Search in sources :

Example 56 with SSLException

use of javax.net.ssl.SSLException in project geode by apache.

the class SocketCreator method configureServerSSLSocket.

/**
   * Will be a server socket... this one simply registers the listeners.
   */
public void configureServerSSLSocket(Socket socket) throws IOException {
    if (socket instanceof SSLSocket) {
        SSLSocket sslSocket = (SSLSocket) socket;
        try {
            sslSocket.startHandshake();
            SSLSession session = sslSocket.getSession();
            Certificate[] peer = session.getPeerCertificates();
            if (logger.isDebugEnabled()) {
                logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
            }
        } catch (SSLPeerUnverifiedException ex) {
            if (this.sslConfig.isRequireAuth()) {
                logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
                throw ex;
            }
        } catch (SSLException ex) {
            logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
            throw ex;
        }
    }
}
Also used : SSLSocket(javax.net.ssl.SSLSocket) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SSLSession(javax.net.ssl.SSLSession) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 57 with SSLException

use of javax.net.ssl.SSLException in project rabbitmq-java-client by rabbitmq.

the class SocketChannelFrameHandlerFactory method create.

@Override
public FrameHandler create(Address addr, String connectionName) throws IOException {
    int portNumber = ConnectionFactory.portOrDefault(addr.getPort(), ssl);
    SSLEngine sslEngine = null;
    SocketChannel channel = null;
    try {
        if (ssl) {
            SSLContext sslContext = sslContextFactory.create(connectionName);
            sslEngine = sslContext.createSSLEngine(addr.getHost(), portNumber);
            sslEngine.setUseClientMode(true);
            if (nioParams.getSslEngineConfigurator() != null) {
                nioParams.getSslEngineConfigurator().configure(sslEngine);
            }
        }
        SocketAddress address = new InetSocketAddress(addr.getHost(), portNumber);
        channel = SocketChannel.open();
        channel.configureBlocking(true);
        if (nioParams.getSocketChannelConfigurator() != null) {
            nioParams.getSocketChannelConfigurator().configure(channel);
        }
        channel.connect(address);
        if (ssl) {
            sslEngine.beginHandshake();
            boolean handshake = SslEngineHelper.doHandshake(channel, sslEngine);
            if (!handshake) {
                throw new SSLException("TLS handshake failed");
            }
        }
        channel.configureBlocking(false);
        // lock
        stateLock.lock();
        NioLoopContext nioLoopContext = null;
        try {
            long modulo = globalConnectionCount.getAndIncrement() % nioParams.getNbIoThreads();
            nioLoopContext = nioLoopContexts.get((int) modulo);
            nioLoopContext.initStateIfNecessary();
            SocketChannelFrameHandlerState state = new SocketChannelFrameHandlerState(channel, nioLoopContext, nioParams, sslEngine);
            state.startReading();
            SocketChannelFrameHandler frameHandler = new SocketChannelFrameHandler(state);
            return frameHandler;
        } finally {
            stateLock.unlock();
        }
    } catch (IOException e) {
        try {
            if (sslEngine != null && channel != null) {
                SslEngineHelper.close(channel, sslEngine);
            }
            channel.close();
        } catch (IOException closingException) {
        // ignore
        }
        throw e;
    }
}
Also used : SocketChannel(java.nio.channels.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) InetSocketAddress(java.net.InetSocketAddress) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) SocketAddress(java.net.SocketAddress) InetSocketAddress(java.net.InetSocketAddress)

Example 58 with SSLException

use of javax.net.ssl.SSLException in project rabbitmq-java-client by rabbitmq.

the class SslEngineHelper method write.

public static void write(WritableByteChannel socketChannel, SSLEngine engine, ByteBuffer plainOut, ByteBuffer cypherOut) throws IOException {
    while (plainOut.hasRemaining()) {
        cypherOut.clear();
        SSLEngineResult result = engine.wrap(plainOut, cypherOut);
        switch(result.getStatus()) {
            case OK:
                cypherOut.flip();
                while (cypherOut.hasRemaining()) {
                    socketChannel.write(cypherOut);
                }
                break;
            case BUFFER_OVERFLOW:
                throw new SSLException("Buffer overflow occured after a wrap.");
            case BUFFER_UNDERFLOW:
                throw new SSLException("Buffer underflow occured after a wrap.");
            case CLOSED:
                throw new SSLException("Buffer closed");
            default:
                throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
        }
    }
}
Also used : SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLException(javax.net.ssl.SSLException)

Example 59 with SSLException

use of javax.net.ssl.SSLException in project Lucee by lucee.

the class AbsDefaultHostnameVerifier method verify.

public void verify(final String host, final X509Certificate cert) throws SSLException {
    final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
    final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
    final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
    final List<String> subjectAlts = extractSubjectAlts(cert, subjectType);
    if (subjectAlts != null && !subjectAlts.isEmpty()) {
        if (ipv4) {
            matchIPAddress(host, subjectAlts);
        } else if (ipv6) {
            matchIPv6Address(host, subjectAlts);
        } else {
            matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
        }
    } else {
        // CN matching has been deprecated by rfc2818 and can be used
        // as fallback only when no subjectAlts are available
        final X500Principal subjectPrincipal = cert.getSubjectX500Principal();
        final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253));
        if (cn == null) {
            throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names");
        }
        matchCN(host, cn, this.publicSuffixMatcher);
    }
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) SSLException(javax.net.ssl.SSLException)

Example 60 with SSLException

use of javax.net.ssl.SSLException in project Lucee by lucee.

the class AbsDefaultHostnameVerifier method extractCN.

static String extractCN(final String subjectPrincipal) throws SSLException {
    if (subjectPrincipal == null) {
        return null;
    }
    try {
        final LdapName subjectDN = new LdapName(subjectPrincipal);
        final List<Rdn> rdns = subjectDN.getRdns();
        for (int i = rdns.size() - 1; i >= 0; i--) {
            final Rdn rds = rdns.get(i);
            final Attributes attributes = rds.toAttributes();
            final Attribute cn = attributes.get("cn");
            if (cn != null) {
                try {
                    final Object value = cn.get();
                    if (value != null) {
                        return value.toString();
                    }
                } catch (NoSuchElementException ignore) {
                } catch (NamingException ignore) {
                }
            }
        }
        return null;
    } catch (InvalidNameException e) {
        throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
    }
}
Also used : InvalidNameException(javax.naming.InvalidNameException) Attribute(javax.naming.directory.Attribute) Attributes(javax.naming.directory.Attributes) NamingException(javax.naming.NamingException) Rdn(javax.naming.ldap.Rdn) SSLException(javax.net.ssl.SSLException) NoSuchElementException(java.util.NoSuchElementException) LdapName(javax.naming.ldap.LdapName)

Aggregations

SSLException (javax.net.ssl.SSLException)158 IOException (java.io.IOException)46 X509Certificate (java.security.cert.X509Certificate)26 SSLEngineResult (javax.net.ssl.SSLEngineResult)23 SocketException (java.net.SocketException)20 SSLSocket (javax.net.ssl.SSLSocket)20 ByteBuffer (java.nio.ByteBuffer)19 CertificateException (java.security.cert.CertificateException)19 Test (org.junit.Test)19 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)18 SSLContext (javax.net.ssl.SSLContext)15 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)15 SSLSession (javax.net.ssl.SSLSession)15 InetSocketAddress (java.net.InetSocketAddress)14 SSLEngine (javax.net.ssl.SSLEngine)14 X509TrustManager (javax.net.ssl.X509TrustManager)12 Bootstrap (io.netty.bootstrap.Bootstrap)11 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)11 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)11 Socket (java.net.Socket)11