use of com.mysql.cj.exceptions.SSLParamsException in project ABC by RuiPinto96274.
the class ExportControlled method getSSLContext.
/**
* Configure the {@link SSLContext} based on the supplier property set.
*
* @param clientCertificateKeyStore
* clientCertificateKeyStore
* @param trustCertificateKeyStore
* trustCertificateKeyStore
* @param fallbackToDefaultTrustStore
* fallbackToDefaultTrustStore
* @param verifyServerCert
* verifyServerCert
* @param hostName
* host name
* @param exceptionInterceptor
* exception interceptor
* @return SSLContext
* @throws SSLParamsException
* if an error occurs
*/
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
TrustManagerFactory tmf = null;
KeyManagerFactory kmf = null;
KeyManager[] kms = null;
List<TrustManager> tms = new ArrayList<>();
try {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid. Check java security properties file.", nsae, exceptionInterceptor);
}
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
InputStream ksIS = null;
try {
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
URL ksURL = new URL(clientCertificateKeyStoreUrl);
char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
ksIS = ksURL.openStream();
clientKeyStore.load(ksIS, password);
kmf.init(clientKeyStore, password);
kms = kmf.getKeyManagers();
}
} catch (UnrecoverableKeyException uke) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore. Check password?", uke, exceptionInterceptor);
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
} catch (KeyStoreException kse) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
} catch (CertificateException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
} catch (MalformedURLException mue) {
throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
} catch (IOException ioe) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
} finally {
if (ksIS != null) {
try {
ksIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
}
InputStream trustStoreIS = null;
try {
String trustStoreType = "";
char[] trustStorePassword = null;
KeyStore trustKeyStore = null;
if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
trustStoreType = trustCertificateKeyStoreType;
trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
trustKeyStore = KeyStore.getInstance(trustStoreType);
trustKeyStore.load(trustStoreIS, trustStorePassword);
}
if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
// (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
tmf.init(trustKeyStore);
// building the customized list of TrustManagers from original one if it's available
TrustManager[] origTms = tmf.getTrustManagers();
for (TrustManager tm : origTms) {
// wrap X509TrustManager or put original if non-X509 TrustManager
tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
}
}
} catch (MalformedURLException e) {
throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
} catch (NoSuchAlgorithmException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (KeyStoreException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (CertificateException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
} catch (IOException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
} finally {
if (trustStoreIS != null) {
try {
trustStoreIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
// if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
if (tms.size() == 0) {
tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
}
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
return sslContext;
} catch (NoSuchAlgorithmException nsae) {
throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
} catch (KeyManagementException kme) {
throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
}
}
use of com.mysql.cj.exceptions.SSLParamsException in project ABC by RuiPinto96274.
the class XProtocol method negotiateSSLConnection.
public void negotiateSSLConnection() {
if (!ExportControlled.enabled()) {
throw new CJConnectionFeatureNotAvailableException();
}
if (!((XServerCapabilities) this.serverSession.getCapabilities()).hasCapability(XServerCapabilities.KEY_TLS)) {
throw new CJCommunicationsException("A secure connection is required but the server is not configured with SSL.");
}
// the message reader is async and is always "reading". we need to stop it to use the socket for the TLS handshake
this.reader.stopAfterNextMessage();
Map<String, Object> tlsCapabilities = new HashMap<>();
tlsCapabilities.put(XServerCapabilities.KEY_TLS, true);
sendCapabilities(tlsCapabilities);
try {
this.socketConnection.performTlsHandshake(null, this.log);
} catch (SSLParamsException | FeatureNotAvailableException | IOException e) {
throw new CJCommunicationsException(e);
}
try {
this.sender = new SyncMessageSender(this.socketConnection.getMysqlOutput());
this.reader = new SyncMessageReader(this.socketConnection.getMysqlInput(), this);
} catch (IOException e) {
throw new XProtocolError(e.getMessage(), e);
}
}
use of com.mysql.cj.exceptions.SSLParamsException in project JavaSegundasQuintas by ecteruel.
the class ExportControlled method getSSLContext.
/**
* Configure the {@link SSLContext} based on the supplier property set.
*
* @param clientCertificateKeyStore
* clientCertificateKeyStore
* @param trustCertificateKeyStore
* trustCertificateKeyStore
* @param fallbackToDefaultTrustStore
* fallbackToDefaultTrustStore
* @param verifyServerCert
* verifyServerCert
* @param hostName
* host name
* @param exceptionInterceptor
* exception interceptor
* @return SSLContext
* @throws SSLParamsException
* if an error occurs
*/
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
TrustManagerFactory tmf = null;
KeyManagerFactory kmf = null;
KeyManager[] kms = null;
List<TrustManager> tms = new ArrayList<>();
try {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid. Check java security properties file.", nsae, exceptionInterceptor);
}
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
InputStream ksIS = null;
try {
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
URL ksURL = new URL(clientCertificateKeyStoreUrl);
char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
ksIS = ksURL.openStream();
clientKeyStore.load(ksIS, password);
kmf.init(clientKeyStore, password);
kms = kmf.getKeyManagers();
}
} catch (UnrecoverableKeyException uke) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore. Check password?", uke, exceptionInterceptor);
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
} catch (KeyStoreException kse) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
} catch (CertificateException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
} catch (MalformedURLException mue) {
throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
} catch (IOException ioe) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
} finally {
if (ksIS != null) {
try {
ksIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
}
InputStream trustStoreIS = null;
try {
String trustStoreType = "";
char[] trustStorePassword = null;
KeyStore trustKeyStore = null;
if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
trustStoreType = trustCertificateKeyStoreType;
trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
trustKeyStore = KeyStore.getInstance(trustStoreType);
trustKeyStore.load(trustStoreIS, trustStorePassword);
}
if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
// (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
tmf.init(trustKeyStore);
// building the customized list of TrustManagers from original one if it's available
TrustManager[] origTms = tmf.getTrustManagers();
for (TrustManager tm : origTms) {
// wrap X509TrustManager or put original if non-X509 TrustManager
tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
}
}
} catch (MalformedURLException e) {
throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
} catch (NoSuchAlgorithmException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (KeyStoreException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (CertificateException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
} catch (IOException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
} finally {
if (trustStoreIS != null) {
try {
trustStoreIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
// if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
if (tms.size() == 0) {
tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
}
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
return sslContext;
} catch (NoSuchAlgorithmException nsae) {
throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
} catch (KeyManagementException kme) {
throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
}
}
use of com.mysql.cj.exceptions.SSLParamsException in project aws-mysql-jdbc by awslabs.
the class ExportControlled method getSSLContext.
/**
* Configure the {@link SSLContext} based on the supplier property set.
*
* @param clientCertificateKeyStore
* clientCertificateKeyStore
* @param trustCertificateKeyStore
* trustCertificateKeyStore
* @param fallbackToDefaultTrustStore
* fallbackToDefaultTrustStore
* @param verifyServerCert
* verifyServerCert
* @param hostName
* host name
* @param exceptionInterceptor
* exception interceptor
* @return SSLContext
* @throws SSLParamsException
* if an error occurs
*/
public static SSLContext getSSLContext(KeyStoreConf clientCertificateKeyStore, KeyStoreConf trustCertificateKeyStore, boolean fallbackToDefaultTrustStore, boolean verifyServerCert, String hostName, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
String clientCertificateKeyStoreUrl = clientCertificateKeyStore.keyStoreUrl;
String clientCertificateKeyStoreType = clientCertificateKeyStore.keyStoreType;
String clientCertificateKeyStorePassword = clientCertificateKeyStore.keyStorePassword;
String trustCertificateKeyStoreUrl = trustCertificateKeyStore.keyStoreUrl;
String trustCertificateKeyStoreType = trustCertificateKeyStore.keyStoreType;
String trustCertificateKeyStorePassword = trustCertificateKeyStore.keyStorePassword;
TrustManagerFactory tmf = null;
KeyManagerFactory kmf = null;
KeyManager[] kms = null;
List<TrustManager> tms = new ArrayList<>();
try {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid. Check java security properties file.", nsae, exceptionInterceptor);
}
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
InputStream ksIS = null;
try {
if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
URL ksURL = new URL(clientCertificateKeyStoreUrl);
char[] password = (clientCertificateKeyStorePassword == null) ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
ksIS = ksURL.openStream();
clientKeyStore.load(ksIS, password);
kmf.init(clientKeyStore, password);
kms = kmf.getKeyManagers();
}
} catch (UnrecoverableKeyException uke) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore. Check password?", uke, exceptionInterceptor);
} catch (NoSuchAlgorithmException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + nsae.getMessage() + "]", nsae, exceptionInterceptor);
} catch (KeyStoreException kse) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + kse.getMessage() + "]", kse, exceptionInterceptor);
} catch (CertificateException nsae) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, nsae, exceptionInterceptor);
} catch (MalformedURLException mue) {
throw ExceptionFactory.createException(SSLParamsException.class, clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", mue, exceptionInterceptor);
} catch (IOException ioe) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + clientCertificateKeyStoreUrl + " [" + ioe.getMessage() + "]", ioe, exceptionInterceptor);
} finally {
if (ksIS != null) {
try {
ksIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
}
InputStream trustStoreIS = null;
try {
String trustStoreType = "";
char[] trustStorePassword = null;
KeyStore trustKeyStore = null;
if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
trustStoreType = trustCertificateKeyStoreType;
trustStorePassword = (trustCertificateKeyStorePassword == null) ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
trustStoreIS = new URL(trustCertificateKeyStoreUrl).openStream();
trustKeyStore = KeyStore.getInstance(trustStoreType);
trustKeyStore.load(trustStoreIS, trustStorePassword);
}
if (trustKeyStore != null || verifyServerCert && fallbackToDefaultTrustStore) {
// (trustKeyStore == null) initializes the TrustManagerFactory with the default truststore.
tmf.init(trustKeyStore);
// building the customized list of TrustManagers from original one if it's available
TrustManager[] origTms = tmf.getTrustManagers();
for (TrustManager tm : origTms) {
// wrap X509TrustManager or put original if non-X509 TrustManager
tms.add(tm instanceof X509TrustManager ? new X509TrustManagerWrapper((X509TrustManager) tm, verifyServerCert, hostName) : tm);
}
}
} catch (MalformedURLException e) {
throw ExceptionFactory.createException(SSLParamsException.class, trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", e, exceptionInterceptor);
} catch (NoSuchAlgorithmException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (KeyStoreException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e.getMessage() + "]", e, exceptionInterceptor);
} catch (CertificateException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, e, exceptionInterceptor);
} catch (IOException e) {
throw ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + trustCertificateKeyStoreUrl + " [" + e.getMessage() + "]", e, exceptionInterceptor);
} finally {
if (trustStoreIS != null) {
try {
trustStoreIS.close();
} catch (IOException e) {
// can't close input stream, but keystore can be properly initialized so we shouldn't throw this exception
}
}
}
// if original TrustManagers are not available then putting one X509TrustManagerWrapper which take care only about expiration check
if (tms.size() == 0) {
tms.add(new X509TrustManagerWrapper(verifyServerCert, hostName));
}
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
return sslContext;
} catch (NoSuchAlgorithmException nsae) {
throw new SSLParamsException("TLS is not a valid SSL protocol.", nsae);
} catch (KeyManagementException kme) {
throw new SSLParamsException("KeyManagementException: " + kme.getMessage(), kme);
}
}
use of com.mysql.cj.exceptions.SSLParamsException in project aws-mysql-jdbc by awslabs.
the class XProtocol method negotiateSSLConnection.
public void negotiateSSLConnection() {
if (!ExportControlled.enabled()) {
throw new CJConnectionFeatureNotAvailableException();
}
if (!((XServerCapabilities) this.serverSession.getCapabilities()).hasCapability(XServerCapabilities.KEY_TLS)) {
throw new CJCommunicationsException("A secure connection is required but the server is not configured with SSL.");
}
// the message reader is async and is always "reading". we need to stop it to use the socket for the TLS handshake
this.reader.stopAfterNextMessage();
Map<String, Object> tlsCapabilities = new HashMap<>();
tlsCapabilities.put(XServerCapabilities.KEY_TLS, true);
sendCapabilities(tlsCapabilities);
try {
this.socketConnection.performTlsHandshake(null, this.log);
} catch (SSLParamsException | FeatureNotAvailableException | IOException e) {
throw new CJCommunicationsException(e);
}
try {
this.sender = new SyncMessageSender(this.socketConnection.getMysqlOutput());
this.reader = new SyncMessageReader(this.socketConnection.getMysqlInput(), this);
} catch (IOException e) {
throw new XProtocolError(e.getMessage(), e);
}
}
Aggregations