use of javax.net.ssl.SSLException in project jetty.project by eclipse.
the class ConnectorTimeoutTest method testMaxIdleNothingSent.
@Test(timeout = 60000)
public void testMaxIdleNothingSent() throws Exception {
configureServer(new EchoHandler());
Socket client = newSocket(_serverURI.getHost(), _serverURI.getPort());
client.setSoTimeout(10000);
InputStream is = client.getInputStream();
Assert.assertFalse(client.isClosed());
Thread.sleep(sleepTime);
long start = System.currentTimeMillis();
try {
IO.toString(is);
Assert.assertEquals(-1, is.read());
} catch (SSLException e) {
// e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
Assert.assertTrue(System.currentTimeMillis() - start < maximumTestRuntime);
}
use of javax.net.ssl.SSLException in project jetty.project by eclipse.
the class ConnectorTimeoutTest method testBlockingTimeoutRead.
@Test(timeout = 60000)
// TODO make more stable
@Ignore
public void testBlockingTimeoutRead() throws Exception {
_httpConfiguration.setBlockingTimeout(750L);
configureServer(new EchoHandler());
Socket client = newSocket(_serverURI.getHost(), _serverURI.getPort());
client.setSoTimeout(10000);
InputStream is = client.getInputStream();
Assert.assertFalse(client.isClosed());
OutputStream os = client.getOutputStream();
os.write(("GET / HTTP/1.1\r\n" + "host: " + _serverURI.getHost() + ":" + _serverURI.getPort() + "\r\n" + "Transfer-Encoding: chunked\r\n" + "Content-Type: text/plain\r\n" + "Connection: close\r\n" + "\r\n" + "5\r\n" + "LMNOP\r\n").getBytes("utf-8"));
os.flush();
long start = System.currentTimeMillis();
try (StacklessLogging stackless = new StacklessLogging(HttpChannel.class)) {
Thread.sleep(300);
os.write("1".getBytes("utf-8"));
os.flush();
Thread.sleep(300);
os.write("0".getBytes("utf-8"));
os.flush();
Thread.sleep(300);
os.write("\r".getBytes("utf-8"));
os.flush();
Thread.sleep(300);
os.write("\n".getBytes("utf-8"));
os.flush();
Thread.sleep(300);
os.write("0123456789ABCDEF\r\n".getBytes("utf-8"));
os.write("0\r\n".getBytes("utf-8"));
os.write("\r\n".getBytes("utf-8"));
os.flush();
} catch (Exception e) {
}
long duration = System.currentTimeMillis() - start;
Assert.assertThat(duration, Matchers.greaterThan(500L));
try {
// read the response
String response = IO.toString(is);
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 500 "));
Assert.assertThat(response, Matchers.containsString("InterruptedIOException"));
} catch (SSLException e) {
}
}
use of javax.net.ssl.SSLException in project jersey by jersey.
the class SslFilterTest method testCustomHostameVerificationFail.
@Test
public void testCustomHostameVerificationFail() throws Throwable {
CountDownLatch latch = new CountDownLatch(1);
SslEchoServer server = new SslEchoServer();
try {
server.start();
HostnameVerifier verifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return false;
}
};
openClientSocket("localhost", ByteBuffer.allocate(0), latch, verifier);
fail();
} catch (SSLException e) {
// expected
} finally {
server.stop();
}
}
use of javax.net.ssl.SSLException in project jersey by jersey.
the class SslFilter method handleWrite.
private void handleWrite(final ByteBuffer applicationData, final CompletionHandler<ByteBuffer> completionHandler) {
try {
// transport buffer always writes all data, so there are not leftovers in the networkOutputBuffer
networkOutputBuffer.clear();
SSLEngineResult result = sslEngine.wrap(applicationData, networkOutputBuffer);
switch(result.getStatus()) {
case BUFFER_OVERFLOW:
{
/* this means that the content of the ssl packet (max 16kB) did not fit into
networkOutputBuffer, we make sure to set networkOutputBuffer > max 16kB + SSL headers
when initializing this filter. This indicates a bug. */
throw new IllegalStateException("SSL packet does not fit into the network buffer: " + networkOutputBuffer + "\n" + getDebugState());
}
case BUFFER_UNDERFLOW:
{
/* This basically says that there is not enough data to create an SSL packet. Javadoc suggests that
BUFFER_UNDERFLOW can occur only after unwrap(), but to be 100% sure we handle all possible error states: */
throw new IllegalStateException("SSL engine underflow with the following application input: " + applicationData + "\n" + getDebugState());
}
case CLOSED:
{
state = State.CLOSED;
break;
}
case OK:
{
// check if we started re-handshaking
if (result.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
state = State.REHANDSHAKING;
}
networkOutputBuffer.flip();
// write only if something was written to the output buffer
if (networkOutputBuffer.hasRemaining()) {
writeQueue.write(networkOutputBuffer, new CompletionHandler<ByteBuffer>() {
@Override
public void completed(ByteBuffer result) {
handlePostWrite(applicationData, completionHandler);
}
@Override
public void failed(Throwable throwable) {
completionHandler.failed(throwable);
}
});
} else {
handlePostWrite(applicationData, completionHandler);
}
break;
}
}
} catch (SSLException e) {
handleSslError(e);
}
}
use of javax.net.ssl.SSLException in project android_frameworks_base by ParanoidAndroid.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Aggregations