use of javax.net.ssl.SSLException in project geode by apache.
the class SocketCreator method configureServerSSLSocket.
/**
* Will be a server socket... this one simply registers the listeners.
*/
public void configureServerSSLSocket(Socket socket) throws IOException {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
try {
sslSocket.startHandshake();
SSLSession session = sslSocket.getSession();
Certificate[] peer = session.getPeerCertificates();
if (logger.isDebugEnabled()) {
logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
}
} catch (SSLPeerUnverifiedException ex) {
if (this.sslConfig.isRequireAuth()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
} catch (SSLException ex) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
}
}
use of javax.net.ssl.SSLException in project rabbitmq-java-client by rabbitmq.
the class SocketChannelFrameHandlerFactory method create.
@Override
public FrameHandler create(Address addr, String connectionName) throws IOException {
int portNumber = ConnectionFactory.portOrDefault(addr.getPort(), ssl);
SSLEngine sslEngine = null;
SocketChannel channel = null;
try {
if (ssl) {
SSLContext sslContext = sslContextFactory.create(connectionName);
sslEngine = sslContext.createSSLEngine(addr.getHost(), portNumber);
sslEngine.setUseClientMode(true);
if (nioParams.getSslEngineConfigurator() != null) {
nioParams.getSslEngineConfigurator().configure(sslEngine);
}
}
SocketAddress address = new InetSocketAddress(addr.getHost(), portNumber);
channel = SocketChannel.open();
channel.configureBlocking(true);
if (nioParams.getSocketChannelConfigurator() != null) {
nioParams.getSocketChannelConfigurator().configure(channel);
}
channel.connect(address);
if (ssl) {
sslEngine.beginHandshake();
boolean handshake = SslEngineHelper.doHandshake(channel, sslEngine);
if (!handshake) {
throw new SSLException("TLS handshake failed");
}
}
channel.configureBlocking(false);
// lock
stateLock.lock();
NioLoopContext nioLoopContext = null;
try {
long modulo = globalConnectionCount.getAndIncrement() % nioParams.getNbIoThreads();
nioLoopContext = nioLoopContexts.get((int) modulo);
nioLoopContext.initStateIfNecessary();
SocketChannelFrameHandlerState state = new SocketChannelFrameHandlerState(channel, nioLoopContext, nioParams, sslEngine);
state.startReading();
SocketChannelFrameHandler frameHandler = new SocketChannelFrameHandler(state);
return frameHandler;
} finally {
stateLock.unlock();
}
} catch (IOException e) {
try {
if (sslEngine != null && channel != null) {
SslEngineHelper.close(channel, sslEngine);
}
channel.close();
} catch (IOException closingException) {
// ignore
}
throw e;
}
}
use of javax.net.ssl.SSLException in project rabbitmq-java-client by rabbitmq.
the class SslEngineHelper method write.
public static void write(WritableByteChannel socketChannel, SSLEngine engine, ByteBuffer plainOut, ByteBuffer cypherOut) throws IOException {
while (plainOut.hasRemaining()) {
cypherOut.clear();
SSLEngineResult result = engine.wrap(plainOut, cypherOut);
switch(result.getStatus()) {
case OK:
cypherOut.flip();
while (cypherOut.hasRemaining()) {
socketChannel.write(cypherOut);
}
break;
case BUFFER_OVERFLOW:
throw new SSLException("Buffer overflow occured after a wrap.");
case BUFFER_UNDERFLOW:
throw new SSLException("Buffer underflow occured after a wrap.");
case CLOSED:
throw new SSLException("Buffer closed");
default:
throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
}
}
}
use of javax.net.ssl.SSLException in project Lucee by lucee.
the class AbsDefaultHostnameVerifier method verify.
public void verify(final String host, final X509Certificate cert) throws SSLException {
final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
final List<String> subjectAlts = extractSubjectAlts(cert, subjectType);
if (subjectAlts != null && !subjectAlts.isEmpty()) {
if (ipv4) {
matchIPAddress(host, subjectAlts);
} else if (ipv6) {
matchIPv6Address(host, subjectAlts);
} else {
matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
}
} else {
// CN matching has been deprecated by rfc2818 and can be used
// as fallback only when no subjectAlts are available
final X500Principal subjectPrincipal = cert.getSubjectX500Principal();
final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253));
if (cn == null) {
throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names");
}
matchCN(host, cn, this.publicSuffixMatcher);
}
}
use of javax.net.ssl.SSLException in project Lucee by lucee.
the class AbsDefaultHostnameVerifier method extractCN.
static String extractCN(final String subjectPrincipal) throws SSLException {
if (subjectPrincipal == null) {
return null;
}
try {
final LdapName subjectDN = new LdapName(subjectPrincipal);
final List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
final Rdn rds = rdns.get(i);
final Attributes attributes = rds.toAttributes();
final Attribute cn = attributes.get("cn");
if (cn != null) {
try {
final Object value = cn.get();
if (value != null) {
return value.toString();
}
} catch (NoSuchElementException ignore) {
} catch (NamingException ignore) {
}
}
}
return null;
} catch (InvalidNameException e) {
throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
}
Aggregations