Example 36 with SSLException
use of javax.net.ssl.SSLException in project android_frameworks_base by crdroidandroid.
the class AbstractVerifier method verify.
public final boolean verify(String host, SSLSession session) {
try {
Certificate[] certs = session.getPeerCertificates();
X509Certificate x509 = (X509Certificate) certs[0];
verify(host, x509);
return true;
} catch (SSLException e) {
return false;
}
}
Also used :
SSLException(javax.net.ssl.SSLException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 37 with SSLException
use of javax.net.ssl.SSLException in project android_frameworks_base by AOSPA.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 38 with SSLException
use of javax.net.ssl.SSLException in project android_frameworks_base by DirtyUnicorns.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 39 with SSLException
use of javax.net.ssl.SSLException in project geode by apache.
the class TcpClient method getServerVersion.
private Short getServerVersion(InetSocketAddress ipAddr, int timeout) throws IOException, ClassNotFoundException {
int gossipVersion = TcpServer.getCurrentGossipVersion();
Short serverVersion = null;
// Get GemFire version of TcpServer first, before sending any other request.
synchronized (serverVersions) {
serverVersion = serverVersions.get(ipAddr);
}
if (serverVersion != null) {
return serverVersion;
}
gossipVersion = TcpServer.getOldGossipVersion();
Socket sock = null;
try {
sock = socketCreator.connect(ipAddr.getAddress(), ipAddr.getPort(), timeout, null, false);
sock.setSoTimeout(timeout);
} catch (SSLException e) {
throw new LocatorCancelException("Unable to form SSL connection", e);
}
try {
DataOutputStream out = new DataOutputStream(sock.getOutputStream());
out = new VersionedDataOutputStream(out, Version.GFE_57);
out.writeInt(gossipVersion);
VersionRequest verRequest = new VersionRequest();
DataSerializer.writeObject(verRequest, out);
out.flush();
InputStream inputStream = sock.getInputStream();
DataInputStream in = new DataInputStream(inputStream);
in = new VersionedDataInputStream(in, Version.GFE_57);
try {
Object readObject = DataSerializer.readObject(in);
if (!(readObject instanceof VersionResponse)) {
throw new LocatorCancelException("Unrecognisable response received: object is null. This could be the result of trying to connect a non-SSL-enabled locator to an SSL-enabled locator.");
}
VersionResponse response = (VersionResponse) readObject;
if (response != null) {
serverVersion = Short.valueOf(response.getVersionOrdinal());
synchronized (serverVersions) {
serverVersions.put(ipAddr, serverVersion);
}
return serverVersion;
}
} catch (EOFException ex) {
// old locators will not recognize the version request and will close the connection
}
} finally {
try {
// initiate an abort on close to shut down the server's socket
sock.setSoLinger(true, 0);
sock.close();
} catch (Exception e) {
logger.error("Error closing socket ", e);
}
}
if (logger.isDebugEnabled()) {
logger.debug("Locator " + ipAddr + " did not respond to a request for its version. I will assume it is using v5.7 for safety.");
}
synchronized (serverVersions) {
serverVersions.put(ipAddr, Version.GFE_57.ordinal());
}
return Short.valueOf(Version.GFE_57.ordinal());
}
Also used :
DataOutputStream(java.io.DataOutputStream)
VersionedDataOutputStream(org.apache.geode.internal.VersionedDataOutputStream)
DataInputStream(java.io.DataInputStream)
VersionedDataInputStream(org.apache.geode.internal.VersionedDataInputStream)
InputStream(java.io.InputStream)
DataInputStream(java.io.DataInputStream)
VersionedDataInputStream(org.apache.geode.internal.VersionedDataInputStream)
SSLException(javax.net.ssl.SSLException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
SSLException(javax.net.ssl.SSLException)
UnsupportedVersionException(org.apache.geode.cache.UnsupportedVersionException)
VersionedDataOutputStream(org.apache.geode.internal.VersionedDataOutputStream)
EOFException(java.io.EOFException)
Socket(java.net.Socket)
VersionedDataInputStream(org.apache.geode.internal.VersionedDataInputStream)
Example 40 with SSLException
use of javax.net.ssl.SSLException in project geode by apache.
the class TcpServer method run.
protected void run() {
Socket sock = null;
while (!shuttingDown) {
if (SystemFailure.getFailure() != null) {
// Allocate no objects here!
try {
srv_sock.close();
} catch (IOException ignore) {
// ignore
}
// throws
SystemFailure.checkFailure();
}
try {
try {
sock = srv_sock.accept();
} catch (SSLException ex) {
// SW: This is the case when there is a problem in locator
// SSL configuration, so need to exit otherwise goes into an
// infinite loop just filling the logs
log.error("Locator stopping due to SSL configuration problem.", ex);
shuttingDown = true;
continue;
}
processRequest(sock);
// looping=false; GemStoneAddition change
} catch (Exception ex) {
if (!shuttingDown) {
log.error("exception=", ex);
}
continue;
}
}
try {
srv_sock.close();
} catch (java.io.IOException ex) {
log.warn("exception closing server socket during shutdown", ex);
}
if (shuttingDown) {
log.info("locator shutting down");
executor.shutdown();
try {
executor.awaitTermination(SHUTDOWN_WAIT_TIME, TimeUnit.MILLISECONDS);
} catch (InterruptedException ignore) {
Thread.currentThread().interrupt();
}
handler.shutDown();
synchronized (this) {
// this.shutDown = true;
this.notifyAll();
}
}
}
Also used :
IOException(java.io.IOException)
IOException(java.io.IOException)
SSLException(javax.net.ssl.SSLException)
Socket(java.net.Socket)
ServerSocket(java.net.ServerSocket)
CancelException(org.apache.geode.CancelException)
StreamCorruptedException(java.io.StreamCorruptedException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
SSLException(javax.net.ssl.SSLException)
Aggregations
SSLException (javax.net.ssl.SSLException)326
IOException (java.io.IOException)106
CertificateException (java.security.cert.CertificateException)54
X509Certificate (java.security.cert.X509Certificate)43
SslContext (io.netty.handler.ssl.SslContext)37
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)37
InetSocketAddress (java.net.InetSocketAddress)35
SSLEngineResult (javax.net.ssl.SSLEngineResult)34
SocketException (java.net.SocketException)33
Test (org.junit.Test)33
ByteBuffer (java.nio.ByteBuffer)32
SSLEngine (javax.net.ssl.SSLEngine)30
KeyStore (java.security.KeyStore)29
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29
SSLSocket (javax.net.ssl.SSLSocket)29
InputStream (java.io.InputStream)26
SSLContext (javax.net.ssl.SSLContext)25
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)24
Bootstrap (io.netty.bootstrap.Bootstrap)23
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)22
