Search in sources :

Example 26 with SSLException

use of javax.net.ssl.SSLException in project okhttp by square.

the class ConnectionReuseTest method connectionsAreNotReusedIfSslSocketFactoryChanges.

@Test
public void connectionsAreNotReusedIfSslSocketFactoryChanges() throws Exception {
    enableHttps();
    server.enqueue(new MockResponse());
    server.enqueue(new MockResponse());
    Request request = new Request.Builder().url(server.url("/")).build();
    Response response = client.newCall(request).execute();
    response.body().close();
    // This client shares a connection pool but has a different SSL socket factory.
    SslClient sslClient2 = new SslClient.Builder().build();
    OkHttpClient anotherClient = client.newBuilder().sslSocketFactory(sslClient2.socketFactory, sslClient2.trustManager).build();
    // This client fails to connect because the new SSL socket factory refuses.
    try {
        anotherClient.newCall(request).execute();
        fail();
    } catch (SSLException expected) {
    }
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) MockResponse(okhttp3.mockwebserver.MockResponse) SslClient(okhttp3.internal.tls.SslClient) SSLException(javax.net.ssl.SSLException) Test(org.junit.Test)

Example 27 with SSLException

use of javax.net.ssl.SSLException in project okhttp by square.

the class URLConnectionTest method connectViaHttpsReusingConnectionsDifferentFactories.

@Test
public void connectViaHttpsReusingConnectionsDifferentFactories() throws Exception {
    server.useHttps(sslClient.socketFactory, false);
    server.enqueue(new MockResponse().setBody("this response comes via HTTPS"));
    server.enqueue(new MockResponse().setBody("another response via HTTPS"));
    // install a custom SSL socket factory so the server can be authorized
    urlFactory.setClient(urlFactory.client().newBuilder().sslSocketFactory(sslClient.socketFactory, sslClient.trustManager).hostnameVerifier(new RecordingHostnameVerifier()).build());
    HttpURLConnection connection1 = urlFactory.open(server.url("/").url());
    assertContent("this response comes via HTTPS", connection1);
    SSLContext sslContext2 = SSLContext.getInstance("TLS");
    sslContext2.init(null, null, null);
    SSLSocketFactory sslSocketFactory2 = sslContext2.getSocketFactory();
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore) null);
    X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    urlFactory.setClient(urlFactory.client().newBuilder().sslSocketFactory(sslSocketFactory2, trustManager).build());
    HttpURLConnection connection2 = urlFactory.open(server.url("/").url());
    try {
        readAscii(connection2.getInputStream(), Integer.MAX_VALUE);
        fail("without an SSL socket factory, the connection should fail");
    } catch (SSLException expected) {
    }
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) HttpURLConnection(java.net.HttpURLConnection) OkHttpURLConnection(okhttp3.internal.huc.OkHttpURLConnection) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) SSLException(javax.net.ssl.SSLException) Test(org.junit.Test)

Example 28 with SSLException

use of javax.net.ssl.SSLException in project XobotOS by xamarin.

the class OpenSSLSocketImpl method verifyCertificateChain.

// used by NativeCrypto.SSLHandshakeCallbacks
@SuppressWarnings("unused")
@Override
public void verifyCertificateChain(byte[][] bytes, String authMethod) throws CertificateException {
    try {
        if (bytes == null || bytes.length == 0) {
            throw new SSLException("Peer sent no certificate");
        }
        X509Certificate[] peerCertificateChain = new X509Certificate[bytes.length];
        for (int i = 0; i < bytes.length; i++) {
            peerCertificateChain[i] = new X509CertImpl(bytes[i]);
        }
        boolean client = sslParameters.getUseClientMode();
        if (client) {
            sslParameters.getTrustManager().checkServerTrusted(peerCertificateChain, authMethod);
        } else {
            String authType = peerCertificateChain[0].getPublicKey().getAlgorithm();
            sslParameters.getTrustManager().checkClientTrusted(peerCertificateChain, authType);
        }
    } catch (CertificateException e) {
        throw e;
    } catch (RuntimeException e) {
        throw e;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) SocketException(java.net.SocketException) SSLProtocolException(javax.net.ssl.SSLProtocolException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 29 with SSLException

use of javax.net.ssl.SSLException in project XobotOS by xamarin.

the class AbstractVerifier method verify.

public final boolean verify(String host, SSLSession session) {
    try {
        Certificate[] certs = session.getPeerCertificates();
        X509Certificate x509 = (X509Certificate) certs[0];
        verify(host, x509);
        return true;
    } catch (SSLException e) {
        return false;
    }
}
Also used : SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 30 with SSLException

use of javax.net.ssl.SSLException in project XobotOS by xamarin.

the class SSLCertificateSocketFactory method verifyHostname.

/**
     * Verify the hostname of the certificate used by the other end of a
     * connected socket.  You MUST call this if you did not supply a hostname
     * to {@link #createSocket()}.  It is harmless to call this method
     * redundantly if the hostname has already been verified.
     *
     * <p>Wildcard certificates are allowed to verify any matching hostname,
     * so "foo.bar.example.com" is verified if the peer has a certificate
     * for "*.example.com".
     *
     * @param socket An SSL socket which has been connected to a server
     * @param hostname The expected hostname of the remote server
     * @throws IOException if something goes wrong handshaking with the server
     * @throws SSLPeerUnverifiedException if the server cannot prove its identity
     *
     * @hide
     */
public static void verifyHostname(Socket socket, String hostname) throws IOException {
    if (!(socket instanceof SSLSocket)) {
        throw new IllegalArgumentException("Attempt to verify non-SSL socket");
    }
    if (!isSslCheckRelaxed()) {
        // The code at the start of OpenSSLSocketImpl.startHandshake()
        // ensures that the call is idempotent, so we can safely call it.
        SSLSocket ssl = (SSLSocket) socket;
        ssl.startHandshake();
        SSLSession session = ssl.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        if (!HOSTNAME_VERIFIER.verify(hostname, session)) {
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
        }
    }
}
Also used : SSLSocket(javax.net.ssl.SSLSocket) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SSLSession(javax.net.ssl.SSLSession) SSLException(javax.net.ssl.SSLException)

Aggregations

SSLException (javax.net.ssl.SSLException)326 IOException (java.io.IOException)106 CertificateException (java.security.cert.CertificateException)54 X509Certificate (java.security.cert.X509Certificate)43 SslContext (io.netty.handler.ssl.SslContext)37 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)37 InetSocketAddress (java.net.InetSocketAddress)35 SSLEngineResult (javax.net.ssl.SSLEngineResult)34 SocketException (java.net.SocketException)33 Test (org.junit.Test)33 ByteBuffer (java.nio.ByteBuffer)32 SSLEngine (javax.net.ssl.SSLEngine)30 KeyStore (java.security.KeyStore)29 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29 SSLSocket (javax.net.ssl.SSLSocket)29 InputStream (java.io.InputStream)26 SSLContext (javax.net.ssl.SSLContext)25 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)24 Bootstrap (io.netty.bootstrap.Bootstrap)23 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)22