Search in sources :

Example 1 with SSLException

use of javax.net.ssl.SSLException in project jetty.project by eclipse.

the class ConnectorTimeoutTest method testMaxIdleNothingSent.

@Test(timeout = 60000)
public void testMaxIdleNothingSent() throws Exception {
    configureServer(new EchoHandler());
    Socket client = newSocket(_serverURI.getHost(), _serverURI.getPort());
    client.setSoTimeout(10000);
    InputStream is = client.getInputStream();
    Assert.assertFalse(client.isClosed());
    Thread.sleep(sleepTime);
    long start = System.currentTimeMillis();
    try {
        IO.toString(is);
        Assert.assertEquals(-1, is.read());
    } catch (SSLException e) {
    // e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    Assert.assertTrue(System.currentTimeMillis() - start < maximumTestRuntime);
}
Also used : InputStream(java.io.InputStream) SSLException(javax.net.ssl.SSLException) Socket(java.net.Socket) ServletException(javax.servlet.ServletException) SocketException(java.net.SocketException) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) Test(org.junit.Test)

Example 2 with SSLException

use of javax.net.ssl.SSLException in project jetty.project by eclipse.

the class ConnectorTimeoutTest method testBlockingTimeoutRead.

@Test(timeout = 60000)
// TODO make more stable
@Ignore
public void testBlockingTimeoutRead() throws Exception {
    _httpConfiguration.setBlockingTimeout(750L);
    configureServer(new EchoHandler());
    Socket client = newSocket(_serverURI.getHost(), _serverURI.getPort());
    client.setSoTimeout(10000);
    InputStream is = client.getInputStream();
    Assert.assertFalse(client.isClosed());
    OutputStream os = client.getOutputStream();
    os.write(("GET / HTTP/1.1\r\n" + "host: " + _serverURI.getHost() + ":" + _serverURI.getPort() + "\r\n" + "Transfer-Encoding: chunked\r\n" + "Content-Type: text/plain\r\n" + "Connection: close\r\n" + "\r\n" + "5\r\n" + "LMNOP\r\n").getBytes("utf-8"));
    os.flush();
    long start = System.currentTimeMillis();
    try (StacklessLogging stackless = new StacklessLogging(HttpChannel.class)) {
        Thread.sleep(300);
        os.write("1".getBytes("utf-8"));
        os.flush();
        Thread.sleep(300);
        os.write("0".getBytes("utf-8"));
        os.flush();
        Thread.sleep(300);
        os.write("\r".getBytes("utf-8"));
        os.flush();
        Thread.sleep(300);
        os.write("\n".getBytes("utf-8"));
        os.flush();
        Thread.sleep(300);
        os.write("0123456789ABCDEF\r\n".getBytes("utf-8"));
        os.write("0\r\n".getBytes("utf-8"));
        os.write("\r\n".getBytes("utf-8"));
        os.flush();
    } catch (Exception e) {
    }
    long duration = System.currentTimeMillis() - start;
    Assert.assertThat(duration, Matchers.greaterThan(500L));
    try {
        // read the response
        String response = IO.toString(is);
        Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 500 "));
        Assert.assertThat(response, Matchers.containsString("InterruptedIOException"));
    } catch (SSLException e) {
    }
}
Also used : InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) StacklessLogging(org.eclipse.jetty.util.log.StacklessLogging) SSLException(javax.net.ssl.SSLException) Socket(java.net.Socket) ServletException(javax.servlet.ServletException) SocketException(java.net.SocketException) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 3 with SSLException

use of javax.net.ssl.SSLException in project jersey by jersey.

the class SslFilterTest method testCustomHostameVerificationFail.

@Test
public void testCustomHostameVerificationFail() throws Throwable {
    CountDownLatch latch = new CountDownLatch(1);
    SslEchoServer server = new SslEchoServer();
    try {
        server.start();
        HostnameVerifier verifier = new HostnameVerifier() {

            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return false;
            }
        };
        openClientSocket("localhost", ByteBuffer.allocate(0), latch, verifier);
        fail();
    } catch (SSLException e) {
    // expected
    } finally {
        server.stop();
    }
}
Also used : SSLSession(javax.net.ssl.SSLSession) CountDownLatch(java.util.concurrent.CountDownLatch) SSLException(javax.net.ssl.SSLException) HostnameVerifier(javax.net.ssl.HostnameVerifier) Test(org.junit.Test)

Example 4 with SSLException

use of javax.net.ssl.SSLException in project jersey by jersey.

the class SslFilter method handleWrite.

private void handleWrite(final ByteBuffer applicationData, final CompletionHandler<ByteBuffer> completionHandler) {
    try {
        // transport buffer always writes all data, so there are not leftovers in the networkOutputBuffer
        networkOutputBuffer.clear();
        SSLEngineResult result = sslEngine.wrap(applicationData, networkOutputBuffer);
        switch(result.getStatus()) {
            case BUFFER_OVERFLOW:
                {
                    /* this means that the content of the ssl packet (max 16kB) did not fit into
                       networkOutputBuffer, we make sure to set networkOutputBuffer > max 16kB + SSL headers
                       when initializing this filter. This indicates a bug. */
                    throw new IllegalStateException("SSL packet does not fit into the network buffer: " + networkOutputBuffer + "\n" + getDebugState());
                }
            case BUFFER_UNDERFLOW:
                {
                    /* This basically says that there is not enough data to create an SSL packet. Javadoc suggests that
                    BUFFER_UNDERFLOW can occur only after unwrap(), but to be 100% sure we handle all possible error states: */
                    throw new IllegalStateException("SSL engine underflow with the following application input: " + applicationData + "\n" + getDebugState());
                }
            case CLOSED:
                {
                    state = State.CLOSED;
                    break;
                }
            case OK:
                {
                    // check if we started re-handshaking
                    if (result.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                        state = State.REHANDSHAKING;
                    }
                    networkOutputBuffer.flip();
                    // write only if something was written to the output buffer
                    if (networkOutputBuffer.hasRemaining()) {
                        writeQueue.write(networkOutputBuffer, new CompletionHandler<ByteBuffer>() {

                            @Override
                            public void completed(ByteBuffer result) {
                                handlePostWrite(applicationData, completionHandler);
                            }

                            @Override
                            public void failed(Throwable throwable) {
                                completionHandler.failed(throwable);
                            }
                        });
                    } else {
                        handlePostWrite(applicationData, completionHandler);
                    }
                    break;
                }
        }
    } catch (SSLException e) {
        handleSslError(e);
    }
}
Also used : SSLEngineResult(javax.net.ssl.SSLEngineResult) ByteBuffer(java.nio.ByteBuffer) SSLException(javax.net.ssl.SSLException)

Example 5 with SSLException

use of javax.net.ssl.SSLException in project android_frameworks_base by ParanoidAndroid.

the class SSLCertificateSocketFactory method verifyHostname.

/**
     * Verify the hostname of the certificate used by the other end of a
     * connected socket.  You MUST call this if you did not supply a hostname
     * to {@link #createSocket()}.  It is harmless to call this method
     * redundantly if the hostname has already been verified.
     *
     * <p>Wildcard certificates are allowed to verify any matching hostname,
     * so "foo.bar.example.com" is verified if the peer has a certificate
     * for "*.example.com".
     *
     * @param socket An SSL socket which has been connected to a server
     * @param hostname The expected hostname of the remote server
     * @throws IOException if something goes wrong handshaking with the server
     * @throws SSLPeerUnverifiedException if the server cannot prove its identity
     *
     * @hide
     */
public static void verifyHostname(Socket socket, String hostname) throws IOException {
    if (!(socket instanceof SSLSocket)) {
        throw new IllegalArgumentException("Attempt to verify non-SSL socket");
    }
    if (!isSslCheckRelaxed()) {
        // The code at the start of OpenSSLSocketImpl.startHandshake()
        // ensures that the call is idempotent, so we can safely call it.
        SSLSocket ssl = (SSLSocket) socket;
        ssl.startHandshake();
        SSLSession session = ssl.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
        }
    }
}
Also used : SSLSocket(javax.net.ssl.SSLSocket) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SSLSession(javax.net.ssl.SSLSession) SSLException(javax.net.ssl.SSLException)

Aggregations

SSLException (javax.net.ssl.SSLException)326 IOException (java.io.IOException)106 CertificateException (java.security.cert.CertificateException)54 X509Certificate (java.security.cert.X509Certificate)43 SslContext (io.netty.handler.ssl.SslContext)37 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)37 InetSocketAddress (java.net.InetSocketAddress)35 SSLEngineResult (javax.net.ssl.SSLEngineResult)34 SocketException (java.net.SocketException)33 Test (org.junit.Test)33 ByteBuffer (java.nio.ByteBuffer)32 SSLEngine (javax.net.ssl.SSLEngine)30 KeyStore (java.security.KeyStore)29 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29 SSLSocket (javax.net.ssl.SSLSocket)29 InputStream (java.io.InputStream)26 SSLContext (javax.net.ssl.SSLContext)25 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)24 Bootstrap (io.netty.bootstrap.Bootstrap)23 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)22