Search in sources :

Example 91 with SSLException

use of javax.net.ssl.SSLException in project http-kit by http-kit.

the class HttpClient method processPending.

private void processPending() {
    Request job = pending.peek();
    if (job != null) {
        if (job.cfg.keepAlive > 0) {
            PersistentConn con = keepalives.remove(job.addr);
            if (con != null) {
                // keep alive
                SelectionKey key = con.key;
                if (key.isValid()) {
                    job.isReuseConn = true;
                    // reuse key, engine
                    try {
                        job.recycle((Request) key.attachment());
                        key.attach(job);
                        key.interestOps(OP_WRITE);
                        requests.offer(job);
                        pending.poll();
                        return;
                    } catch (SSLException e) {
                        // https wrap SSLException, start from fresh
                        closeQuietly(key);
                    }
                } else {
                    // this should not happen often
                    closeQuietly(key);
                }
            }
        }
        if (maxConnections == -1 || numConnections < maxConnections) {
            try {
                pending.poll();
                SocketChannel ch = SocketChannel.open();
                ch.setOption(StandardSocketOptions.SO_KEEPALIVE, Boolean.TRUE);
                ch.setOption(StandardSocketOptions.TCP_NODELAY, Boolean.TRUE);
                ch.configureBlocking(false);
                boolean connected = ch.connect(job.addr);
                job.isConnected = connected;
                numConnections++;
                // if connection is established immediatelly, should wait for write. Fix #98
                job.key = ch.register(selector, connected ? OP_WRITE : OP_CONNECT, job);
                // save key for timeout check
                requests.offer(job);
            } catch (IOException e) {
                job.finish(e);
            // HttpUtils.printError("Try to connect " + job.addr, e);
            }
        }
    }
}
Also used : SelectionKey(java.nio.channels.SelectionKey) SocketChannel(java.nio.channels.SocketChannel) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException)

Example 92 with SSLException

use of javax.net.ssl.SSLException in project netty by netty.

the class ReferenceCountedOpenSslClientContext method newSessionContext.

static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap, X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory) throws SSLException {
    if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
        throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
    }
    synchronized (ReferenceCountedOpenSslContext.class) {
        try {
            if (!OpenSsl.useKeyManagerFactory()) {
                if (keyManagerFactory != null) {
                    throw new IllegalArgumentException("KeyManagerFactory not supported");
                }
                if (keyCertChain != null) /* && key != null*/
                {
                    setKeyMaterial(ctx, keyCertChain, key, keyPassword);
                }
            } else {
                // javadocs state that keyManagerFactory has precedent over keyCertChain
                if (keyManagerFactory == null && keyCertChain != null) {
                    keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
                }
                if (keyManagerFactory != null) {
                    X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
                    OpenSslKeyMaterialManager materialManager = useExtendedKeyManager(keyManager) ? new OpenSslExtendedKeyMaterialManager((X509ExtendedKeyManager) keyManager, keyPassword) : new OpenSslKeyMaterialManager(keyManager, keyPassword);
                    SSLContext.setCertRequestedCallback(ctx, new OpenSslCertificateRequestedCallback(engineMap, materialManager));
                }
            }
        } catch (Exception e) {
            throw new SSLException("failed to set certificate and key", e);
        }
        SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
        try {
            if (trustCertCollection != null) {
                trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
            } else if (trustManagerFactory == null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
            }
            final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
            // Use this to prevent an error when running on java < 7
            if (useExtendedTrustManager(manager)) {
                SSLContext.setCertVerifyCallback(ctx, new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
            } else {
                SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
            }
        } catch (Exception e) {
            throw new SSLException("unable to setup trustmanager", e);
        }
    }
    return new OpenSslClientSessionContext(thiz);
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) SSLException(javax.net.ssl.SSLException) KeyStore(java.security.KeyStore) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) SSLException(javax.net.ssl.SSLException) X509TrustManager(javax.net.ssl.X509TrustManager) X509KeyManager(javax.net.ssl.X509KeyManager)

Example 93 with SSLException

use of javax.net.ssl.SSLException in project netty by netty.

the class ReferenceCountedOpenSslContext method setKeyMaterial.

static void setKeyMaterial(long ctx, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword) throws SSLException {
    /* Load the certificate file and private key. */
    long keyBio = 0;
    long keyCertChainBio = 0;
    long keyCertChainBio2 = 0;
    PemEncoded encoded = null;
    try {
        // Only encode one time
        encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, keyCertChain);
        keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
        keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
        if (key != null) {
            keyBio = toBIO(key);
        }
        SSLContext.setCertificateBio(ctx, keyCertChainBio, keyBio, keyPassword == null ? StringUtil.EMPTY_STRING : keyPassword);
        // We may have more then one cert in the chain so add all of them now.
        SSLContext.setCertificateChainBio(ctx, keyCertChainBio2, true);
    } catch (SSLException e) {
        throw e;
    } catch (Exception e) {
        throw new SSLException("failed to set certificate and key", e);
    } finally {
        freeBio(keyBio);
        freeBio(keyCertChainBio);
        freeBio(keyCertChainBio2);
        if (encoded != null) {
            encoded.release();
        }
    }
}
Also used : SSLException(javax.net.ssl.SSLException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateRevokedException(java.security.cert.CertificateRevokedException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) SSLException(javax.net.ssl.SSLException)

Example 94 with SSLException

use of javax.net.ssl.SSLException in project netty by netty.

the class ReferenceCountedOpenSslServerContext method newSessionContext.

static ServerContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap, X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory) throws SSLException {
    ServerContext result = new ServerContext();
    synchronized (ReferenceCountedOpenSslContext.class) {
        try {
            SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
            if (!OpenSsl.useKeyManagerFactory()) {
                if (keyManagerFactory != null) {
                    throw new IllegalArgumentException("KeyManagerFactory not supported");
                }
                checkNotNull(keyCertChain, "keyCertChain");
                setKeyMaterial(ctx, keyCertChain, key, keyPassword);
            } else {
                // keyManagerFactory for the server so build one if it is not specified.
                if (keyManagerFactory == null) {
                    keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
                }
                X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
                result.keyMaterialManager = useExtendedKeyManager(keyManager) ? new OpenSslExtendedKeyMaterialManager((X509ExtendedKeyManager) keyManager, keyPassword) : new OpenSslKeyMaterialManager(keyManager, keyPassword);
            }
        } catch (Exception e) {
            throw new SSLException("failed to set certificate and key", e);
        }
        try {
            if (trustCertCollection != null) {
                trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
            } else if (trustManagerFactory == null) {
                // Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
            }
            final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
            // Use this to prevent an error when running on java < 7
            if (useExtendedTrustManager(manager)) {
                SSLContext.setCertVerifyCallback(ctx, new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
            } else {
                SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
            }
            X509Certificate[] issuers = manager.getAcceptedIssuers();
            if (issuers != null && issuers.length > 0) {
                long bio = 0;
                try {
                    bio = toBIO(issuers);
                    if (!SSLContext.setCACertificateBio(ctx, bio)) {
                        throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
                    }
                } finally {
                    freeBio(bio);
                }
            }
        } catch (SSLException e) {
            throw e;
        } catch (Exception e) {
            throw new SSLException("unable to setup trustmanager", e);
        }
    }
    result.sessionContext = new OpenSslServerSessionContext(thiz);
    result.sessionContext.setSessionIdContext(ID);
    return result;
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) SSLException(javax.net.ssl.SSLException) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) X509TrustManager(javax.net.ssl.X509TrustManager) X509KeyManager(javax.net.ssl.X509KeyManager)

Example 95 with SSLException

use of javax.net.ssl.SSLException in project netty by netty.

the class JdkSslClientContext method newSSLContext.

private static SSLContext newSSLContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, long sessionCacheSize, long sessionTimeout) throws SSLException {
    try {
        if (trustCertCollection != null) {
            trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
        }
        if (keyCertChain != null) {
            keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
        }
        SSLContext ctx = SSLContext.getInstance(PROTOCOL);
        ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(), null);
        SSLSessionContext sessCtx = ctx.getClientSessionContext();
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the client-side SSL context", e);
    }
}
Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) SSLContext(javax.net.ssl.SSLContext) SSLException(javax.net.ssl.SSLException) SSLException(javax.net.ssl.SSLException)

Aggregations

SSLException (javax.net.ssl.SSLException)158 IOException (java.io.IOException)46 X509Certificate (java.security.cert.X509Certificate)26 SSLEngineResult (javax.net.ssl.SSLEngineResult)23 SocketException (java.net.SocketException)20 SSLSocket (javax.net.ssl.SSLSocket)20 ByteBuffer (java.nio.ByteBuffer)19 CertificateException (java.security.cert.CertificateException)19 Test (org.junit.Test)19 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)18 SSLContext (javax.net.ssl.SSLContext)15 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)15 SSLSession (javax.net.ssl.SSLSession)15 InetSocketAddress (java.net.InetSocketAddress)14 SSLEngine (javax.net.ssl.SSLEngine)14 X509TrustManager (javax.net.ssl.X509TrustManager)12 Bootstrap (io.netty.bootstrap.Bootstrap)11 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)11 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)11 Socket (java.net.Socket)11