use of javax.net.ssl.SSLException in project okhttp by square.
the class ConnectionReuseTest method connectionsAreNotReusedIfSslSocketFactoryChanges.
@Test
public void connectionsAreNotReusedIfSslSocketFactoryChanges() throws Exception {
enableHttps();
server.enqueue(new MockResponse());
server.enqueue(new MockResponse());
Request request = new Request.Builder().url(server.url("/")).build();
Response response = client.newCall(request).execute();
response.body().close();
// This client shares a connection pool but has a different SSL socket factory.
SslClient sslClient2 = new SslClient.Builder().build();
OkHttpClient anotherClient = client.newBuilder().sslSocketFactory(sslClient2.socketFactory, sslClient2.trustManager).build();
// This client fails to connect because the new SSL socket factory refuses.
try {
anotherClient.newCall(request).execute();
fail();
} catch (SSLException expected) {
}
}
use of javax.net.ssl.SSLException in project okhttp by square.
the class URLConnectionTest method connectViaHttpsReusingConnectionsDifferentFactories.
@Test
public void connectViaHttpsReusingConnectionsDifferentFactories() throws Exception {
server.useHttps(sslClient.socketFactory, false);
server.enqueue(new MockResponse().setBody("this response comes via HTTPS"));
server.enqueue(new MockResponse().setBody("another response via HTTPS"));
// install a custom SSL socket factory so the server can be authorized
urlFactory.setClient(urlFactory.client().newBuilder().sslSocketFactory(sslClient.socketFactory, sslClient.trustManager).hostnameVerifier(new RecordingHostnameVerifier()).build());
HttpURLConnection connection1 = urlFactory.open(server.url("/").url());
assertContent("this response comes via HTTPS", connection1);
SSLContext sslContext2 = SSLContext.getInstance("TLS");
sslContext2.init(null, null, null);
SSLSocketFactory sslSocketFactory2 = sslContext2.getSocketFactory();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
urlFactory.setClient(urlFactory.client().newBuilder().sslSocketFactory(sslSocketFactory2, trustManager).build());
HttpURLConnection connection2 = urlFactory.open(server.url("/").url());
try {
readAscii(connection2.getInputStream(), Integer.MAX_VALUE);
fail("without an SSL socket factory, the connection should fail");
} catch (SSLException expected) {
}
}
use of javax.net.ssl.SSLException in project XobotOS by xamarin.
the class OpenSSLSocketImpl method verifyCertificateChain.
// used by NativeCrypto.SSLHandshakeCallbacks
@SuppressWarnings("unused")
@Override
public void verifyCertificateChain(byte[][] bytes, String authMethod) throws CertificateException {
try {
if (bytes == null || bytes.length == 0) {
throw new SSLException("Peer sent no certificate");
}
X509Certificate[] peerCertificateChain = new X509Certificate[bytes.length];
for (int i = 0; i < bytes.length; i++) {
peerCertificateChain[i] = new X509CertImpl(bytes[i]);
}
boolean client = sslParameters.getUseClientMode();
if (client) {
sslParameters.getTrustManager().checkServerTrusted(peerCertificateChain, authMethod);
} else {
String authType = peerCertificateChain[0].getPublicKey().getAlgorithm();
sslParameters.getTrustManager().checkClientTrusted(peerCertificateChain, authType);
}
} catch (CertificateException e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of javax.net.ssl.SSLException in project XobotOS by xamarin.
the class AbstractVerifier method verify.
public final boolean verify(String host, SSLSession session) {
try {
Certificate[] certs = session.getPeerCertificates();
X509Certificate x509 = (X509Certificate) certs[0];
verify(host, x509);
return true;
} catch (SSLException e) {
return false;
}
}
use of javax.net.ssl.SSLException in project XobotOS by xamarin.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HOSTNAME_VERIFIER.verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Aggregations