Search in sources :

Example 1 with SSLParamsException

use of com.mysql.cj.exceptions.SSLParamsException in project ABC by RuiPinto96274.

the class ExportControlled method getSSLContext.

/**
 * Configure the {@link SSLContext} based on the supplier property set.
 *
 * @param clientCertificateKeyStore
 *            clientCertificateKeyStore
 * @param trustCertificateKeyStore
 *            trustCertificateKeyStore
 * @param fallbackToDefaultTrustStore
 *            fallbackToDefaultTrustStore
 * @param verifyServerCert
 *            verifyServerCert
 * @param hostName
 *            host name
 * @param exceptionInterceptor
 *            exception interceptor
 * @return SSLContext
 * @throws SSLParamsException
 *             if an error occurs
 */
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
    String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
    String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
    String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
    String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
    String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
    String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
    TrustManagerFactory tmf = null;
    KeyManagerFactory kmf = null;
    KeyManager[] kms = null;
    List<TrustManager> tms = new ArrayList<>();
    try {
        tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", nsae, exceptionInterceptor);
    }
    if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
        InputStream ksIS = null;
        try {
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
                URL ksURL = new URL(clientCertificateKeyStoreUrl);
                char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
                ksIS = ksURL.openStream();
                clientKeyStore.load(ksIS, password);
                kmf.init(clientKeyStore, password);
                kms = kmf.getKeyManagers();
            }
        } catch (UnrecoverableKeyException uke) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore.  Check password?", uke, exceptionInterceptor);
        } catch (NoSuchAlgorithmException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
        } catch (KeyStoreException kse) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
        } catch (CertificateException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
        } catch (MalformedURLException mue) {
            throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
        } catch (IOException ioe) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
        } finally {
            if (ksIS != null) {
                try {
                    ksIS.close();
                } catch (IOException e) {
                // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
                }
            }
        }
    }
    InputStream trustStoreIS = null;
    try {
        String trustStoreType = "";
        char[] trustStorePassword = null;
        KeyStore trustKeyStore = null;
        if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
            trustStoreType = trustCertificateKeyStoreType;
            trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
            trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
            trustKeyStore = KeyStore.getInstance(trustStoreType);
            trustKeyStore.load(trustStoreIS, trustStorePassword);
        }
        if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
            // (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
            tmf.init(trustKeyStore);
            // building the customized list of TrustManagers from original one if it's available
            TrustManager[] origTms = tmf.getTrustManagers();
            for (TrustManager tm : origTms) {
                // wrap X509TrustManager or put original if non-X509 TrustManager
                tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
            }
        }
    } catch (MalformedURLException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
    } catch (NoSuchAlgorithmException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (KeyStoreException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (CertificateException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
    } catch (IOException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
    } finally {
        if (trustStoreIS != null) {
            try {
                trustStoreIS.close();
            } catch (IOException e) {
            // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
            }
        }
    }
    // if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
    if (tms.size() == 0) {
        tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
    }
    try {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
        return sslContext;
    } catch (NoSuchAlgorithmException nsae) {
        throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
    } catch (KeyManagementException kme) {
        throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) SSLParamsException(com.mysql.cj.exceptions.SSLParamsException) KeyStore(java.security.KeyStore) URL(java.net.URL) KeyManagementException(java.security.KeyManagementException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) UnrecoverableKeyException(java.security.UnrecoverableKeyException) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 2 with SSLParamsException

use of com.mysql.cj.exceptions.SSLParamsException in project ABC by RuiPinto96274.

the class XProtocol method negotiateSSLConnection.

public void negotiateSSLConnection() {
    if (!ExportControlled.enabled()) {
        throw new CJConnectionFeatureNotAvailableException();
    }
    if (!((XServerCapabilities) this.serverSession.getCapabilities()).hasCapability(XServerCapabilities.KEY_TLS)) {
        throw new CJCommunicationsException("A secure connection is required but the server is not configured with SSL.");
    }
    // the message reader is async and is always "reading". we need to stop it to use the socket for the TLS handshake
    this.reader.stopAfterNextMessage();
    Map<String, Object> tlsCapabilities = new HashMap<>();
    tlsCapabilities.put(XServerCapabilities.KEY_TLS, true);
    sendCapabilities(tlsCapabilities);
    try {
        this.socketConnection.performTlsHandshake(null, this.log);
    } catch (SSLParamsException | FeatureNotAvailableException | IOException e) {
        throw new CJCommunicationsException(e);
    }
    try {
        this.sender = new SyncMessageSender(this.socketConnection.getMysqlOutput());
        this.reader = new SyncMessageReader(this.socketConnection.getMysqlInput(), this);
    } catch (IOException e) {
        throw new XProtocolError(e.getMessage(), e);
    }
}
Also used : HashMap(java.util.HashMap) CJConnectionFeatureNotAvailableException(com.mysql.cj.exceptions.CJConnectionFeatureNotAvailableException) IOException(java.io.IOException) SSLParamsException(com.mysql.cj.exceptions.SSLParamsException) CJCommunicationsException(com.mysql.cj.exceptions.CJCommunicationsException) FeatureNotAvailableException(com.mysql.cj.exceptions.FeatureNotAvailableException) CJConnectionFeatureNotAvailableException(com.mysql.cj.exceptions.CJConnectionFeatureNotAvailableException)

Example 3 with SSLParamsException

use of com.mysql.cj.exceptions.SSLParamsException in project JavaSegundasQuintas by ecteruel.

the class ExportControlled method getSSLContext.

/**
 * Configure the {@link SSLContext} based on the supplier property set.
 *
 * @param clientCertificateKeyStore
 *            clientCertificateKeyStore
 * @param trustCertificateKeyStore
 *            trustCertificateKeyStore
 * @param fallbackToDefaultTrustStore
 *            fallbackToDefaultTrustStore
 * @param verifyServerCert
 *            verifyServerCert
 * @param hostName
 *            host name
 * @param exceptionInterceptor
 *            exception interceptor
 * @return SSLContext
 * @throws SSLParamsException
 *             if an error occurs
 */
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
    String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
    String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
    String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
    String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
    String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
    String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
    TrustManagerFactory tmf = null;
    KeyManagerFactory kmf = null;
    KeyManager[] kms = null;
    List<TrustManager> tms = new ArrayList<>();
    try {
        tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", nsae, exceptionInterceptor);
    }
    if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
        InputStream ksIS = null;
        try {
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
                URL ksURL = new URL(clientCertificateKeyStoreUrl);
                char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
                ksIS = ksURL.openStream();
                clientKeyStore.load(ksIS, password);
                kmf.init(clientKeyStore, password);
                kms = kmf.getKeyManagers();
            }
        } catch (UnrecoverableKeyException uke) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore.  Check password?", uke, exceptionInterceptor);
        } catch (NoSuchAlgorithmException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
        } catch (KeyStoreException kse) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
        } catch (CertificateException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
        } catch (MalformedURLException mue) {
            throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
        } catch (IOException ioe) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
        } finally {
            if (ksIS != null) {
                try {
                    ksIS.close();
                } catch (IOException e) {
                // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
                }
            }
        }
    }
    InputStream trustStoreIS = null;
    try {
        String trustStoreType = "";
        char[] trustStorePassword = null;
        KeyStore trustKeyStore = null;
        if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
            trustStoreType = trustCertificateKeyStoreType;
            trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
            trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
            trustKeyStore = KeyStore.getInstance(trustStoreType);
            trustKeyStore.load(trustStoreIS, trustStorePassword);
        }
        if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
            // (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
            tmf.init(trustKeyStore);
            // building the customized list of TrustManagers from original one if it's available
            TrustManager[] origTms = tmf.getTrustManagers();
            for (TrustManager tm : origTms) {
                // wrap X509TrustManager or put original if non-X509 TrustManager
                tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
            }
        }
    } catch (MalformedURLException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
    } catch (NoSuchAlgorithmException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (KeyStoreException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (CertificateException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
    } catch (IOException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
    } finally {
        if (trustStoreIS != null) {
            try {
                trustStoreIS.close();
            } catch (IOException e) {
            // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
            }
        }
    }
    // if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
    if (tms.size() == 0) {
        tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
    }
    try {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
        return sslContext;
    } catch (NoSuchAlgorithmException nsae) {
        throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
    } catch (KeyManagementException kme) {
        throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) SSLParamsException(com.mysql.cj.exceptions.SSLParamsException) KeyStore(java.security.KeyStore) URL(java.net.URL) KeyManagementException(java.security.KeyManagementException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) UnrecoverableKeyException(java.security.UnrecoverableKeyException) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 4 with SSLParamsException

use of com.mysql.cj.exceptions.SSLParamsException in project aws-mysql-jdbc by awslabs.

the class ExportControlled method getSSLContext.

/**
 * Configure the {@link SSLContext} based on the supplier property set.
 *
 * @param clientCertificateKeyStore
 *            clientCertificateKeyStore
 * @param trustCertificateKeyStore
 *            trustCertificateKeyStore
 * @param fallbackToDefaultTrustStore
 *            fallbackToDefaultTrustStore
 * @param verifyServerCert
 *            verifyServerCert
 * @param hostName
 *            host name
 * @param exceptionInterceptor
 *            exception interceptor
 * @return SSLContext
 * @throws SSLParamsException
 *             if an error occurs
 */
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
    String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
    String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
    String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
    String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
    String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
    String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
    TrustManagerFactory tmf = null;
    KeyManagerFactory kmf = null;
    KeyManager[] kms = null;
    List<TrustManager> tms = new ArrayList<>();
    try {
        tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", nsae, exceptionInterceptor);
    }
    if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
        InputStream ksIS = null;
        try {
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
                URL ksURL = new URL(clientCertificateKeyStoreUrl);
                char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
                ksIS = ksURL.openStream();
                clientKeyStore.load(ksIS, password);
                kmf.init(clientKeyStore, password);
                kms = kmf.getKeyManagers();
            }
        } catch (UnrecoverableKeyException uke) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore.  Check password?", uke, exceptionInterceptor);
        } catch (NoSuchAlgorithmException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
        } catch (KeyStoreException kse) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
        } catch (CertificateException nsae) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
        } catch (MalformedURLException mue) {
            throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
        } catch (IOException ioe) {
            throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
        } finally {
            if (ksIS != null) {
                try {
                    ksIS.close();
                } catch (IOException e) {
                // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
                }
            }
        }
    }
    InputStream trustStoreIS = null;
    try {
        String trustStoreType = "";
        char[] trustStorePassword = null;
        KeyStore trustKeyStore = null;
        if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
            trustStoreType = trustCertificateKeyStoreType;
            trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
            trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
            trustKeyStore = KeyStore.getInstance(trustStoreType);
            trustKeyStore.load(trustStoreIS, trustStorePassword);
        }
        if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
            // (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
            tmf.init(trustKeyStore);
            // building the customized list of TrustManagers from original one if it's available
            TrustManager[] origTms = tmf.getTrustManagers();
            for (TrustManager tm : origTms) {
                // wrap X509TrustManager or put original if non-X509 TrustManager
                tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
            }
        }
    } catch (MalformedURLException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
    } catch (NoSuchAlgorithmException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (KeyStoreException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
    } catch (CertificateException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
    } catch (IOException e) {
        throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
    } finally {
        if (trustStoreIS != null) {
            try {
                trustStoreIS.close();
            } catch (IOException e) {
            // can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
            }
        }
    }
    // if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
    if (tms.size() == 0) {
        tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
    }
    try {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
        return sslContext;
    } catch (NoSuchAlgorithmException nsae) {
        throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
    } catch (KeyManagementException kme) {
        throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) SSLParamsException(com.mysql.cj.exceptions.SSLParamsException) KeyStore(java.security.KeyStore) URL(java.net.URL) KeyManagementException(java.security.KeyManagementException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) UnrecoverableKeyException(java.security.UnrecoverableKeyException) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 5 with SSLParamsException

use of com.mysql.cj.exceptions.SSLParamsException in project aws-mysql-jdbc by awslabs.

the class XProtocol method negotiateSSLConnection.

public void negotiateSSLConnection() {
    if (!ExportControlled.enabled()) {
        throw new CJConnectionFeatureNotAvailableException();
    }
    if (!((XServerCapabilities) this.serverSession.getCapabilities()).hasCapability(XServerCapabilities.KEY_TLS)) {
        throw new CJCommunicationsException("A secure connection is required but the server is not configured with SSL.");
    }
    // the message reader is async and is always "reading". we need to stop it to use the socket for the TLS handshake
    this.reader.stopAfterNextMessage();
    Map<String, Object> tlsCapabilities = new HashMap<>();
    tlsCapabilities.put(XServerCapabilities.KEY_TLS, true);
    sendCapabilities(tlsCapabilities);
    try {
        this.socketConnection.performTlsHandshake(null, this.log);
    } catch (SSLParamsException | FeatureNotAvailableException | IOException e) {
        throw new CJCommunicationsException(e);
    }
    try {
        this.sender = new SyncMessageSender(this.socketConnection.getMysqlOutput());
        this.reader = new SyncMessageReader(this.socketConnection.getMysqlInput(), this);
    } catch (IOException e) {
        throw new XProtocolError(e.getMessage(), e);
    }
}
Also used : HashMap(java.util.HashMap) CJConnectionFeatureNotAvailableException(com.mysql.cj.exceptions.CJConnectionFeatureNotAvailableException) IOException(java.io.IOException) SSLParamsException(com.mysql.cj.exceptions.SSLParamsException) CJCommunicationsException(com.mysql.cj.exceptions.CJCommunicationsException) FeatureNotAvailableException(com.mysql.cj.exceptions.FeatureNotAvailableException) CJConnectionFeatureNotAvailableException(com.mysql.cj.exceptions.CJConnectionFeatureNotAvailableException)

Aggregations

SSLParamsException (com.mysql.cj.exceptions.SSLParamsException)6 IOException (java.io.IOException)6 CJCommunicationsException (com.mysql.cj.exceptions.CJCommunicationsException)3 CJConnectionFeatureNotAvailableException (com.mysql.cj.exceptions.CJConnectionFeatureNotAvailableException)3 FeatureNotAvailableException (com.mysql.cj.exceptions.FeatureNotAvailableException)3 InputStream (java.io.InputStream)3 MalformedURLException (java.net.MalformedURLException)3 URL (java.net.URL)3 KeyManagementException (java.security.KeyManagementException)3 KeyStore (java.security.KeyStore)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 UnrecoverableKeyException (java.security.UnrecoverableKeyException)3 CertificateException (java.security.cert.CertificateException)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 KeyManager (javax.net.ssl.KeyManager)3 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3 SSLContext (javax.net.ssl.SSLContext)3 TrustManager (javax.net.ssl.TrustManager)3