Example 41 with SSLException
use of javax.net.ssl.SSLException in project geode by apache.
the class AcceptorImpl method accept.
/**
* {@linkplain ServerSocket#accept Listens}for a client to connect and then creates a new
* {@link ServerConnection}to handle messages from that client.
*/
@Override
public void accept() {
while (isRunning()) {
if (SystemFailure.getFailure() != null) {
// Allocate no objects here!
ServerSocket s = serverSock;
if (s != null) {
try {
s.close();
} catch (IOException e) {
// don't care
}
}
// throws
SystemFailure.checkFailure();
}
// moved this check out of the try. If we are cancelled then we need
// to break out of this while loop.
// throws
crHelper.checkCancelInProgress(null);
Socket s = null;
try {
s = serverSock.accept();
// throws
crHelper.checkCancelInProgress(null);
// Optionally enable SO_KEEPALIVE in the OS network protocol.
s.setKeepAlive(SocketCreator.ENABLE_TCP_KEEP_ALIVE);
synchronized (this.syncLock) {
if (!isRunning()) {
closeSocket(s);
break;
}
}
this.loggedAcceptError = false;
handOffNewClientConnection(s);
} catch (InterruptedIOException e) {
// Solaris only
closeSocket(s);
if (isRunning()) {
if (logger.isDebugEnabled()) {
logger.debug("Aborted due to interrupt: {}", e);
}
}
} catch (IOException e) {
if (isRunning()) {
if (e instanceof SSLException) {
try {
// Try to send a proper rejection message
ServerHandShakeProcessor.refuse(s.getOutputStream(), e.toString(), HandShake.REPLY_EXCEPTION_AUTHENTICATION_FAILED);
} catch (IOException ex) {
if (logger.isDebugEnabled()) {
logger.debug("Bridge server: Unable to write SSL error");
}
}
}
}
closeSocket(s);
if (isRunning()) {
if (!this.loggedAcceptError) {
this.loggedAcceptError = true;
logger.error(LocalizedMessage.create(LocalizedStrings.AcceptorImpl_CACHE_SERVER_UNEXPECTED_IOEXCEPTION_FROM_ACCEPT, e));
}
// Why sleep?
// try {Thread.sleep(3000);} catch (InterruptedException ie) {}
}
} catch (CancelException e) {
closeSocket(s);
throw e;
} catch (Exception e) {
closeSocket(s);
if (isRunning()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.AcceptorImpl_CACHE_SERVER_UNEXPECTED_EXCEPTION, e));
}
}
}
}
Also used :
InterruptedIOException(java.io.InterruptedIOException)
ServerSocket(java.net.ServerSocket)
InterruptedIOException(java.io.InterruptedIOException)
IOException(java.io.IOException)
CancelException(org.apache.geode.CancelException)
SSLException(javax.net.ssl.SSLException)
ServerSocket(java.net.ServerSocket)
Socket(java.net.Socket)
RegionDestroyedException(org.apache.geode.cache.RegionDestroyedException)
CancelException(org.apache.geode.CancelException)
EOFException(java.io.EOFException)
SSLException(javax.net.ssl.SSLException)
CancelledKeyException(java.nio.channels.CancelledKeyException)
BindException(java.net.BindException)
InterruptedIOException(java.io.InterruptedIOException)
SocketException(java.net.SocketException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
SocketTimeoutException(java.net.SocketTimeoutException)
ClosedChannelException(java.nio.channels.ClosedChannelException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
ClosedSelectorException(java.nio.channels.ClosedSelectorException)
ToDataException(org.apache.geode.ToDataException)
Example 42 with SSLException
use of javax.net.ssl.SSLException in project geode by apache.
the class TCPConduit method run.
/**
* this is the server socket listener thread's run loop
*/
public void run() {
ConnectionTable.threadWantsSharedResources();
if (logger.isTraceEnabled(LogMarker.DM)) {
logger.trace(LogMarker.DM, "Starting P2P Listener on {}", id);
}
for (; ; ) {
SystemFailure.checkFailure();
if (stopper.isCancelInProgress()) {
break;
}
if (stopped) {
break;
}
if (Thread.currentThread().isInterrupted()) {
break;
}
if (stopper.isCancelInProgress()) {
// part of bug 37271
break;
}
Socket othersock = null;
try {
if (this.useNIO) {
SocketChannel otherChannel = channel.accept();
othersock = otherChannel.socket();
} else {
try {
othersock = socket.accept();
} catch (SSLException ex) {
// SW: This is the case when there is a problem in P2P
// SSL configuration, so need to exit otherwise goes into an
// infinite loop just filling the logs
logger.warn(LocalizedMessage.create(LocalizedStrings.TCPConduit_STOPPING_P2P_LISTENER_DUE_TO_SSL_CONFIGURATION_PROBLEM), ex);
break;
}
socketCreator.configureServerSSLSocket(othersock);
}
if (stopped) {
try {
if (othersock != null) {
othersock.close();
}
} catch (Exception e) {
}
continue;
}
acceptConnection(othersock);
} catch (ClosedByInterruptException cbie) {
// safe to ignore
} catch (ClosedChannelException e) {
// we're dead
break;
} catch (CancelException e) {
break;
} catch (Exception e) {
if (!stopped) {
if (e instanceof SocketException && "Socket closed".equalsIgnoreCase(e.getMessage())) {
// safe to ignore; see bug 31156
if (!socket.isClosed()) {
logger.warn(LocalizedMessage.create(LocalizedStrings.TCPConduit_SERVERSOCKET_THREW_SOCKET_CLOSED_EXCEPTION_BUT_SAYS_IT_IS_NOT_CLOSED), e);
try {
socket.close();
createServerSocket();
} catch (IOException ioe) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.TCPConduit_UNABLE_TO_CLOSE_AND_RECREATE_SERVER_SOCKET), ioe);
// post 5.1.0x, this should force shutdown
try {
Thread.sleep(5000);
} catch (InterruptedException ie) {
// Don't reset; we're just exiting the thread
logger.info(LocalizedMessage.create(LocalizedStrings.TCPConduit_INTERRUPTED_AND_EXITING_WHILE_TRYING_TO_RECREATE_LISTENER_SOCKETS));
return;
}
}
}
} else {
this.stats.incFailedAccept();
if (e instanceof IOException && "Too many open files".equals(e.getMessage())) {
getConTable().fileDescriptorsExhausted();
} else {
logger.warn(e.getMessage(), e);
}
}
}
// connections.cleanupLowWater();
}
if (!stopped && socket.isClosed()) {
// NOTE: do not check for distributed system closing here. Messaging
// may need to occur during the closing of the DS or cache
logger.warn(LocalizedMessage.create(LocalizedStrings.TCPConduit_SERVERSOCKET_CLOSED_REOPENING));
try {
createServerSocket();
} catch (ConnectionException ex) {
logger.warn(ex.getMessage(), ex);
}
}
}
if (logger.isTraceEnabled(LogMarker.DM)) {
logger.debug("Stopped P2P Listener on {}", id);
}
}
Also used :
ClosedByInterruptException(java.nio.channels.ClosedByInterruptException)
SocketChannel(java.nio.channels.SocketChannel)
ServerSocketChannel(java.nio.channels.ServerSocketChannel)
ClosedChannelException(java.nio.channels.ClosedChannelException)
SocketException(java.net.SocketException)
CancelException(org.apache.geode.CancelException)
IOException(java.io.IOException)
SSLException(javax.net.ssl.SSLException)
Socket(java.net.Socket)
ServerSocket(java.net.ServerSocket)
SocketException(java.net.SocketException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
DistributedSystemDisconnectedException(org.apache.geode.distributed.DistributedSystemDisconnectedException)
CancelException(org.apache.geode.CancelException)
ClosedChannelException(java.nio.channels.ClosedChannelException)
IOException(java.io.IOException)
ClosedByInterruptException(java.nio.channels.ClosedByInterruptException)
SSLException(javax.net.ssl.SSLException)
Example 43 with SSLException
use of javax.net.ssl.SSLException in project geode by apache.
the class SocketCreator method configureServerSSLSocket.
/**
* Will be a server socket... this one simply registers the listeners.
*/
public void configureServerSSLSocket(Socket socket) throws IOException {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
try {
sslSocket.startHandshake();
SSLSession session = sslSocket.getSession();
Certificate[] peer = session.getPeerCertificates();
if (logger.isDebugEnabled()) {
logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
}
} catch (SSLPeerUnverifiedException ex) {
if (this.sslConfig.isRequireAuth()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
} catch (SSLException ex) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 44 with SSLException
use of javax.net.ssl.SSLException in project Lucee by lucee.
the class AbsDefaultHostnameVerifier method verify.
public void verify(final String host, final X509Certificate cert) throws SSLException {
final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
final List<String> subjectAlts = extractSubjectAlts(cert, subjectType);
if (subjectAlts != null && !subjectAlts.isEmpty()) {
if (ipv4) {
matchIPAddress(host, subjectAlts);
} else if (ipv6) {
matchIPv6Address(host, subjectAlts);
} else {
matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
}
} else {
// CN matching has been deprecated by rfc2818 and can be used
// as fallback only when no subjectAlts are available
final X500Principal subjectPrincipal = cert.getSubjectX500Principal();
final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253));
if (cn == null) {
throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names");
}
matchCN(host, cn, this.publicSuffixMatcher);
}
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
SSLException(javax.net.ssl.SSLException)
Example 45 with SSLException
use of javax.net.ssl.SSLException in project Lucee by lucee.
the class AbsDefaultHostnameVerifier method extractCN.
static String extractCN(final String subjectPrincipal) throws SSLException {
if (subjectPrincipal == null) {
return null;
}
try {
final LdapName subjectDN = new LdapName(subjectPrincipal);
final List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
final Rdn rds = rdns.get(i);
final Attributes attributes = rds.toAttributes();
final Attribute cn = attributes.get("cn");
if (cn != null) {
try {
final Object value = cn.get();
if (value != null) {
return value.toString();
}
} catch (NoSuchElementException ignore) {
} catch (NamingException ignore) {
}
}
}
return null;
} catch (InvalidNameException e) {
throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
NamingException(javax.naming.NamingException)
Rdn(javax.naming.ldap.Rdn)
SSLException(javax.net.ssl.SSLException)
NoSuchElementException(java.util.NoSuchElementException)
LdapName(javax.naming.ldap.LdapName)
Aggregations
SSLException (javax.net.ssl.SSLException)326
IOException (java.io.IOException)106
CertificateException (java.security.cert.CertificateException)54
X509Certificate (java.security.cert.X509Certificate)43
SslContext (io.netty.handler.ssl.SslContext)37
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)37
InetSocketAddress (java.net.InetSocketAddress)35
SSLEngineResult (javax.net.ssl.SSLEngineResult)34
SocketException (java.net.SocketException)33
Test (org.junit.Test)33
ByteBuffer (java.nio.ByteBuffer)32
SSLEngine (javax.net.ssl.SSLEngine)30
KeyStore (java.security.KeyStore)29
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29
SSLSocket (javax.net.ssl.SSLSocket)29
InputStream (java.io.InputStream)26
SSLContext (javax.net.ssl.SSLContext)25
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)24
Bootstrap (io.netty.bootstrap.Bootstrap)23
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)22
