IOException {
synchronized (handshakeLock) {
checkOpen();
if (!handshakeStarted) {
handshakeStarted = true;
} else {
return;
}
}
// note that this modifies the global seed, not something specific to the connection
final int seedLengthInBytes = NativeCrypto.RAND_SEED_LENGTH_IN_BYTES;
final SecureRandom secureRandom = sslParameters.getSecureRandomMember();
if (secureRandom == null) {
NativeCrypto.RAND_load_file("/dev/urandom", seedLengthInBytes);
} else {
NativeCrypto.RAND_seed(secureRandom.generateSeed(seedLengthInBytes));
}
final boolean client = sslParameters.getUseClientMode();
final int sslCtxNativePointer = (client) ? sslParameters.getClientSessionContext().sslCtxNativePointer : sslParameters.getServerSessionContext().sslCtxNativePointer;
this.sslNativePointer = 0;
boolean exception = true;
try {
sslNativePointer = NativeCrypto.SSL_new(sslCtxNativePointer);
guard.open("close");
// clients will receive a call back to request certificates.
if (!client) {
Set<String> keyTypes = new HashSet<String>();
for (String enabledCipherSuite : enabledCipherSuites) {
if (enabledCipherSuite.equals(NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
continue;
}
String keyType = CipherSuite.getByName(enabledCipherSuite).getServerKeyType();
if (keyType != null) {
keyTypes.add(keyType);
}
}
for (String keyType : keyTypes) {
try {
setCertificate(sslParameters.getKeyManager().chooseServerAlias(keyType, null, this));
} catch (CertificateEncodingException e) {
throw new IOException(e);
}
}
}
NativeCrypto.setEnabledProtocols(sslNativePointer, enabledProtocols);
NativeCrypto.setEnabledCipherSuites(sslNativePointer, enabledCipherSuites);
if (enabledCompressionMethods.length != 0) {
NativeCrypto.setEnabledCompressionMethods(sslNativePointer, enabledCompressionMethods);
}
if (useSessionTickets) {
NativeCrypto.SSL_clear_options(sslNativePointer, NativeCrypto.SSL_OP_NO_TICKET);
}
if (hostname != null) {
NativeCrypto.SSL_set_tlsext_host_name(sslNativePointer, hostname);
}
boolean enableSessionCreation = sslParameters.getEnableSessionCreation();
if (!enableSessionCreation) {
NativeCrypto.SSL_set_session_creation_enabled(sslNativePointer, enableSessionCreation);
}
AbstractSessionContext sessionContext;
if (client) {
// look for client session to reuse
ClientSessionContext clientSessionContext = sslParameters.getClientSessionContext();
sessionContext = clientSessionContext;
OpenSSLSessionImpl session = getCachedClientSession(clientSessionContext);
if (session != null) {
NativeCrypto.SSL_set_session(sslNativePointer, session.sslSessionNativePointer);
}
} else {
sessionContext = sslParameters.getServerSessionContext();
}
// setup peer certificate verification
if (client) {
// TODO support for anonymous cipher would require us to
// conditionally use SSL_VERIFY_NONE
} else {
// needing client auth takes priority...
boolean certRequested;
if (sslParameters.getNeedClientAuth()) {
NativeCrypto.SSL_set_verify(sslNativePointer, NativeCrypto.SSL_VERIFY_PEER | NativeCrypto.SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
certRequested = true;
// ... over just wanting it...
} else if (sslParameters.getWantClientAuth()) {
NativeCrypto.SSL_set_verify(sslNativePointer, NativeCrypto.SSL_VERIFY_PEER);
certRequested = true;
// ... and it defaults properly so don't call SSL_set_verify in the common case.
} else {
certRequested = false;
}
if (certRequested) {
X509TrustManager trustManager = sslParameters.getTrustManager();
X509Certificate[] issuers = trustManager.getAcceptedIssuers();
if (issuers != null && issuers.length != 0) {
byte[][] issuersBytes;
try {
issuersBytes = NativeCrypto.encodeIssuerX509Principals(issuers);
} catch (CertificateEncodingException e) {
throw new IOException("Problem encoding principals", e);
}
NativeCrypto.SSL_set_client_CA_list(sslNativePointer, issuersBytes);
}
}
}
if (client && full) {
// we want to do a full synchronous handshake, so turn off cutthrough
NativeCrypto.SSL_clear_mode(sslNativePointer, NativeCrypto.SSL_MODE_HANDSHAKE_CUTTHROUGH);
}
// Temporarily use a different timeout for the handshake process
int savedTimeoutMilliseconds = getSoTimeout();
if (handshakeTimeoutMilliseconds >= 0) {
setSoTimeout(handshakeTimeoutMilliseconds);
}
int sslSessionNativePointer;
try {
sslSessionNativePointer = NativeCrypto.SSL_do_handshake(sslNativePointer, socket.getFileDescriptor$(), this, getSoTimeout(), client);
} catch (CertificateException e) {
SSLHandshakeException wrapper = new SSLHandshakeException(e.getMessage());
wrapper.initCause(e);
throw wrapper;
}
byte[] sessionId = NativeCrypto.SSL_SESSION_session_id(sslSessionNativePointer);
sslSession = (OpenSSLSessionImpl) sessionContext.getSession(sessionId);
if (sslSession != null) {
sslSession.lastAccessedTime = System.currentTimeMillis();
NativeCrypto.SSL_SESSION_free(sslSessionNativePointer);
} else {
if (!enableSessionCreation) {
// Should have been prevented by NativeCrypto.SSL_set_session_creation_enabled
throw new IllegalStateException("SSL Session may not be created");
}
X509Certificate[] localCertificates = createCertChain(NativeCrypto.SSL_get_certificate(sslNativePointer));
X509Certificate[] peerCertificates = createCertChain(NativeCrypto.SSL_get_peer_cert_chain(sslNativePointer));
if (wrappedHost == null) {
sslSession = new OpenSSLSessionImpl(sslSessionNativePointer, localCertificates, peerCertificates, super.getInetAddress().getHostName(), super.getPort(), sessionContext);
} else {
sslSession = new OpenSSLSessionImpl(sslSessionNativePointer, localCertificates, peerCertificates, wrappedHost, wrappedPort, sessionContext);
}
// if not, putSession later in handshakeCompleted() callback
if (handshakeCompleted) {
sessionContext.putSession(sslSession);
}
}
// Restore the original timeout now that the handshake is complete
if (handshakeTimeoutMilliseconds >= 0) {
setSoTimeout(savedTimeoutMilliseconds);
}
// if not, notifyHandshakeCompletedListeners later in handshakeCompleted() callback
if (handshakeCompleted) {
notifyHandshakeCompletedListeners();
}
exception = false;
} catch (SSLProtocolException e) {
throw new SSLHandshakeException(e);
} finally {
// on exceptional exit, treat the socket as closed
if (exception) {
close();
}
}
}
Also used :
SecureRandom(java.security.SecureRandom)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
SSLProtocolException(javax.net.ssl.SSLProtocolException)
X509TrustManager(javax.net.ssl.X509TrustManager)
HashSet(java.util.HashSet)
Example 29 with SSLHandshakeException
use of javax.net.ssl.SSLHandshakeException in project XobotOS by xamarin.
the class CertificateChainValidator method closeSocketThrowException.
private void closeSocketThrowException(SSLSocket socket, String errorMessage) throws IOException {
if (HttpLog.LOGV) {
HttpLog.v("validation error: " + errorMessage);
}
if (socket != null) {
SSLSession session = socket.getSession();
if (session != null) {
session.invalidate();
}
socket.close();
}
throw new SSLHandshakeException(errorMessage);
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Example 30 with SSLHandshakeException
use of javax.net.ssl.SSLHandshakeException in project android_frameworks_base by DirtyUnicorns.
the class TestUtils method assertUrlConnectionFails.
public static void assertUrlConnectionFails(SSLContext context, String host, int port) throws Exception {
URL url = new URL("https://" + host + ":" + port);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(context.getSocketFactory());
try {
connection.getInputStream();
fail("Connection to " + host + ":" + port + " expected to fail");
} catch (SSLHandshakeException expected) {
// ignored.
}
}
Also used :
URL(java.net.URL)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Aggregations
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)84
IOException (java.io.IOException)26
Test (org.junit.Test)21
CertificateException (java.security.cert.CertificateException)17
URL (java.net.URL)15
SSLException (javax.net.ssl.SSLException)14
SocketException (java.net.SocketException)12
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)12
SSLProtocolException (javax.net.ssl.SSLProtocolException)10
Socket (java.net.Socket)8
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)8
SSLSocket (javax.net.ssl.SSLSocket)8
InputStream (java.io.InputStream)6
SSLSession (javax.net.ssl.SSLSession)6
Channel (io.netty.channel.Channel)5
InetSocketAddress (java.net.InetSocketAddress)5
SocketTimeoutException (java.net.SocketTimeoutException)5
ClosedChannelException (java.nio.channels.ClosedChannelException)5
Bootstrap (io.netty.bootstrap.Bootstrap)4
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)4
